Page 42 - FIGI: Security Aspects of Distributed Ledger Technologies
P. 42

of the network with as few as 3-4 Bitcoin or Ethe-  Vulnerability:
            reum mining operations dominating over 50-60% of   Blockchain  Consensus Dominance; Mining Pool
            the network. 284                                   Dominance
               In the case of POW, should one entity or mining   Consensus Dominance, more commonly known as a
            pool hold 51% of the hashing power, that individu-  51% attack in POW blockchains, is a situation where
            al or group would have monopoly control over the   a substantial amount of power - as defined by the
            blockchain and be able to mine blocks at a faster rate   consensus protocol - is held by one entity or group
            than the rest of the miners in the network. In POS   so that control over consensus is either held or can
            systems, the same can be accomplished by holding   be impacted by that one party.
            a majority of currency in the network or the highest   The vulnerabilities here can manifest as the follow-
            amount staked.                                     ing:
               This attack works in the same fashion as Alter-
            native History except that the attacker has majori-  •  Forks of the blockchain where malicious and
            ty control of the network and will be able to mine/  undesirable activities can occur, such as double
            validate transaction and outpace the network to      spending  attacks  which  take  advantage  of  tem-
            add blocks to the chain.  Depending upon the sys-    porary forks (Bitcoin) or others which can create a
                                  285
            tem, the attacker could ‘choose between using it to   permanent hard fork of the blockchain which can
            defraud people by stealing back his payments, or     only be fully corrected by doing the unthinkable –
            using it to generate new coins.’  The most popular   rolling back the blockchain to an earlier block.
                                        286
            targets of 51% attacks are crypto-currency exchang-  •  Failure to Reach Consensus which may lead to fail-
            es,  where often coins are deposited and quickly     ure to carry out an action or transaction, such as
               287
            exchanged  for  another  currency  which  is  immedi-  requiring an amount greater than 50% of all nodes.
            ately sent to another address under control of the   •  System Dominance,  where one or more actors
            attacker. 288                                        can, alone or in collusion, can dominate the net-
               With regard to POW-based blockchains such         work and take control over transactions and award
            as Bitcoin, several papers claim that a 51% attack   themselves new crypto-currency and mine or val-
            can actually be successful with as low as 25% and    idate their own transactions, examples of which
            33% of the hash/computing power and incidents        below include Majority/51% attacks, Sybil attacks.
            with mining pools have confirmed the potential for   •  Inferior System Performance,  where reaching a
            such  abuse.    Blockchains  with  a  smaller  number   consensus may take a comparably longer period
                       289
            of nodes are more prone to 51%/Majority Control      of time than expected or practicable, including
            attacks. Short term investments, such as ASIC rent-  actions of bad actors, which can cause high laten-
            als, could empower hackers and incentivize them to   cies and significant transaction disruption.
            commit such an attack – as was allegedly the case   •  Weakness in logic/security/safety
            with Vertcoin.  Smaller networks/alt coins are most
                        290
            vulnerable and were primary targets in 2018 giv-   Risks:
            en the larger potential profitability.  Large mining   Mining pools present both a risk to breaching the
                                            291
            pools, such as Bitcoin, are ostensibly less vulnerable   security of a consensus algorithm (as they can act
            because of the theoretically large investment (or col-  collectively or individually controlling the network)
            lusion) which must occur.                          as well as serving as a target for attacks since control
                                                               over or disruption of powerful mining pools can pres-
            Specific Threat:  Selfish Mining/Block Discard     ent lucrative opportunities by either controlling the
            A dishonest mining who has significant power does   pool or by taking a position which would benefit
            not release mined or validated blocks immediately.   from a disruption.
                                                                              293
            Instead, they a block or chain is created privately and
            released all at once so that the network will choose   Other risks include:
            the selfish  miner’s  longer  chain  and other miners
            with only one block or a chain with only one block   •  Influencing the consensus process and validating
            will lose that block in favor of the selfish miner’s   and adding blocks to the blockchain
            longer chain. 292                                  •  Creating/mining new coins 294
                                                               •  Engaging in double spending. 295
                                                               •  Refusal to validate or mine transactions.
                                                               •  Removal of competing chains



           40    Security Aspects of Distributed Ledger Technologies
   37   38   39   40   41   42   43   44   45   46   47