Broadly speaking, there are two basic categories of attack of interest to those in the blockchain space: network attacks and consensus attacks. Simplifying considerably, network attacks involve targeting a small number of nodes or users to steal their funds, stop transactions from being verified, promulgate fake data, or pursue other nefarious ends. Examples of network attacks include distributed denial of service (DDoS) attacks, eclipse attacks, and BGP hijacking.

Consensus attacks are in many ways subtler, and fundamentally involve the exploitation of a protocol’s consensus mechanism. The most famous example are the soi-disant “51%” attacks, in which a malicious actor gains control of 51% of the hashpower in a blockchain like Bitcoin, allowing them to double spend a cryptocurrency, stop transactions from being verified, and otherwise compromise the network’s integrity.

Core Chain’s Approach to Security

Core Chain mitigates network attacks through a combination of geographic dispersion of nodes and randomizing the selection of nodes for P2P communications. These are all validator-level precautions, and are common to many blockchain projects.

Where consensus attacks are concerned, the combination of DPoW, DPoS, and the validator election mechanism offer many desirable security properties. For example, selfish mining [11] is rendered obsolete due to Core Chain's round-robin block mining process. This method prevents the manipulation of pseudorandom mechanisms that such exploits typically rely on.

Censorship and transaction delays are potential threat vectors, but are mitigated as long as there are honest validators in the set. For similar reasons, 51% attacks, Sybil attacks, and related exploits can’t be prevented outright, but attempting any of them is both economically unwise and very difficult to achieve, given the fact that validators are ranked by their hybrid score.

An important part of thwarting long range attacks is Core Chain’s checkpointing scheme, wherein the network permanently freezes the blockchain’s history on a regular basis, adds a checkpoint hash to the codebase, and rejects any future transactions that aren’t consistent with these hashes.

There are whole categories of insidious attacks that involve going back to a certain point in time and mining a competing chain that reverses transactions, prevents access to a network, etc. When used in conjunction with DPoW, checkpointing renders us invulnerable to this constellation of threats.

For the mathematically inclined, Appendix A contains a proof stating that as long as less than 1/3rd of the nodes are malicious and enough blocks are confirmed, transactions on Satoshi Plus are provably safe.

[11] “Selfish mining” refers to mining a block and not broadcasting it. If a miner continues to produce additional blocks, they could end up with a long chain that effectively acts like a fork of the main ledger. In Bitcoin, mining is competitive and selfish mining could prove profitable. With Core Chain, however, there is no way to do this because of the way that validators are elected and the way mining works.

Last updated