The news of Ethereum Classic (ETC) getting 51% attacked spread like a wildfire just recently. Following this hack, questions began to raise regarding the security levels of various Proof-of-Work (PoW) employing chains. Is there a major flaw floating around in the PoW framework? Is there a workaround that can minimize the damage caused by such attacks? Komodo (KMD) seems to have employed a solution that might help in case of a 51% attack, the Delayed Proof-of-Work (dPoW).
In order to get to know how dPoW improves upon PoW in terms of fighting 51% attacked, BlockPublisher got in touch with the James Lee, the founder and core developer of Komodo. Talking about how dPoW prevents the Komodo ecosystem from 51% attacks, he said:
James: “dPoW changes the consensus rules so that blocks that are notarized cannot be overwritten. Additionally, we change the “confirmations” to return 1, until it is notarized. So exchanges that wait for 2 or more confirmations, are waiting for notarization and once notarized it can’t be undone.”
Talking about the chain getting hacked and blocks becoming unalterable, he said:
James: “Actually it seems the chain is very hard to hack. Only the blocks that are not notarized yet are at risk and if you wait for more than 1 confirmation to be reported, then you know it is safe. This is cross written to the BTC chain so there is a secure external reference. It is really a rather simple change as it only needs one change to the consensus rule.”
Komodo also keeps a backup in the bitcoin chain so essentially, BTC level security is inherited in the ecosystem. Also, all the non-test chains in the Komodo ecosystem use dPoW at their core.
Talking about who does the notarization, he said:
James: “All nodes in the network validate all the proposed notarizations, that makes it decentralized. There are 64 special nodes that are elected each year that wait to get consensus between themselves as to what the blockhash was at a certain height. They then broadcast this tx and all the nodes in the network check to see if it matches what they already have. If so, it becomes the notarized height. If not, it is ignored. So the notarization only acts as reinforcing what is already there. It can’t change the block, it certainly doesn’t make the block, it just broadcasts what the notary nodes came to consensus on by acting as normal nodes.”
This essentially means that two layers of confirmations are required in the network. Once both the layers are crossed, the blocks become sealed permanently.
James: “The normal consensus is done, normally. and whatever that consensus says the blockhash was for 10 blocks ago, that gets notarized if the notaries agree on it. So, if there is no notarization, that is actually a signal that something might be going on with the network. This external source of data allows to gain the security. And to minimize the impact on the consensus mechanism and to reduce the power of the notaries, all a notarization does is act as a permanent confirm to a node, but only if it is already there. So basically a node is 10 blocks deep and a notarization comes in that agrees with it. At that point the node will reject any attempt to change that block. It is important that there is a delay. That delay allows the network to reach normal consensus.”
Talking about how the PoW employing chains are prone to 51% attacks, he said:
James: “Most pure PoW chains that don’t any other protections are basically totally vulnerable, the only exeptions are the chains that have the most hashrate for a specific algo AND there isn’t a majority of that hashrate available via nicehash.
PoW works great if you have the massive hashrate, like bitcoin. You just know that there just isn’t enough hashrate in the world to conduct a successful attack. But if you look at nicehash and the available hashrate across all the different algorithms, you can quickly see how many coins are vulnerable. even many of the top coins as the cost of conducting attack compared against the daily liquidity, it is often a very big ratio.”
In the end, he said:
As you can see it is far far from any centralized system, but it seems there are people out there spewing fud about dPoW being centralized, so they prefer to just allow any random hacker on the internet 51% double spend their chain.