Defending Against Malicious Reorgs in Tezos Proof-of-Stake

  title={Defending Against Malicious Reorgs in Tezos Proof-of-Stake},
  author={Michael Neuder and Daniel J. Moroz and Rithvik Rao and David C. Parkes},
  journal={Proceedings of the 2nd ACM Conference on Advances in Financial Technologies},
  • M. Neuder, Daniel J. Moroz, D. Parkes
  • Published 11 September 2020
  • Computer Science
  • Proceedings of the 2nd ACM Conference on Advances in Financial Technologies
Blockchains are intended to be immutable, so an attacker who is able to delete transactions through a chain reorganization (a malicious reorg) can perform a profitable double-spend attack. We study the rate at which an attacker can execute reorgs in the Tezos Proof-of-Stake protocol. As an example, an attacker with 40% of the staking power is able to execute a 20-block malicious reorg at an average rate of once per day, and the attack probability increases super-linearly as the staking power… 

Figures and Tables from this paper

The Governance Problem in Distributed Ledgers: An Analysis Focusing on Tezos
It is proved that the Tezos governance system is not Pareto efficient, and that in the latest state of supply distribution it is feasible for community division to be the most optimal outcome for stakeholders.
NC-Max: Breaking the Security-Performance Tradeoff in Nakamoto Consensus
This work identifies and experimentally proves that the crux resides with the pro-longed block propagation latency caused by not-yet-propagated transactions, and proposes NC-Max, a two-step mechanism to confirm only fully-propAGated transactions that removes the limits upon NC’s performance imposed by its security demands, realizing NC's untapped potential.
Low-cost attacks on Ethereum 2.0 by sub-1/3 stakeholders
We outline two dishonest strategies that can be cheaply executed on the Ethereum 2.0 beacon chain, even by validators holding less than one-third of the total stake: malicious chain reorganizations


Majority is not enough
This work shows that the Bitcoin mining protocol is not incentive-compatible, and proposes a practical modification to the Bitcoin protocol that protects Bitcoin in the general case, and prohibits selfish mining by a coalition that command less than 1/4 of the resources.
Selfish Behavior in the Tezos Proof-of-Stake Protocol
This work proposes and analyzes a simple change to the Tezos protocol which significantly reduces the profitability of this dishonest behavior, and introduces a new delay and reward scheme that is provably secure against length-1 and length-2 selfish endorsing attacks.
Formal Barriers to Longest-Chain Proof-of-Stake Protocols
The main results of this paper are several formal barriers to designing incentive-compatible proof-of-stake cryptocurrencies (that don't apply to proof- of-work).
Be Selfish and Avoid Dilemmas: Fork After Withholding (FAW) Attacks on Bitcoin
A novel attack called a fork after withholding (FAW) attack is proposed, which is usable up to four times more often per pool than in BWH attack, and does not suffer from practicality issues, unlike selfish mining.
Ouroboros: A Provably Secure Proof-of-Stake Blockchain Protocol
“Ouroboros” is presented, the first blockchain protocol based on proof of stake with rigorous security guarantees and it is proved that, given this mechanism, honest behavior is an approximate Nash equilibrium, thus neutralizing attacks such as selfish mining.
Bitcoin: A Peer-to-Peer Electronic Cash System
This work proposes a solution to the double-spending problem using a peer-to-peer network, where the network timestamps transactions by hashing them into an ongoing chain of hash-based proof-of-work, forming a record that cannot be changed without redoing the proof- of-work.
Secure High-Rate Transaction Processing in Bitcoin
The GHOST rule is addressed, a modification to the way Bitcoin nodes construct and re-organize the block chain, Bitcoin’s core distributed data-structure, to address security concerns over high transaction throughput.
Analysis of Hashrate-Based Double Spending
A look at the stochastic processes underlying typical attacks and their resulting probabilities of success in Bitcoin.
Stubborn Mining: Generalizing Selfish Mining and Combining with an Eclipse Attack
This paper expands the mining strategy space to include novel "stubborn" strategies that, for a large range of parameters, earn the miner more revenue, and shows how a miner can further amplify its gain by non-trivially composing mining attacks with network-level eclipse attacks.
Casper the Friendly Finality Gadget
Casper is a partial consensus mechanism combining proof of stake algorithm research and Byzantine fault tolerant consensus theory, which provides almost any proof of work chain with additional protections against block reversions.