Порівняння ефективності Double Spend Attack для блокчейнів з контрольними точками і без них
Though Proof-of-Stake (PoS) protocol is widely-used in blockchains, but the first strictly proved results about its security against Double Spend Attack (DSA) were recently obtained. To reduce the probability of this attack, some blockchains use some additional instrument, which is called checkpoint...
Збережено в:
| Дата: | 2023 |
|---|---|
| Автори: | , , |
| Формат: | Стаття |
| Мова: | Українська |
| Опубліковано: |
Інститут прикладних проблем механіки і математики ім. Я. С. Підстригача НАН України
2023
|
| Теми: | |
| Онлайн доступ: | https://www.fmmit.lviv.ua/index.php/fmmit/article/view/267 |
| Теги: |
Додати тег
Немає тегів, Будьте першим, хто поставить тег для цього запису!
|
| Назва журналу: | Physico-mathematical modeling and informational technologies |
| Завантажити файл: |  |
Репозитарії
Physico-mathematical modeling and informational technologies| _version_ | 1867479635344752640 |
|---|---|
| author | Kovalchuk, Lyudmila Kuchynska, Nataliia Nelasa, Hanna |
| author_facet | Kovalchuk, Lyudmila Kuchynska, Nataliia Nelasa, Hanna |
| author_institution_txt_mv | [
{
"author": "Lyudmila Kovalchuk",
"institution": "Doctor of Technical Sciences, Professor, Pukhov Institute for Modelling in Energy Engineering of NAS of Ukraine, 15 General Naumova Str., 03164, Kyiv, Ukraine"
},
{
"author": "Nataliia Kuchynska",
"institution": "Candidate of Technical Sciences, Associate Professor, National Technical University of Ukraine “Igor Sikorsky Kyiv Polytechnic Institute”, 37, Prosp. Peremohy, 03056, Kyiv"
},
{
"author": "Hanna Nelasa",
"institution": "Candidate of Technical Sciences, Associate Professor, Pukhov Institute for Modelling in Energy Engineering of NAS of Ukraine, 15 General Naumova Str., 03164, Kyiv, Ukraine"
}
] |
| author_sort | Kovalchuk, Lyudmila |
| baseUrl_str | http://www.fmmit.lviv.ua/index.php/fmmit/oai |
| collection | OJS |
| datestamp_date | 2025-02-21T17:32:19Z |
| description | Though Proof-of-Stake (PoS) protocol is widely-used in blockchains, but the first strictly proved results about its security against Double Spend Attack (DSA) were recently obtained. To reduce the probability of this attack, some blockchains use some additional instrument, which is called checkpoints. In this paper, we present explicit formulas for the estimates of probability of success of Double Spend Attack in the case of the Proof of Stake protocol consensus with checkpoints and compare obtained results with probability of classic Double Spend Attack. The formulas obtained allow to get corresponding numerical results, which we compared with the analogical numerical results obtained earlier for "classical" PoS protocol in blockchain without checkpoints. As it was expected, this comparison shows that blockchain with checkpoints, under the same conditions, is more secure against such attack. |
| first_indexed | 2026-06-09T01:09:24Z |
| format | Article |
| fulltext |
12
doi.org/10.15407/fmmit2023.36.012
Comparison of efficiency of Double Spend Attack for
blockchains with checkpoints and without them
Lyudmila Kovalchuk1, Nataliia Kuchynska2, Hanna Nelasa3
1 Doctor of Technical Sciences, Professor, Pukhov Institute for Modelling in Energy Engineering of NAS of Ukraine,
15 General Naumova Str., 03164, Kyiv, Ukraine e-mail: lusi.kovalchuk@gmail.com
2 Candidate of Technical Sciences, Associate Professor, National Technical University of Ukraine “Igor Sikorsky Kyiv
Polytechnic Institute”, 37, Prosp. Peremohy, 03056, Kyiv, e-mail: n.kuchinska@gmail.com
2 Candidate of Technical Sciences, Associate Professor, Pukhov Institute for Modelling in Energy Engineering of NAS
of Ukraine, 15 General Naumova Str., 03164, Kyiv, Ukraine e-mail: annanelasa@gmail.com
Though Proof-of-Stake (PoS) protocol is widely-used in blockchains, but the first strictly proved
results about its security against Double Spend Attack (DSA) were recently obtained. To reduce
the probability of this attack, some blockchains use some additional instrument, which is called
checkpoints. In this paper, we present explicit formulas for the estimates of probability of success
of Double Spend Attack in the case of the Proof of Stake protocol consensus with checkpoints and
compare obtained results with probability of classic Double Spend Attack. The formulas obtained
allow to get corresponding numerical results, which we compared with the analogical numerical
results obtained earlier for "classical" PoS protocol in blockchain without checkpoints. As it was
expected, this comparison shows that blockchain with checkpoints, under the same conditions, is
more secure against such attack.
Key words: blockchain; double spend attack, proof of stake, checkpoint
Introduction. The main cryptographic principles of modern blockchain technology
were proposed by Satoshi Nakomoto in 2008, the idea was practically implemented
only in 2009 in the first cryptocurrency Bitcoin. Consensus protocols are not
completely reliable because the partial centralization can occur in the system when the
consensus models do not take into account behavior of the network users. To increase
the blockchain security a checkpoint mechanism was proposed [1] [2]. It is called to
limit the time of the attack. Once the chain history is synced, it cannot be changed.
1. Double Spend Attack with time limitations
In this paper a partial case of Double Spend Attack is considered. In further we assume
the malicious miners have limited time to implement the attack and the one block is
built during one timeslot. This model depends on the distribution of timeslots in
blockchain between network participants. By limitations on the time of the attack, we
suppose the presence of checkpoints. The number of timeslots between control points
is assumed to be known. The selection of slot leaders for the corresponding slots
between checkpoints is random in our assumptions.
As in the case of the classic DSA for the proof of stake consensus protocol, the
attack should be divided into two stages. The first stage is that the attacker will build
an alternative chain before honest miners build z of confirmation blocks. The second
stage of the attack occurs when z blocks of confirmation are built and the attacker was
UDC 517.4: 004.056
mailto:lusi.kovalchuk@gmail.com
mailto:n.kuchinska@gmail.com
mailto:annanelasa@gmail.com
ISSN 1816-1545 Фізико-математичне моделювання та інформаційні технології
2023, вип. 36, 12-16
13
unable to carry out the attack in its first stage, he lags behind by a certain number of z
− k blocks (k is the number of blocks built by the attacker), and therefore the attackers
pass to the phase when there is an attempt to catch up with the main chain. But it is
necessary to catch up before the second checkpoint, since after it his fork will not be
considered valid.
Compared to the classic case of DSA, in the control point attack, everything
follows the same assumptions as described in [3], but the opponent can catch up in a
limited number of slots. In order to prove new statements and formulas, it is necessary
to introduce next notations.
Let through 0
0
x
B , 1
0
x
B , 2
0
x
B ,…, 1
1
ix
iB , ix
iB ,…, nx
nB 2
2 , Ni , MHxi , we will
denote the slots on each of which the selected slot leader can build only one block.
That is, the timeslots will belong to a certain selected slot leader, which will be
indicated in the index above the specified designations, where H is the slot of honest
miners and M is the slot of malicious miners. If the indexing of slot numbers is
marked in round brackets, then this designation will mean the ordering of the slot data
belonging to a certain slot leader.
By
HB )0( ,
HB )1( ,…,
H
iB )( ,… we denote the selected timeslots on which the blocks
are built by honest miners. Let’s introduce the transaction X , included in the block
H
iB )( , Ni , which consists in the fact that the attacker transferred funds to the
supplier for goods or a certain service. To carry out a transaction for payment of a
service or product, the supplier must wait z blocks of confirmation after the block
H
iB )( . The creation of z blocks of confirmation is done in order to ensure greater
security of blockchain systems, which makes it impossible to replace the main chain
with the block
H
iB )( for an alternative one with the transaction Y .
Let there be an attack on the blockchain system, and the formation of a fork, that
is, a branching, from the block 1
1
ix
iB , which precedes the block
H
iB )( with transaction
X . There are two chains when attacking. The main chain is built only by honest
miners:
0
0
x
B , 1
0
x
B , 2
0
x
B ,…, 1
1
ix
iB ,
H
iB )( ,
H
iB )1( ,
H
iB )2( ,…,
H
ziB )( ,
where blocks starting from
H
iB )( are built only by honest miners, and the alternative
chain, where blocks starting from
M
iB )( are built only by a malicious miner.
0
0
x
B , 1
0
x
B , 2
0
x
B ,…, 1
1
ix
iB ,
M
iB )( ,
M
iB )1( ,…,
M
rB )( ,
An alternative chain is built in secret as long as it is smaller in number of blocks
than the main chain zr , that is, the construction of the malicious chain begins after
z blocks
H
iB )1( ,
H
iB )2( ,…,
H
ziB )( confirmation. The chain must start before block
H
iB )(
otherwise the block with transactionY will contain an invalid transaction that uses
already spent coins. The attacker does not have the right to build his blocks in the
chain of honest miners during the attack. In order to carry out a successful attack, the
Lyudmila Kovalchuk, Nataliia Kuchynska, Hanna Nelasa
Double Spend Attack Probability Estimates in the PoS Consensus Protocol with Checkpoint
14
alternative chain must be longer or at least equal to the main chain when posting the
malicious chain to the blockchain network.
Since the history of the blockchain will be synchronized every n2 timeslots, the
attack should be carried out in the interval between the given number of timeslots. As
an example, let a checkpoint occur in timeslot nix
B 2
)2n+i(
, it will synchronize the state of
the network at the checkpoint with block nix
B
)n+i( . The attack should be carried out in the
timeslot with the block ix
B )i( , otherwise if it is the timeslot with the block 1
)1-n+i(
nix
B , then
the newly formed fork will be rejected by the network at the control point that occurs
in the timeslot with the nix
B
)n+i( block, and the attack will be doomed to failure. So, we
will consider DSA assuming that it was carried out after the first control point.
Assuming the existence of checkpoints for DSA, honest and malicious miners
should now probably hit timeslots whose number is only n2 , accordingly, the attack
can be successfully carried out if nzr 2 while the number of blocks of the attacker
has be zr at the time of publishing your chain. If more blocks are built by honest or
malicious miners in more timeslots, then the attack must be carried out again after the
checkpoint. Because the probability of an attack after the checkpoint is zero and the
synchronized history of the chain is already firmly stored in the blockchain system, it
cannot be changed in any way. Now that you have an idea of the mechanism of
checkpoints, you can proceed to the mathematical formulation of the model.
Suppose that among x participants exactly 2xtt are criminals and
tx are honest. Then, xtxp )( is the probability that the next timeslot belongs
to an honest miner, and xtx is the probability of an alternative event.
By 1, ii – denote random variables that can take only two values:
malicious. theof timeslot thepy probabilitwith 1
miner,honest an of timeslot qy probabilitwith 1
(1)
Let’s define random variables:
n
i
inSS
1
0 ,0 , (2)
n
i
inSS
1
0 )0(,0 , (3)
n
i
inSS
1
0 )0(,0 . (4)
Let’s write down the sense of this random variables:
•
nS , ...1,0n – is equal to the number of timeslots that an honest slot leader has in
the interval between the slot numbered 0 and the slot numbered n ;
•
nS , ...1,0n – similar value of the number of slots of the opponent;
• nS , ...1,0n is the difference
nS −
nS between honest and dishonest slot leaders.
ISSN 1816-1545 Фізико-математичне моделювання та інформаційні технології
2023, вип. 36, 12-16
15
For some Nk , we define another random variable kSl lk :1min .
Here,
k is the number of timeslots such that on the interval ],0[ k there are exactly
k slots owned by honest slot leaders. Now the problem of calculating the probability
of attack success can be formulated as the problem of calculating the probability of the
next event:
mmk SSmkA :)( ,
where for zk and
mm SS , are defined according to 1-4.
A further proof of the DSA probability formula with checkpoints will no longer
require a result concerning random walks, namely the player’s ruin lemma. It is
necessary to consider the finite case of the game, which will be presented in
combinatorial reasoning.
Lemma 1. In the notation (1)-(4) we define random variables:
kSSkSS kk
n
k
n )(
0
)(
0
)( ,, .
We also define the event 0: )( k
lk SNlС and denote its probability by
).( kk CPq If the attacker has a share q in the blockchain network, which is less
than the share of the honest p , but not very significantly, and at the same time the
alternative chain lags behind the main one by kz blocks behind, then the probability
of the attacker catching up with the main chain if there is in the blockchain system,
checkpoints after every n time slots are calculated according to the formula:
zn
i
i
j
jiji
jii
ikzii
ikzk pqCpqpCq
0
1
0
222 .)(
Theorem 1. The probability of the DSA in the PoS consensus protocol in the
presence of checkpoints is calculated by the recursive formula:
zn
zk
kzk
kz
zn
i
i
z
k
kzk
kz qpCpqpCzAP
2
1
0
1
0
1))(( ,
where
1
0
222 )(
i
j
jiji
jii
ikzii
ikzk pqCpqpCp .
2. Practical confirmation of the obtained results
If the attacker is limited checkpoints, he cannot build an arbitrary number of blocks.
For protect against the DSA in such conditions it is necessary to find the number of
confirmation blocks for which the probability of the attacker’s success will be
negligibly small. After the checkpoint, the probability of implementation of attack will
be zero.
Our computations results are the different values of probabilities for an attack on
the blockchain with checkpoints were obtained in case when the number of timeslots
between checkpoints is limited. There are also blockchains with checkpoints, where
the distance between checkpoints is calculated in a limited number of blocks, duration
of time, number of days. This paper does not consider checkpoints with a fixed number
Lyudmila Kovalchuk, Nataliia Kuchynska, Hanna Nelasa
Double Spend Attack Probability Estimates in the PoS Consensus Protocol with Checkpoint
16
of blocks between checkpoints or waiting for a certain time interval. These partial
cases of modification of the checkpoint mechanism are separate topics for future
research.
The obtained probabilities of an attack on a blockchain system with checkpoints
describe the case of DSA when there are 50, 150, 300 time slots between the
checkpoints, respectively. Comparison to the classic DSA and an attack on a
blockchain system with checkpoints shows that checkpoints allow to reduce the
probability of an attack, and this comparison also allows to check the adequacy of the
obtained results.
Conclusions In this paper, for the first time were obtained explicit formulas for
calculating the probability of DSA for PoS consensus protocol in case of blockchain
with сheckpoints. Also we got a large number of numerical results, which confirmed
the correctness of analytical ones.
The numerical results indicate that the probability of DSA for blockchain with
checkpoints is smaller than for blockchain without them; the smaller distance between
checkpoints, the smaller probability of attack; the larger ratio of malicious participants,
the larger difference between probabilities of attack for blockchain with checkpoints
and for blockchain without them.
So, it can be concluded that for various financial transactions with
cryptocurrencies, it is justified to advise the seller of a product or service to wait for
the number of confirmation blocks that can be built as much as possible between two
checkpoints, but in an amount that does not exceed the number of blocks between two
checkpoints. In this case, an attack on such a network is expected to be impossible in a
practical sense.
References
[1] Sunny King S N 2012 Computer Science, Mathematics URL http://www.peercoin.net/
[2] Gencer A E, Van Renesse R and Sirer E 2017 Short paper: Service-oriented sharding for
blockchains Lecture Notes in Computer Science pp 393–401 ISBN 978-3-319-70971-0
[3] Karpinski M, Kovalchuk L, Kochan R, Oliynykov R, Rodinko M and Wieclaw L 2021 Sensors 21
ISSN 1424-8220 URL https://www.mdpi.com/1424-8220/21/19/6408
Порівняння ефективності Double Spend Attack для блокчейнів з
контрольними точками і без них
Людмила Ковальчук, Наталія Кучинська, Ганна Неласа
Хоча протокол Proof-of-Stake (PoS) широко використовується в блокчейнах, перші чітко
підтверджені результати щодо його стійкості до Атаки Подвійної Витрати (АПВ) були
отримані лише нещодавно. Щоб зменшити ймовірність цієї атаки, деякі блокчейни
використовують додатковий інструмент, який називається контрольними точками. У цій
роботі ми представляємо явні формули для оцінки ймовірності успіху АПВ у випадку
протоколу консенсусу Proof of Stake з контрольними точки та порівнюємо отримані
результати з відповідними для класичної АПВ. Запропоновані формули дозволяють
отримати відповідні числові результати, які ми порівняли з аналогічними числовими
результатами, отриманими раніше для «класичного» протоколу PoS в блокчейні без
контрольних точок. Як і очікувалося, це порівняння показує, що блокчейн з контрольними
точками за однакових умов є більш стійким до такої атаки.
Received 14.03.23
http://www.peercoin.net/
https://www.mdpi.com/1424-8220/21/19/6408
|
| id | oai:ojs2.www.fmmit.lviv.ua:article-267 |
| institution | Physico-mathematical modeling and informational technologies |
| keywords_txt_mv | keywords |
| language | Ukrainian |
| last_indexed | 2026-06-09T01:09:24Z |
| publishDate | 2023 |
| publisher | Інститут прикладних проблем механіки і математики ім. Я. С. Підстригача НАН України |
| record_format | ojs |
| resource_txt_mv | wwwfmmitlvivua/d9/c99c7ab4c5070949c0b69b44cca24ad9.pdf |
| spelling | oai:ojs2.www.fmmit.lviv.ua:article-2672025-02-21T17:32:19Z Comparison of efficiency of Double Spend Attack for blockchains with checkpoints and without them Порівняння ефективності Double Spend Attack для блокчейнів з контрольними точками і без них Kovalchuk, Lyudmila Kuchynska, Nataliia Nelasa, Hanna blockchain; double spend attack, proof of stake, checkpoint Though Proof-of-Stake (PoS) protocol is widely-used in blockchains, but the first strictly proved results about its security against Double Spend Attack (DSA) were recently obtained. To reduce the probability of this attack, some blockchains use some additional instrument, which is called checkpoints. In this paper, we present explicit formulas for the estimates of probability of success of Double Spend Attack in the case of the Proof of Stake protocol consensus with checkpoints and compare obtained results with probability of classic Double Spend Attack. The formulas obtained allow to get corresponding numerical results, which we compared with the analogical numerical results obtained earlier for "classical" PoS protocol in blockchain without checkpoints. As it was expected, this comparison shows that blockchain with checkpoints, under the same conditions, is more secure against such attack. Хоча протокол Proof-of-Stake (PoS) широко використовується в блокчейнах, перші чітко підтверджені результати щодо його стійкості до Атаки Подвійної Витрати (АПВ) були отримані лише нещодавно. Щоб зменшити ймовірність цієї атаки, деякі блокчейни використовують додатковий інструмент, який називається контрольними точками. У цій роботі ми представляємо явні формули для оцінки ймовірності успіху АПВ у випадку протоколу консенсусу Proof of Stake з контрольними точки та порівнюємо отримані результати з відповідними для класичної  АПВ. Запропоновані формули дозволяють отримати відповідні числові результати, які ми порівняли з аналогічними числовими результатами, отриманими раніше для «класичного» протоколу PoS в блокчейні без контрольних точок. Як і очікувалося, це порівняння показує, що блокчейн з контрольними точками за однакових умов є більш стійким до такої атаки. Інститут прикладних проблем механіки і математики ім. Я. С. Підстригача НАН України 2023-06-13 Article Article application/pdf https://www.fmmit.lviv.ua/index.php/fmmit/article/view/267 PHYSICO-MATHEMATICAL MODELLING AND INFORMATIONAL TECHNOLOGIES; No. 36 (2023): ФІЗИКО-МАТЕМАТИЧНЕ МОДЕЛЮВАННЯ ТА ІНФОРМАЦІЙНІ ТЕХНОЛОГІЇ; 12-16 ФІЗИКО-МАТЕМАТИЧНЕ МОДЕЛЮВАННЯ ТА ІНФОРМАЦІЙНІ ТЕХНОЛОГІЇ; № 36 (2023): ФІЗИКО-МАТЕМАТИЧНЕ МОДЕЛЮВАННЯ ТА ІНФОРМАЦІЙНІ ТЕХНОЛОГІЇ; 12-16 2617-5258 1816-1545 10.15407/fmmit2023.36 uk https://www.fmmit.lviv.ua/index.php/fmmit/article/view/267/235 Авторське право (c) 2023 Lyudmila Kovalchuk, Nataliia Kuchynska, Hanna Nelasa (Автор) |
| spellingShingle | blockchain; double spend attack proof of stake checkpoint Kovalchuk, Lyudmila Kuchynska, Nataliia Nelasa, Hanna Порівняння ефективності Double Spend Attack для блокчейнів з контрольними точками і без них |
| title | Порівняння ефективності Double Spend Attack для блокчейнів з контрольними точками і без них |
| title_alt | Comparison of efficiency of Double Spend Attack for blockchains with checkpoints and without them |
| title_full | Порівняння ефективності Double Spend Attack для блокчейнів з контрольними точками і без них |
| title_fullStr | Порівняння ефективності Double Spend Attack для блокчейнів з контрольними точками і без них |
| title_full_unstemmed | Порівняння ефективності Double Spend Attack для блокчейнів з контрольними точками і без них |
| title_short | Порівняння ефективності Double Spend Attack для блокчейнів з контрольними точками і без них |
| title_sort | порівняння ефективності double spend attack для блокчейнів з контрольними точками і без них |
| topic | blockchain; double spend attack proof of stake checkpoint |
| topic_facet | blockchain; double spend attack proof of stake checkpoint |
| url | https://www.fmmit.lviv.ua/index.php/fmmit/article/view/267 |
| work_keys_str_mv | AT kovalchuklyudmila comparisonofefficiencyofdoublespendattackforblockchainswithcheckpointsandwithoutthem AT kuchynskanataliia comparisonofefficiencyofdoublespendattackforblockchainswithcheckpointsandwithoutthem AT nelasahanna comparisonofefficiencyofdoublespendattackforblockchainswithcheckpointsandwithoutthem AT kovalchuklyudmila porívnânnâefektivnostídoublespendattackdlâblokčejnívzkontrolʹnimitočkamiíbeznih AT kuchynskanataliia porívnânnâefektivnostídoublespendattackdlâblokčejnívzkontrolʹnimitočkamiíbeznih AT nelasahanna porívnânnâefektivnostídoublespendattackdlâblokčejnívzkontrolʹnimitočkamiíbeznih |