• info@ghoststaking.com
Commentary
Nothing-At-Stake, Long Range Attacks & Dynamic Availability

Nothing-At-Stake, Long Range Attacks & Dynamic Availability

Nothing At Stake

The principal of a Nothing-At-Stake issue with Proof-Of-Stake blockchains is that validator risks nothing when creating blocks on a different chain.

This can be illustrated by considering a fork into chain A and B. As a block producer (validator) gets rewarded for producing blocks, with the aforementioned fork the validator can choose to work on (1) only chain A (2) only chain B, or (3) both chain A and B. Even if there are differing probabilities that one of the two chains will eventually be the longest, as long as the smaller probability chain does not have zero probability of being the longest chain, the validator will always choose to work on both chains. Thus maximising their likely pay-out. This is because there is no need to split their stake to work on both chains. This is also unlike PoW where there is computing resource (electricity costs) which has to be spent in order to work on multiple chains, thus disincentivising this behaviour.

The solution to this problem is therefore to introduce a punishment, namely a deposit by the validator onto the blockchains which is at risk for misbehaving. Punishments may come in the form of either:

  1. Punish if found validating both chains at the same time
  2. Punish if found validating the wrong chain – in this case its wise to validate on the chain with the highest likeihood of being the longest as the probability of being fined is lower.

Long Range Attack on PoS

A long rang attack is where a validator has no risk of losses from misbehaving. This is when an amount of time has passed such that the at risk deposit is returned. At this point the validator can fork without the risk of principal losses, and the reason it is named a ‘long range’ attack is because the validator needs to be correctly validating on the network for a period of time (i.e. a new validator cannot initiate the attack).

Source: https://www.youtube.com/watch?v=m-kI_Sb8oII

In the above illustration, you can note that the attacker is able to build a dense long chain forking from earlier in the primary blockchain. This is because the attacker will always be able to append blocks in this chain. For a new participant (validator on the network) there is now a very difficult choice to make. Without additional information, the new participant will likely choose to grow the attacker chain.

In order to mitigate this, checkpoints are implemented along the blockchain. These are considered trusted blocks and such that any fork starting before a checkpoint is considered invalid. The deposit period is then set to be a period longer than the checkpoint periods. For validators persisting on the chain, the checkpoints are known, however for new participants, no validators which have been offline for a period of time, there is a difficulty in deciding the longest chain.

A solution to this is finding a trusted source for a recent block header of the valid blockchain (this is fundamentally different from PoW where you simply use the longest chain rule). This could be a block explorer or an organization which has a high reputation. This block header could be used as a check point.

Dynamic Availabiliy

This is where we can assume that participants on the network (validators) are able to join and leave at any given time. They may lose clock synchronisation and also there is no knowledge of participation at any given time. This would be an ideal situation.

Summary

The below table illustrates how long range attacks and dynamic availability work, or are possible for (1) PoW blockchain (2) PoS blockchain and (3) PoS BFT (byzantine fault tolerance).

Note that in PoS BFT (unlike PoS), the nodes running the protocol agree on all blocks, meaning you do not have forks because every time you produce a block, there is sufficient agreement. Therefore you do not have to resolve disagreements. Nevertheless in order to run a protocol, you need to know the level of participation.

For a new participant (validator) on the network, bootstrapping from genesis (the first block in the blockchain), you simply follow the longest chain (highest difficulty) for bitcoin. For a PoS chain you also have the requirement in knowing the latest checkpoint from a trusted source. Finally for PoS BTF, you need to be aware of the participation level on the blockchain at all times in history.

BitcoinPoS BlockchainPoS BFT
Long Range Attackslongest chain rulelongest change rule + moving
local checkpoints + key
evolving Signatures
only one proper squence of block
certificates + key Evolving
SIgnatures
Dynamic AvailabilityPossible using only
the genesis
block
(re)joining parties need
a recent block (check point)
parties need to know participation
level at all times in history

Stake your CSPR with us at GHOST:
1. Earn passive interest compounded every 2 hours!
2. High performance server with low CPU utilization that can be monitored in real time here
3. Low fees with a GUARANTEE of no increases EVER!
Find out more here

2 thoughts on “Nothing-At-Stake, Long Range Attacks & Dynamic Availability

Leave a Reply

Your email address will not be published.