ETHERLive
ETHERLive delivers real-time price and volume data across 16+ exchanges to users in a clear and easy-to-understand package. Users can get up-to-the-second updates for each exchange/currency pair, as well as aggregated market averages for each exchange, currency, and the market as a whole. It also provides a global converted average of all the currency pairs monitored by ETHNews, converted to USD.

---

24hr ---
--%
Sunday Dec 10th 2017
RESOURCES

The Basics

Learn the basics of Ethereum and various cryptocurrency technologies

Learn More

What is Ethereum?

Understand the underlying principles of the Ethereum Platform

Learn More

The Blockchain

Discover the revolutionizing technology known as the blockchain

Learn More
SUBMIT

Press Release

Submit a press release for consideration on ETHNews

Submit Press

Story / Dapp

Submit a story or DAPP to be considered for publication on ETHNews.

Submit Story

Explanation

Submit "Ethereum Explainer" content for consideration to be featured on ETHNews

Submit Topic
ETHNews Logo
---
--%
Home
News
Etherlive
Ether Price Analysis
Resources
Contact Us

The Balance Attack Against Proof Of Work Blockchains

By

Dan

Cummings

WriterETHNews.com

A group of researchers from the University of Sydney discovered a new vulnerability in the blockchain infrastructure called the "Balance attack." The vulnerability was demonstrated using an Ethereum private chain from R3.

A group of researchers from the University of Sydney published a paper that provides details to a new blockchain vulnerability called the “Balance attack.” The paper uses theoretical and practical analysis to describe the exchange between a network delay and the potential mining power needed by an attacker to successfully execute a double spend. According to the paper:

One can exploit the Balance attack to violate the persistence of the main branch, hence rewriting previously committed transactions, and allowing the attacker to double spend.”

The paper uses statistical data quantified and derived from the R3 consortium to prove that a single miner only needs 20 minutes to successfully execute the attack. The authors then demonstrated the attack across an Ethereum private chain alongside a distributed system with similar settings as the R3 consortium.

Balance Attack

The Balance attack disrupts the blockchain’s main branch by delaying communication between node clusters that retain balanced mining power. Only five percent of mining power is needed to perform the attack. The whitepaper describes mining power as the number of hashes the miner can test per second. Once the proper mining power is recovered, an attacker would broadcast his or her transactions to two different subgroups of nodes, the “Transaction subgroup” and the “Block subgroup.” This action is performed until the Block subgroup offsets the tree created by the Transaction subgroup and subsequently contributes to a double transaction.

The attack is made possible by exploiting the logic of the GHOST (Greedy Heaviest-Observed Sub-Tree) protocol, a procedure that maintains accountability of all stale blocks (e.g., uncle and/or sibling blocks). The GHOST protocol allows for the mining of a blockchain branch in isolation from the rest of the nodes on the network. This allows for two blocks to be simultaneously discovered at the same time before finally altering the process. Although the GHOST protocol is specific to Ethereum, Christopher Natoli and Vincent Gramoli demonstrate that all proof-of-work (PoW) cryptocurrency protocols (e.g., Bitcoin) are susceptible to the Balance attack by presenting a model for PoW blockchains, which outlines the algorithmic differences between the Nakamoto and GHOST procedures.  

Thinking Ahead

Ever since the June 2016 DAO hack, blockchain industry experts have become more security conscious. The attack left the DAO’s decentralized investment fund short around $50 million and dropped the price of Ether significantly. Since then, the Ethereum community has patched the wound and moved forward by improving the ecosystem. The discovery of the Balance attack vulnerability, however, shows that there is still room for improvement to securing the blockchain infrastructure for Ethereum and other blockchain-based platforms. Given that governments and financial organizations are unlikely to adopt a potentially vulnerable system, a resolution to this problem is a top priority for the blockchain community.

Dan Cummings

Dan is a Los Angeles-based musician, writer, and veteran passionate about science and technology, current events, human rights, economic impacts, and strategic calculus.

ETHNews is commited to its Editorial Policy

Like what you read? Follow us on Twitter @ETHNews_ to receive the latest Balance attack, proof of work or other Ethereum technology news.