[Attack] Lookback period grinding
Opened this issue · 5 comments
Counting null blocks in your lookback parameter for committee selection (N-L in the spec), an attacker could choose to grind null blocks in order to move through to the power table update.
Ie the attacker would grind through the null blocks to have the power table actualized without actually having anyone else mine (and introduce randomness) in between their introducing that new power and that new power ending up in the power table.
This is a form of selfish mining aimed at making it that you can be only one to mine until your power is updated.
I reckon this is not a rational/effective attack given the weight loss incurred (you are foregoing L valid blocks on expectation), but worth analyzing, especially in relation to the lookback parameter value.
Note: it would take an attacker L * BlockTime to do this attack, and put them on a chain with L additional null blocks compared to the main chain which has on expectation L real blocks.
I believe this is analysis is begun in the old "attacks" tex document. The chernoff/union bound calculated over there is a useful measure of the likelihood of there being enough non-null blocks to make the attacker chain heavy enough to be viable. You can use this likelihood and a threat model to make an informed decision about the power table selection lookback parameter.
Precisely, the attack here is for a powerful A_Max. If weighting function rewards more heavy power table than number of blocks produced, attacker could
- add weight to PT
- grind through rounds (thanks to A_max)
- release new chain that is 1000 (eg) rounds ahead, and heavier: while it has way more null blocks, it has a better PT.
This is a selfish mining variant
bad attack:
- everyone else will get slashed in your chain
- soft block delay will prevent honest miners from accepting bogus chain
cc @jzimmerman in case of interest