Pitfalls of proof of stake consensus part 2
By Lumai Mubanga
All types of computer systems are vulnerable in one way or another. For example, the proof of stake algorithm was introduced to solve a specific challenge in the proof of work algorithm. However, it introduced other problems discussed in the article entitles “Pitfalls of proof of stake” part 1 and 2. But there are specific attacks unique to PoS. These are long-range attack and stake grinding attack.
Long range attack
A Long-range attack is one of the most common that can be conducted on the PoS network. In this attack, attackers create a new chain of transactions which starts from the genesis block with an intent to take over the main chain. This is called a long-range attack because it can be executed from any point of the chain, including the genesis block. Two properties in Proof-of-Stake that allow this to happen are nothing-at-stake and weak subjectivity. Nothing-at-stake and weak subjectivity.
- Nothing –at-stake allows for long-range attacks due to the costless nature of creating a branch.
- Weak subjectivity is a problem for both new nodes and nodes that come back online after being offline for long periods of time. Neither of these nodes knows which of the chains they are given is the main chain. There is one preconception about blockchains in general which is that the longest chain is the most trustworthy one. When a new node joins a Proof-of-Stake network, the only block that is accepted is the genesis block. These nodes are also given all of the published chains, which make it difficult for nodes to choose the main blockchain.
However, unlike in Proof-of-Work, where the main chain can be easily determined by finding this longest chain, Proof-of-Stake has no easy way to determine this. This means that a chain that was created with the goal of executing a long-range attack can potentially be accepted as the main chain.
Consider an example. Suppose Ben owns 1% of the tokens when the genesis block is created. Instead of “mining” on the main chain, he mines his own secret chain. Because it basically costs nothing to create blocks, Ben can easily create a chain that is longer than the current main chain. If this chain is accepted and replaces the other chain, Ben has effectively rewritten the entire blockchain history starting from a specific block.
Stake Grinding Attack
This attack takes advantage of the fact that in a Proof-of-Stake protocol, there is a method of randomly picking the next validator. If that validator is offline, the next validator can be called upon, and so on.
In other words, a protocol to develop an infinite random sequence of validators must be created to call upon a validator if the next one is offline. In practice, however, a validator will be found within the first few validators we call upon. In some proof-of-stake implementations, the validator chosen depends on the previous block’s signature. This setup opens up the opportunity for attackers to choose block signatures in the blocks they produce to increase their probability of getting chosen as a block validator.
As expected, there are measures in place that mitigate these attacks. These will be discussed in a future article.
Blockchain