status-im/research
2
0
Fork 0
mirror of https://github.com/status-im/research.git synced 2025-02-26 13:45:15 +00:00
Code Issues Projects Releases Wiki Activity

Improved the discouragement paper further

Browse Source
This commit is contained in:
Vitalik Buterin 2017-07-09 09:04:36 -04:00
parent 58c1ea6574
commit 49cebc18d0
2 changed files with 22 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

BIN
casper4/papers/discouragement.pdf
View File

Binary file not shown.

25
casper4/papers/discouragement.tex
View File

@ -133,16 +133,35 @@ The second case that we can analyze is the case where the attacker engages in a
\section{Bribing to counter-grief}
Suppose that victims ($\le 50\%$ of the current validator set) are concerned that their revenue will decrease from $y_0$ to 0 as part of a discouragement attack. They can choose to bribe outsiders to enlist in order to prevent this from happening. Bribing outsiders individually is expensive, because the bribe must overcome the outsider's concern that they themselves will suffer from the attack. However, with an assurance contract we can create a bribe that only works if enough outsiders show up. A bribe to increase the validator set by a factor of $n$ would cost $(n - 1) * (n^d - \frac{1}{n^p})$. If $p = d = 1$, this equals $n * (n - \frac{1}{n}) = n^2 - 1$. Hence, such a bribe would be rational to organize if $n \le \sqrt{2}$.
Suppose that victims ($\le 50\%$ of the current validator set) are concerned that their revenue will decrease from $y_0$ to 0 as part of a discouragement attack. They can choose to bribe players who are not currently validators to enlist in order to prevent this from happening. Bribing players individually is expensive, because the bribe must overcome the player's concern that they themselves will suffer from the attack. However, with an assurance contract we can create a bribe that only works if enough players show up to properly restrain the attacker. A bribe to increase the validator set by a factor of $D_n$ would need to pay the $D_n-1$ newly joining players the difference between the natural supply at $D_n$ and the natural demand at $D_n$.
However, suppose that validators fear not just loss of profits, also heavy losses, because they believe that an attacker will launch an attack and destroy a large portion of their deposits. Then, $n$ can be increased further, especially if the choice is between a small change between already relatively low interest rates and a large short-term harm of losing a large portion of one's deposit. To assist this mechanism, it is worth considering paying a small interest rate to those who are not participating in the consensus game, but are willing to make their deposits ``conscriptable", in the sense that they automatically join the consensus game as soon as some condition is triggered (for example, net interest rates including penalties dropping below zero).
Note that existing validators do not need to receive the subsidy, as we can design the protocol so that it is easy to become a validator but takes a long time to leave, so they will remain validators long enough to prevent the discouragement attack (in fact, we are assuming that the current validator set are the ones \textit{paying the bribe}).
The cost of the bribe is $(D_n - 1) * y_0 * (D_n^d - \frac{1}{D_n^p})$. If $p = d = 1$, this equals $(D_n - 1) * y_0 * (D_n - \frac{1}{D_n}) = y_0 * \frac{(D_n-1)^2 * (D_n+1)}{D_n}$. If the attacker is threatening to take away the victims rewards and additionally take away portion $q$ of their deposits, then the cost of \textit{not bribing} is $y_0 + q$. A bribe is worth it if:
$y_0 * \frac{(D_n-1)^2 * (D_n+1)}{D_n} \le y_0 + q$
$\frac{(D_n-1)^2 * (D_n+1)}{D_n} \le 1 + \frac{q}{y_0}$
This is a quartic equation, and so has no clean solution. But we can give some approximations:
$q = 0, y_0 = 0.04 \rightarrow D_n < 1.8$
$q = 0.25, y_0 = 0.04 \rightarrow D_n < 3.36$
$q = 1, y_0 = 0.04 \rightarrow D_n < 5.7$
$q = 0.25, y_0 = 0.01 \rightarrow D_n < 5.7$
$q = 1, y_0 = 0.01 \rightarrow D_n < 10.61$
If we reduce to $p = \frac{1}{2}$, then we can increase the maximum amounts of validators we can bribe to join further, though only slightly, as for high values of $D_n$ the cost of the subsidy is dominated by the increased reserve interest rates, not the reduced in-protocol supply. For example, with $p = \frac{1}{2}$ the maximum that it makes sense for validators to bribe in the $q = 0, y_0 = 0.04$ case increases from $1.8$ to $\approx 1.87$.
\section{Conclusion}
Discouragement attacks as a cheaper way of attacking a consensus algorithm are one of the hardest classes of attacks to come up with defenses against. This is true in proof of work as well: if a 51\% attack succeeds, then there is a coordination problem opposing ``honest" miners trying to recover the original fork, as none have the private incentive to participate in a fork unless everyone else does. Hence, our recommendations at this point can consist only of two parts. First, there exist marginal tweaks that can be made to mechanisms to reduce the effectiveness of discouragement, increasing difficulty of leaving the validator pool and keeping $p$ values low (particularly by not relying solely on transaction fees) being chief among them. Second, if a discouragement attack does start happening, expect an assurance contract bringing in more validators to be an important building block in the solution.
In general, this is still an active area of research, and more research in counter-strategies is desired.
In general, this is still an active area of research, and more research on counter-strategies is desired.
\bibliographystyle{abbrv}
\bibliography{main}