Owner: @Álvaro Castro-Castilla
Carnot operates under the assumption that byzantine nodes will be randomly distributed across an overlay tree. This overlay tree is central to the scalability of Carnot, as it enables the introduction of optimizations that reduce the communication complexity of the protocol. For this analysis, we need to take into account that:
The current statistical analysis is based on the idea that the adversary is static. In other words, that the nodes of the adversary are fixed at the beginning of the protocol and they cannot choose the node/set of nodes at any point in the protocol. Our current calculations (which are of really high quality) are based on this fundamental premise, which is a classical assumption in the distributed systems literature. It seems a reasonable assumption at first.
I argue that this premise is not sufficiently strong for a blockchain technology that aims at becoming the foundation of Network States, and the rest of the article explains these attacks and how realistic scenarios could play out that would expose this current weakness.
While the static adversary model is a common framework in the academic literature, it is not the most accurate model for us. Not all blockchains are designed to be secure against an adaptive adversary, but those that uphold the values of decentralization and security do. As an example (but not limited to) I will elaborate below how Ethereum and Avalanche do it.
The adaptive adversary is harder to model, and protocols that fully solve it are very expensive. However, there is a specific case of it that is of particular interest in blockchain and that we will focus on: bribery attacks.
See references below for Vitalik’s opinion here and here, Espresso Sequencer section on this attack or Ouroboros Praos paper. This list is unscientific and non-exhaustive, but it shows that the problem is taken seriously by ambitious blockchain projects. It can also be argued that the creation of Compact Certificates of Collective Knowledge was devised by Silvio Micali et al. is to provide cryptographic proof of the votes of all nodes in a large set, instead of using optimizations that side-step this problem in order to achieve high performance, like Carnot currently does.
The bribery attack is simple: set up an economic incentive to convince honest nodes to do something that will benefit you as an attacker. We can assume the following:
It is very important to understand that while we are using economic examples, the attack is not economic or game-theoretic, but rather a consensus protocol attack under a more powerful adversary model. As such, it needs to be solved at that level. See how other blockchains do it, and they never push that problem to economics.
Important note: to avoid any confusion in this matter, remember that the economic reference is given because ultimately blockchains that use PoS have their security quantified by economic value, but that should not distract us from the fact that this is a consensus problem. If you don’t see this clearly, just convert all the specific dollar amounts into percentages of $1B, and those are equivalent to percentages in terms of number of nodes.
Let’s think of a realistic scenario for a Network State. A Network State grows to have 10k users running a validator node, thanks to a strong culture of home-validators and a very easy setup (which is what we want). After a period of bull market when valuations were really high, a bear market hits and the valuations become more realistic. Now at a $1B market cap, with a 50% of the supply staked, this highly-successful network state has $333.3M of economic security (ie the cost to completely decide the state of the chain: 2/3 of the staked supply value). This is the maximum security that most BFT consensus protocols provide. Note that very successful monolithic blockchains are valued around that market cap, but most Cosmos appchains have lower security and they probably reflect better our use case at least in the initial years.