Research on PoW Protocol Security under Optimized Long Delay Attack
- Optimized the main chain record model based on the original research so that the improved record model can simulate the evolution of the main chain on the blockchain accurately.
- Improved the original long delay attack model, combined it with the balanced attack where the adversaries can control a certain number of corrupted miners, and proposed the improved long delay attack model, which made the improved attack model more real and improved the success probability of the adversary attack.
- Based on the above research, this paper analyzes the security of the PoW protocol in a complex latency environment and shows that the PoW protocol still has good security in a complex delay environment.
2. Related Work
3. Optimized Blockchain Model
3.1. TOD Record Model
3.2. Fork Problems on TOD
- After adding a new block, determine whether a new fork is generated on the current model.
- If there is a new fork after adding a new block to the original fork, judge whether the fork depth on the node increases.
4. Long Delay Attack Based on TOD Model
4.1. Effect of Long Delay Attack on Chain Growth
- If both branches A and B grow at the end of a round, there are several possible situations:
- After the consensus process, both A and B have mined non-delayable blocks, so in the next round, each branch is successfully extended, the fork depth is increased by 1, and the length of the blockchain is increased by 1; the probability is shown in Equation (1).
- After the completion of the consensus processes of A and B, the miners have successfully mined the block, the two branch chains have increased, and the probability of this situation is Equation (2).
- When both A and B mines the delayable block, and the adversary chooses to broadcast in the same round, the chain length will also increase. We will discuss the details in case 4.
- If only one branch grows after the current round r, BoolTurn is set to 1, and BoolTurn is set to 0 in round r + 1. If a new block is generated in round r + 1, no delete operation is performed, and so if a branch grows, BoolTurn is set to 1. Without loss of generality, the probability that one of the branches A or B mined a non-delayable block is A, and B failed to mine a new block, and so we can obtain Equation (3):
- Branch A and branch B failed to mine a new block in the round r, and at this time, both branches did not grow; the probability of such a situation is shown in Equation (4):
- Here we focus on several cases after a delayable block has been mined. When one of the two branches has a delayable block, without loss of generality, set it to A and discuss the other block.
- If branch B failed to mine the block, it needs to consider whether the block mined by branch A has reached the delay limit. If it has reached the round, the block must be broadcast. If it has not reached the round, the adversary can choose to continue to delay; if A did not mine a non-delayable block, it will have the following probability in the following round shown in Equation (5):
- Branch B must broadcast a non-delayable block in the current round, and in a sense, the probability of the adversary not mining a non-delayable block is almost equivalent to the probability of mining a delayable block, and so we can obtain Equation (6):
4.2. Improvement of Long Delay Attack
4.3. Proof of Security
- When blocks are mined on both CA and CB, and the blocks on that chain are both obtained by at least one honest miner, and after the miners broadcast the chains on their respective nodes, a fork is formed between CA and CB at this point, with the fork depth increasing by 1 and the chain growth increasing by 1. So, we can obtain Equation (9), and the probability of this happening is:
- On CA and CB, one of the chains has a miner successfully mining a node and the block is a non-delayable block, and the other chain has not mined. According to the TOD model, it is known that when a new block is created on one chain it will not immediately delete the shorter chain and enter the BoolTurn operation, maximizing the spare chain on the model and allowing the adversary the opportunity to extend the fork. So, in the next round, if the shorter chain mines a new block, the adversary succeeds in increasing the fork, and success in the next round requires two conditions to be satisfied: one chain does not mine a non-delayable block, and the other chain does not succeed in mining, and so the probability of entering the next round is shown in Equation (10):
- If only one chain in CA and CB mined a block, which was mined by a corrupted miner, and another failed, then the probability of this case is shown in Equation (14):
- If only one chain in CA and CB mined a block, which was mined by an honest miner, and the other chain failed to mine the block, then the probability of this case is:
5. Experimental Analysis
5.1. Experimental Analysis of Long Delay Attack on Chain Growth
5.2. Improved Experimental Analysis of Long Delay Attack
Data Availability Statement
Conflicts of Interest
- Longo, R.; Mascia, C.; Meneghetti, A.; Santilli, G.; Tognolini, G. Adaptable Cryptographic Primitives in Blockchains via Smart Contracts. Cryptography 2022, 6, 32. [Google Scholar] [CrossRef]
- Romano, D.; Schmid, G. Beyond Bitcoin: Recent Trends and Perspectives in Distributed Ledger Technology. Cryptography 2021, 5, 36. [Google Scholar] [CrossRef]
- Martínez, V.G.; Hernández-Álvarez, L.; Encinas, L.H. Analysis of the Cryptographic Tools for Blockchain and Bitcoin. Mathematics 2020, 8, 131. [Google Scholar] [CrossRef][Green Version]
- Caldarola, F.; d’Atri, G.; Zanardo, E. Neural Fairness Blockchain Protocol Using an Elliptic Curves Lottery. Mathematics 2022, 10, 3040. [Google Scholar] [CrossRef]
- Heilman, E.; Kendler, A.; Zohar, A.; Goldberg, S. Eclipse Attacks on Bitcoin’s Peer-to-Peer Network. In Proceedings of the 24th USENIX Security Symposium, Washington, DC, USA, 12–14 August 2015; pp. 129–144. [Google Scholar]
- Douceur, J.R. The Sybil Attack. In Proceedings of the Peer-to-Peer Systems, First International Workshop, IPTPS 2002, Cambridge, MA, USA, 7–8 March 2002. [Google Scholar]
- Yang, X.; Chen, Y.; Chen, X. Effective Scheme against 51% attack on proof-of-Work Blockchain with History Weighted Information. In Proceedings of the IEEE International Conference on Blockchain (Blockchain), Atlanta, GA, USA, 14–17 July 2019; pp. 261–265. [Google Scholar]
- Wang, H.; Zhang, X.W. SRRS: A blockchain fast propagation protocol based on non-Markovian process. Comput. Netw. 2022, 219, 109435. [Google Scholar] [CrossRef]
- Trom, J. Cuckoo cycle: A memory bound graph-theoretic proof-of-work. In Proceedings of the International Conference on Financial Cryptography and Data Security, San Juan, Puerto Rico, 26–30 January 2015; Springer: Berlin, Germany, 2015; pp. 49–62. [Google Scholar]
- Pass, R.; Seeman, L.; Shelat, A. Analysis of the blockchain protocol in asynchronous networks. In Proceedings of the Annual International Conference on the Theory and Applications of Cryptographic Techniques, Paris, France, 30 April–4 May 2017; pp. 643–673. [Google Scholar]
- Gazi, P.; Kiayias, A.; Russell, A. Tight consistency bounds for bitcoin. In Proceedings of the ACM SIGSAC Conference on Computer and Communications Security, New York, NY, USA, 9–13 November 2020; pp. 819–838. [Google Scholar]
- Dembo, A.; Kannan, S.; Tas, E.N.; Tse, D.; Viswanath, P.; Wang, X.; Zeitouni, O. Everything is a race and Nakamoto always wins. In Proceedings of the ACM SIGSAC Conference on Computer and Communications Security, New York, NY, USA, 9–13 November 2020; pp. 859–878. [Google Scholar]
- Wei, P.W.; Yuan, Q.; Zheng, Y.L. Security of the blockchain protocol against long delay attack. In Proceedings of the International Conference on the Theory and Application of Cryptology and Information Security, Brisbane, Australia, 2–6 December 2018; pp. 250–275. [Google Scholar]
- Eyal, I.; Sirer, E.G. Majority is not enough: Bitcoin mining is vulnerable. In Financial Cryptography and Data Security; Lecture Notes in Computer Science; Springer: Berlin/Heidelberg, Germany, 2014; Volume 8437, pp. 436–454. [Google Scholar]
- Eyal, I.; Gencer, A.E.; Sirer, E.G.; Renesse, R.V. Bitcoin-NG: Ascalable blockchain protocol. In Proceedings of the 13th Usenix Conference on Networked Systems Design and Implementation, Santa Clara, CA, USA, 16–18 March 2016; pp. 45–59. [Google Scholar]
- Sompolinsky, Y.; Zohar, A. Secure high-rate transaction processing in bitcoin. In Proceedings of the International Conference on Financial Cryptography and Data Security, San Juan, Puerto Rico, 26–30 January 2015; pp. 507–527. [Google Scholar]
- Nayak, K.; Kumar, S.; Miller, A.; Shi, E. Stubborn Mining: Generalizing Selfish Mining and Combining with an Eclipse Attack. In Proceedings of the IEEE European Symposium on Security & Privacy, Saarbruecken, Germany, 21–24 March 2016; pp. 305–320. [Google Scholar]
- Kiayas, A.; Panagiotakos, G. Speed-Security Tradeoffs in Blockchain Protocols. IACR ePrint Archive Report. 2016. Available online: https://eprint.iacr.org/2015/1019 (accessed on 5 June 2023).
- Garay, J.; Kiayias, A.; Leonardos, N. The Bitcoin Backbone Protocol with Chains of Variable Difficulty. In Proceedings of the International Cryptology Conference, Santa Barbara, CA, USA, 20–24 August 2017; Springer: Cham, Switzerland, 2017; pp. 291–323. [Google Scholar]
- Natoli, C.; Granmoli, V. The balance attack against proof-of-work blockchains: The R3 testbed as an example. In Computing Research Repository. arXiv 2016, arXiv:1612.09426. [Google Scholar]
|Long Delay Attack||Balance Attack||Improved Long Delay Attack|
|Whether the adversary controls computing power||No||YES||YES|
|Purpose of attack||Extend fork||Change the target chain to the main chain||Extend and produce fork|
|Method of attack||The adversary delays the new blocks and broadcasts them to different miners in different order after collecting a certain number of chains||Isolating miners’ communication and implementing efficient mining on the target chain, turning the target chain into the master chain||The adversary delays the new blocks, and the corrupted miners mine the delayable blocks and immediately delay them, then broadcasts them separately to different honest miners.|
|Corrupted miner||—||Work on one chain to increase the target chain mining efficiency||According to the mining results of each round, corrupted miners can mine dynamically in the two sets|
Disclaimer/Publisher’s Note: The statements, opinions and data contained in all publications are solely those of the individual author(s) and contributor(s) and not of MDPI and/or the editor(s). MDPI and/or the editor(s) disclaim responsibility for any injury to people or property resulting from any ideas, methods, instructions or products referred to in the content.
© 2023 by the authors. Licensee MDPI, Basel, Switzerland. This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution (CC BY) license (https://creativecommons.org/licenses/by/4.0/).
Feng, T.; Liu, Y. Research on PoW Protocol Security under Optimized Long Delay Attack. Cryptography 2023, 7, 32. https://doi.org/10.3390/cryptography7020032
Feng T, Liu Y. Research on PoW Protocol Security under Optimized Long Delay Attack. Cryptography. 2023; 7(2):32. https://doi.org/10.3390/cryptography7020032Chicago/Turabian Style
Feng, Tao, and Yufeng Liu. 2023. "Research on PoW Protocol Security under Optimized Long Delay Attack" Cryptography 7, no. 2: 32. https://doi.org/10.3390/cryptography7020032