Page 42 - FIGI: Security Aspects of Distributed Ledger Technologies
P. 42
of the network with as few as 3-4 Bitcoin or Ethe- Vulnerability:
reum mining operations dominating over 50-60% of Blockchain Consensus Dominance; Mining Pool
the network. 284 Dominance
In the case of POW, should one entity or mining Consensus Dominance, more commonly known as a
pool hold 51% of the hashing power, that individu- 51% attack in POW blockchains, is a situation where
al or group would have monopoly control over the a substantial amount of power - as defined by the
blockchain and be able to mine blocks at a faster rate consensus protocol - is held by one entity or group
than the rest of the miners in the network. In POS so that control over consensus is either held or can
systems, the same can be accomplished by holding be impacted by that one party.
a majority of currency in the network or the highest The vulnerabilities here can manifest as the follow-
amount staked. ing:
This attack works in the same fashion as Alter-
native History except that the attacker has majori- • Forks of the blockchain where malicious and
ty control of the network and will be able to mine/ undesirable activities can occur, such as double
validate transaction and outpace the network to spending attacks which take advantage of tem-
add blocks to the chain. Depending upon the sys- porary forks (Bitcoin) or others which can create a
285
tem, the attacker could ‘choose between using it to permanent hard fork of the blockchain which can
defraud people by stealing back his payments, or only be fully corrected by doing the unthinkable –
using it to generate new coins.’ The most popular rolling back the blockchain to an earlier block.
286
targets of 51% attacks are crypto-currency exchang- • Failure to Reach Consensus which may lead to fail-
es, where often coins are deposited and quickly ure to carry out an action or transaction, such as
287
exchanged for another currency which is immedi- requiring an amount greater than 50% of all nodes.
ately sent to another address under control of the • System Dominance, where one or more actors
attacker. 288 can, alone or in collusion, can dominate the net-
With regard to POW-based blockchains such work and take control over transactions and award
as Bitcoin, several papers claim that a 51% attack themselves new crypto-currency and mine or val-
can actually be successful with as low as 25% and idate their own transactions, examples of which
33% of the hash/computing power and incidents below include Majority/51% attacks, Sybil attacks.
with mining pools have confirmed the potential for • Inferior System Performance, where reaching a
such abuse. Blockchains with a smaller number consensus may take a comparably longer period
289
of nodes are more prone to 51%/Majority Control of time than expected or practicable, including
attacks. Short term investments, such as ASIC rent- actions of bad actors, which can cause high laten-
als, could empower hackers and incentivize them to cies and significant transaction disruption.
commit such an attack – as was allegedly the case • Weakness in logic/security/safety
with Vertcoin. Smaller networks/alt coins are most
290
vulnerable and were primary targets in 2018 giv- Risks:
en the larger potential profitability. Large mining Mining pools present both a risk to breaching the
291
pools, such as Bitcoin, are ostensibly less vulnerable security of a consensus algorithm (as they can act
because of the theoretically large investment (or col- collectively or individually controlling the network)
lusion) which must occur. as well as serving as a target for attacks since control
over or disruption of powerful mining pools can pres-
Specific Threat: Selfish Mining/Block Discard ent lucrative opportunities by either controlling the
A dishonest mining who has significant power does pool or by taking a position which would benefit
not release mined or validated blocks immediately. from a disruption.
293
Instead, they a block or chain is created privately and
released all at once so that the network will choose Other risks include:
the selfish miner’s longer chain and other miners
with only one block or a chain with only one block • Influencing the consensus process and validating
will lose that block in favor of the selfish miner’s and adding blocks to the blockchain
longer chain. 292 • Creating/mining new coins 294
• Engaging in double spending. 295
• Refusal to validate or mine transactions.
• Removal of competing chains
40 Security Aspects of Distributed Ledger Technologies