In this installment, we talk about another type of attack, which we call the “partition attack.” This type of attack, which has not been publicly mentioned elsewhere, was discovered by Conflux while analyzing the security of the “heaviest chain rule”.
The attack described in this issue is initially similar to a balanced attack, which splits the honest nodes into communities of similar computation power, each of which mines blocks under a different subtree. Here we take the case of three communities.
At the same time, the attacker regenerates a block behind the parent block of the three blocks (the circle on the upper left in the image above) and digs underneath it. After a period of time, the structure between the blocks is shown below. (Here we assume that attackers account for 40% of the total network power.)
Unlike a balanced attack, the attacker does not intend to have the 3 good people community arguing over which of the 3 subtrees is heavier. Instead, the attacker lets the previously hidden child become the heaviest child.
Mmbiz. Qpic. Cn/mmbiz_jpg/I…
In each round, if the good guys generate an average of 30 blocks, then there are an average of 10 blocks under each subtree.
The attacker only needs to broadcast 11 blocks (maybe a little more due to randomness) to accomplish his purpose. At the same time, an attacker can generate 20 new blocks.
The attacker’s chain gets longer and longer. Moreover, each block in the chain will eventually become the main chain recognized by all honest nodes. In other words, the attacker took control of the main chain with blocks that had been hidden for a long time.
If a block is hidden by an attacker for a long time, then it becomes the main chain that all honest nodes recognize. This is a very scary thing, and an attacker may have hidden enough blocks in the subtree of this block that it can broadcast these hidden blocks at any moment, forming a heavily weighted subtree that can be used to defeat the good guys’ subtree.
Thus, if there are confirmed trades in the Good Son tree, those confirmed trades will be reversed. In other words, the attacker has completed a “double flower attack”.
Fortunately, it is hard to tell if a block has been hidden for a long time under the heaviest chain rules, but with the “tree structure” we have the ability to find blocks that have been hidden for a long time.
If we delay the confirmation of subsequent transactions in this block accordingly, we can avoid double-spending.
However, this creates another problem, which is the delay in confirming transactions. In general, under reasonable confirmation rules, “segmentation attack” can only achieve “survivable attack”.
So, with tree structure, do we have the ability to detect this kind of attack? Once such an attack is detected, what can be done about it? We’ll talk about that in future installments.