Political Science

Security Against 51% Attacks is Guaranteed by First Reputation-Based Blockchain

Security Against 51% Attacks is Guaranteed by First Reputation-Based Blockchain

The first blockchain system to ensure adequate performance even when more than 51% of the system’s computing power is controlled by an attacker has been proposed by researchers at the University of Luxembourg as part of an international team.

By introducing the idea of “reputation” to the blockchain, the RepuCoin technology effectively makes Bitcoin thousands of times more expensive to hack. It was created by the university’s Interdisciplinary Centre for Security, Reliability, and Trust and could be used in a variety of international industries, including finance, energy, food supply chains, health care, and upcoming 5G telecommunications networks.

As the name suggests, a blockchain is a collection of digital blocks that list transactions. All of the blocks before and following a given block are related. This makes it difficult to alter a single record since, in order to evade detection, a hacker would have to alter both the block that contains the record and those linked to it.

One of the key benefits of blockchain-based systems, like Bitcoin, is that updates to data are democratically approved by the entire network and are visible to everyone on it. Users are not required to entrust a single central authority with their money and confidence.

To do this, however, current systems treat a miner’s computational capacity for mining new blocks as equal to their voting power for choosing which blocks of transactions to add to the ledger.

It’s an elegant solution to a problem that many thought was insoluble. Existing systems always linked computational power to voting power. We separated them, and now someone could join RepuCoin with 99% of the total computing power and they still wouldn’t be able to attack it.

Prof. Paulo Esteves-Veríssimo

This is an inherent flaw because the system basically stops being decentralized the moment one miner has over 50% of the processing power and the voting power.

This miner had the power to reject blocks put forth by rival miners, stop certain transactions from being included in blocks, and even replace blocks that had already been recorded in the ledger. RepuCoin uses a miner’s “reputation” to determine voting power as a solution to this problem.

In contrast to social reputation, this is a strictly mathematical property that develops over time by consistent, ethical mining, much like a battery must be charged before it can be utilized. RepuCoin becomes the first system of its kind to be resilient against miners controlling at least 51% of the network’s computer resources.

The data is organized into blocks in the majority of blockchains or distributed ledger technologies (DLT), and each block contains a transaction or collection of transactions. In a cryptographic chain, each new block is connected to all the blocks that came before it in a way that makes tampering with it nearly impossible.

A consensus mechanism verifies and accepts each transaction contained within the blocks, ensuring that each transaction is accurate and true. Lead researcher Dr. Jiangshan Yu previously at the University’s Interdisciplinary Centre for Security, Reliability and Trust and now a Lecturer at Monash University, Australia, says:

“We have already seen mining pools such as Ghash.io surpass the 50% threshold on Bitcoin. Just as worryingly, it’s now possible for hackers to rent this kind of computational power in a matter of seconds, allowing them to conduct flash attacks. RepuCoin is the only type of blockchain currently on the market that can withstand such attacks.”

Once the system has been operating for a year, attacking RepuCoin with 68 percent of its entire mining power will take at least six months and cost at least 5760 times as much as doing the same thing to Bitcoin.

Additionally, the longer RepuCoin operates, the more resistant it is to attacks due to the way reputation builds up. For instance, if the system has only been running securely for three months, an attacker would need to control 90% of the total processing power for another month in order to act maliciously.

Co-author Prof. Paulo Esteves-Veríssimo, who leads SnT’s work in critical and extreme security and dependability, says:

“It’s an elegant solution to a problem that many thought was insoluble. Existing systems always linked computational power to voting power. We separated them, and now someone could join RepuCoin with 99% of the total computing power and they still wouldn’t be able to attack it.”