Researchers, from the University of Sydney, identified a new type of attack, which they named the “Balance attack”, that can be launched against proof-of-work PoW blockcains such as ethereum’s and bitcoin’s. The attack is based on delay of network communications amongst groups of nodes that possess somehow balanced mining power. The theoretical analysis, of the authors of the paper, depicts the exact tradeoff between the network delay and the target mining power needed by the attacker to successfully execute a double spend with high levels of probability.
The probabilistic analysis is quantified with statistical data derived from the R3 consortium, proving that a single miner needs 20 minutes to successfully attack the consortium. The feasibility of this attack was demonstrated via running an Ethereum private chain along a distributed system that has similar settings as those of the R3 consortium. The authors also discussed the applicability of the balance attack to bitcoin’s blockchain.
The Balance Attack:
The paper demonstrates, both theoretically and practically, that an attacker can make up for his/her low mining power via delaying certain messages across Ethereum’s blockchain. Following this concept, the authors proposed a simple form of attack, which they named the balance attack, where an attacker temporarily disrupts communications amongst subgroups of nodes that possess similar mining power. According to the authors of the paper, the attacker can successfully perform the attack while controlling only 5% of the total hash power of the network. During this period of time, the attacker will issue and broadcast transactions to one subgroup of nodes, which will be named “transaction subgroup”, while mining blocks in another subgroup of nodes, which will be named “block subgroup”, until the tree formed by the block subgroup outweighs the tree formed by the transaction group.
The innovative nature of the balance attack lies in its ability to leverage the GHOST protocol that accounts for uncle or sibling blocks to select a chain of blocks. This strategy permits the attacker to mine a blockchain branch in isolation of the rest of the nodes on the network, before uniting this branch to one of the competing blockchains to alter the process of branch selection.
The authors of the paper experimented along a distributed system that runs Ethereum’s protocol with similar settings as those of R3, a consortium that comprises more than 70 financial institutions across the world. In January, 2016, R3 was formed of 11 banks and successfully collaborated to deploy an Ethereum private chain that records and confirms transactions. Throughout the past year, R3 continued growing and experimenting along Ethereum’s blockchain while the private consortium chain attracted interest due to its potential to offer a blockchain that connects multiple companies within the context of a controlled and private environment.
The balance attack can be exploited to disrupt the persistence of the blockchain’s main branch, which would lead to rewriting of previously completed transactions, and give the attacker the opportunity to perform double spends successfully. Apart from previous forms of attacks against bitcoin’s blockchain, where the attacker needs to increase the length of the longest chain at a faster rate than that of honest miners, the balance attack is novel because the attacker would need to contribute to one of the correct chains, to be able to outweigh another chain, that has been created by a group of honest miners, along Ethereum’s blockchain.
The paper generalized this attack concept to all proof-of-work PoW cryptocurrency protocols, via presenting a simple model for PoW blockchains and outlining the algorithmic differences between Nakamoto’s and GHOST’s consensus. The authors also discussed how the balance attack can be adapted to bitcoin’s protocol so that the attacker can disrupt the persistence of the main branch of bitcoin’s blockchain. To launch the balance attack on bitcoin’s blockchain, the attacker has to mine on the top of one of the correctly formed chains, rather than perform solo mining of a subchain, which would lead to results that are similar to those described when launching the attack on Ethereum’s blockchain.