|
Post by striio on Mar 3, 2023 8:47:41 GMT 1
Another issue in the protocols of Deuber et al. and Thyagarajan et al., is that by instantiating those protocols for Bitcoin, even if the adversary does not have half of the global hash power, it can still control the voting procedure. According to Garay et al. [14], an adversary controlling a fraction t of the hash power can control up to a fraction t1−t of the blocks in the chain. Thyagarajan et al. (see [10, Appendix E]) and Deuber et al. (see [9, Sec. 5.2]) concretely suggest to consider a redaction in Bitcoin accepted if it received more than 50% (i.e., 12+δ , for any δ>0 ) of the votes in the 1024 blocks after the redaction proposal. We call “voting threshold” the threshold of votes needed for a redaction to be accepted in the protocol. Due to Garay et al.’s analysis, we observe that a voting threshold parameter of 12+δ is too optimistic since it can allow an attacker owning 1+2δ3+2δ of the hash power to control the voting procedure (and thus the ability of redacting the blockchain). Indeed, if the adversary controls 1+2δ3+2δ of the hash power, then the adversary can control t1−t=(1+2δ)/(3+2δ)1−(1+2δ)/(3+2δ)=1+2δ2=12+δ of the blocks in the chain, thus obtaining the majority of the votes.
|
|