Fight fire with fire: MIT scholar suggests ETC counters 51% attacks

Game theory suggests ways for Ethereum Classic to deter double-spend assaults, say MIT researchers.

The recent 51% attacks on Ethereum Classic (ETC) have raised fresh questions about the security of proof-of-work blockchains. Not only has ETC been attacked three times within a month, but these assaults have been enabled with rented hashrate power. One of these attacks cost OKEx $5.6 million as it paid out its customers in full. The major cryptocurrency exchange then threatened to delist Ethereum Classic if it doesn’t improve its security soon. 

Some questions being asked last week were: Is this problem unique to Ethereum Classic, or are all PoW blockchains vulnerable? Would regulating hashrate rental firms help? If not, what exactly can be done?

Cointelegraph queried industry representatives for some answers. One interesting recommendation came from a research team at the Massachusetts Institute of Technology that has been exploring ways of applying game theory to crypto security. The team borrowed a leaf from the “war of attrition” game theory, which entails exhausting enemy resources via small losses. The idea seems to provide some disincentives to would-be hackers.

Ethereum Classic company declined to be interviewed for this story.

Mount a counterattack?

Daniel Aronoff from MIT’s department of economics told Cointelegraph that a better way to deter 51% assaults may be to threaten attackers with retaliation. He co-authored a recent paper on defending against “double-spend” attacks with Neha Narula, director of MIT Media Lab’s Digital Currency Initiative, and Daniel Moroz, Ph.D. candidate in computer science at Harvard University — both of whom provided input in Aronoff’s correspondence with Cointelegraph. Aronoff further explained:

“Our work on blockchain incentives shows that theoretically a deep-pocketed exchange can deter double-spend attacks if potential attackers believe the intended victim will counter-attack and negate the attempted double-spend.”

Intuitively, the exchange and the attacker are fighting over the value of the current double-spend attack, he noted, “but the exchange also risks encouraging more attacks in the future if it allows the attack to succeed. Therefore, the exchange has more to gain by defeating the attack than does the attacker have to gain by succeeding.”

Hashrate rental shops increase attack likelihood

The group’s February 2020 paper appears to anticipate the sort of problems that have beset ETC in recent months. It notes that PoW mining was intended to provide blockchains with robustness against double-spend attacks (of which 51% attacks are a subset), but recent economic analysis strongly suggests that free entry conditions along with the ability to rent sufficient hashrate to conduct an attack arguably make the resulting block rewards irresistible to malefactors.

The MIT team devised a formal model of a retaliation game in which a victim such as ETC launches a counterattack. This is how they imagine the struggle: “A victim might rent from the same marketplace at the same cost to retrieve its property. In this way, the interaction between the attacker and the victim takes the shape of a War of Attrition.”

The model shows that the mere threat of this kind of counterattack eventually “induces a subgame perfect equilibrium in which no attack occurs in the first place.” Meanwhile, in the real world, attacks on networks like ETC continue. “The threat is real,” said Aronoff, adding:

“It is perplexing that the targeted exchanges chose not to counter-attack, which would have cost tens of thousands of dollars, and instead immediately paid out millions of dollars to clients. This sends a perverse signal that it is easy to make a fortune by double-spending an exchange. Exchanges can deter future attacks fairly inexpensively by establishing the credibility that they will counter attempts to double-spend them.”

Crackdown on hash rental firms?

Some other questions were raised last week regarding PoW incursions. As noted, the July 30 to Aug. 1 attack on the Ethereum Classic network was enabled by hash rate purchased from NiceHash, a marketplace that connects sellers and buyers of hash rate for different algorithms. In the aftermath of the attack, ETC called for enforcement and regulation of hash-rate rental platforms.

Would regulating hash-rate rental firms curtail such attacks? Maybe not. Many of these rental firms may be outside the reach of regulators. In the case of NiceHash, its “co-founder is pending extradition to the United States for charges of fraud and racketeering after being convicted of similar offenses in Slovenia,” noted Ethereum Classic. Darren Tapp, assistant research professor at Arizona State University, and CEO of TAPPMATH database provider, told Cointelegraph:

“It is not clear in which jurisdiction regulation would apply. In any case, I imagine that hashpower rental marketplaces will be more active in unregulated jurisdictions. A market actor intending to carry out a 51% attack will always bid higher for hash power then other actors. This may mean that hashpower will migrate away from regulations.”

Emin Gün Sirer, CEO of Ava Labs and associate professor of computer science at Cornell University, told Cointelegraph that ETC’s case wasn’t unique: “Any PoW coin that isn’t the leader in its hash function is vulnerable to attacks such as these.” He went on to add: “Their security relies on the amount of hashpower that an attacker can get their hands on, and as that number grows, the number of confirmations required for security goes towards infinity.”

Would checkpointed consensus help?

On Sept. 4, Charles Hoskinson’s IOHK proposed to the ETC community that it use Cardano or Bitcoin networks to prevent 51% attacks. The idea would be to introduce checkpoints to validate the network. This would be performed by an Ouroboros-Byzantine fault tolerance checkpointing network and signed on the ETC by “trusted members.” Was there merit in this proposal?

According to Sirer: “Any checkpointing proposal that relies on humans is antithetical to blockchains and is tantamount to complete technical failure.” These individuals could be coerced or compelled to make any state change at any time, he said.

“Using a checkpointing proposal like this completely defeats the point of using a blockchain at all,” Aronoff added. “It would be easier for the ‘trusted members’ to just maintain a database of ETC transactions themselves.”

Others were more positive with regard to the checkpointing proposal. “IOHK’s checkpointing proposal is valid but would really be a last resort solution for ETC as a decentralized PoW blockchain network,” Jay Hao, CEO of OKEx exchange, told Cointelegraph.

“Proposing ‘trusted members’ adds an element of centralization to the network that is likely to be unacceptable to the majority of the ETC community — especially if it intends to continue as a PoW chain,” said Hao. It would invalidate Bitcoin’s longest chain principle. “For a project like Ethereum Classic that has fought hard to maintain its belief in code is law, I can’t see this proposal being adopted.”

A different hashing algorithm?

Others in the community suggested that changing ETC’s hashing algorithm might help. However, Sirer rejected this idea too: “Changing the hashing algorithm is a stopgap measure in the short term, and it’s unlikely to be popular because it invalidates the miners’ investment in their infrastructure.”

A better long-term solution in Sirer’s view would be to switch to a different consensus protocol — one that isn’t vulnerable to 51% attacks, which would “allow ETC to be minted with existing miner infrastructure, while computing the checkpoints in a decentralized fashion, without trusted keys or community members.”

Related: Two Attacks on ETC Network Leave Community Needing a Solution, Fast

Asked about switching protocols, Tapp answered: “Boneh Lynn Shacham (BLS) signature schemes are a useful tool for multi party digital signatures,” which allow a user to verify that a signer is authentic. “Parties that wish to form a joint BLS signature can produce a partial signature, and then any party that collects enough partial signatures can construct a joint signature.” Tapp also added:

“Then actors that prove they control an unspent output can register on-chain, with a public BLS key, as a node that will identify which block they received first. [...] The unspent output will prevent a Sibyl attack. Also the threshold for the signature can be set above 50%. With a protocol like this, an attacker would need to control a significant number of registered nodes, which is prohibitively expensive.”

Are all PoW blockchains vulnerable?

One lesson some were drawing from the recent events was that any PoW blockchain without enough devices engaged in mining might be susceptible to 51% attacks. “All decentralized blockchains including BTC are susceptible to 51% attacks by their very nature,” OKEx’s Hao told Cointelegraph, adding further:

“If this was not the case, they would cease to be decentralized. Because of this, and our belief in the promise of decentralized projects, OKEx has been very tolerant and supportive of ETC and its recent problems.”

But the OKEx CEO also put forth a warning: “It’s imperative that ETC fix the vulnerabilities in the network that make the possibility of another attack in the short-term high, as they could place ETC’s future at risk and/or cause exchanges like OKEx to delist.”

Elsewhere, the MIT team hasn’t seen much evidence that their retaliation strategy is being used widely in the marketplace at present, but that could soon change. As they note in their paper: “As the markets for hashrate power continue to mature, we expect sophisticated actors to increase their readiness to defend themselves in the case of a double-spend attack.”