Talk:Proof of stake/Archive 2

This is an archive of past discussions about Proof of stake. Do not edit the contents of this page. If you wish to start a new discussion or revive an old one, please do so on the current talk page.

In the end of the long range attacks section, remove the incomplete duplicate about bribery attacks, and add the following text:

One possible solution to mitigate long-range attacks in proof-of-stake systems is through the use of checkpointing. Checkpointing involves periodically creating a block that includes a hash of the blockchain up to a certain point, called the checkpoint. This allows users to verify the state of the blockchain at specific checkpoints and reject any chains that do not match the checkpoint. This checkpoint serves as a reference point for other nodes on the network and ensures that they are all working from the same blockchain history. Consequently long-range attacks are particularly powerful against two types of users: newcomers and disconnected users. Newcomers to the network may not have access to the full blockchain history and may not be able to distinguish between a valid chain and another chain. Similarly, disconnected users who have not been online for an extended period may not have the full blockchain history and may be vulnerable to long-range attacks. Source: https://ieeexplore.ieee.org/document/8653269/footnotes#footnotes-mobile-fn2

However, checkpointing introduces the notion of subjectivity into the system. Different nodes may have different opinions about which chain is valid based on their different blockchain histories. This is known as a subjective view. Additionally, checkpointing can introduce centralization and security trade-offs, as it requires users to trust the checkpointing authority. Weak subjectivity refers to the idea that there is no objective way to determine the true state of the blockchain, and users must rely on social consensus and subjective judgment to determine which chain to follow. Over time, social consensus tends to converge on a single chain, reducing the risk of conflicting views. For example, Ethereum blockchain relies on weak subjectivity for long term consensus while the algorithm is responsible for short term consensus. In specific, validators cannot withdraw their funds for 4 months and thus a long range attack is not feasible for this period. This ensures objectivity for nodes permanently connected or disconnected for less than 4 months, while the nodes disconnected for more than 4 months and newcomers chose the blockchain fork with the most value on it. Source: https://blog.ethereum.org/2014/11/25/proof-stake-learned-love-weak-subjectivity

Weak subjectivity also applies to Proof of Work (PoW) chains. In the case of PoW, nodes normally choose to follow the chain with the most accumulated work, which is usually the longest chain. However, there are situations where the longest chain is not the one that is considered valid by the network. For example, in the case of the Bitcoin Cash hard fork, the chain split into two, and nodes had to choose which chain to follow. Similarly, in the case of the Ethereum hard fork after the DAO attack, when the network was still based on PoW consensus, the community decided to fork the chain to revert the theft, while others chose to continue on the original chain. Sources: https://www.investopedia.com/tech/history-bitcoin-hard-forks/ https://medium.com/swlh/the-story-of-the-dao-its-history-and-consequences-71e6a8a551ee

A proposed mechanism to achieve long term objectivity on PoS chains is Cardano’s key evolving scheme in Ouroboros Genesis. By using the key-evolving scheme, Cardano ensures that even if an attacker manages to gain control of a signing key, they will not be able to use it to sign blocks outside of the current epoch. This makes long-range attacks much more difficult to execute, as the attacker would need to continuously control a majority of the stake throughout multiple epochs to carry out an attack. Source: https://eprint.iacr.org/2018/378.pdf&sa=U&ved=2ahUKEwiB2_uAwrT9AhXlR_EDHc9ADPoQFnoECAYQAg&usg=AOvVaw1eIWQIFXmr9wY84gW2a3Vf Touftoufikas (talk) 02:08, 27 February 2023 (UTC)

In addition to what I said above, please review WP:RSSELF. Blogs (even Buterin's blogs) are seldom reliable sources. In situations where blogs are usuable, at a bare minimum, they need clear attribution. Investopedia is also borderline, per Wikipedia:Reliable sources/Perennial sources#Investopedia. Whether or not it can be used at all is open to debate, but it should not be relied on excessively regardless. Grayfell (talk) 02:38, 27 February 2023 (UTC)

As before, of course I will take this into account and I will find better sources, but I want to clarify: 1. In this context, Butterin's blog was the most well written and informative source about this subject. I think I should keep it as an auxiliary source and I will add something more reliable. The link on investopedia is about a fact, the forks, which are public and everyone knows, it was just informative. Anyway, I will omit this, there are numerous sources saying the exact same thing. I will provide updated content for all the improvements, with more citations and feel free to delete, the auxiliary references if you think so. Touftoufikas (talk) 13:55, 27 February 2023 (UTC)

I'm sure there are other possible sources, but there is a problem with that approach. We cannot possibly include every piece of information about this topic in this Wikipedia article. The way we decide which pieces of information to include (and therefor which to leave-out) is via reliable, independent sources. In other words, form an overview of the topic based on reliable, independent sources. Conventionally on Wikipedia, primary sources are used for a couple of purposes: the first is when a reliable, secondary source introduces something which may cause confusion or be misleading for some reason and a primary source can be trusted to resolve that. The other common use is for extremely basic information which is noncontroversial. I don't think anything you are proposing falls into the latter category.

So again, not every detail which can be sourced will belong in this article. Adding information you personally know to be true, or which was supported by a blog, and then looking backwards to find a better source to support this, is a bad precedent. Instead, use reliable independent sources to decide what information belongs here. Grayfell (talk) 21:16, 27 February 2023 (UTC)

In the end of the Bribery attacks section add the following text:

Bribery attacks are a type of attack that relies on bribing validators or miners to work on specific blocks or forks, with the goal of presenting arbitrary transactions as valid. Bribery attacks are feasible in both Proof-of-Work (PoW) and Proof-of-Stake (PoS) systems, but they can be more effective in PoS due to the lower resource requirements and the possibility of expanding the attack to the “nothing at stake” problem. In PoS, bribery attacks can be mitigated by enforcing a slashing condition, where validators are penalized for behaving maliciously, or by releasing violators from their position. For example, Ethereum, one of the largest PoS blockchain networks, implements a slashing condition where validators can lose a portion of their stake for various types of misbehavior, including signing conflicting blocks or voting on conflicting checkpoints. Source: https://ieeexplore.ieee.org/document/8653269/footnotes#footnotes-mobile-fn2

However, bribery attacks can still be successful in PoS systems that do not have financial penalties or that use a longest chain variant, where validators are incentivized to work on the chain with the highest accumulated stake rather than the longest one. In these cases, an attacker can pay enough to validators to mint blocks on a malicious branch and try to accumulate enough stake to make it the longest one. If the attack is successful, the attacker can present arbitrary transactions as valid and potentially double-spend coins. Source: https://eprint.iacr.org/2016/889.pdf&sa=U&ved=2ahUKEwjP2768y7T9AhW7QvEDHVRUCngQFnoECAgQAg&usg=AOvVaw2L75Weioj_KTrjEjUEpYTR

To prevent bribery attacks, PoS systems need to ensure that validators are incentivized to act honestly and that misbehavior is punished sufficiently. Additionally, PoS networks can use a variety of other security measures, such as network partitioning, randomization, and delegation, to make it harder for attackers to compromise the network. Source: https://ieeexplore.ieee.org/document/8653269/footnotes#footnotes-mobile-fn2

To prevent bribery attacks, PoS systems need to ensure that validators are incentivized to act honestly and that misbehavior is punished sufficiently. Additionally, PoS networks can use a variety of other security measures, such as network partitioning, randomization, and delegation, to make it harder for attackers to compromise the network. Source: https://ieeexplore.ieee.org/document/8653269/footnotes#footnotes-mobile-fn2 Touftoufikas (talk) 02:12, 27 February 2023 (UTC)

Your proposal consists of 3 parts (technically, 4, but the 4th is a dup of the 3rd), I will number them from #1 to #3.

1. is based on a very uncontroversial source and consists of (a) a text that says pretty much the same as the existing one (up to the words “nothing at stake” problem), and (b) a text about mitigation. The (a) is already in the text, is there a need to change it? The (b) consists of a well-sourced part (up to the words from their position) and then a part about Ethereum, which, at least in the source, is about mitigating a different type of attack.
2. is a preprint written by one of the very involved people (the link does not work, in the future please truncate links to something like https://eprint.iacr.org/2016/889.pdf , so that other editors can open them). As was stated multiple times on this page, this is not the best material to use for n encyclopedia.
3. is two sentences, one stating the obvious - but missing from the source ("PoS systems need to ensure that validators are incentivized to act honestly and that misbehavior is punished sufficiently"), for the three mitigations in the other one, one technique is missing in the source entirely (I did not find any "network partitioning" there), one not mentioned with regard to the briery attacks ("randomization", this is effective against multiple types of attacks, but needs to be explained, as it is explained in the source), one ("delegation") - at least in the source - is not related to any mitigation, it sounds just like an implementation choice (the block is then added in the blockchain or delegated to other validators for approval, depending on the type of proof of stake protocol in use).

Summing up, information from #1 can be partially used, information from #2 requires a better sourcing, information from #3 can be partially (randomization) used as a generic mitigation (directly in the section "Attacks") if an explanation is provided for the reader. Викидим (talk) 06:02, 28 February 2023 (UTC)

1. Indeed the first section (a) says pretty much the same, but I think it clarifies better the issue. As for (b) the source says this: ‘’D. Bribery Attack Bribery attack [30], also referred to as Short-Range attack relies on bribing validators or miners to work on specific blocks or forks. By doing that, the attacker can present arbitrary transactions as valid and having dishonest nodes paid to verify them. By paying them an amount equal to or more than the block rewards (in case the block is reverted by the network), it provides an incentive high enough for miners to work on the attacker’s blocks or chain. This case of bribery attacks also known as P+epsilon attack2 states that it is possible to bribe users without having to pay them, as the system will award the bribe to the dishonest nodes by making that branch the main chain. For these cases, the attacker faces a more significant problem as in case the malicious branch is reverted for some reason (attacker cannot continue the bribe, dishonest nodes stop working on that branch) the attacker would have to pay an enormous amount of bribes as the bribes will accumulate for every maliciously minted block. In PoS systems, these kind of attacks are feasible and can be expanded to the nothing at stake problem. In both cases, PoS tackles this issue by either enforcing a slashing condition [2] or by releasing violators from their position [15].’’ The example of Eth is related with this conclusion about slashing conditions, providing additional information about it. 2. Indeed I didn’t know how to add sources since I used the automated tool until now. I am sorry about that. I won’t defend the source either. The purpose of this paragraph is to clarify where the attack is still successful. It does not provide new information, but I think it helps the reader to understand where the attack can be applied. I will search for better sources.

3. Indeed it is not referenced in this source, it is prior knowledge. You are right. I have to do better work on providing sources.

Network partitioning helps to control which party is responsible for which sector. It is not important and it could be omitted. Also it is not a mitigation. It is referenced as informative about the strategies used in this direction. 

By the way, randomization is very important for all types of attacks, including this, because if the choice is not random, it is easier for blocks to be proposed by the same party, resulting in more feasible bribery attacks. Delegation is indeed an implementation choice which adds centralization. This choice can help mitigate this type of attack due to economical incentives. It is not a strictly technical mitigation, and I think it could be also omitted.

Touftoufikas (talk) 10:09, 28 February 2023 (UTC)