Table of Links Abstract and I. Introduction II. Background III. Problem Definition IV. DAG-Oriented Solutions V. Game Theoretical Analysis VI. Simulation Model VII. Evaluation VIII. Countermeasures IX. Discussion and Future Work X. Related Work XI. Conclusion and References III. PROBLEM DEFINITION Let there be a PoW blockchain network that uses the Nakamoto consensus and consists of honest and greedy miners, with the greedy miners holding a fraction κ of the total mining power (i.e., adversarial mining power). Then, we denote the network propagation delay in seconds as τ and the block creation time in seconds as λ. We assume that the minimum value of λ is constrained by τ of the blockchain network. It is well-known that Nakamoto-style blockchains generate stale blocks (a.k.a., orphan blocks). As a result, a fraction of the mining power is wasted. The rate at which stale blocks are generated increases when λ is decreased, which is one of the reasons why Bitcoin maintains a high λ of 600s. DAG-Oriented Designs. Many DAG-oriented designs were proposed to allow a decrease of λ while utilizing stale blocks in parallel chains, which should increase the transaction throughput. Although there are some DAG-oriented designs that do not address the problem of increasing transaction throughput (e.g., IoTA [39], Nano [25], Byteball [3]), we focus on the specific group of solutions addressing this problem, such as Inclusive [26], GHOSTDAG, PHANTOM [44], SPECTRE [43], and Prism [6]. We are targeting the RTS strategy, which is a common property of this group of protocols. In the RTS, the miners do not take into account transaction fees of all included transactions; instead, they select transactions of blocks randomly – although not necessarily uniformly at random (e.g., [42]). In this way, these designs aim to eliminate transaction collision within parallel blocks of the DAG structure. Nevertheless, the interpretation of randomness in RTS is not enforced/verified by these designs, and miners are trusted to ignore fees of all (or the majority of [42]) transactions for the common “well-being” of the protocol. Contrary, miners of blockchains such as Bitcoin use a wellknown transaction selection mechanism that maximizes profit by selecting all transactions of the block based on the highest fees – we refer to this strategy as the greedy strategy in the context of considered DAG-based protocols. A. Assumptions We assume a generic DAG-oriented consensus protocol using the RTS strategy (denoted as DAG-PROTOCOL). Then, we assume that the incentive scheme of DAG-PROTOCOL relies on transaction fees (but additionally might also rely on block rewards),[4] and transactions are of the same size.[5] Let us assume that the greedy miners may only choose a different transaction selection strategy to make more profit than honest miners. Then, we assume that DAG-PROTOCOL uses rewarding where the miner of the block A gets rewarded for all unique not-yet-mined transactions in A (while she is not rewarded for transaction duplicates mined before). B. Identified Problems – Incentive Attacks Although the assumptions stated above might seem intuitive, there is no related work studying the impact of greedy miners deviating from the RTS strategy on any of the considered DAG-PROTOCOLs (GHOSTDAG, PHANTOM [44], SPECTRE [43], Inclusive [26], and Prism [6]) and the effect it might have on the throughput of these protocols as well as a fair distribution of earned rewards. Note that we assume GHOSTDAG, PHANTOM, and SPECTRE are utilizing the RTS strategy that was proposed in the Inclusive protocol [43], as recommended by the (partially overlapping) authors of these works – this is further substantiated by the practical implementation of GHOSTDAG/PHANTOM called Kaspa [42], which utilizes a variant of RTS strategy (see Sec. IV) that selects a majority portion of transactions in a block uniformly at random, while a small portion of the block capacity is seized by the transaction selected based on the highest fees. Nevertheless, besides potentially increased transaction collision rate, even such an approach enables more greedy behavior. We make a hypothesis for our incentive attacks: Hypothesis 1. A greedy transaction selection strategy will decrease the relative profit of honest miners as well as transaction throughput in the DAG-PROTOCOL. Note that the greedy transaction selection strategy deviates from the DAG-PROTOCOL and thus is considered adversarial. Authors:
(1) Martin Peresıni, Brno University of Technology, Faculty of Information Technology (iperesini@fit.vut.cz);
(2) Ivan Homoliak, Brno University of Technology, Faculty of Information Technology (ihomoliak@fit.vut);
(3) Federico Matteo Bencic, University of Zagreb, Faculty of Electrical Engineering and Computing (federico-matteo.bencic@fer.hr);
(4) Martin Hruby, Brno University of Technology, Faculty of Information Technology (hruby@fit.vut.cz);
(5) Kamil Malinka, Brno University of Technology, Faculty of Information Technology (malinka@fit.vut). This paper is available on arxiv under CC BY 4.0 DEED license. Note that block rewards would not change the applicability of our incentive attacks, and the constraints defined in the game theoretic model (see Sec. V-B) would remain met even with them.


Note that this assumption serves only for simplification of the follow-up sections. Transactions of different sizes would require normalizing fees by the sizes of transactions to obtain an equivalent setup (i.e., a fee per Byte). Table of Links Abstract and I. Introduction Abstract and I. Introduction II. Background II. Background III. Problem Definition III. Problem Definition IV. DAG-Oriented Solutions IV. DAG-Oriented Solutions V. Game Theoretical Analysis V. Game Theoretical Analysis VI. Simulation Model VI. Simulation Model VII. Evaluation VII. Evaluation VIII. Countermeasures VIII. Countermeasures IX. Discussion and Future Work IX. Discussion and Future Work X. Related Work X. Related Work XI. Conclusion and References XI. Conclusion and References III. PROBLEM DEFINITION Let there be a PoW blockchain network that uses the Nakamoto consensus and consists of honest and greedy miners, with the greedy miners holding a fraction κ of the total mining power (i.e., adversarial mining power). Then, we denote the network propagation delay in seconds as τ and the block creation time in seconds as λ. We assume that the minimum value of λ is constrained by τ of the blockchain network. It is well-known that Nakamoto-style blockchains generate stale blocks (a.k.a., orphan blocks). As a result, a fraction of the mining power is wasted. The rate at which stale blocks are generated increases when λ is decreased, which is one of the reasons why Bitcoin maintains a high λ of 600s. DAG-Oriented Designs . Many DAG-oriented designs were proposed to allow a decrease of λ while utilizing stale blocks in parallel chains, which should increase the transaction throughput. Although there are some DAG-oriented designs that do not address the problem of increasing transaction throughput (e.g., IoTA [39], Nano [25], Byteball [3]), we focus on the specific group of solutions addressing this problem, such as Inclusive [26], GHOSTDAG, PHANTOM [44], SPECTRE [43], and Prism [6]. We are targeting the RTS strategy, which is a common property of this group of protocols. In the RTS, the miners do not take into account transaction fees of all included transactions; instead, they select transactions of blocks randomly – although not necessarily uniformly at random (e.g., [42]). In this way, these designs aim to eliminate transaction collision within parallel blocks of the DAG structure. Nevertheless, the interpretation of randomness in RTS is not enforced/verified by these designs, and miners are trusted to ignore fees of all (or the majority of [42]) transactions for the common “well-being” of the protocol. Contrary, miners of blockchains such as Bitcoin use a wellknown transaction selection mechanism that maximizes profit by selecting all transactions of the block based on the highest fees – we refer to this strategy as the greedy strategy in the context of considered DAG-based protocols. DAG-Oriented Designs greedy strategy A. Assumptions A. Assumptions A. Assumptions We assume a generic DAG-oriented consensus protocol using the RTS strategy (denoted as DAG-PROTOCOL). Then, we assume that the incentive scheme of DAG-PROTOCOL relies on transaction fees (but additionally might also rely on block rewards),[4] and transactions are of the same size.[5] Let us assume that the greedy miners may only choose a different transaction selection strategy to make more profit than honest miners. Then, we assume that DAG-PROTOCOL uses rewarding where the miner of the block A gets rewarded for all unique not-yet-mined transactions in A (while she is not rewarded for transaction duplicates mined before). A A B. Identified Problems – Incentive Attacks B. Identified Problems – Incentive Attacks B. Identified Problems – Incentive Attacks Although the assumptions stated above might seem intuitive, there is no related work studying the impact of greedy miners deviating from the RTS strategy on any of the considered DAG-PROTOCOLs (GHOSTDAG, PHANTOM [44], SPECTRE [43], Inclusive [26], and Prism [6]) and the effect it might have on the throughput of these protocols as well as a fair distribution of earned rewards. Note that we assume GHOSTDAG, PHANTOM, and SPECTRE are utilizing the RTS strategy that was proposed in the Inclusive protocol [43], as recommended by the (partially overlapping) authors of these works – this is further substantiated by the practical implementation of GHOSTDAG/PHANTOM called Kaspa [42], which utilizes a variant of RTS strategy (see Sec. IV) that selects a majority portion of transactions in a block uniformly at random, while a small portion of the block capacity is seized by the transaction selected based on the highest fees. Nevertheless, besides potentially increased transaction collision rate, even such an approach enables more greedy behavior. We make a hypothesis for our incentive attacks: Hypothesis 1. A greedy transaction selection strategy will decrease the relative profit of honest miners as well as transaction throughput in the DAG-PROTOCOL. Hypothesis 1. A greedy transaction selection strategy will decrease the relative profit of honest miners as well as transaction throughput in the Note that the greedy transaction selection strategy deviates from the DAG-PROTOCOL and thus is considered adversarial. Authors: (1) Martin Peresıni, Brno University of Technology, Faculty of Information Technology (iperesini@fit.vut.cz); (2) Ivan Homoliak, Brno University of Technology, Faculty of Information Technology (ihomoliak@fit.vut); (3) Federico Matteo Bencic, University of Zagreb, Faculty of Electrical Engineering and Computing (federico-matteo.bencic@fer.hr); (4) Martin Hruby, Brno University of Technology, Faculty of Information Technology (hruby@fit.vut.cz); (5) Kamil Malinka, Brno University of Technology, Faculty of Information Technology (malinka@fit.vut). Authors: Authors: (1) Martin Peresıni, Brno University of Technology, Faculty of Information Technology (iperesini@fit.vut.cz); (2) Ivan Homoliak, Brno University of Technology, Faculty of Information Technology (ihomoliak@fit.vut); (3) Federico Matteo Bencic, University of Zagreb, Faculty of Electrical Engineering and Computing (federico-matteo.bencic@fer.hr); (4) Martin Hruby, Brno University of Technology, Faculty of Information Technology (hruby@fit.vut.cz); (5) Kamil Malinka, Brno University of Technology, Faculty of Information Technology (malinka@fit.vut). This paper is available on arxiv under CC BY 4.0 DEED license. This paper is available on arxiv under CC BY 4.0 DEED license. available on arxiv available on arxiv Note that block rewards would not change the applicability of our incentive attacks, and the constraints defined in the game theoretic model (see Sec. V-B) would remain met even with them. Note that this assumption serves only for simplification of the follow-up sections. Transactions of different sizes would require normalizing fees by the sizes of transactions to obtain an equivalent setup (i.e., a fee per Byte). Note that block rewards would not change the applicability of our incentive attacks, and the constraints defined in the game theoretic model (see Sec. V-B) would remain met even with them. Note that block rewards would not change the applicability of our incentive attacks, and the constraints defined in the game theoretic model (see Sec. V-B) would remain met even with them. Note that this assumption serves only for simplification of the follow-up sections. Transactions of different sizes would require normalizing fees by the sizes of transactions to obtain an equivalent setup (i.e., a fee per Byte). Note that this assumption serves only for simplification of the follow-up sections. Transactions of different sizes would require normalizing fees by the sizes of transactions to obtain an equivalent setup (i.e., a fee per Byte).

Part of HackerNoon's growing list of open-source research papers, promoting free access to academic material.

Identifying Incentive Attacks in DAG-Oriented Blockchain Protocols

About Author

Comments

TOPICS

THIS ARTICLE WAS FEATURED IN

Related Stories

Untitled Story

A Comparative Analysis of Crypto API Misuses Across Programming Languages

7 Consensus Mechanisms Developers Must Know to BUIDL for Web3

BFT Consensus: Will Your Car Full of Passengers Turn Right, Left, or Fly Over a Cliff?

Consensus Protocol in Blockchain

ConsensusPedia: An Encyclopedia of 30+ Consensus Algorithms

A Comparative Analysis of Crypto API Misuses Across Programming Languages

7 Consensus Mechanisms Developers Must Know to BUIDL for Web3

BFT Consensus: Will Your Car Full of Passengers Turn Right, Left, or Fly Over a Cliff?

Consensus Protocol in Blockchain

ConsensusPedia: An Encyclopedia of 30+ Consensus Algorithms

Light-Mode

Classic

Newspaper

Dark-Mode

Neon Noir

Minty

HN StartUps