4. Network Security

“Security through the eyes of a nation state”

The first implementation of Proof of Work as we know if has been with Bitcoin in 2009, which is functional already through more than 10 years. Since its inception many other coins have adopted Proof of Work and since then it has become the unchallenged way of designing public blockchains. Bitcoin’s Proof of Work has gone through many attack attempts and has proven to be reliable and secure.

PoW chains are systems which require external commitment, meaning that the resources and value comes from outside the system (hardware, electricity), which unlike intrinsic PoS might have some advantages. This way PoW avoids some potential game-theoretic situations, where the benefit of attacking the system outweights the loss in stake (getting slashed).

In the short term, Proof Of Work chains could be challenged by mining cartels or hashpower buying through services like Nicehash, which may lead to 51% attacks. As the hashpower buying to execute such an attack is impossible for Bitcoin, it is feasible for smaller Proof of Work Chains, which we have seen lately with Verge (link) and ETC (link).

To estimate the cost for a 51% attack on Bitcoin we have to look at the total hardware and electricity cost to reach such an 51% advantage in hashing power.

Total Hashing Power: 50,000,000 TH/s

Current Price for Antminer S9: $300

Antminer S9 Hashing Power: 13 TH/s

Hardware Cost for 51% Attack: $1,153,846,153 USD (1.11% of network value)

Disclaimer: this is a very rough idea of what the cost could be, but still it is obviously not as easy to determine.

Proof of Stake and Staking is a still very new. Even though Blockchains such as PeerCoin or Ardor have been live for a long time, it has not been until summer 2018 when the first major Proof of Stake Blockchain went live with Tezos.

None of them has ever really been critically stress tested, so we do not know about the possible problematics we may face.

There are a few possible attack vectors for Proof of Stake such as:

Long Range Attack

A Long Range attack is a scenario where an adversary creates a branch on the blockchain starting from the Genesis block and overtakes the main chain. This branch may contain different transactions and blocks and is also referred to as Alternative History or History Revision attack.

Nothing at Stake Attack

One issue that can arise with PoS networks is the “nothing-at-stake” problem, wherein block generators/validators have nothing to lose by voting for multiple blockchain histories, thereby preventing consensus from being achieved. Because unlike in PoW systems, there is little cost to work on several chains.

51% Attack

You may think that a total of 51% of the network value is required to run such an attack, but in some PoS network the amount of stake necessary to conduct such an attack is estimated to be as low as 33%. And with delegations or votes the attacker doesn’t even need the stake himself, but is fine with third party network support, which he may be able to gain through vote buying or bribery. It is important to point out that the attacker doesn´t need ⅓ of the total supply, but rather ⅓ of the active stake, which could be significant lower.

Low Staking Participation (Stake Ratio)

It is important to point out that the 51% attacker doesn´t need ⅓ of the total supply, but rather ⅓ of the active stake, which could be significant lower. E.g. with a Stake Ratio of 25% the required amount is only 1/12 of the total supply (⅓ * 25%)

Private Key Attack

While Staking the private keys are always online and therefore exposed to the network in order to proof ownership of the stake and sign transactions. With the constant connectivity to the network, the keys are more vulnerable to attacks. Even if the private keys do not directly control all the funds of the total stake: Gaining control of the keys gives access to validation and staking rights, to run an attack.