One thing we’ve come across in discussions about longer-term solutions to the 51% attack problem is the DPoW approach - “Distributed Proof of Work.” I believe the idea was pioneered by the Komodo team - I know they’ve suggested it directly to us.
Their model is here: https://wiki.komodoplatform.com/wiki/Delayed_Proof_of_Work_(dPoW)
Initially, I found the idea of selected “Notary Nodes” signing block hashes for recording to feel a bit opposed to Bitcoin ideals - no authorities, fully decentralized. We don’t currently have a method for elections among stakeholders, nor do we direct any mining revenue to pay nodes or supernodes, as some other coins do.
But the idea of having valid block hashes recorded in another chain has a lot of security merit. I’ve been mulling over a simplified version of this, and would like to hear thoughts from others, especially devs.
A basic “record and reference” approach has value for defense:
Assume there are some BTG nodes which write “witnessed” blocks to another chain (such as LiteCoin). All nodes can monitor the LTC chain to confirm that recent blocks are there for reference; these can be given additional weight when calculating blockheight in the event that there are suddenly two competing chains of length > 2.
Because the blocks recorded in the LTC chain get extra weight, an attacking (private-mined) chain can’t easily orphan the honest blocks… and if the attacking chain wants to record their blocks into the LTC chain to get the “weighting,” then their activity is visible. When this happens, everyone can be aware that there is a chain split in play, and exchanges can halt deposits.
This means that an attacker may still be able to cause a reversion if they choose to spend a lot of money on private mining, but they can never do this in secret.
This visibility of a chain split in progress, even if the attacker has not yet broadcast their private blocks to the public network, has great alert value.
How to finance NotaryNodes?
Proposal: simply allow any node to act as a notary node, voluntarily! We would do this with the Bitcoin Gold Organization’s own nodes, as well. The notary node voluntarily absorbs the cost of paying for an LTC transaction to simply record the last seen BTG blockhash, assuming it hasn’t already been seen in the LTC chain.
This is a very small cost which we can easily cover… but other large players may also choose to fund their node with LTC to pay the notary cost - like an Exchange or a Pool. They all want the protection, and the net cost is very low. And if someone else has already put the hash into the LTC chain, others don’t need to pay the cost.
Using the LTC chains is a good one to consider for a couple of reasons:
- transaction cost is very low
- LTC blocks generally happen 4x as quickly as BTG blocks, for prompt recording
- LTC is mined on very different algo/hardware from BTG
Potential problems:
- need to ensure that the recording is easily spotted, so that we can always notice if a private miner is registering blocks!
- need to give BTG nodes easy ability to monitor the LTC chain without causing excessive impact
- need to consider how to defend against a spam attack or other attack vectors using LTC to try to over-weight an attack chain
What other complications am I missing?