Is the Cosmos hub (and the Polkadot relay chain) more secure, and hence more valuable, than Bitcoin or Ethereum?
Summary of the potential attacks and safety of the Cosmos hub (please comment/contact me if you can think about other potential attacks not covered here)
- ⅔ long range attack: with the 21 unbonding period it cannot happen since new nodes and current nodes not with 100% uptime can safely sync within 3 weeks from latest block/state (long range malicious forks that enter the unbonding period would be slashed after double signing)
- Assuming ⅔ stake available in the markets: ⅔ current voting power attack, very expensive to buy and skin in the game, double sign quickly detected and the malicious voting power forked out by off chain consensus losing all ⅔ stake value
- Assuming ⅓ stake available in the markets: Buy ⅓, but again very expensive and skin in the game, halt resolved in 1 or 2h by an off chain consensus hard fork (needed since the network is halted and therefore it is not possible to redelegate or to stake more liquid atoms to dilute this offline voting power) and ⅓ stake lost
- Assuming less than ⅓ stake available in the markets:
a) The attacker doesn’t buy any atoms and instead create many small validators with 0% or low fee, then convince delegators until getting ⅓ of the voting power and halt the network. However, delegators would get slashed and therefore will do good due diligence so it would be hard for the attacker to accumulate so much stake
b) Combination of buying some atoms and getting delegation, but again here expensive to buy and skin in the game lost just for a 1 or 2h network halt
So the key is that since blocks are final in Cosmos and not probabilistically final like in bitcoin or ethereum, successful double spending doesn’t seem an option in Cosmos, the worst that could happen would be a 1 or 2h halt while forking out by off chain consensus either ⅓ or ⅔ malicious voting power. Also, if a zone is corrupted, then corrupted assets could be spread within Cosmos but users should pay attention to validators of a specific zone to decide if they can trust or not a zone. But in any case, any corrupted zone cannot affect other zones or hubs beyond those corrupted assets that will be identified, because each hub and zone will be independent with their own validator set and governance.
The security thresholds in the Polkadot relay chain
- >1/3 byzantine validators: the grandpa consensus stops finalizing and the longest chain consensus starts (byzantine validators could include network faults, malicious validators in contrast are actively controlled by an attacker). In this case the validator set would change resulting in less than 1/3 byzantine validators and grandpa would restart finalizing blocks
- >1/2 byzantine validators: babe (longest chain rule) consensus builds on forks but doesn’t stop, and some of the byzantine validators could be back online bringing the number of byzantine validators to less than 1/3 and hence grandpa consensus would restart finalizing blocks
- >2/3 malicious validators: grandpa finalizes a malicious block and a hard fork with off chain consensus is needed, however this attack would be incredibly expensive and very unlikely
Also, the combination of these two parts of the consensus, meaning babe produces blocks with less network communication than is required for Byzantine agreements and that finality is achieved on chains of blocks and not on individual blocks allows the validator set in the Polkadot relay chain to scale to 1000 without the slowdown found in pure Byzantine agreement protocols.
The cost of attacking Bitcoin and Ethereum vs attacking the Cosmos hub:
For a 51% attack to bitcoin or ethereum PoW blockchains, it is possible to just rent enough hashrate for this (and if it is not enough, ASICs could be bought or produced, unlike atom or dot tokens than cannot be “manufactured” by an attacker), not having “skin in the game”. However, to attack the Cosmos hub for example an attacker would need to acquire the atoms. So it would be like an attacker having to buy a huge mining farm in bitcoin or ethereum that would be burned down as soon as he tries to double spend or attack the network, without any success beyond halting the network for a short time.
Also, because blocks in Polkadot (after they have been finalized by the grandpa consensus) and Cosmos are final, an equivalent of the 51% double spend attack as the recent one in Ethereum classic (with probabilistic finality like bitcoin and ethereum) cannot happen. And let’s remember that 3 or 4 mining pools have close to 51% hashrate in bitcoin so that’s not very secure and decentralised: someone could just call them to modify the history of the bitcoin ledger (for example, the CEO of Binance did that after the $40m hack and later he said it was not good calling the mining pools since it is better to keep the bitcoin blockchain “immutable”).
A 51% attack of bitcoin for 1h it is estimated that it would cost around $650k and in ethereum $130k. In contrast, at the current atom price of around $5 and total amount staked of 136 million atoms, the cost of a 2/3 attack now to the Cosmos hub would cost close to $500 millions that would be instantly lost with nothing gained after the attack beyond a brief halt of the Cosmos hub of 1 or 2h while a hard fork is coordinated.
It is true that renting enough hashrate for a 51% attack in bitcoin for example is difficult, but a powerful attacker could buy or manufacture enough ASICs (or create better ASICs, and since governance is quite bad and slow in bitcoin as was seen with the bitcoin cash hard fork, changing the hash function to prevent the attack may not be fast or effective enough against a powerful attacker) to have constant over 51% hashrate. In contrast, an attacker cannot “manufacture” atom or dot tokens, the attacker could only buy the tokens or get them as delegations for voting power but this was analysed in the first section above.
Another interesting point is that even if the hashing algorithm is changed in bitcoin (despite the bad and slow governance) against a 51% attack, both the malicious and the honest miners would be affected. In contrast, in the case of the PoS model in the Cosmos hub for example, only the malicious voting power would be slashed and forked out.
The key differences between the security of the Cosmos hub and the Polkadot relay chain
Since the Polkadot relay chain will offer shared security it ensures that there are no corrupted messages from some parachains of weak security (zone equivalent in Cosmos) to other parachains. However if 2/3+1 of the relay chain validators in Polkadot are compromised enough to prevent a fisherman from reporting an invalid transition then the whole Polkadot network including all parachains would be compromised (unlike in Cosmos where a corrupted zone cannot compromise the rest of the network, although the Cosmos hub corrupted would (it would be very interesting to find the right parameters/ways to quantify the security of a specific Cosmos zone/hub or have a way for more direct connections between two zones without many multi-hops that could go through a weak security zone or hub, like keeping the keys list of zone validators often updated in the high security Cosmos hub to know for sure that you are connecting to a specific zone)).
Nonetheless, corrupting the Polkadot relay chain would be even more expensive than attacking the Cosmos hub, since attacking the relay chain would be the economic equivalent of compromising the hub and all zones connected to the Cosmos hub (however the Cosmos hub will also offer shared security in the future). Polkadot is researching ways to mitigate this potential 2/3+1 relay chain attack like parachains would see that relay chain validators are authoring blocks containing fisherman transactions that are not reaching the canon relay chain. Also, Polkadot solves the data availability problem through erasure-coding all data over all validators.
Another important point is that there will be more hubs apart from the Cosmos hub like the Irisnet hub, the Sentinel hub and others but they would be economically separated so security will be divided among them, while Polkadot would require an attacker to pay to break all chains even to attack just one (but again, shared security will be also offered by the Cosmos hub after IBC is ready). Also, an important issue is that it would be hard for users in the Cosmos ecosystem to know which validators in which zones can be trusted to avoid receiving potentially corrupted assets (zones with their own validator set and security, not using shared security, may be less trusted or not by the users but could still join the Cosmos hub. In contrast, for a parachain to join Polkadot shared security will be a must). Therefore, trusted Cosmos hub validators that also validate other zones will be a powerful source of trust to interact with a specific zone. Good decentralised token distribution is also very important for the security of the Cosmos hub and zones and the Polkadot relay chain.
This article was possible thanks to discussions I had with Gavin Wood, founder of Polkadot and previously CTO and co-founder of Ethereum, Jae Kwon the founder of Tendermint/Cosmos, Zaki Manian from Cosmos, and also many other Cosmos and Polkadot community members