Is the PoS validator mechanism really good? It may bring more attack vectors to the blockchain

BTC0.0₂₀

ETH0.0₂₀

HTX0.0₂₀

SOL0.0₂₀

BNB0.0₂₀

BTC0.0₂₀

ETH0.0₂₀

HTX0.0₂₀

SOL0.0₂₀

BNB0.0₂₀

Is the PoS validator mechanism really good? It may bring more attack vectors to the blockchain

Moni

2019-02-27 00:14

本文约3809字，阅读全文需要约15分钟

PoW is the only "tested" distributed consensus mechanism in the blockchain network, and the PoS validator mechanism seems to need more time to prove itself.

This article comes fromCoindeskTranslator | Moni

Translator | Moni

Editor | Lu Xiaoming

As preparations for the upgrade are well underway, the Proof-of-Stake (PoS) vs. Proof-of-Work (PoW) confrontation also appears to be gaining prominence. As we all know, as part of the "Serenity" upgrade, Ethereum has begun to transition to the proof-of-stake consensus. Not only that, but whether Ethereum can maintain an effective consensus verification mechanism and incentive structure has also aroused great concern from the community.

Binance recently released details of its proposed "decentralized" exchange plan, which revealed that the exchange will rely on 11 validator nodes (validator nodes) to verify and confirm exchange transactions, but these nodes are all controlled by Binance. controlling. This move has caused dissatisfaction in the community, because people think it is completely inconsistent with the spirit of "decentralization", and some resistance measures have already begun.

There are also some multi-chain/cross-chain projects that require high interoperability and use fast-finality consensus blockchains. These projects also gain certain market competitiveness. For example, Cosmos and Polkadot use Tendermint respectively. BFT and Delegated Proof-of-Stake (DPoS) consensus models. Although these consensus mechanisms have not been adopted on a large scale, there have been problems with improper incentives, and they have also been targeted by some attack vectors.

Attack vector refers to a method used by attackers to attack computers or network servers, which can help attackers find any loopholes that may exist in the system, including loopholes caused by human factors. Traditional attack vectors include viruses, email attachments, web pages, pop-up windows, instant messages, chat rooms, etc., while blockchain attack vectors include Long-Range Attacks, Sour Milk Attacks, and Bribery Attacks (Bribe Attack), Coin Age Accumulation Attack, Precomputing Attack, etc.

In fact, proof of work has passed the "combat test" and is the only consensus algorithm that can support Bitcoin so far. In contrast, Proof-of-Stake doesn’t seem to be on a similar level yet, so it’s worth jump-starting some evaluations to see if there are any potential issues with it.

secondary title

First, let's take a brief look at the validator (Validator) verification form

For those networks that deploy the validator mechanism, basically many names are used to "define" the consensus, such as "Hub", "masternodes" and so on. However, these network consensuses all adopt a similar design model - validators ensure that the network is in a valid state by "verifying" or "generating" blocks that match the rights and interests of native tokens in the network.

In fact, verifiers replace the role of miners in the proof-of-work blockchain network. Since their rights and interests are locked in the network when they perform tasks, they can only get incentives if they act honestly in the system. After the verifier completes the actual verification work, they can get the native token reward in the network, but if they do some malicious behavior, the rights and interests will be cut.

If you want to delve into the mechanism of the proof-of-work verification system, "V God" Vitalik Buterin has made an in-depth explanation in the Ethereum CBC Casper (stake proof) mechanism and the initial design concept of the stake proof. Likewise, Cosmos provides some useful development documentation to allow developers to learn more about how their cross-chain verification works.

The proof-of-stake mechanism is actually very complicated, because this consensus model requires advanced game theory methods, and its invariance can only be interpreted subjectively. Proof-of-stake blockchain ledgers rely on verifiers to verify, so that there is no need to rely on energy-intensive mining methods to ensure network integrity like proof-of-work.

In addition, some cross-chain network frameworks must be plugged into compatible blockchains. For example, Cosmos needs to use a sub-chain that quickly terminates consensus, thereby excluding the need to connect the proof-of-work blockchain to its own network.

The most concerned issue of the blockchain network based on the validator mechanism is whether it can balance or meet the scalability requirements of security. If you want to analyze the security flaws of the blockchain network based on the validator mechanism, you may need to pay attention to the following two aspects:

2. Improper incentives

secondary title

attack vector

Some of the improper incentives of blockchain networks based on the validator mechanism directly correspond to attack vectors that often require very complex engineering work to avoid. Here, we will analyze the two main attack vectors that the validator consensus mechanism may face in the long run, they are: Long-Range Attacks and Sour Milk Attacks.

1. Long-range attack

Long-range attacks are one of the biggest threats in proof-of-stake protocols. Due to the weak subjectivity of proof-of-stake protocols and the ability to perform costless simulations, such attacks are more dangerous than in proof-of-work protocols. The long-range attack is that the attacker creates a long blockchain branch starting from the genesis block, and tries to replace the current legal main chain. There may be transactions and blocks different from the main chain on this branch, so this attack is also called a replacement history attack or a history overwrite attack.

Malicious attackers can purchase large amounts of private keys for token balances that have already been used in the verification process. Malicious attackers can then use this token balance to generate an alternate history of the blockchain, giving them more incentives based on proof-of-stake.

The solution to this problem is to introduce the concept of "checkpointing", but checking the blockchain status not only requires nodes to be online all the time, but also a complicated and centralized solution, so it has been criticized by the community. In addition, long-range attacks also show that validator-based proof-of-stake networks cannot ensure ledgers are messaged in the long run—especially those ledgers that are in past states in the blockchain.

The result is that instead of creating a permanent, immutable ledger based on consensus, the validator network achieves a "temporary consensus" for a given time frame.

2. Spoiled milk attack

The spoiled milk attack means that the basic validators push their peers to some suspected dishonest validators, and the basic validators generally publish some real blocks and fake blocks to other validators at the same time to confuse their peers. At the same time, some base nodes will also join hands with other nodes who want to conduct malicious attacks, so that honest validators cannot fully distinguish valid blocks from invalid blocks.

The scary thing is that the threshold for implementing these attacks is very low, because only a small number of network verifiers are needed to effectively freeze the network, create forks, and lock consensus.

3. Other attack vectors

There are some other major attack vectors for proof-of-stake verification networks, such as "Fake Stake attack", stake grinding, and DDOS attacks, but these attack vectors are only available when validators are online In order to carry out the attack and cause financial loss.

(Note: "Stake Grinding" is a type of attack in which a validator makes randomness more in their favor by performing some computation or taking some other validators for the next block.)PoS cryptocurrency has fatal security risks, explaining the latest "false equity" attack in detail）。

secondary title

inappropriate incentives

In fact, there is another problem that needs to be paid attention to in the proof-of-stake blockchain network based on the validator mechanism. Greater rewards. That is to say, whoever has more rights and interests is more likely to participate in verification, and then controls a considerable part of the blockchain network token supply, while those validators with less rights and interests will have less opportunities to participate in network transaction verification. Fewer and fewer.

Assuming that the problem of improper incentives in the proof-of-stake blockchain network based on the validator mechanism is becoming more and more serious, the most direct problem caused by this is that the number of participating users who invest in equity will decrease, and the downstream impact of this low participation is- —The blockchain network will become more and more centralized, and there will even be more unpredictable adverse consequences such as insider trading and rat warehouses.

secondary title

Summarize

As Proof-of-Stake blockchain networks that rely on validator mechanisms gain increasing support, it is wise to design consensus mechanisms in a practical context when developing next-generation blockchain platforms.

Moni

作者文库