Attacks

This section describes a few possible attacks on the network and how they are mitigated.

Intentionally Raising the Difficulty

If, in the far future, the EnCoin Network becomes very active in the world economy, intentionally making each ENC worth more may seem to be worthwhile to individuals or corporations with a large percentage of the ENC in circulation. By devoting a large amount of resources to finding Mint Blocks faster, the difficulty could be manipulated so that future coins are harder to create, thus increasing the value prematurely of existing coins.

To combat these large increases in difficulty, a weighted system based on the last 10 CCP increases is used as follows (with example increases):

Oldest (10th-9th) CCP weight: 0.05 x 1.06 increase = 0.053
9th-8th: 0.05 x 1.09 = 0.0545
8th-7th: 0.05 x 1.04 = 0.052
7th-6th: 0.05 x 1.00 = 0.05
6th-5th: 0.15 x 1.08 = 0.162
5th-4th: 0.15 x 1.07 = 0.1605
4th-3rd: 0.15 x 1.03 = 0.1545
3rd-2nd: 0.15 x 1.07 = 0.1605
2nd-current: 0.20 x 1.25 = 0.25

A very large increase was used as the last amount to show what might happen if someone were to attack the difficulty of the Network: a 1.097 final number, or a 9.7% increase in difficulty even though the processor power increased 25% over the last CCP.

This attack would likely only accomplish something during a stable or inflated economy (where it might even be helpful) when very few people are minting coins. To help combat this situation, the client can detect when several coin-creation CBs have occurred with much faster than normal coin production and alert the public accordingly. If even a few extra networks begin minting coins at a slower than usual pace, this attack can be rendered almost completely moot.

Subverting Wallet Reputation

Every piece of communication between TradeNet peers will be signed and acknowledged. For example, TN peer A knows that TN peer B is the next chosen peer to create a Transaction Block, so when he sends a recent transaction, peer B must acknowledge it with a signature that it is received. If peer B produces a TB without the transaction that it accepted, this is a breach of wallet reputation and can be proven.

Since who is connected to whom will change occasionally and randomly, peer B can only get away with this if he is only connected to other malicious nodes. Even if 50% of the Network were malicious, the possibility of this situation happening is increasingly more difficult as more connections are required to other TNGs. Since each node is required to be kept honest by its peers, the opportunity to delay transactions or signature blocks is exceedingly low.

Since a malicious peer will know which of its connected peers are malicious and which are not, it could choose to not send an acknowledgement to non-malicious peers. In this case, the non-malicious peers will “call him out” so to speak, and require acknowledgement to the entire TNG. A lack of response will be considered a breach of wallet reputation. This can be followed up by a special transaction requesting this peer to acknowledge the data in a transaction block or the peer will be forcibly signed out and will lose reputation.

Subverting Network Reputation

As the Network grows larger, it will be more difficult to attain PR/CR. Since a Consensus Block is made only every 24 hours and 15 minutes, 87,300 seconds divided by 10 seconds per Transaction Block means that 8,730 TBs are created per day. Once there are more than 4,365 TradeNet peers, the odds of making at least 1 TB (and thus gaining PR) continually decreases below 50%. As more honest people work in the TradeNet, the cost for dishonest nodes to gain 50% of the reputation increases exponentially. Dishonest nodes will be competing with each other to gain a limited amount of PR.

By gaining 50% of the MCR, dishonest nodes could only increasingly delay some valid transactions. At exactly 50%, targeted transactions will take, on average, twice as long to confirm. If the dishonest nodes choose to not sign valid Transaction Blocks, they will create a fork. Assuming ACR is equal to MCR at the time of the split, neither fork would be able to Level 2 confirm any transactions because of the CR penalty for leaving the Network. The dishonest fork cannot lower the MCR without end clients refusing any communication with them, so all they have accomplished is splitting the TradeNet in two and significantly delaying transaction approval.

It should be very easy to identify which Network is honest—regular businesses that people use everyday will be on the honest fork, strange peers with a suspect transaction history will be on the dishonest fork. The CloudNet should still be able to send data between each fork, so each Network will know which peers are confirming transactions on the other Network. This could be used to lower MCR so that transactions can be once again be confirmed.

Since both economic activity and approved TBs are required to gain reputation, the second requirement may have to be lifted when ACR drops below 50% of MCR. Normally, a wallet will lose 1 CR when it has announced that it is leaving the TradeNet. If the ACR is below a certain range of MCR such as 75%, the penalty for leaving the TradeNet will increase, hopefully to deter more from leaving. It will also keep the MCR lower in general as peers join and leave the TN on a daily basis. Additionally, some CR lost could be added back immediately when a large percentage of peers leave due to a large, unintentional split.

Some measure to lower MCR over time should be implemented in case the Network contracts.

EXAMPLE: Assuming there are 100,000 merchants with an average CR of 60. The cheapest way for a malicious group to take control of the reputation would be to create another 100,000 merchants and get their reputation to 60. To gain reputation between 30-60, a minimum of 5 ENC is required in tx fees to gain 0.25 reputation per day, and it is only gained if they produce a valid transaction block. Since 25% will be refunded of that 5 ENC, it costs 3.75 ENC per node per day for a possible 2,182.5 reputation per day, but they are only getting half of that because the 100k honest nodes are getting the other half of transaction blocks. So 3.75x100k = 375,000 ENC to gain 1,091.25 reputation per day. Since 100k x 30 (60-30 for the signature weight) = 3 million, 3 million / 1,091.25 = 2,749 days to equal the amount of reputation currently in the network, assuming it never increases among honest nodes. So a cost of 1.031 billion (375kx2749) ENC to equal the reputation and be able to fork the network.

And all this 1 billion ENC spent to fork the network will accomplish is a few days of transactions being unable to be level 2 confirmed. No new money can be created. Existing merchants will not accept payments on a different fork. The rules in the Consensus Block cannot be changed or even end-clients will not accept anything from that network. In bitcoin, controlling the hash controls the supply of new money and it controls what transactions will be accepted. The bitcoin wiki calls this “not much power.”

attacks.txt · Last modified: 2015/10/15 21:32 (external edit)
 
Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 3.0 Unported
Recent changes RSS feed Donate Powered by PHP Valid XHTML 1.0 Valid CSS Driven by DokuWiki