[quote=“Jordan Lee, post:5, topic:2518”]I would like to present the specific steps of an attack exploiting the “nothing at stake” phenomena. As you will see, the attack does not pose a serious threat to the network.
Alter the client source code to not include any transactions in a block except your own.
Write a utility that can sign and automatically issue a transaction to transfer coins from and to addresses of your choosing.
Build and deploy your altered Peercoin client to 10 different virtual machines.
Open exchange accounts with 10 different exchanges. In each virtual machine, configure the utility you wrote to transfer the same coins to a unique exchange address. You are attempting a double spend, or in this case, you try to spend the same coins 10 times.
Mint on all 10 virtual machines using the same wallet on each while sending out transactions spending your coins to ten different exchange deposit addresses. Other nodes will only accept a single transaction: the one they received first. You only have about a 10% chance of the exchange nodes receiving the spend you wanted it to (this works the same in a proof of work system like Bitcoin). If any other client besides the attackers’ finds the next block, the multiple spend is resolved and the coins cannot be used again to attempt a multiple spend in the next block. The attempt to get the double or multi spend confirmed failed. If the attacker is very lucky and finds the very next block after sending out multi spends (using 10 machines does not increase the attacker’s likelihood of finding the next block), there will be 10 forks with 10 different spends of the same coins with one confirmation. No other transactions will be included in these 10 competing blocks.
We now have 10 Peercoin forks, all of which are being minted on. Clients run by others will decide which fork to mint on based on which of the 10 competing blocks they received first.
The next block will be minted. If it is minted by someone else other than the attacker, which is the overwhelming likelihood, this new block defines the best chain and consensus is restored across the entire network. All legitimate transactions excluded from the previous block are included in this block. In the unlikely event that the next block is minted by the attacker, all 10 forks will continue.
As soon as anyone else on the network besides the attacker finds a single block, the attack is defeated. Double spends (or 10 spends in our case) disappear and all other transactions are confirmed normally.
Let’s consider the above attack scenario for someone who has accumulated 6% of all Peercoins, meaning they spent at least $2,400,000 USD on Peercoins at today’s prices and split them up into 6 different outputs or addresses (one for each of the 6 consecutive blocks they need). Let’s assume they waited 90 days to mint with those coins. Such a person might have a 3% chance of finding the next block. If they succeed at getting one and only one confirmation on their multiple spends they cannot defraud an exchange (because they typically require 6 confirmations). They have less than a 0.1% chance of getting two blocks in a row and around 0.003% of find three in a row. The chance they will find six blocks in a row is 0.00000000729%. They must wait 90 days to get another optimal chance to attack after a failed attempt.
If they fork the network for one or two blocks and their double spend is successful for only one or two blocks, they can’t defraud an exchange but they might harm the value of their own investment if the market is not impressed by these one or two block forks. Because 6 consecutive blocks are needed to defraud an exchange from double spending, even a very large stakeholder would have a negligible chance of success. If they got somewhat close to success but failed (the overwhelming likelihood) it would lower the value of their Peercoins as the market priced in worries of a possible future success. The odds of gain are strongly against you because any near success that ultimately fails can hurt the value of your Peercoins.
The endeavor cannot be embarked upon with an expectation of financial gain. Financial loss is far, far more likely. The loss of large amounts of time is certain. Additionally, few people have the skills to mount such a complicated attack. The fact that such forks have not been known to occur suggests no one has attempted it, precisely because it is extremely unlikely to result in financial gain while much more likely to result in loss.
There are many more important threats to PoS networks than the risk of a successful exploit of the “nothing at stake” phenomena. For instance, the possibility that the Peercoin network will experience low levels of adoption is far, far greater than the possibility of a successful attack of the kind described above. We should focus our attention accordingly.
Update: I realized I had over estimated the probability of a successful attack. If you buy 1% of Peercoins and put them all in the same output (similar to an address), you might have about a 3% chance of finding the next block. However, you would have nothing left to try to find your 2nd, 3rd, 4th, 5th and 6th consecutive blocks. To do that with the probabilities mentioned above you would need to purchase 6% of all Peercoins at a current cost of more than 2.4 million USD. Doing so would raise the price of Peercoin, meaning you would have to pay more than market price on average. Similarly, such a large amount of Peercoins would have to sold later below market price on average, exposing the attacker to certain financial loss.[/quote]
Let’s say I’m buying a whole lot of old private keys that once upon a time could be used to spend an enormous amount of coins. Then I select a block a long way back in time, when those coins were still there and build a chain that is super long. Would I then be able to broadcast this chain and replace the main chain on the network (and if check-pointing is disabled of course)?
Will the duplicate block protection invalidate the attack chain? I looked at the code, but I’m very reluctant to even speculate on these things, since I’m writing educational material.