Raising the Security Bar? Dash Claims a 51% Attack Is Not Enough



Dash recently claimed it had been the world’s safest cryptocurrency for a year due to its innovative technology called ChainLocks that allegedly makes a 51% attack nearly impossible. Fully implemented in early July 2019, ChainLocks has not yet seen any protocol capable of matching it — according to the Dash Core team. 

Well-known Bitcoin (BTC) educator Andreas Antonopoulos recently suggested that with the Bitcoin blockchain, a 10-minute 51% attack would cost around $1 billion — something that sounds unrealistic to achieve. But what makes Dash’s ChainLocks blockchain supposedly more secure, and what is the importance of this technology for the industry as a whole?

51% attack: A lurking danger?

A 51% mining attack is possible when a miner, or group of malicious miners, has more hashing power at its disposal than the combined hashing power of all other miners on the network. Ultimately, it gains leverage to steal coins, cancel transactions and disrupt the operability of the network.

Experts from Cornell University believe that if the conventional assumptions underlying the proof-of-work consensus algorithm are valid, then 51% mining attacks are not a problem for blockchains such as Bitcoin. It is more beneficial to be honest rather than engage in malicious behavior. Another assumption is that most of the hashing power comes from rational participants. However, there are situations when these assumptions can be invalid. If, for example, the development of new ASIC mining devices remained secret or members of mining pools colluded to make additional profit, the distribution of hashing power could shift, making an attack beneficial for individuals or at least cutting losses to an acceptable level.

Large networks, such as the Bitcoin platform, are the least exposed to a 51% attack, as the cost of acquiring more than half of the computing power outweighs the potential profit. However, smaller projects such as Ethereum Classic (ETC) or Bitcoin Cash (BCH) could be attacked more easily. For example, Bitcoin Cash is not dominated by a particular hashing algorithm to resist a 51% attack. 

Despite the fact that Bitcoin Cash uses the SHA256D algorithm, which is also used by Bitcoin, its hashing power is less than 5% of that of Bitcoin. This leads to distrust in the PoW algorithm, as demonstrated by the 2019 hash wars seen in the Bitcoin Cash community.

Bitcoin has an attack cost too

On the other hand, while larger networks are less vulnerable to the risk of being hacked, even Bitcoin has an attack cost — although it is so high that such manipulation becomes unprofitable. According to data from analytics firm Messari, the cost of a successful 51% attack on the Bitcoin blockchain in January would have been more than $21 million per day. As of publication, data shows that the cost of a one-hour attack has decreased to roughly $468,995 per hour, or $11.3 million per day.

Even assuming that an attacker has the required amount of money, it’s not so easy to attack the Bitcoin network. First of all, an attacker will need to purchase or accumulate a colossal amount of mining equipment. Buying new equipment is challenging, as producers’ capacities and equipment are booked for months or even years in advance. So, an attacker would need to quietly set up its own production and outstrip the Chinese producers. The largest existing ASIC miner manufacturers are unlikely to be involved in attempting such an attack since it would completely destroy their business model of selling the mining machines.

Additionally, given that the goal of the Bitcoin network is to be decentralized in which the share of each individual miner is small, it would be extremely difficult to combine capacities, as that would require significant time and monetary expenses.

ChainLocks in a nutshell

Dash’s ChainLocks claims to add a new layer of security that other blockchains have never had. The main idea is to minimize the risks of the centralization of the Dash network if its blockchain comes under the control of a large number of the miners.

The common theory is that if miners take over a network, it will be noticed, as block production will grow. However, attackers can do so privately and instead of producing blocks one by one, produce their own secret chain. Hence, the network will first assume that everything is working as usual — then suddenly undergo a reorganization.

ChainLocks checks how fast blocks are being mined. Previously, this validation process could take up to one hour, but with the introduction of a new feature called Long-Living Masternode Quorums, or LLMQs, it can take just a few seconds. LLMQs use masternodes to lock new blocks and protect the network against a split or double-spending, making the validated transactions irreversible. The value of ChainLocks lies in the fact that it’s no longer necessary to wait for six or more confirmations for the transaction to be confirmed.

Related: Bitcoin Double Spends an Inevitable Network Feature Legitimate or Not

A 60% attack

Fernando Gutierrez, chief marketing officer of Dash Core Group, noted that while Bitcoin and other blockchains rely on implemented checkpoints at preset intervals, ChainLocks adds a second security layer, telling Cointelegraph:

“Bitcoin is extremely secure in terms of the computing power needed to perform a 51% mining attack. Dash has a much lower threshold at the mining layer, but it obtains arguably higher security by adding a second layer to the security model. Dash’s second and additional layer, ChainLocks, would require the attacker to own more than 20% of the coins in circulation, which makes the attack economically unfeasible.”

According to Dash’s director of public outreach, Joël Valenzuela, Dash’s automatic transactions are “more secure in 1.3 seconds than a Bitcoin transaction after hours (if not days) of confirmations on the blockchain.” Analyzing Dash’s blockchain security on his YouTube channel, Andreas Antonopoulos called ChainLocks “a novel and interesting way” to secure the network by combining PoW and proof-of-stake.

There are two requirements for double-spending to be able to happen on Dash. First, a malicious participant must gain control of at least 51% of the network hash rate. Second, it would also need to overcome the 60% majority of the masternode network that is required to create quorums and, subsequently, prevent ChainLocks from forming. 

Speaking of the possible cost of an attack on the Dash blockchain, Mark Mason, trust protector for the Dash DAO Irrevocable Trust, told Cointelegraph: “In order to disrupt quorum creation and ChainLocks formation, an attacker would need to control more than 40% of the masternode network.” Given that there are currently 5,059 total and 4,912 enabled masternodes on the Dash network each holding 1,000 Dash as per the required amount, 40% of the current enabled masternode network is 1,964,800 Dash or $157.8 million at the time of publication. 

There is also a cost involved in hosting and running masternodes that would need to be factored in. But due to Dash’s scarcity, with 52.59% of Dash’s current circulating coin supply allocated to the masternode network, there is not enough available supply and liquidity on exchanges to acquire the amount required to perform an attack. Finally, an upward buying pressure will likely render an attack unfeasible in economic terms. Hence, Antonopolous proposed the new term “60% attack,” saying that a 51% attack on Dash is “not feasible”:

“In fact, if you want to do a 51% attack, you actually have to do a 60% attack where you either compromise the code running on the masternodes or you put enough stake, which probably wouldn’t be possible, to run 60% of the masternodes yourself.”

No one has a ChainLocks alternative?

One of the essential conditions for the successful operation of ChainLocks is the presence of semitrusted nodes that protect the network from a Sybil attack — a type of attack that results in the network connecting only to the nodes controlled by the attacker. A currency that does not have such a class of nodes will not be able to safely implement a secure protocol such as ChainLocks. 

For example, with Bitcoin, anyone relying on the votes of individual nodes can be tricked by launching thousands of malicious nodes. A solution would require establishing explicit trust in some selected groups of nodes, but this would mean centralization. With Dash, the masternode network is protected from Sybil attacks by a requirement to demonstrate collateral of 1,000 Dash per masternode, which makes it economically impractical to carry out such an attack.

The lack of similar solutions in the blockchain security market and the increasing frequency of hash wars may make ChainLocks an appealing technology for platforms with a low level of protection against attacks. In June, blockchain project Zcoin announced its plans to integrate the ChainLocks protocol to increase the network’s resistance to a 51% attack.

Evaluating ChainLocks

The ChainLocks protocol has received positive reviews from some blockchain programmers and mathematicians. Darren Tapp, assistant research professor at the Arizona State University’s School of Computing, Informatics and Decision Systems Engineering, conducted a security analysis of the protocol, confirming that it does provide resistance to a 51% attack.

While the numbers provided by Dash help bolster its claims that it is a secure blockchain network, the risk of a 51% attack still remains, although it is less likely in comparison with other blockchains. Ariel Zetlin-Jones, associate professor of economics at Carnegie Mellon University’s Tepper School of Business, told Cointelegraph that the 60% argument could be flawed:

“This logic ignores a key consideration which is what an attacker would gain by executing a 51% (or 60%) attack. $20 million sounds like a lot of money, but with Bitcoin’s market cap currently over $110 billion, one could easily envision a user (or group of users) who could stand to gain more than $20 million by implementing the attack. The same logic applies to Dash’s ChainLock solution.”



Previous ArticleNext Article

Leave a Reply

Your email address will not be published. Required fields are marked *