Wolves and Sheep

by Posted on

It has become conventional wisdom that there’s no way to tell attackers (wolves) from honest nodes (sheep) in an open blockchain. The strength of this opinion is based partially on its promotion by talented developers like Vitalik Buterin and Zooko Wilcox-O’Hearn.

To understand why these claims are wrong, consider the difference that Bitcoin exploits:

While honest users build on the chain-tip, attackers build from a block at least one confirmation deeper into the chain. 

This difference exists because attackers are by definition attempting to re-write historical blocks. And the network exploits this to tax them: keeping the cost of producing blocks the same for wolves and sheep, but providing a higher return for sheep who produce at the tip of the longest-chain.

But don’t majoritarian attacks eliminate this tax and put wolves back on equal footing with sheep? Some developers may make this claim (“what I meant was…”) but note the shift in logic: we have moved from asserting there are no differences between wolves and sheep to asserting that no differences exist which can be used to tax wolves who produce a majority of blocks. And this second claim is also false….

The easiest way to demonstrate this is — again — with a simple counterexample. Can we think of other differences between wolves and sheep that can be leveraged to tax wolves? Remember that these differences do not need to be perceivable by participants in the network. All we require is that we can leverage them to systematically tilt income away from wolves and towards sheep. Eliminating majoritarian attacks requires this penalty to apply even when wolves produce the vast majority of blocks in our network.

Sound impossible? There is at least one difference with this property:

When an attacker puts a transaction (that will be profitable for them to collect) into a block, they must be one hop deeper into the routing network than at least one honest node or user.

This difference is unquestionable. If an attacker is making money producing blocks, those blocks must by definition contain fees that come from non-attackers. It follows that every wolf that is not burning their own money (paying a tax) to produce blocks has at least one sheep at an earlier point in their transaction-routing path.

As with the difference Bitcoin leverages, this difference can’t tell us which specific nodes are wolves (some sheep are deep-hop nodes too!), but it can be leveraged to suppress the profitability of wolves. If we can make participating in the network more costly for deep-hop nodes, and force them to compete with early-hop nodes to create blocks and earn income, we give sheep a systemic competitive advantage. Eliminating the 51 percent attack is possible if, provided with the same set of resources, any node at routing depth N+1 can produce only half the blocks and or earn half the profits as a node at position N.

We can accomplish this by putting deep-hop nodes at a competitive disadvantage in producing blocks, or paying them less for the blocks they do produce. And why not both? As the amount of routing work in any block grows our consensus-layer simply needs to increase the cost of producing a block, and decrease the payment for producing it. This solution is counterintuitive to POW and POS developers as it requires the ratio between two variables that are fixed in their networks (cost of block production, and income from producing blocks) to float. It also requires something missing in both POW and POS: cryptographic signatures that track who routes fees inwards towards block producers.

The Saito whitepaper describes a practical implementation of the above. In Saito the cost of block production is directly modulated by consensus, while a cryptographically-biased lottery makes collecting payments costly for wolves but profitable for sheep, even when wolves produce the vast majority of blocks. An attentive reading of the Saito design will show it eliminates other more subtle problems with POW and POS mechanisms as well, but there is no reason for non-economists to delve into Saito to understand why the claims what it does is impossible are ungrounded.

To conclude: security mechanisms in blockchain do not identify bad actors by intent. They differentiate by behavior. Those who insist it is impossible to tell the difference bet ween “wolves” and “sheep” are forgetting something they used to know: that blockchains work by taxing forms of behaviour which are always exhibited by wolves and not caring if this punishes some honest sheep.

Differences do exist and networks leverage them to punish bad actors. This is how cost-of-attack is generated, and it is worth remembering because if we want to solve majoritarian attacks we cannot just throw up our hands and declare them impossible. The solution is to tax the hell out of wolflike behaviour until the only living things left in our pasture are battle-hardened but honest sheep.

Published by David Lancashire

Leave a Reply

Your email address will not be published. Required fields are marked *