Requesting for comment on this. #soft_fork#bribery#attacks
I can attempt to summarize the information, although it is best to read all of it, however my concern was that this issue appeared to unresolved, and that the attack still seems well and truly possible.
An attacker can theoretically (as ostensibly demonstrated in the proof) bribe validators of a PoS consensus system (including PoS blockchains like Casper FFG / Eth 2) with a small amount relative to the total amount of stake and market cap.
Some key snippets:
According to tragedy of the commons, the cost to bribe the validators to form a majority coalition and destroy the blockchain is:
LU = (how much the validators have to lock up)
#V = (how many validators are there)
Bribe = LU / (2 * #V)
If there are 1000 validators, and the blockchain is worth $1 billion, and 90% of the value is staked, then the total cost to bribe >50% of the validators would be: ($1 billion) * (0.9) * (1/2) * (1/1000) => $450 000
So less than $1/2 million in bribes is sufficient to completely destroy a $1 billion PoS blockchain.
Maybe you need to ask a more specific question if you want to get a reply on this. It seems like the two statements are correct, however they do not respond to the specific way in which @vbuterin was addressing the attack, which was at the time the attack is detected. In this case, no reversion of a finalized chain occurs – the finalization essentally stalls until the attack is resolved one way or the other. Does that clarify things for you?
I’m unconvinced. It looks like you’re responding to the finality reversion section of Vitalik’s post. However, in the soft fork bribery attack, it is proposed that it can be done by punishing validators who fail to participate in enforcing punishments
More generally speaking, I think the issue needs serious consideration, even to try to simulate or prove that such an attack can occur, and shouldn’t be readily dismissed. Given that PoS blockchains aim to secure billions in value, all possibly attacks should be thoroughly investigated as a priority, rather than BAU R&D. If an attacker can gain control of the network through this kind of attack, once they gain control this becomes stable, and it’s intractably hard to take back control. I think anyone responding in this thread should read the above articles here, and here and Vitalik’s post, if they haven’t already. (I’m not saying you didn’t, but just to be sure.)
The problem with trying to have evidence of censorship attacks is that even if the censorship attack is real, that doesn’t necessarily mean the history rewrite we are using to recover is 100% honest. It could have a double-spend attack embedded in it. It could be the case that the attacker is simultaniously doing a soft fork bribery attack to censor txs on-chain, and he is also doing a history re-write attack to do some double spending, and he can use evidence of the first attack to justify executing the second attack. So whichever side of the fork we go with, one of the attacks succeeds.
The false flag attack is a possible scenario/mechanism that it seems like it could potentially be used to attack the minority fork of a chain that attempts to recover from a 51% attack (like a censorship attack, aka a soft fork bribery attack).
I don’t have a lot of time to assess this further, as I: 1) am currently looking for a job 2) have already spent a lot of time volunteering for projects like Ethereum and Holochain 3) Am convinced that Holochain is better than blockchains.
Just wanted to flag to the Ethereum community that maybe they should spend some more time assessing this attack, as I don’t know whether it has been thoroughly disproved or resolved.
The problems sound interesting, but I’m unconvinced any of them are as specific to PoS as is claimed. PoW chains are susceptible to bribery attacks. Hey you can just buy hashing power: https://www.nicehash.com/ – and that costs even much less than the amounts claimed in the post!
I understand the concern around the “moralistic enforcement”, that sounds like a serious problem. But I would say the fact that a miner’s equipment can’t be confiscated is a fallacy: If the equipment is specific to one chain’s hash function, then censoring the miner from that chain has the same effect as confiscating their equipment: They invested a huge amount of money and now can’t use it.
Not that this invalidates these as attacks, but it seems like they apply equally to PoW, so shouldn’t be used as an argument against moving to PoS.
It is very clear that the social consensus layer can fail, too. It’s a heuristic and the assumption in Vitalik’s post was that it would correctly identify an attack going on. The assumption is that everyone is either able to check the condition themselves or know some people they trust who can verify it for them. If we assume that people can be made to do anything by anyone on social media, then of course anything could happen.