# Blockchain Technologies: Probability of Double-Spend Attack on a Proof-of-Stake Consensus

^{1}

^{2}

^{3}

^{4}

^{*}

## Abstract

**:**

## 1. Introduction

- (1)
- For a given number of confirmation blocks, calculate the probability that his transaction is irreversible; or
- (2)
- Set some desirable level of probability (say, 0.999) and calculate the minimal number of confirmation blocks he should wait to be sure that his transaction is irreversible.

## 2. Related Work

- −
- Miners must be on-line and continuously solve PoW puzzles;
- −
- Huge energy consumption to generate a block with an acceptable security level;
- −
- Occasional forks where parts of work made by honest miners are lost.

- -
- Ouroboros (Classic) [13]—the first provable secure PoS consensus protocol;
- -
- Ouroboros Praos [14]—security against fully-adaptive corruption in the semi-synchronous model;
- -
- Ouroboros Genesis [15]—security with a dynamic participation model;
- -
- Ouroboros Chronos [16]—a provable secure PoS consensus protocol that is independent of global time.

^{−3}).

## 3. Materials and Methods

#### 3.1. Strategy 1: Description of Attack and Estimation of Probability of Its Success

- -
- ${S}_{n}^{+},n=0,1,\dots $ is equal to the number of timeslots that the honest slot leader has on the interval between the slot with the number 0 and the slot with the number n;
- -
- ${S}_{n}^{-},n=0,1,\dots $ is the analogical value for the number of the adversary’s slots;
- -
- ${S}_{n},n=0,1,\dots $ is equal to ${S}_{n}^{+}-{S}_{n}^{-}$; i.e., the difference between “honest” and “malicious” slots.

**Lemma**

**1.**

**Definition**

**1.**

**Lemma**

**2.**

**Corollary**

**1.**

**Theorem**

**1.**

**Proof**

**of Theorem 1.**

#### 3.2. Strategy 2: Description of Attack and Estimation of Probability of Its Success

**Theorem**

**2.**

**Proof of Theorem**

**2.**

## 4. Results and Discussion

## 5. Conclusions

- To consider an asynchronous model, where the adversary can delay the message delivery for honest slot leaders for some significant period of time, for example, equal to several timeslots, and analyze the probability of a double-spend attack in a such model.
- To obtain similar results in a case when the adversary has only a limited period of time to implement his attack. Such models occur when, for example, the blockchain has checkpoints, and the adversary can create a fork only in the period before the next checkpoint.

## Author Contributions

## Funding

## Institutional Review Board Statement

## Informed Consent Statement

## Data Availability Statement

## Conflicts of Interest

## References

- Hellani, H.; Sliman, L.; Samhat, A.E.; Exposito, E. Computing resource allocation scheme for DAG-based IOTA nodes. Sensors
**2021**, 21, 4703. [Google Scholar] [CrossRef] [PubMed] - Garay, J.; Kiayias, A.; Leonardos, N. The bitcoin backbone protocol: Analysis and applications. In Advances in Cryptology—EUROCRYPT 2015; Oswald, E., Fischlin, M., Eds.; Springer: Heidelberg, Germany, 2015; pp. 281–310. [Google Scholar]
- Nakamoto, S. Bitcoin: A Peer-to-Peer Electronic Cash System. Available online: https://bitcoin.org/bitcoin.pdf (accessed on 18 July 2021).
- Saleh, F. Blockchain without waste: Proof-of-Stake. In The Review of Financial Studies; Jiang, W., Ed.; Oxford University Press: Oxford, UK, 2021; Volume 34, pp. 1156–1190. [Google Scholar] [CrossRef]
- Number Of Orphaned Blocks. Available online: https://www.blockchain.com/charts/n-orphaned-blocks (accessed on 19 July 2021).
- Rosenfeld, M. Analysis of Hashrate-Based Double Spending; Cornell University: Ithaca, NY, USA, 2014; Available online: https://arxiv.org/abs/1402.2009 (accessed on 19 July 2021).
- Pinzón, C.; Rocha, C. Double-Spend attack models with time advantange for bitcoin. Electron. Notes Theor. Comput. Sci.
**2016**, 329, 79–103. [Google Scholar] [CrossRef] - Grunspan, C.; Pérez-Marco, R. Double spend races. Int. J. Theor. Appl. Financ.
**2018**, 21. [Google Scholar] [CrossRef] - Kovalchuk, L.; Kaidalov, D.; Nastenko, A.; Rodinko, M.; Shevtsov, O.; Oliynykov, R. Decreasing security threshold against double spend attack in networks with slow synchronization. Comput. Commun.
**2020**, 154, 75–81. [Google Scholar] [CrossRef] - Proof of Stake Instead of Proof of Work. Available online: https://bitcointalk.org/index.php?topic=27787 (accessed on 19 July 2021).
- Monrat, A.A.; Schelén, O.; Andersson, K. Survey of blockchain from the perspectives of applications, challenges and opportunities. IEEE Access
**2019**, 7, 117134–117151. [Google Scholar] [CrossRef] - King, S.; Nadal, S.; PPCoin: Peer-to-Peer Crypto-Currency with Proof-of-Stake. Self-Published Paper, 19 August 2012. Available online: https://decred.org/research/king2012.pdf (accessed on 19 July 2021).
- Kiayias, A.; Russell, A.; David, B.; Oliynykov, R. Ouroboros: A Provably Secure Proof-of-Stake Blockchain Protocol. In LNCS Advances in Cryptology, Proceedings of the CRYPTO 2017: 37th Annual International Cryptology Conference, Santa Barbara, CA, USA, 20–24 August 2017, Part I; Katz, J., Shacham, S., Eds.; Springer: Cham, Switzerland, 2017; pp. 357–388. [Google Scholar]
- David, B.; Gazi, P.; Kiayias, A.; Russell, A. Ouroboros Praos: An Adaptively-Secure, Semi-Synchronous Proof-of-Stake Protocol. Cryptology ePrint Archive: Report 2017/573. 2017, p. 37. Available online: https://eprint.iacr.org/2017/573 (accessed on 19 July 2021).
- Badertscher, C.; Gazi, P.; Kiayias, A.; Russell, A.; Zikas, V. Ouroboros Genesis: Composable Proof-of-Stake Blockchains with Dynamic Availability. Cryptology ePrint Archive: Report 2018/378. 2018, p. 66. Available online: https://eprint.iacr.org/2018/378 (accessed on 19 July 2021).
- Badertscher, C.; Gazi, P.; Kiayias, A.; Russell, A.; Zikas, V. Ouroboros Chronos: Permissionless Clock Synchronization via Proof-of-Stake. Cryptology ePrint Archive: Report 2019/838. 2019, p. 67. Available online: https://eprint.iacr.org/2019/838 (accessed on 19 July 2021).
- Wang, W.; Li, Z.; Li, H. Hybrid consensus algorithm based on modified proof-of-probability and DPoS. Future Internet
**2020**, 12, 122. [Google Scholar] [CrossRef] - Gilad, Y.; Hemo, R.; Micali, S.; Vlachos, G.; Zeldovich, N. (MIT Computer Science and Artificial Intelligence Laboratory (MIT SCAIL), Cambridge, MA, USA). Algorand: Scaling Byzantine Agreements for Cryptocurrencies. Cryptology ePrint Archive: Report 2017/454. 2017. 24p. Available online: https://eprint.iacr.org/2017/454 (accessed on 19 July 2021).
- Daian, P.; Pass, R.; Shi, E. (Cornell University, Cornell Tech, Ithaca, NY, USA). Snow White: Robustly Reconfigurable Consensus and Applications to Provably Secure Proof of Stake. Cryptology ePrint Archive: Report 2016/919. 2016, p. 65. Available online: https://eprint.iacr.org/2016/919 (accessed on 19 July 2021).
- Longo, R.; Podda, A.S.; Saia, R. Analysis of a consensus protocol for extending consistent subchains on the bitcoin blockchain. Computation
**2020**, 8, 67. [Google Scholar] [CrossRef] - Gaži, P.; Kiayias, A.; Zindros, D. Proof-of-Stake sidechains. In Proceedings of the 2019 IEEE Symposium on Security and Privacy (SP), San Francisco, CA, USA, 19–23 May 2019; pp. 139–156. [Google Scholar] [CrossRef] [Green Version]
- Li, W.; Andreina, S.; Bohli, J.-M.; Karame, G. Securing Proof-of-Stake Blockchain Protocols. In Data Privacy Management, Cryptocurrencies and Blockchain Technology; DPM 2017, CBT 2017; Lecture Notes in Computer Science; Garcia-Alfaro, J., Navarro-Arribas, G., Hartenstein, H., Herrera-Joancomartí, J., Eds.; Springer: Cham, Switzerland, 2017; Volume 10436, pp. 297–315. [Google Scholar] [CrossRef]
- Pradhan, N.R.; Singh, A.P. Smart Contracts for Automated Control System in Blockchain Based Smart Cities. J. Ambient. Intell. Smart Environ.
**2021**, 13, 253–267. [Google Scholar] [CrossRef] - Raj, A.; Maji, K.; Shetty, S.D. Ethereum for Internet of Things security. Multimed. Tools Appl.
**2021**, 80, 18901–18915. [Google Scholar] [CrossRef] - Feller, W. An Introduction to Probability Theory and its Applications; Wiley: New York, NY, USA, 1970. [Google Scholar]
- Paris, R.B. Chapter 8 Incomplete Gamma and Related Functions. Digital Library of Mathematical Functions. Available online: https://dlmf.nist.gov/8 (accessed on 19 July 2021).
- Kovalchuk, L.; Rodinko, M.; Oliynykov, R.; Kaidalov, D.; Nastenko, A. Probability of double spend attack for network with non-zero synchronization time. In Proceedings of the 21st Central European Conference on Cryptology (CECC ’2021), Debrecen, Hungary, 23–25 June 2021. [Google Scholar]

**Figure 1.**The logarithms of a double-spend attack probability for a different adversary ratio of $q$.

$\frac{\mathit{q}}{\mathit{z}}$ | 0.10 | 0.15 | 0.20 | 0.25 | 0.30 | 0.35 | 0.40 | 0.45 |
---|---|---|---|---|---|---|---|---|

5 | 0.00178184 | 0.0112573262 | 0.03916288 | 0.0978546142 | 0.19761732 | 0.343438571 | 0.53313536 | 0.7571581092 |

10 | 7.85976466 × 10^{−6} | 0.000288 | 0.0031582412 | 0.0178065586 | 0.0651067138 | 0.1749472008 | 0.372184042 | 0.657928176 |

15 | 3.9252264 × 10^{−8} | 0.00000822 | 0.000284 | 0.0035685234 | 0.023307658 | 0.095273444 | 0.2724259 | 0.58606496 |

20 | 2.0678238 × 10^{−10} | 0.000000248 | 0.0000268 | 0.000748 | 0.008673864 | 0.053573446 | 0.20411726 | 0.52863006 |

25 | 1.1224685 × 10^{−12} | 7.7 × 10^{−9} | 0.00000258 | 0.0001606 | 0.0033027272 | 0.030712034 | 0.155151124 | 0.48059132 |

30 | 6.2112992 × 10^{−15} | 2.44 × 10^{−10} | 0.000000256 | 0.000035 | 0.001276 | 0.0178373424 | 0.119104008 | 0.439334368 |

35 | 3.4834258 × 10^{−17} | 7.8 × 10^{−12} | 2.54 × 10^{−8} | 0.00000776 | 0.0005 | 0.010458206 | 0.092100486 | 0.40328124 |

40 | 1.9729538 × 10^{−19} | 2.52 × 10^{−13} | 2.56 × 10^{−9} | 0.00000173 | 0.0001966 | 0.006176008 | 0.07162062 | 0.37138602 |

45 | 1.1259474 × 10^{−21} | 8.22 × 10^{−15} | 2.6 × 10^{−10} | 0.000000388 | 0.000078 | 0.0036679232 | 0.055944968 | 0.34290956 |

50 | 6.4643644 × 10^{−24} | 2.7 × 10^{−16} | 2.66 × 10^{−11} | 8.76 × 10^{−8} | 0.000031 | 0.0021883948 | 0.0438608842 | 0.317304398 |

55 | 3.7294886 × 10^{−26} | 8.86 × 10^{−18} | 2.72 × 10^{−12} | 1.99 × 10^{−8} | 0.00001244 | 0.00131 | 0.03449248 | 0.29415038 |

60 | 2.1603519 × 10^{−28} | 2.94 × 10^{−19} | 2.8 × 10^{−13} | 4.52 × 10^{−9} | 0.000005 | 0.000788 | 0.027195754 | 0.27311594 |

65 | 1.2556658 × 10^{−30} | 9.72 × 10^{−21} | 2.9 × 10^{−14} | 0.000000001 | 0.00000202 | 0.000474 | 0.021490666 | 0.2539335 |

70 | 7.319504 × 10^{−33} | 3.24 × 10^{−22} | 3 × 10^{−15} | 2.36 × 10^{−10} | 0.000000814 | 0.000286 | 0.017015502 | 0.23638314 |

75 | 4.277356 × 10^{−35} | 1.078 × 10^{−23} | 3.12 × 10^{−16} | 5.44 × 10^{−11} | 0.00000033 | 0.0001734 | 0.013495322 | 0.22028128 |

80 | 2.5050494 × 10^{−37} | 3.6 × 10^{−25} | 3.24 × 10^{−17} | 1.252 × 10^{−11} | 1.338 × 10^{−7} | 0.000105 | 0.010719656 | 0.20547284 |

85 | 1.4699092 × 10^{−39} | 1.208 × 10^{−26} | 3.38 × 10^{−18} | 2.88 × 10^{−12} | 5.44 × 10^{−8} | 0.0000638 | 0.008526426 | 0.1918252 |

90 | 8.639796 × 10^{−42} | 4.06 × 10^{−28} | 3.52 × 10^{−19} | 6.66 × 10^{−13} | 2.22 × 10^{−8} | 0.0000388 | 0.006790194 | 0.17922406 |

95 | 5.085998 × 10^{−44} | 1.36 × 10^{−29} | 3.68 × 10^{−20} | 1.54 × 10^{−13} | 0.000000009 | 0.0000236 | 0.005413464 | 0.16756998 |

100 | 2.9980656 × 10^{−46} | 4.58 × 10^{−31} | 3.86 × 10^{−21} | 3.56 × 10^{−14} | 3.68 × 10^{−9} | 0.0000144 | 0.0043201898 | 0.156775866 |

$\mathit{q}$ | 0.10 | 0.15 | 0.20 | 0.25 | 0.30 | 0.35 | 0.40 | 0.45 |
---|---|---|---|---|---|---|---|---|

$P\left(A\left(z\right)\right)<{10}^{-3}$ | 7.85976466 × 10^{−6} | 0.000288 | 0.000284 | 0.000748 | 0.0033027 | 0.000788 | 0.00047 | 0.00099 |

$z$ | 10 | 10 | 15 | 20 | 25 | 60 | 150 | 540 |

Publisher’s Note: MDPI stays neutral with regard to jurisdictional claims in published maps and institutional affiliations. |

© 2021 by the authors. Licensee MDPI, Basel, Switzerland. This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution (CC BY) license (https://creativecommons.org/licenses/by/4.0/).

## Share and Cite

**MDPI and ACS Style**

Karpinski, M.; Kovalchuk, L.; Kochan, R.; Oliynykov, R.; Rodinko, M.; Wieclaw, L.
Blockchain Technologies: Probability of Double-Spend Attack on a Proof-of-Stake Consensus. *Sensors* **2021**, *21*, 6408.
https://doi.org/10.3390/s21196408

**AMA Style**

Karpinski M, Kovalchuk L, Kochan R, Oliynykov R, Rodinko M, Wieclaw L.
Blockchain Technologies: Probability of Double-Spend Attack on a Proof-of-Stake Consensus. *Sensors*. 2021; 21(19):6408.
https://doi.org/10.3390/s21196408

**Chicago/Turabian Style**

Karpinski, Mikolaj, Lyudmila Kovalchuk, Roman Kochan, Roman Oliynykov, Mariia Rodinko, and Lukasz Wieclaw.
2021. "Blockchain Technologies: Probability of Double-Spend Attack on a Proof-of-Stake Consensus" *Sensors* 21, no. 19: 6408.
https://doi.org/10.3390/s21196408