Blockchains, Attacks and their Security That Wasn’t

First it was multiple forks of Monero (XMR) to resist mining via ASICs.  Then it was a very successful 51% attack on Bitcoin Gold (BTG) and Verge (XVG).  Now it’s another 51% attack on ZenCash (ZEN), a fork of Zcash.

We are going to see more and more of these attacks in the coming months as new coins struggle to attract hashing power to protect their networks.  In the case of Bitcoin Gold, the difficulty was set so low relative to the total hashing power that it was easy for someone to come in grab 51% of the hashing power and begin counterfeiting coins through double spends from the same account.

And this was done to attract more miners to the network by raising the profits from mining the new blocks.  Miners go to where the best profits are.  The compatibility of both CryptoNote, which powers Monero, and Equihash, which powers Zcash, Komodo (KMD) and Bitcoin Gold, algorithms with consumer-level video cards has attracted a lot of people to mining through pools.

Pool mining delegates tasks to the individual miners and if any one of them solves the block the whole pool shares the reward based on their contribution.  But, miners are fickle and will switch from one coin to another based on which one yields the best profit.

Coins that have high difficulty and low prices also have very low miner profits and their networks don’t grow because they can’t attract the miners.  It’s the Catch-22 of starting a new cryptocurrency coin.

It is the interplay between the difficulty of solving the hash and the price of the coin that determines how secure the blockchain is.  There’s a new site, Crypto51, that tracks the cost of a 51% per hour for each of the coins out there.

To me this highlights the next set of growing pains the cryptocurrency market will have to go through if it’s going to be taken seriously in the future as an alternative to the existing system.

Success Breeds Theft

Where there is the lure of easy profit there is the lure of easy thieving.  And the same hashing power that was used to attack Bitcoin Gold can be used to attack any other coin which isn’t prepared for such an attack.

With chip-makers optimizing product lines for crypto-mining the onus will be on developers to stay one step ahead of them.  It will require constant updates to the algorithms to break new ASICs designed to solve that particular hashing algorithm.

AMD and Nvidia are working hard to improve the throughput of their graphics processors (GPUs) to be more efficient per watt consumed.  It’s an ever-escalating game as costs to mine per mega-hash drop and difficulties have to be raised to keep miner margins thin enough to discourage 51% attacks but large enough to make it worth their while to actually mine.

Even with the collapse in cryptocurrency prices from December’s highs, a lot of new coins are commanding prices that are far higher than the developers originally budgeted for. They are flush with operating capital which will last them far longer than they ever expected to raise.

So, there are still plenty of incentives for thieves and competitors to attack coins and make a few dollars along the way.

The Smaller They Are …

The smaller the blockchain project the more conscious developers have to be about its security.  This is one of the reasons why, despite its potential scaling issues, Ethereum is in such a good market position.  The hashing power behind its network is enormous and it allows small projects big security benefits because of that.

This, in turn, supports the price which supports the miners and the project is self-sustaining as long as Ethereum’s developers can stay one step ahead of the network congestion curve.

Otherwise the network will become non-functional the whole thing could come crashing down, as real world applications fail to perform in mission critical functions.

But, in my mind, Ethereum’s approach is the wrong one.  I prefer decentralization and interconnectivity.  The solution for small blockchains is to be built such that they are tied to an another blockchain, using it as a second layer of transaction clearing.

For example, say I issue Goatcoin (GGnG) to reward subscribers with premium content and the like.  I don’t expect Goatcoin to attract peta-hashes of power.  But, if I take some number of Goatcoin blocks and roll them up into one, say, Bitcoin block and send that to the Bitcoin network, now I’ve secured Goatcoin using Bitcoin’s security layer.

If anyone tries a 51% attack on Goatcoin, the double-spending problem is uncovered with the mismatch between the audit block and the current state of the blockchain.

Komodo is a cryptocurrency project which does exactly this.  It’s a blockchain deployment platform like Ethereum.  It utilizes Delayed Proof of Work (DPoW) to tie Komodo’s security to Bitcoin’s.  This way Komodo doesn’t need peta-hashes of power to secure its network.  It uses Bitcoin like a security mule.

And this ensures that its development can proceed without the worry of thieves undoing the work of its team. It also protects blockchains deployed on it from 51% attacks as the smaller chain, say my Goatcoin example, is secured both by Komodo’s blockchain and Bitcoin’s.

All of a sudden my silly coupon coin gets enterprise level security features for pennies a day.  That’s mission critical architecture.

… The More They Need Each Other

Now, take this one step further, and I hope the developer community is listening.  Bitcoin Gold could have stopped the 51% attack against it in a matter of an hour if it used a variation on Komodo’s DPoW system.

In fact, all of the smaller coins would benefit from coming together and forming a security ring, randomly sending audit blocks to each other’s chains to secure their networks.

They can create a neural network of MH/second sized blockchains that become close to impregnable.  Because there is no reason why each would use a particular blockchain to be their mule.  Today you use Monero, tomorrow Zcash, the next day Litecoin.

It’s all just code and code is cheap.

Now the hashing power needed to perform a 51% attack against any of them multiplies exponentially as all of the coins have to be hacked at the same time to do so.  The cost is minimal and the benefits enormous.

And the best part is that this doesn’t require any agreement between them.  Bitcoin Gold could do this independently. As each one adopts this middle-layer of DPoW security, the whole community is massively improved.

The Miners will still go to where the money is and the blockchains don’t need to consume billions of KWHrs due to insane hashing difficulties.  In fact, mining would remain more democratized because it would scale up slower.

It’s where the industry must go or one by one the integrity of them will be compromised and they will wither.

Please support the production of independent and alternative political and financial commentary by joining my Patreon and subscribing to the Gold Goats ‘n Guns Investment Newsletter for just $12/month.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s