Some people are asking me how proof of staked work (PoSW) could help ETC 51% attack and try to better understand the security model of PoSW. In this short article, I will provide an example by assuming that ETC is using PoSW and discuss the potential attack cost.
First of all, let us assume the following parameters are used for ETC (as of Jan. 9, 2019):
- Hashpower: 8 Th/s
- Token price: $5
- Total circulation: 107,407,745 ETC (from coinmarketcap)
I also assume that the attacker’s hashpower is 8 Th/s (It is suspected that the hashpower is rented from Nicehash. However, I don’t have the actual number, but simply assume that all existing miners are honest, and thus the attacker needs 8Th/s to perform the double-spending attack)
Second, we use the following parameters of PoSW:
- Stakes to achieve maximum allowance (100% block production): 5% of all circulating tokens (Note that EOS has about 40% tokens that are staking and voting)
- The difficulty penalty that a miner’s hash power exceeds its allowance: 20x
- The miner’s hash power estimation window: 256 blocks
- Number of blocks required for finality: 30 blocks (a common number used by exchanges before the attack)
- If the miner stops mining, stakes will be locked for 3 days
A quick explanation of the terms and numbers of PoSW: the allowance is the number of blocks a miner could produce in any hashpower estimation window (contiguous blocks) without difficulty penalty. If the number of blocks produced by a miner exceeds its allowance in the window, the miner will have difficulty penalty, which will be 20x harder to mine a block. In the previous case, one allowance needs 107,407,745 * 0.05 / 256 = 20978 tokens.
With the above numbers, let us discuss the following attack cases:
- If the attacker does not stake any tokens and mine directly. This means the miner will suffer from mining penalty and thus have to rent 8 Th/s * 20 = 160 Th/s to perform a double-spending attack. Note that this is close to the current hash power of ETH (169.74 Th/s).
- If the attacker miner has sufficient stake to perform the attack, which means the miner rents 8 Th/s and has to mine 31 blocks solely (the attacking fork). Since the hashpower estimation window is 256 blocks, the miner needs at least 31 / 256 * 107,407,745 * 5% = 650,320 ETC tokens , which worths $3.2M. Note that the tokens will be locked for 3 days after the attack is performed.
- Suppose the total double-spent tokens are 219,500 ETCs (from https://blog.coinbase.com/ethereum-classic-etc-is-currently-being-51-attacked-33be13ce32de), if the attacker stakes less than 219,500 ETCs, the maximum allowance of the attacker in the window is floor(219,500 / (107,407,745 * 5%)) * 256 = 10. This means the attacker is expected to have (31–10)/31820+10/31*8 hashpower, which is around 110 Th/s .
From the above example, we could derive that in PoSW, unless the attacker would rent very high hashpower, the attacker has to stake some tokens to perform an efficient double-spending attack. If we detect the double-spending attack within 3 days (lock period), we are able to penalize the attacker by slashing its stakes.
One tricky issue is to determine the slash condition, which is an Oracle problem. One way is to provide an on-chain government model so that the major stakeholders and/or miners could agree on slashing the attacker’s stake, similar to reaching a soft-fork agreement in the Bitcoin network.
In this article, by using the numbers of recently ETC 51% attack, we illustrated how proof of staked work could help improve the security of ETC and increase the cost of double-spending attacks. The analysis shows that with PoSW, this double-spending attack may require about 110 TH/s or 650,320 ETC ($3.2M) instead of 8 TH/s in current ETC network.
(Disclaimer: These are theoretical results, and may be different to the results in practice).