Recent cryptocurrency news has been dominated by 51% attacks, whereby a single actor controls the majority of the mining power and is able to use this to reverse transactions. Bitcoin Gold and Verge, as well as Monacoin, recently suffered similar attacks. This has called into question original estimates of the level of network security provided by pure proof-of-work mining.
A determined and powerful actor can compromise most major cryptocurrencies with relative ease
The selling point of proof-of-work models is that miners are incentivized to secure the network with their computing power, and mature networks will acquire enough hashrate from miners to effectively block all but an extremely powerful attacker from compromising the network. However, attacking a network may prove to be easier than originally thought. 51Crypto compiled a list of proof-of-work cryptocurrencies with a projected chart of the costs to take over a majority of hashrate for an hour.
https://t.co/HYejqons0V shows how easy it is to 51% attack some of the smaller PoW coins. For some coins, 100% of the hashrate can be rented from NiceHash, which removes the capital costs of the attack!
For example, Bytecoin (marketcap ~$1B) can be 51% attacked for $557! 😲 pic.twitter.com/nQNQ0EtMV3
— Charlie Lee [LTC⚡] (@SatoshiLite) May 29, 2018
The site estimates ease of attack by finding the cost of purchasing hashrate on NiceHash for each respective coin, then estimating the total cost of attacking a network for an hour’s duration. NiceHash’s rates are used to calculate the entire hashrate’s cost, even when only a small percentage could be used from the service. Naturally, mounting such an attack can prove more complicated than simply purchasing hashrate, as in some cases purchasing specialized hardware, which may be in limited supply, and other logistical issues may be present, but the experiment illustrates some challenges facing pure proof-of-work coins.
Proof-of-stake’s centralization problem
The main alternative mechanism to proof-of-work mining is proof-of-stake, which essentially limits validation of the blockchain to actors who prove control over a portion of the coin’s supply. Many variations of implementations exist for proof-of-stake, but the essential prospect is the same: prove you have a stake in the network in order to be trusted to maintain the blockchain. The thought is that those who have a significant financial stake in the network will not want to destroy it, and outside potential attackers would be blocked from compromising the network without undertaking the costly (and potentially impossible) task of acquiring enough units of the coin to do some real damage.
The challenge posed by a pure proof-of-stake model, however, is precisely how it was intended to work: fees and new coins created are given to people who already have some, and the more you have, the more opportunity you have to get more. This creates a situation where the rich and entrenched only get richer and more entrenched, and the only way to participate in securing the network is to buy from someone who already has some. A mature network switching to proof-of-stake runs the risk of centralization as powerful actors only become more powerful, however this risk is only amplified in nascent networks where the original holders can in fact restrict nearly the entire supply and completely dominate the network. Requiring collateral as a prerequisite to getting more defeats the open participation principle which makes cryptocurrencies resilient against centralization of censorship.
A hybrid model, like Dash’s may be the security minimum rather than overkill
Challenges facing pure proof-of-work models, as well as complications from implementing proof-of-stake, make a dual system like what Dash uses to seem more attractive. Dash operates on a proof-of-work model similar to Bitcoin, however the masternode network offers collateralized extra proof-of-service layer. Spork 3, InstantSend Block Filtering, causes masternodes to reject blocks that operate in conflict with InstantSend transactions locked by the masternode network. This means that, when InstantSend is being actively used, Dash is effectively impossible to attack with mining alone. An attacker would have to both control 51% or more of the mining hashrate, as well as 51% of the masternode network, in order to be able to attempt to reverse transactions. At present prices, for the masternode network alone this would necessitate buying around $1 billion worth of Dash, which itself would trigger prices to skyrocket, significantly increasing the cost past that figure. Even more challenging, around 60% of Dash’s supply is already tied to masternodes, meaning that an attacker could buy every single other Dash in circulation and still fall short, and would need to convince existing actors to sell in order to make up a majority.
A concern over Bitcoin and other similar networks has been that, by allocating 100% of the block reward to mining, the networks would be in fact overpaying for security. This may, however, prove to be a case of misallocating funds for security, where a hybrid model, such as that employed by Dash, may serve better for long-term stability of the network.