Part IV in a new series discussing the challenges and design choices that represent the backbone of the Dusk Network protocol.
Part I of the series discussed the basics of applied economics in distributed systems as well as outlining the game-theoretic principles indispensable to the Bitcoin protocol.
Part II of the series discussed the existing auction models and how they could be adapted to the needs of the Dusk Network protocol.
Part III of the series discussed the on-chain computation framework.
The game-theoretic security of a protocol is paramount in a public and permission-less environment. This article follows in the footsteps of the previous three parts introducing the reader to the moving parts that are put together to create a secure protocol
A Sybil attack is one of the most commonly described attack vectors in consensus literature. The attack happens when a malicious actor spawns multiple identities under his control to overwhelm the security assumptions of the network, effectively completely seizing the environment.
The aforementioned identities are known as ‘Sybils’. Once the number of identities under the control of a malicious actor surpasses the security threshold of the protocol (50%+ of the total computational power in case of the Nakamoto consensus and ⅔+ of the committee in case of the majority of BFT protocols), various mischievous activities can be performed to destabilize the integrity of the network.
What is the purpose of a Sybil Attack?
There are various goals for a malicious actor. Blockchains depend on a distributed consensus where participants of the network vote on valid state transitions in the network. During a Sybil attack, an ongoing vote can be manipulated, or worse: if an attacker gains control over the network (i.e. controls a number of identities greater than the security threshold of the protocol) transactions could be reversed or applied to the blockchain in an invalid way.
Sybil attacks are a common attack vector in distributed networks, and consensus protocols such as Proof-of-Work and Proof-of-Stake are used to solve the problem. In the real world, it is impossible to completely prevent Sybil attacks from ever happening. However, these consensus protocols are designed to prevent them by making them drastically more difficult to carry out. Sybil attacks are prevented by making the attack economically infeasible.
Sybil Resistance in Nakamoto Consensus
For example, Nakamoto consensus (utilized in Bitcoin) relies on the Proof-of-Work algorithm to incur costs for Sybil creation. To participate in the Bitcoin consensus means to perform mining — the act of competing with others to complete a cryptographic puzzle that is attached to the block. The more computational power controlled by the miner, the higher the chance of completing the puzzle before anyone else does. Proof-of-Work relies on the security of the underlying puzzle and therefore cannot be used to spawn cheap identities as the computational power cannot be faked and thus to a successful attack on the network would entail a disproportionate sacrifice of computational power.
Sybil Resistance in Proof-of-Stake
Another solution to Sybil Attacks is presented by the family of protocols we call Proof-of-Stake (PoS).
“For anyone who has followed Ethereum closely, it is well known that the Ethereum community are pushing to move to Proof-of-Stake.”
PoS protocols are made Sybil resistant through the introduction of a requirement for nodes willing to participate in the consensus. Nodes are obliged to lock-up a stake, which is a deposit with a monetary value, to be eligible to participate in the consensus.
Segregated Byzantine Agreement (SBA) is a Proof-of-Stake consensus protocol deployed in Dusk Network that has two distinct nodes: Block Generators who validate transactions and each forge a proposal block, and Provisioners that select a winning proposal block, check the work performed by the winning block generator and thereafter add the block to the blockchain.
In SBA, nodes are incentivized to only produce accurate transactions inside the blocks because they can lose their entire stake if they are caught acting maliciously. Block Generators and Provisioners who are caught acting maliciously also lose their reputation multiplier. Similarly, Block Generators and Provisioners who produce accurate blocks earn fees for their service, further incentivizing them to act honestly.
The reputation multiplier is introduced to further increase the security of the protocol. It is created by an algorithm that we call Guru and acts as an abstract stake multiplier. Guru is co-created by Dmitry Khovratovich, Dusk Network’s Cryptography lead. The effective probability of Provisioner participation in a given committee is equal to the product of his/her actual stake and the reputation multiplier. Every participation in a successful voting increases the reputation of the node, while an absence during voting negatively affects the reputation. The use of a reputation module decreases the probability of a malicious actor (in a possession of power below the defined security threshold) capable of having an impact on the security of the protocol, as deviation from the protocol rules is punished through reputation decrease meaning that a malicious actor’s say in the protocol execution decreases as his reputation takes a hit.
To retain the security of the protocol, the system has to incentivize its stakeholders to participate in the protocol and remain honest throughout their participation. Permission-less protocols are in a more drastic need for incentives in comparison to their permissioned counterparts as the stakeholders of the latter may be incentivized outside the scope of the protocol.
The incentives can be dispersed in two ways: (1) through a process of “minting” additional monetary supply (i.e. mining), or (2) redistributing the fees derived from protocol users to the consensus participants. The latter option has been discussed in more detail in Part II of the series, as our readers may recall, outlining the compromise required to obtain a balance between the protocol throughput and relatively high levels of incentivization.
Another possibility is to combine the two into a single incentivization model, as originally put forward in the Bitcoin whitepaper. As the use of the protocol grows, the additional minted supply count gradually diminishes until the network can sustain itself by relying only on the fees incurred by users. Both the minted supply and the incurred fees of the Dusk Network protocol are added to a single pool to be distributed amongst: (1) the winning Block Generator of the round, (2) Provisioners voting for the winning candidate block and (3) a development fund to incentivize the project contributors from the community.
Slashing is a procedure where the stake (or a portion of someone’s stake) is confiscated if malicious behaviour is spotted. The most notorious use case for slashing is the infamous “nothing-at-stake attack”. Essentially, a nothing-at-stake attack entails a malicious actor voting for multiple candidate blocks during the same round to maximize the reward at the expense of the security of the protocol.
If a node receives two unique votes from a single participant in one round, it reports the bad behaving node to its peers, resulting in the stake of the “double-voting” node being slashed. A small portion of the slashed stake is given to the node responsible for reporting the “double-vote” as a reward, while the rest is included in the mining reward pool (the total amount of DUSK to be mined during the lifespan of the protocol).
The security of the protocol relies on numerous variables. The goal of the consensus protocol is to make the probability of an attack on the protocol negligible and as costly as possible for the attacker. Dusk Network achieves the combination of the two through the application of the principles and solutions we outlined above: SBA consensus mechanism, Reputation, Incentivization, and Slashing.
About Dusk Network
Dusk Network is an open-source and privacy-oriented blockchain based on years of academic research. You can use Dusk Network to create smart contracts that control digital assets and securities.