Open sternhenri opened 5 years ago
whyrusleeping
commented
5 years ago Note: it would take an attacker L * BlockTime to do this attack, and put them on a chain with L additional null blocks compared to the main chain which has on expectation L real blocks.
ZenGround0
commented
5 years ago I believe this is analysis is begun in the old "attacks" tex document. The chernoff/union bound calculated over there is a useful measure of the likelihood of there being enough non-null blocks to make the attacker chain heavy enough to be viable. You can use this likelihood and a threat model to make an informed decision about the power table selection lookback parameter.
sternhenri
commented
5 years ago Precisely, the attack here is for a powerful A_Max. If weighting function rewards more heavy power table than number of blocks produced, attacker could
This is a selfish mining variant
sternhenri
commented
5 years ago bad attack:
sternhenri
commented
5 years ago cc @jzimmerman in case of interest
Counting null blocks in your lookback parameter for committee selection (N-L in the spec), an attacker could choose to grind null blocks in order to move through to the power table update.
Ie the attacker would grind through the null blocks to have the power table actualized without actually having anyone else mine (and introduce randomness) in between their introducing that new power and that new power ending up in the power table.
This is a form of selfish mining aimed at making it that you can be only one to mine until your power is updated.
I reckon this is not a rational/effective attack given the weight loss incurred (you are foregoing L valid blocks on expectation), but worth analyzing, especially in relation to the lookback parameter value.