Staking Pool Attack Vector?


#1

I’m hoping that I am missing something here, and that I can get some help from the forum.

I made this post a while back in concerns to one way adversaries could control of the network via staking pools:

When I first started down the rabbit hole of Ouroboros and Cardano’s decentralized network protocol, I first envisioned a 51% attack requiring a single entity to own 51% of the total supply of ADA. At this point, I realized that in order to accumulate THAT much ADA it would end up driving the price up to such high prices that it just would not be truly feasible on a game theory/incentives basis most likely.

The assumptions I made in this scenario was that each individual would be staking his/her own ADA in order to secure the network. However, with the presence of staking pools this became a little more skewed. From everything Charles has said, it sounds like there will not be a minimum requirement (besides a reasonable arbitrary fee) to register a staking pool. To me this seems like a huge vulnerability. What incentives do these pool operators have to be honest beside future income? What I mean is that as these pool operators are forced to be more and more competitive with one another, their net profit for running their pool will get slimmer and slimmer. Does that not mean that we are paying them less and less to be an honest pool operator? After all, it’s entirely possible that they own little to no ADA themselves. Again, besides future earnings, what “stake” do they have in seeing Cardano succeed? If they are earning $50k/year by running a pool, what happens when Vitalik Buterin knocks on their door and offers them $250k to give up control of their pool to him? (I am not saying that this is in Vitalik’s character profile. I am just using him as an example of a party that may benefit from Cardano being compromised.) Multiply this by 51 pools each owning 1%, and you have ~$13MM USD. That seems like a fairly minimal cost to control the entire network.

Ultimately I look at it as paying security guards minimum wage to guard your house in a valuable manner. Can you expect to pay an individual (or group of individuals) $10/hour to guard $1MM in cash? If none of that cash is owned by the guard(s) himself, I have a hard time seeing how an adversary doesn’t coerce the guard to be dishonest.

I will openly admit that I do not possess the technical expertise to understand technically how a 51% attack would need to be executed (and how coordinated it would need to be) to cause catastrophic damage to the network. It’s possible that the points I am making are entirely mute, however I thought I would try to find someone here who could take the conversation one step further…

EDIT: Grammar and misspelling.


#2

The incentive for the pool operators to be honest is the fact, that they can not receive incentives without being honest.
Another post talked about Pos Delegation Incentives, recently.

No Competition Between Pools
An important consequence that comes out this structure of undistributed funds is that is means there is no competition between pools. There is nothing one pool can do to increase its rewards by decreasing another pools reward. There is no incentive for any pool to sabotage another pool’s work.
Classic attacks in Bitcoin like selfish mining or block withholding cannot work because the pools are fenced off from each other. The actions of one pool only affect its own rewards.

Because of the following formula: 1/k

Refinement 1:
The maximal proportion of the rewards pool that a stake pool can receive will be limited by 1/k
(k being number of desired pools, probably around 100)
Without this, pools would want to get bigger and bigger because they still get same reward, with lower cost since the overhead cost will not be much more than a smaller pool’s.
For example:
if k = 100
A and B with 0.3% and 1.2% of stake respectively.
A will receive 0.3% of rewards pool but B will receive 1/100 = 1%
In this example, no matter how high your stake is, you can never get more than 1% of rewards pool. The hope is that this will have the effect that pools won’t grow too large.

Also, it cost to register for a stake pool.

The above basically describes, that a stake pool can never perform a 51% attack because it is not actually rewarding to do so.

If I didn’t answer all your questions let me know!


#3

It could be rewarding to do the attack if the alternative to running a node is attractive enough. If the stake operators have no skin in the game he/she can be compromised in no time. Pool operators are not subject to the same game theory dynamics. I’d like to know how the situation countrycows described could be avoided. Namely:


#4

@ADA_Fan could you describe the circumstances of how a node can be attractive enough? Because keep in mine the malicious actor has to pay and register the staking pool with the foundation, and that no matter how big the pool gets, the malicious actor will be spending a fortune to DDOS the network without increasing their rewards.

Could you elaborate more on how a staking pool could be compromised?

Lets say by chance Ada_Pool wants to DDOS the network.

  1. Ada_Pool owns 51% of the Coins or roughly 31/2 = 15.5 Billion Adas
  2. Ada_Pool will only be rewarded 1/k or roughly 1% of the rewards
  3. To perform a DDOS you would be paying:

The minimal fees for a transaction are calculated according to the formula:
a + b × size
where:
a is a special constant, at the moment it is 0.155381 ADA;
b is a special constant, at the moment it is 0.000043946 ADA/byte;
size is the size of the transaction in bytes.

The same scenario could be applied to Bitcoin, Is it possible, yes, but it is more hypothetical than possible. Just like when I explain a vulnerability to a customer performing assessments, is it possible sure, but the vulnerability has not been shown to be exploited in the wild, so it might not be worth 100K fixing the vulnerability.
But keep in mind, the community as a whole would need to stake 51% of their coins to that stake pool. If a percentage like that is coming close to even 45 or 50%, there could be a vote to disbandand or vote out that stake pool from the stakeholders. Ada is not like bitcoin that the more hashing power you have, the more “voting rights you have”.
Also, how expensive would it be to maintain a stake pool with 51% of Ada? And with the same monetary incentive as every other stake pool…its just not “worth it” for a malicious actor to try and do. Because remember most cyber criminals have a monetary incentive, and considering this will take millions to perform, possible becomes impossible.


#5

This is how(below). I understand this scenario is hypothetical and yes, the network could fork if this happen, but I wanted to know if there was a way to avoid forking.


#6

Ouroboros Praos security is not dependent on the staking pools. But on mathematical probability that no one pool or amount of malicious pools could disrupt the network based on 1/k, slot randomization, genesis block, and longest chain rule.

I probably didn’t addresses all the security mechanisms within Praos, but those what stood out to me.


#7

Thanks. I am reading the thread on the implementation of PoS on Cardano using Ouroboros Praos… It looks like it has some badass way to mitigate 51% attacks. #genius.