Provenance Blockchain Proof-of-Stake Provides 51% Attack Immunity
51%? 33%? 67%? $260M? $512M? Why are those numbers important for the Provenance Blockchain security?
One of the most important things I do for the Provenance Blockchain is to follow the blockchain industry and watch for any news covering hacks, attacks, or other kinds of successful exploits. Blockchains are a rapidly evolving field and these unfortunate events often serve as an advance warning of potential weaknesses in design that require mitigation before someone loses assets.
Recently there was a story about BSV (Bitcoin SV) falling victim to a 51% attack1. A group of malicious network participants were able to achieve enough control of the network to execute a rewrite of the history of the blockchain wiping out thousands of valid transactions and replacing them with their own version of history. Needless to say this resulted in a significant financial loss for asset holders and many exchanges have delisted the token citing the security incident.
Fortunately Provenance is immune to this type of attack due to the fundamental differences between how Provenance secures its network (Proof of Stake) and the model used by BSV (Proof of Work).
Proof of Work vs. Proof Of Stake
A Proof of Work network such as Bitcoin, Ethereum 1.0, and BSV all rely on finding solutions to a difficult problem. Similar to an easter egg hidden in a field, a proof of work solution can be found by any one of the people searching and no one can be certain who it will be. When setting up this type of contest an appropriate sized field would be chosen to ensure the contest takes an appropriate amount of time for the number of people involved. If a team of 1,000 people unexpectedly shows up to search, you would probably expect this large team to be the winner as the odds are in their favor with so many more people looking. If the person hiding the egg knew that there would be 1,100 people searching they could make it far more difficult by choosing a larger space to hide in. This example summarizes the situation for proof of work algorithms. The difficulty of the search is set in rough proportion to the amount of effort being put into searching and the number of people looking. And just like an unexpected team of people arriving with 10x as many searchers, a proof of work system can be exploited because the number of people searching and how hard they are looking is completely out of the control of the network.
Conversely, in a proof of stake network the amount of resources are defined up front and under direct control of the network. The participants can trade their stake amongst each other and shift the balance of who gets more weight in a decision, but an outside group can not bring an unexpected large influx of resources in an attempt to overwhelm the existing participants.
Probability vs Protocol
Determining which transactions and which blocks are valid is also handled differently in a Proof of Work vs a Proof of Stake blockchain. For a proof of work based system miners are working to ensure the blocks they mint are on the “longest chain” because that’s the only way they can get paid for their work. Blocks added to forks of the chain that are “shorter” have their transactions and associated rewards discarded. Note that transactions may appear in blocks on both chains but the successful miners of the blocks will be different and therefore the rewards for minting the blocks will go to different entities. This property of using the longest chain, and discarding shorter ones, means a transaction is only final when a sufficient number of blocks are added to a chain after the block a transaction is included in such that it is extremely unlikely that another fork of the chain would appear without the transaction.
Conversely, in a proof of stake network blocks are only added when they pass a consensus vote. When a block is added to the network it is final, a concept known as “instant finality”. Instant finality relies on the protocol for determining which transactions are valid and the voting power of those running the protocol to determine what makes a valid block. The Provenance blockchain relies on its protocol which makes up each node. When a block is distributed to the network all of the transactions within the block are evaluated independently by each node using the protocol to determine if the block is valid or not. This means that if an invalid transaction is included in a block every other node in the network has the opportunity to verify and reject the block.
Stake Required to Advance the Network
Voting power in the network is known as “stake” and is represented using the $HASH token that has been delegated. The delegation part is important. While there is a total $HASH supply of 100B the vast majority of this is held in cold/offline wallets that are not being used to actively participate in the network. Currently (Oct 2021) 6.071% of the total supply (6.1B HASH) is actively voting to secure the network. Therefore, approximately 2B $HASH is required to halt the network through a consensus failure.
Only 33.1% of the voting power of the network needs to disagree with the determination on the validity of a given transaction/block to halt the network.
While a blockchain halting is typically considered a very bad thing, in this case it is an important and very useful check for the integrity of the network. In order for the blockchain to continue the validators on the network will need to come together and develop a modification to the protocol as a group and coordinate a restart of the network (aka a ‘Hard Fork’). A super majority of the voting power (>=67%) is required to restart the network. This type of design ensures that modifications to the protocol are performed by all the stakeholders in the network and such drastic changes can not be performed without every network participant being aware.
Ensuring Robust Monitoring and Control
Voting power is applied through delegators/validators. This is where the 33% power level and not allowing a single validator to hold this much active voting power becomes important. If a single validator holds 33% or more voting power then they become a single point of failure for the network. If their vote is not present, the network will halt. Even simple day to day actions like restarting a server would prevent blocks from being added to the chain when this node is offline. This is why Figure actively manages their stake in the network to balance power between the validators in the network to prevent a single node from having too much impact on the overall operation of the network. As the network matures and the risk of a single point of failure subsides through additional stakeholder delegations and validators, Figure will reduce their majority stake.
Summary
Proof of Stake and Proof of Work are fundamentally different approaches to managing consensus. A proof of stake network provides instant finality and guarantees full transaction validity observable by all points within the network at any time. The network protocol is specifically designed for determinism and will not allow the network to proceed if there is not a super majority of participants endorsing each block. The value of the stake protecting the network exceeds $260M for censure and $512M for full control (Oct 2021).
[1] https://www.coindesk.com/bsv-suffers-51-attack-report
IRA MILLER
Ira is a software engineer from Montana working on the Provenance blockchain protocol. Before joining Figure he worked for the Stanford Research Institute focusing on distributed systems. He believes blockchain’s ability to transform trust into truth will have a transformative impact on the financial services industry. Outside of work he enjoys a good espresso, cycling, and traveling.