Horizen now penalises delayed block submissions, for 51% resistance

Posted: 11 October 2018 2:49 pm
shutterstock crypto digital dna 450x250
{"theme":"dark","direction":"horizontal","showArrows":true,"splitTitle":true,"playerOptions":{"captions":true,"popupOnScroll":true,"subscribe":{"title":"Subscribe","url":"https://www.youtube.com/channel/UCKvc0WUB65GCvOTgPVJ9yRA?sub_confirmation=1","visibleOnMain":true,"visibleOnPopup":true}},"active":{"index":0,"start":485,"end":null,"thumb":"https://dvh1deh6tagwk.cloudfront.net/finder-au/wp-uploads/2018/10/Harry-Generic.jpg","thumbAnimation":"kenburns-top-left","heading":{"small":"WATCH","large”:”51% attacks explained“}},”yt":{"method":"videos","params":{"id":"hU7si1DyvBI,hU7si1DyvBI,MoFV307MS0I,hfZz3JITzGw,8dQE3k_JpTE"}},"banner":true}

It might be a much-needed addition for many of the smaller cap PoW coins.

Horizen is introducing a clever new feature to help protect it against 51% attacks going forward. This is a very real concern, because Horizen (known as ZenCash at the time) was one of many cryptocurrencies to suffer a 51% attack this year.

There are a few different ways to resist these attacks, but they all turn into a confusing mesh of pros and cons. And whether something is a pro or a con might depend on the situation at the time.

Staving off majority control

One common solution is ASIC resistance. ASIC resistance can simultaneously be a great way of avoiding and succumbing to 51% attacks, depending on the coin at hand and the rest of the market.

On the one hand, it prevents secret ASICs from taking majority hashrate without anyone knowing (secret ASICs are thought to have been behind the Bitcoin Gold 51% attack). On the other hand, ASIC resistance greatly reduces total network hashpower, which can make it easier to assault through rented hashing power and similar.

Large cap coins like Monero might become more resistant to 51% attacks through ASIC resistance, while smaller cap PoW coins are probably damned if they do, and damned if they don't.

If the smaller coins aren't ASIC-resistant they can easily be overwhelmed by the first ASIC miners to take an interest. Plus, almost any non-ASIC-resistant PoW coin, except maybe bitcoin and Ethereum, will quickly become highly centralised, at which point its primary miners can probably knock over the network with a 51% attack any time they want.

If the smaller cap coins are ASIC-resistant, they're still at risk of secret ASICS while also being at risk of attacks through rented hashpower. This is a relatively intractable but widely-experienced problem, so new ways of minimising the chances of a 51% attack would probably be of great interest to a great many coins.

The attack

51% attacks are, as the name suggests, carried out by someone who controls 51% of the network's hashrate.

In a blockchain network, the "truth" is whatever the majority of nodes agree on. So with majority control, an attacker has the power to single-handedly determine their own version of the truth, within certain constraints.

In practice, this can be done by using one's enormous hashrate to mine blocks faster than all the other miners combined, then at the right moment, overtaking the main chain.

The basic effect is that an entity can single-handedly fork the blockchain, run their fork in parallel, and then later have the other miners keep building on top of their fork to cement it as the truth.

It's not that a 51% attacker can just lay down the law of the network. Rather, it's that they can mine blocks fast enough to overtake the rest of the network and create the new truth. If the attacker's chain is longer than the other chain, other miners will start building on top of it, which cements it as the new truth.

A typical attack might involve:

  • Forking the Coin A network and mining blocks in parallel, faster than they're being mined on the real chain.
  • Selling Coin A for Coin B.
  • Waiting until the transaction is confirmed, and pocketing Coin B.
  • Announcing that their fork is longer, which invalidates transactions – including their trade – from the time they forked to the time they made the announcement.

Challenges and confirmations

There are a few things that make this attack easier said than done.

juicy crypto words

Firstly, they have to privately mine blocks fast enough. This means having at least 51% hashrate and involves a potentially large upfront cost, depending on how long their new chain needs to be.

Secondly, they need to wait for enough "confirmations" from the exchange before they can create their fork. This is because unintentional mini forks are normal, such as if two people mine a block and try to add it at the same time, or different miners unintentionally start building on different chains.

Systems need to accommodate for this and can't just go on sending money everywhere on the say-so of a single block. This is why they require a certain number of confirmations.

A confirmation is essentially when another block is built on the same chain that holds the block that holds a certain transaction.

So if an exchange requires five confirmations before sending over Coin A, the attacker will need to build in parallel for at least five more blocks. Only then will the exchange confidently say "yep, that's the real thing" and complete the trade.

So, the more transactions required, the more secret blocks need to be mined, the more cost is involved in a 51% attack. This is why the first thing people do when there's a 51% attack going around is increase the number of confirmations required.

Naturally, the attacker will also have to keep their fork-building secret and avoid broadcasting it to the network if they want the attack to succeed. Otherwise, exchanges and everyone else can pre-emptively increase confirmation requirements to prevent the attack.

The Horizen solution

Horizen's contribution to protection against 51% attacks is called "the delayed block submission penalty approach" (PDF).

It works by imposing a penalty on side chains that are being privately mined and then connected to the main chain. This penalty takes the form of a delay before the side chain can be permanently cemented and a requirement that the attacker continue mining on the new chain after their attack is complete.

The size of the delay penalty increases based on how far behind a miner is when they propose a secret block. So in a way, it multiplies the effectiveness of waiting for confirmations without forcing a network to actually wait for more confirmations.

This offers a much wider window for exchanges and other participants to respond to a 51% attack, while simultaneously drastically increasing the cost of an attack.

The exact conditions of the penalty delay can be fine-tuned based on current network difficulty and confirmation times to ensure it's a more flexible potential solution for different PoW coins. It also doesn't penalise "honest" forks that mine openly.

If it all works as intended, it might be a significant and much-needed development for the wide range of smaller cap PoW coins roaming the market.

"The operating environment for cryptocurrency systems has changed significantly since 2009 when mining power was more decentralised," notes Horizen chief engineer Alberto Garoffolo. "It's now imperative for public blockchains to upgrade their consensus rules to protect against bad actors and we believe the release of our update will act as a resource to vastly improve security across the industry."

Horizen co-founder and president Rob Viglione agrees: "Our open-source contribution enhances protection against advanced attack methods and helps improve the security of the entire industry."

Disclosure: At the time of writing the author holds ETH, IOTA, ICX, VET, XLM, BTC, ADA

Disclaimer: This information should not be interpreted as an endorsement of cryptocurrency or any specific provider, service or offering. It is not a recommendation to trade. Cryptocurrencies are speculative, complex and involve significant risks – they are highly volatile and sensitive to secondary activity. Performance is unpredictable and past performance is no guarantee of future performance. Consider your own circumstances, and obtain your own advice, before relying on this information. You should also verify the nature of any product or service (including its legal status and relevant regulatory requirements) and consult the relevant Regulators' websites before making any decision. Finder, or the author, may have holdings in the cryptocurrencies discussed.

Crypto explained


Latest cryptocurrency news

Picture: Shutterstock

Get into cryptocurrency

Ask an Expert

You are about to post a question on finder.com.au:

  • Do not enter personal information (eg. surname, phone number, bank details) as your question will be made public
  • finder.com.au is a financial comparison and information service, not a bank or product provider
  • We cannot provide you with personal advice or recommendations
  • Your answer might already be waiting – check previous questions below to see if yours has already been asked

Finder only provides general advice and factual information, so consider your own circumstances, or seek advice before you decide to act on our content. By submitting a question, you're accepting our Terms of Use, Disclaimer & Privacy Policy and Privacy & Cookies Policy.
Go to site