proof of stake at stake
play

Proof-of-Stake at Stake: Predatory, Destructive Attack on PoS - PowerPoint PPT Presentation

Mar 04, 2023 •244 likes •648 views

Proof-of-Stake at Stake: Predatory, Destructive Attack on PoS Cryptocurrencies 3rd CryBlock @ MobiCom 2020 25th September 2020, Virtual Suhyeon Lee (Speaker) and Seungjoo Kim* School of Cybersecurity, Korea University {orion-alpha,

  1. Proof-of-Stake at Stake: Predatory, Destructive Attack on PoS Cryptocurrencies 3rd CryBlock @ MobiCom 2020 25th September 2020, Virtual Suhyeon Lee (Speaker) and Seungjoo Kim* School of Cybersecurity, Korea University {orion-alpha, skim71}@korea.ac.kr * Corresponding author

  2. Index • Proof-of-Stake • PoS Philosophy • Shorting Attack • Conclusions

  3. Key Questions: 1. What are assumptions of PoS? 2. Isn’t it profitable to be a dishonest player in PoS?

  4. Proof-of-Stake (PoS)

  5. Proof-of-Stake (PoS) Proof-of-Stake (PoS) is getting a vote power from the behavior “staking” which makes some amount of coins bonded for a while.

  6. Proof-of-Stake (PoS) Fig. Electricity usage of Bitcoin mining Proof-of-Work (PoW) mining of Bitcoin exceeded the electricity usage of Switzerland. On the other thand, staking spends little energy so eco-friendly and intuitive.

  7. Proof-of-Stake (PoS) For security, PoS has two main penalties to attackers. 1.Depreciation 2.Slashing We will discuss again later.

  8. Proof-of-Stake Security Issues • Nothing-at-Stake • Long Range Attack • Grinding Attack • (Shorting Attack) ← today’s topic

  9. Diversity of PoS Nguyen et al., "Proof-of-Stake Consensus Mechanisms for Future Blockchain Networks: Fundamentals, Applications and opportunities"

  10. PoS Philosophy

  11. PoS Philosophy • Peercoin is the pioneer of proof of stake [Advantage of staking] “A minter’s chances of being selected as the next block producer rely specifically on the number of coins held and time in the form of coin age and some amount of luck.” peercoin.net

  12. PoS Philosophy • Peercoin is the pioneer of proof of stake [Condition of staking] “Minters are first required to hold coins in their wallet for a total of 30 days before they can become eligible to compete in the process of minting new blocks.” peercoin.net

  13. PoS Philosophy • Peercoin is the pioneer of proof of stake [majority attack] “A malicious actor would need to purchase enough coins ... the price per peercoin to skyrocket. .. to perform a successful attack would likely bankrupt the attacker in the process.” peercoin.net

  14. PoS Philosophy • Ethereum suggested Casper and Slashing [value-at-loss] “The one -sentence philosophy of proof of stake is thus not security comes from burning energy, but rather security comes from putting up economic value-at-loss ” Vitalik Buterin. 2016. A Proof of Stake Design Philosophy. https://medium.com/@VitalikButerin/a-proof-of-stake-design-philosophy-506585978d51.

  15. PoS Philosophy • Ethereum suggested Casper and Slashing [slashing] “the evidence of the violation can be included into the blockchain as a transaction, at which point the validator’s entire deposit is taken away with a small “finder’s fee” given to the submitter of the evidence transaction.” Vitalik Buterinand Virgil Griffith. 2019. Casper the Friendly Finally Gadget

  16. PoS Philosophy • Ethereum suggested Casper and Slashing Vitalik Buterinand Virgil Griffith. 2019. Casper the Friendly Finally Gadget

  17. PoS Philosophy Value-at-loss

  18. Assumptions in PoS Mechanisms As long as a majority of CPU power is controlled by nodes that are not cooperating to attack the network, they’ll generate the longest chain and outpace attackers. Bitcoin Whitepaper

  19. Assumptions in PoS Mechanisms when we say “ 2/3 of validators ”, we are referring to the deposit-weighted fraction; that is, a set of validators whose sum deposit size equals to 2/3 of the total deposit size of the entire set of validators. Casper the Friendly Finally Gadget

  20. Assumptions in PoS Mechanisms … to the permissionless setting as in the original Algorand protocol, where the Adversary can corrupt users adaptively and instantaneously, but cannot control more than 1/3 of the total stake in the system. ALGORAND AGREEMENT

  21. Assumptions in PoS Mechanisms In order for more than 1/3 of dishonest participants not to exist, there must be no economic incentive to be more than one- third dishonest participants. But can we be sure?

  22. Ethereum PoS FAQ The figure shows the staking limitation from liquidity.

  23. Real World Stake • Cosmos Atom (https://www.mintscan.io/validators) – 70% • Cardano (https://adapools.org/) – 40.9% Liquid Supply: 31.5B Max Supply: 45B

  24. Real World Stake • Algorand (https://www.stakingrewards.com/earn/algorand/metrics) – 21% • EOS (https://eosflare.io/ - 56.48%)

  25. PoS Philosophy • Wait…. Value -at-Loss ? “I think I can hedge the risk” Somehow, Benefit > Loss Attacker

  26. Shorting Attack

  27. Short Selling

  28. Short Selling Cryptocurrency exchanges provide short selling and financial derivatives including margin trading to bet investors (or speculators) money.

  29. Shorting Attack in Economics We independently studied shorting attack in PoS cryptocurrencies. On the other hand, there are researches of shorting attack to financial institutes

  30. Shorting Attack in Economics The stock price is not everything but partially shows the value of companies. Thus, aggressive shorting can make financial institutes looked like they do not have enough money to continue their business. Fig. Interaction between Speculators and Creditors

  31. Assumption in Shorting Attack No more than 51% resource No more than 33% stake We take a different assumption. We takes a majority possession limitation rule, not no more 1/3 of staking.

  32. Assumption in Shorting Attack Definition 1 ( β -depreciation) In a PoS cryptocurrency, when a player violates a rule, the market value of the cryptocurrency by β % depreciated. Definition 2 ( γ -slashing) In a PoS cryptocurrency, when a player violates a rule, γ % of his stake is slashed.

  33. Shorting Attack: Victim PoS Model

  34. Shorting Attack: Procedure

  35. Shorting Attack: Numerical Analysis Assuming β -depreciation, and γ -slashing. The cryptocurrency’s total supply → 1 The average staking ratio → s Attacker’s amount of short selling → N Amount that the attacker needs to invest → at least s/3 The attacker’s seed money → N + s/3 After sabotage, The value of the attacker’s staking → (1- β )(1- γ )s/3 The result of the attacker’s short selling → (1+ β )xN Then the least seed money to reach the break-even point for the shorting attack is s/3(2+(1+ β ) γ / β ).

  36. Shorting Attack: Numerical Analysis Slashing limits shorting attack strongly. But if the attacker can ruin the value of a PoS cryptocurrency, it will make a big profit to the attacker.

  37. Conclusions

  38. Conclusions: 1. It can be profitable to be a dishonest player in PoS 2. PoS designers should consider markets as well as functions in PoS cryptocurrency systems 3. Proper incentives in PoS should be studied to discourage dishonest players

  39. Suhyeon Lee Ph.D student in Korea University Thank you orion-alpha@korea.ac.kr Keep Safe :)

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

on Proof-of-Stake Cryptocurrencies JAEWAN HONG Proof of Stake VIRTUAL MINING TO REPLACE

on Proof-of-Stake Cryptocurrencies JAEWAN HONG Proof of Stake VIRTUAL MINING TO REPLACE

Compounding of Wealth on Proof-of-Stake Cryptocurrencies JAEWAN HONG Proof of Stake VIRTUAL MINING TO REPLACE COMPUTATIONAL PUZZLES Why Virtual Mining? Power on meaningless computation Why Virtual Mining? Power on meaningless

820 views • 55 slides
Proof-of-Stake Sidechains Peter Ga i, Aggelos Kiayias, Dionysis Zindros IEEE Security &

Proof-of-Stake Sidechains Peter Ga i, Aggelos Kiayias, Dionysis Zindros IEEE Security &

Proof-of-Stake Sidechains Peter Ga i, Aggelos Kiayias, Dionysis Zindros IEEE Security & Privacy 2019 Motivation Imagine a stake blockchain where you want both the safety of Bitcoin and the features of Ethereum We start with one

372 views • 21 slides
Proof of Stake Recap Bitcoin Incentives Block subsidy Transaction fees Recap

Proof of Stake Recap Bitcoin Incentives Block subsidy Transaction fees Recap

Proof of Stake Recap Bitcoin Incentives Block subsidy Transaction fees Recap Proof of Work Mining Transactions UTXO Nakamoto Consensus Longest chain Recap Scripting Bitcoin Stack Machine Recap

4.84k views • 47 slides
A Proof-of-Stake protocol for consensus on Bitcoin subchains M. Bartoletti Stefano Lande A. S.

A Proof-of-Stake protocol for consensus on Bitcoin subchains M. Bartoletti Stefano Lande A. S.

A Proof-of-Stake protocol for consensus on Bitcoin subchains M. Bartoletti Stefano Lande A. S. Podda University of Cagliari, Italy Workshop on Trusted Smart Contracts, 2017 Bitcoin Bitcoin is a popular cryptocurrency that uses a blockchain to

540 views • 20 slides
Proof of Honesty: Coalition-Proof Blockchain Validation without Proof of Work or Stake John P.

Proof of Honesty: Coalition-Proof Blockchain Validation without Proof of Work or Stake John P.

Proof of Honesty: Coalition-Proof Blockchain Validation without Proof of Work or Stake John P. Conley Vanderbilt University Sirius Sirius Group Group Meeting Meeting Cheriton School Cheriton School of of Computer Computer Science

444 views • 26 slides
O UROBOROS P RAOS : A N ADAPTIVELY - SECURE , SEMI - SYNCHRONOUS PROOF - OF - STAKE BLOCKCHAIN

O UROBOROS P RAOS : A N ADAPTIVELY - SECURE , SEMI - SYNCHRONOUS PROOF - OF - STAKE BLOCKCHAIN

O UROBOROS P RAOS : A N ADAPTIVELY - SECURE , SEMI - SYNCHRONOUS PROOF - OF - STAKE BLOCKCHAIN Bernardo David Peter Gai Aggelos Kiayias Alexander Russell Tokyo Tech IOHK U. Edinburgh U. Connecticut & IOHK & IOHK Eurocrypt 2018

864 views • 60 slides
Ouroboros Crypsinous Privacy-Preserving Proof-of-Stake Thomas Kerber Aggelos Kiayias

Ouroboros Crypsinous Privacy-Preserving Proof-of-Stake Thomas Kerber Aggelos Kiayias

Ouroboros Crypsinous Privacy-Preserving Proof-of-Stake Thomas Kerber Aggelos Kiayias t.kerber@ed.ac.uk akiayias@ed.ac.uk Markulf Kohlweiss Vassilis Zikas mkohlwei@ed.ac.uk vzikas@ed.ac.uk The University of Edinburgh & IOHK May 17,

286 views • 28 slides
Formal Analysis of a Proof-of-Stake Blockchain Wai Yan M. M. Thin, Naipeng Dong, Guangdong Bai ,

Formal Analysis of a Proof-of-Stake Blockchain Wai Yan M. M. Thin, Naipeng Dong, Guangdong Bai ,

Formal Analysis of a Proof-of-Stake Blockchain Wai Yan M. M. Thin, Naipeng Dong, Guangdong Bai , Jin Song Dong National University of Singapore Griffith University Dec 12, 2018 Outline Problem Statement Background Tendermint

678 views • 34 slides
Welcome to the new pos pool concept www.simplepospool.com Simple Pos Pool was created by a team

Welcome to the new pos pool concept www.simplepospool.com Simple Pos Pool was created by a team

Welcome to the new pos pool concept www.simplepospool.com Simple Pos Pool was created by a team of passionate Proof of Stake lovers and build to make Proof of Stake possible for everyone. Each of us had their own coins and we sometimes

370 views • 21 slides
W A RRI O RS W I n! recently hit the production line and will be on sale for $10. Thanks to

W A RRI O RS W I n! recently hit the production line and will be on sale for $10. Thanks to

Issue 07 July 22, 2004 THOUGHT FOR THE DAY A m an w ho know s he has com m i tted a m i stake and doesn t correct i t i s com m i tti ng another m i stake. C onfuci us WELCOME TO TERM 3, 2004 O how quickly

430 views • 5 slides
Proof-of-Stake Consensus Protocol for Cyber Supply Chain Data Provenance Xueping Liang, Deepak

Proof-of-Stake Consensus Protocol for Cyber Supply Chain Data Provenance Xueping Liang, Deepak

Proof-of-Stake Consensus Protocol for Cyber Supply Chain Data Provenance Xueping Liang, Deepak Tosh, Sachin She)y Old Dominion University Funded by the U.S. Department of Energy and the U.S. Department of Homeland Security | cred-c.org

1.2k views • 28 slides
Gove r nor s Maste r Plan for Aging Stake holde r Advisor y Committe e (SAC) Me e ting

Gove r nor s Maste r Plan for Aging Stake holde r Advisor y Committe e (SAC) Me e ting

Gove r nor s Maste r Plan for Aging Stake holde r Advisor y Committe e (SAC) Me e ting #3.5 We binar Only T opic in F oc us: Br ie fing on L ong- T e r m Se r vic e s and Suppor ts (L T SS) Stake holde r Re por t F e b

620 views • 35 slides
OFFSHORE ON DUTY E.R. OFFSHORE 53 33 N | 009 59 E | HAMBURG WE KNOW WHAT IS AT STAKE

OFFSHORE ON DUTY E.R. OFFSHORE 53 33 N | 009 59 E | HAMBURG WE KNOW WHAT IS AT STAKE

OFFSHORE ON DUTY E.R. OFFSHORE 53 33 N | 009 59 E | HAMBURG WE KNOW WHAT IS AT STAKE IN THE OFFSHORE BUSINESS. THAT IS THE REASON WE HOLD A STRONG COMMITMENT TO THE SAFETY OF OUR OPERATION AS WELL AS PROMOTING ITS QUALITY AND

302 views • 15 slides
Learn how together we can fight back and win Learn more about whats at stake Learn about the

Learn how together we can fight back and win Learn more about whats at stake Learn about the

In this presentation you will: Learn how together we can fight back and win Learn more about whats at stake Learn about the state of play around the country 2.3 million members across 50 states fighting for access to abortion care, birth

511 views • 40 slides
Acquisition of a 99.38% Stake in T Tower in Seouls CBD 23 April 2019 Outline

Acquisition of a 99.38% Stake in T Tower in Seouls CBD 23 April 2019 Outline

Acquisition of a 99.38% Stake in T Tower in Seouls CBD 23 April 2019 Outline Transaction Overview 3 Seoul Office Market 6 Property Highlights 10 Impact to Portfolio 14 IMPORTANT NOTICE: The past performance of Keppel REIT

655 views • 23 slides
a 17% stake in Yangjiang Nuclear 30 November 2016 Disclaimer This presentation contains some

a 17% stake in Yangjiang Nuclear 30 November 2016 Disclaimer This presentation contains some

CLP Holdings Analyst Briefing on the conditional agreement to acquire a 17% stake in Yangjiang Nuclear 30 November 2016 Disclaimer This presentation contains some comments that may be construed or interpreted as relating to future events

373 views • 12 slides
Navigating with Power Laws Aaron Clauset CAIDA / SFI Networks and Navigability Working Group 8

Navigating with Power Laws Aaron Clauset CAIDA / SFI Networks and Navigability Working Group 8

Navigating with Power Laws Aaron Clauset CAIDA / SFI Networks and Navigability Working Group 8 August 2008 Milgram Study (1967) A question of social connectedness 60 letters sent to Wichita, Kansas Destination: wife of divinity stud.,

663 views • 22 slides
The Generalized MDL Approach for Summarization Laks V.S. Lakshmanan (UBC) Raymond T. Ng (UBC)

The Generalized MDL Approach for Summarization Laks V.S. Lakshmanan (UBC) Raymond T. Ng (UBC)

The Generalized MDL Approach for Summarization Laks V.S. Lakshmanan (UBC) Raymond T. Ng (UBC) Christine X. Wang (UBC) Xiaodong Zhou (UBC) Theodore J. Johnson (AT&T Research) (Work supported by NSERC and NCE/IRIS.) Overview

456 views • 24 slides
3/28/16 Predicate Logic n Some statements cannot be expressed in propositional logic, such as:

3/28/16 Predicate Logic n Some statements cannot be expressed in propositional logic, such as:

3/28/16 Predicate Logic n Some statements cannot be expressed in propositional logic, such as: Predicate Logic n All men are mortal. (Rosen, Sections 1.4, 1.5) n Some trees have needles. TOPICS n X > 3. Universal Quantifiers n Predicate

57 views • 4 slides
UMBC A B M A L T F O U M B C I M Y O R T 1 (9/28/04) I E S R C E O V U

UMBC A B M A L T F O U M B C I M Y O R T 1 (9/28/04) I E S R C E O V U

VLSI Design Verification and Test Defects CMPE 646 Failures in Integrated Circuits Failure mode is used in reference to the manifestation of a "defect" at the elec- trical level . Failure modes are modeled as faults at logic or

402 views • 16 slides
1 Testing Investment Portfolios A Permutation Test Testing Investment Portfolios A

1 Testing Investment Portfolios A Permutation Test Testing Investment Portfolios A

Summary Summary Using R for Evaluating Trading Using R for Evaluating Trading Strategies Strategies R is a good thing R is a good thing Random portfolios are useful Random portfolios are useful Patrick Burns Patrick Burns

415 views • 5 slides
1. gate to Camp Tien Sha 2. view of Camp Tien Sha from Monkey Mountain 3. street level view in

1. gate to Camp Tien Sha 2. view of Camp Tien Sha from Monkey Mountain 3. street level view in

1. gate to Camp Tien Sha 2. view of Camp Tien Sha from Monkey Mountain 3. street level view in Camp Tien Sha 4. interior shot with temp stored cargo 5. LST offload ramps, staging area and DeLong pier 6. Army pontoon ferry needed when the

515 views • 17 slides
35-ton Overview Eric James 35-ton Review June 2, 2016 Introduction This talk is intended to

35-ton Overview Eric James 35-ton Review June 2, 2016 Introduction This talk is intended to

35-ton Overview Eric James 35-ton Review June 2, 2016 Introduction This talk is intended to give a very high-level overview of the 35-ton prototyping program (many additional details to follow in the subsequent overview presentations)

642 views • 22 slides
Lab 04: CS631 Working with Tidy Data Alison Hill (with modifications by Steven Bedrick) g

Lab 04: CS631 Working with Tidy Data Alison Hill (with modifications by Steven Bedrick) g

Lab 04: CS631 Working with Tidy Data Alison Hill (with modifications by Steven Bedrick) g Let's review Let's review 2 / 19 2 / 19 Data wrangling to date! From dplyr : Let's add from dplyr : flter select arrange rename mutate

225 views • 19 slides

More recommend