This is Part 2 of my conversation with Robert about well-known attacks against blockchains and the types of defense taken by DFINITY. Nothing-at-Stake means that in Proof of Stake it is basically cost-free to mine blocks on multiple forks. Notarization enables the quick convergence of forking chains and the equivocation gets penalized.
Robert: We have two things here: we have no race conditions, so you have enough time as a block maker to publish your block, and if you misbehave and just wait too long to try some strategy, then your strategy will be a losing strategy.
Cédric: So that’s Number One – Attack Vector is called Selfish Mining. What’s Number Two?
Robert: Number two is the so called Nothing-at-Stake Attack or maybe Nothing-at-Stake Problem. What is Nothing-at-Stake? So let’s go back to the situation with proof-of-work blockchains. Let’s also consider forks – two chains that have the same length. So in this situation in proof-of-work you would in Bitcoin just follow the first seen rule. In proof-of-work systems like in DFINITY, this is a bit more complicated because it doesn’t cost you anything to mine a block.
Robert: Mining a block is basically cost-free; you don’t have to solve any riddle or puzzle game. Theoretically it would make sense to not just append your block on one of the chain ends because it can happen that this chain will eventually be the prevalent one, but it could make sense to append your block to both chain ends because then you would have a higher chance in total to get your block accepted in the end. And this is a serious issue because if everybody does that, then forks cannot be resolved anymore because forks could even fork create another fork and then people would follow on each fork and the chain would never converge. So this is really a bad thing.
Cédric: And suddenly we would have double spending on all over the place, right?
Robert: Exactly you couldn’t finalize your transactions anymore. If you still try to have some finality then this would be broken and double spends could occur all the time.
So this problem is more, I would say, nowadays a theoretical one, because there are ways to defend against this problem and most newer systems, like the second or third generation of proof-of-stake systems, try to solve this problem.
Robert: And our way of solving this problem is that we, as already shown in the previous pictures, we have this kind of regular slots for each block height, we have a list of block makers and we have this notarization. Basically the notaries have to select which block to notarize. It can happen in DFINITY that more than one blocks in case of a fork, more than one block so let’s say two blocks, get notarized.
Due to the rules how notarization works, so the rules to choose which block to notarize and also the block making rules lead to a very quick convergence of the chains. So this is one aspect to it. The notarization really helps you to get quick convergence. There’s another aspect or another thing that we can do and that we will do in our system
and that is we can penalize the block maker for equivocating.
Robert: Because this situation is very easily detectable, you can prove or create a proof of equivocation. If one block maker has created more than one block, that can be proven and that can also lead to a penalty, like we can slash the stake deposit of the misbehaving miner. Maybe the last point there can be situations that are a bit more difficult to handle, where the block maker not just maybe produces one or two blocks or two or three equivocating blocks, but the block maker produces a million or billions of blocks because this situation can lead to problems in the relay network. So that their network just gets overwhelmed. The honest blocks cannot be propagated any longer.
DFINITY Relay Policy & Notarization Policy
Robert: To prevent this situation, we have rules for the relay policies, so we have rules in a relay policy and also in our notarization policy, as I mentioned, which take care of such equivocating blocks and which make sure that they cannot really propagate through the network. So if a relay node – every node is also a relay node – in that it sends blocks that have received over to other nodes, they will quickly stop equivocating blocks and they will also relay the proof of equivocation so that other nodes can see that this happened and they can also apply the same strategy and just stop these blocks. With that, we can prevent Nothing-at-Stake.
Cédric: Okay, so it sounds DFINITY has implemented a couple of policies that prevent Nothing-at-Stake Attacks or let’s just say problems from happening on a network.
Robert: Yes, exactly. So in our system it’s not a profitable strategy for you as a block maker to just mine on more than one chain because then you won’t get your block accepted, so neither of your blocks will get accepted and you will also get penalized.