Bitcoin Forum
July 10, 2025, 04:11:35 AM *
News: Latest Bitcoin Core release: 29.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: « 1 [2]  All
  Print  
Author Topic: Cosign Consensus  (Read 378 times)
SapphireSpire (OP)
Member
**
Offline Offline

Activity: 60
Merit: 60


View Profile
July 04, 2025, 10:09:23 PM
Last edit: July 05, 2025, 04:52:43 AM by SapphireSpire
Merited by stwenhao (1)
 #21

when the attacker has a high enough number of nodes, he can trick other nodes into accepting the double spend transaction.
No, he can't. First of all, he cosigned each transaction with a different address, but they're from the same list for the same output, so the address that is highest on that list is valid. Secondly, the minority of honest nodes, even if it's just one, would respond to any query with the valid transaction, while the nodes that respond with the invalid transaction, no matter how many there are, would get added to a block list.

On the other hand, this is extremely disconcerting.
stwenhao
Sr. Member
****
Offline Offline

Activity: 293
Merit: 514


View Profile
July 05, 2025, 03:13:55 AM
 #22

Quote
The minority of honest nodes, even if it's just one, would have valid copies of both transactions proving the double spend.
And? Which transaction would be valid? Alice -> Bob or Alice -> Charlie? Or none of them? Who will decide, which version was first, and which was second? Not to mention, that if there is only one honest node, then by just sybil attacking it, the rest of the network can go in its own direction. At the end of the day, by hacking the nodes owned by some exchange, where your token will be listed, the price will dump. And because of no Proof of Work, the voice of the honest node will never propagate across the network, because nobody is forced to accept a second valid signature (because it is not needed for anything, and the chain of signatures is valid without conflicting transactions), while everyone is forced to accept a valid block with Proof of Work (because other nodes accept the heaviest chain as valid).

Quote
And any nodes that don't report both transactions are obviously participating in a Sybil attack and would be added to a block list for misbehaving.
In this way, any node can be quickly blacklisted. What if there were three valid transactions? Or four? Or five? And what if the private key was broken? If any node can be blacklisted by just not having a particular transaction, then any new node would be blacklisted by default. Because what about new nodes, which never heard about any conflicting transactions from the past? Which version they should download from their peers? All of them? If so, then it can be cheaply abused, by publishing the private key, and creating billions of conflicting valid transactions, and forcing everyone to download all of that.

Quote
On the other hand, this is extremely disconcerting.
When Proof of Work is abused, the attacker have to constantly keep mining, and spend a lot of resources, to keep dominating the network. In any signature-based consensus, there is "once 51%, always 51%" rule instead. So, of course, there could be times, where Bitcoin would be attacked by 51% attacks. But at least it is possible to compete with those attackers, and the network is not doomed to be always controlled by a single entity.

Also, after reaching 51%, the attacker have an incentive to not put more resources into mining, because it starts competing with itself, and raising its own difficulty. Then, by just decreasing its own hashrate, it can save some money on electricity bills, because then, the difficulty is so high, mainly because of his own actions.

Another thing is: having 51% does not mean, that the network is under attack. It would be, if there would be some valid chain of blocks, and it would be overwritten by the new version. Then, old nodes would see both (or more) chains, while new nodes would see only the heaviest one. Which means, that in case of Proof of Work, if the attacker would start reversing transaction, then it would be possible to prove, that it is really happening. While in signature-based consensus, each signature is equal, and nodes don't know, which signature was replaced by which one.

Also, double-spending things, and overwriting the chain would mean, that the attacker would risk losing 51%, just by doing that, because then, he would spend a lot of computing power to mine the same blocks with a different content, over and over again. Which means, that if someone would have 60%, but would mine every block twice, then it would have only something around 30% of the real hashrate, and everyone would see a lot of stale blocks, similar to what can be seen in testnets, where CPU-mined blocks are reorged: https://fork.observer/

d5000
Legendary
*
Offline Offline

Activity: 4340
Merit: 9047


Decentralization Maximalist


View Profile
July 05, 2025, 03:15:32 AM
Last edit: July 05, 2025, 04:19:54 AM by d5000
 #23

No, he can't. The minority of honest nodes, even if it's just one, would have valid copies of both transactions proving the double spend. And any nodes that don't report both transactions are obviously participating in a Sybil attack and would be added to a block list for misbehaving.
It isn't that easy, unfortunately. If it was that easy Satoshi didn't need to develop Proof of Work as the double spend problem would have been already solved (a chain of blocks would then be enough, they would fulfill the same function than your cosigning algorithm).

Nodes connect and disconnect all the time. If the attacker has spawned enough nodes, then it's more likely that a node connecting while the sybil attack is going on, will connect to one of the attackers nodes, who will "infect" it with the double spend transaction. The nodes who had connected to the attacker would thus also be blocked by the honest nodes, even if they had no bad intention.

The idea that a few honest nodes can revert a sybil attack only works if all nodes (or at least an extreme large majority) are online 24/7. You can't rely on this. It's possible that the honest nodes can repel a (poorly executed) sybil attack once, or twice. But a well prepared attacker would eventually be able to steal funds. A cryptocurrency with such low safety wouldn't be able to attract value.

Your concept thus needs an additional mechanism to prevent the sybil attack. I don't know how different it is exactly from Obyte, but you could look there for inspirations.

Such topics were discussed a lot around 2014-16 when the first "working" PoS algorithms were developed (the original Peercoin algorithm was flawed just because the stakers could grind through different configurations, so basically it was "obfuscated proof of work"). IOTA is an example of a coin that tried to rely on a "provably random" transaction selection function, but they weren't able to shut down a centralized coordinator node until now. And their plans to shut it down depend on a PoS system not unlike Ethereum's. Currently if I'm not wrong they're in a transition phase with selected validators.


SapphireSpire (OP)
Member
**
Offline Offline

Activity: 60
Merit: 60


View Profile
July 06, 2025, 06:27:36 AM
Last edit: July 06, 2025, 11:44:21 AM by SapphireSpire
 #24

Your concept thus needs an additional mechanism to prevent the sybil attack.
I just needed to sort out the fee.
Pages: « 1 [2]  All
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!