The SafeBox preserves the cryptographic integrity of the full blockchain even though nodes are not required to store the full blockchain. That follows from the fact that the SafeBox contains all the block headers used to construct that SafeBox within the SafeBox itself. Each block header makes a hash commitment to the previous SafeBox state (i.e. the state of all accounts at that point in time) and also the previous block header. In this manner, the state and its evolution are preserved by using the difficulties in the block headers; the total work used to evolve that state can then be calculated. Nodes will only adopt the SafeBox with the most work.

A distinction should be made between cryptographic integrity, the proof that the SafeBox is hashed correctly from block 0, and cryptographic security, the number of blocks that need to be re-mined in an attack. The SafeBox retains the full cryptographic integrity and retains 99% of the cryptographic security of a full blockchain. The latter is due to the state-attack vector as explained in the following.

With regards to the state-attack, a distinction should be made between a double-spend and a state-attack. A double-spend refers to an attack involving majority hashpower and rolling back already accepted transactions but not hacking account balances as stored in the SafeBox. A state-attack refers to corrupting a balance and trying to cover it up by re-mining blocks in a way that other nodes cannot detect the hacked balance. With a double-spend, Pascal’s security parallels to that of a secure Proof-of-Work UTXO blockchain and is a function of hashpower. The state-attack, however, is unique to Pascal and requires an attacker to re-mine the network median history to succeed. But compared to the standard double-spend attack with hashpower majority, the state-attack is extremely difficult and unrealistic to execute.

If a state-attacker naively alters an account balance then it becomes corrupt since the tip block has an invalid SafeBox hash. If the attacker tries to re-mine that tip block faster than the rest of the honest network such that it links to its corrupted SafeBox, then the honest network can detect the tip block is invalid since they have the last 100 blocks.

If a more sophisticated state-attacker attempted to re-mine the last N blocks, and do so in a manner that it linked to his corrupted SafeBox state, then it can only fool other nodes if and only if such nodes kept less history (N-1 blocks) and the falsified SafeBox had more aggregated work than the honest SafeBox. However, this is not enough to fool the entire network since there exists archival nodes which keep the entire history, and many nodes keep large numbers of blocks. So the theoretical minimum number of blocks an attacker needs to re-mine is N=100 but in practice, it is far higher. If the network keeps a median history of 1000 blocks, then the security of the SafeBox is equivalent to a blockchain of 1000 blocks.

Formally, the SafeBox model is as secure as the median block history of the entire network with regards to the state-attack but additional security parameters as follow substantially increase the SafeBox’s security:

• The amount of difficulty required to re-mine a history grows exponentially. This means it’s exponentially harder to re-mine the last 3 blocks than it is the last 2, and so on.

• Pascal uses a 5-minute block time. Re-mining 100 blocks with a 5-minute period is far more difficult than, for example, 100 blocks with a 30-second period.

• Random Hash, an innovative ASIC & GPU resistant algorithm, serves as a powerful deterrent on hashpower monopoly.

• Since nodes require the last 100 blocks minimum, the “network median history” will never fall below 100. In practice, due to the presence of archival nodes which maintain full-history and long-running nodes which maintain large histories, the “network median history” will always be significantly larger than 100.

• Current and upcoming synchronization implementations for nodes mean that a state-attacker would need to re-mine far more than 100 blocks. For example, the default setting for nodes who opt for checkpointing instead of continuous history is to download a checkpoint per 2016 blocks or 7 days. As another example, one upcoming implementation involves downloading a checkpoint and then some preceding history; if invalid blocks are found in history, then the compromised checkpoint is eschewed altogether.

• If a state-attack succeeds, then the minority nodes that had longer histories than the state-attack rollback are immune to any balance alteration.

• If one falls to a state-attack, the worst case is that he would simply need to re-download a longer segment of the Pascal blockchain history and recover his balance(s). The state-attacker would be stuck with invalid balances unless he continues to fool others.

Technically, no blockchain data in Pascal is ever deleted even in the presence of the SafeBox. Since the SafeBox is cryptographically equivalent to a node with the entire history, Pascal nodes are not expected to contain infinite history. But for any reason(s) one may have, one could still keep all or some of the Pascal blockchain history as an option.

The SafeBox security model actually offers an advantage compared to the full blockchain model in terms of security because it places far less dependence on the full blockchain history (i.e. archival nodes). In the long term, the full blockchain model would inevitably lead to some form of centralization as well as a potential security risk. As a result, the SafeBox security model is at least on par with the full blockchain security model on the macro level.

On the micro level, the SafeBox security model is barely diminished to that of the full blockchain model. However, it is still far greater than the simple payment verification (SPV) security model. In terms of cost-benefit analysis, the SafeBox is superior to full blockchain because the SafeBox needs only “1%” of storage yet retains “99%” of security.

Thanks to the SafeBox’s design, the user would have full assurance that he is on the longest Proof-of-Work chain without needing to download the entire blockchain history – a unique innovation that offers many advantages.