The Cardano Minimum Attack Vector (And why you should care)

The story of Cryptocurrencies is one of decentralization, we all know and praise decentralization as the ultimate force coming to change the fabric of society forever.

But what is decentralization? Why is it important ? And how do we measure it ?

Decentralization is the notion that power and control of a system can be distributed over a set of participants, in such a way that no one single entity can assume control of the system.

This brings a lot of very interesting properties that promote equality, security and democracy.

The most important property is the security, thanks to decentralization, no central database/server exists for an attacker to hack, there is no manager or CEO that can be blackmailed, there is no board of directors that can manipulate the system for their own profit.

You can use many metrics to measure the decentralization of a system:

  • The number of participants keeping a record of the current state, indeed this is an important metric since you need at least one in order to restart the system if it collapses.
  • The number of actors taking part in the consensus(number of SPO’s), but each participant has a different amount of power or influence on the system.
  • The most important metric when talking about decentralization is the Minimum Attack Vector MAV for short.

The minimum attack vector is the minimum subset of participants that one would need to take under control in order to attack or manipulate the network, by having control of over 51% of the created blocks one could cause havoc to the network

When talking about attacks that can happen against the MAV participants, and by extent the Cardano network, 2 distinct attacks can be specified with very different requirements on the attackers side, and very different risks against the network.

1) Compromising of Hot-keys:

Hotkeys are the keys an operator uses to run his stake-pool on the network.

If an attacker is able to get access to this keys he would be able to cause a lot of trouble, he could perform a double spend(forking the network) or dos against the network(using the vrf keys), slowing the network.

In this scenario stake pool operators can rotate certificates and utilize hidden nodes to restore the network, even though this will cause issues

2) Compromising of Cold-keys:

Cold-keys are the backbone of the encryption we use for creating and managing Stake-pools.

If an attacker gets access to the cold keys of the MAV it is possible the attacker would be able to completely destroy the network.

If this happens then no hard-fork or quick and dirty patch by the SPO community will save us, the attacker will have the ability to react to every move we make with the exact counter move.

Restoring the network will be a herculean task and probably impossible without violating immutability or introducing censorship to the consensus of the network.

What are the tools someone could use to attack the network?

  • Sybil attack, an attacker pretends to be an honest pool to gather stake or power in the network, the attacker can create an infinite amount of pools in his effort to get maximize his own power in the network.
  • Bribery, an attacker can offer money or other goods to existing pools in exchange for their help with the attack .
  • Black-mail. An attacker can gain incriminating information about an existing pool and force them to cooperate, alternatively more ruthless attackers can kidnap family members of the SPO with the same goal.
  • Physical violence. An attacker can torture an SPO until he agrees to assist with the attack.
  • Legislative force. If the attacker is a national government or larger he could pass laws that force all SPO’s in a given region to surrender their cold keys.
  • Seduction. An attacker can employ sex workers to “gently interrogate” an SPO.
  • Infiltration. An attacker can aim to become a member of the organization that is running the stake pool, as an employee or a partner.

But I trust my Stake pool Operator, he would never attack the network

This is irrelevant, even if an SPO is 100% honest and trustworthy, it is foolish to believe that enemy’s of Cardano will only use Sybil or bribery, most likely in a full scale attack, the attacker will use all tools available to him.

At the moment we have not detected any such threats, but anyone that works with security of any kind(physical or digital), will tell you that you have to secure whatever it is you are doing before you are under attack. If you try to close your holes while the enemy is trying to get in, you are going to have a bad time.

If you hold ADA tokens then you are directly invested in the health of the network. You are at the same time the one that has the most to lose, and the one that has the power to protect it.

It is also very simple to understand that the more secure the network is the more valuable it is, this has a direct correlation to the value of the tokens you are holding.

According to the data by ADApools.org and blockfrost.io, we can clearly see that the current MAV is 22, this is by far less than the ideal MAV=250.

The participants of the MAV are :

  • Binance 2830.89M ADA
  • 1PCT 1178.69M ADA
  • ADALITE 892.58M ADA
  • ETORO 600.69M ADA
  • MS 592.83M ADA
  • NEW GIRL 571.06M ADA
  • LEO 507.47M ADA
  • EMURGO 489.84M ADA
  • EVE 471.13M ADA
  • NEW GUY 467.23M ADA
  • IOG 383.26M ADA
  • OCEAN 318.69M ADA
  • ZZZ 278.32M ADA
  • CCJ 266.9M ADA
  • COOL 257.33M ADA
  • SPS 258.33M ADA
  • WAVE 258.33M ADA
  • JAPAN 205.41M ADA
  • EDEN 198.76M ADA
  • DIGI 193.35M ADA
  • BLOOM 190.58M ADA
  • KTN 170.47M ADA

These are the organizations someone would need to control in order to Control the entire Cardano network.

This is better than anything else currently on the market, but far short from ideal.

The most obvious and simple way is to try and convince the delegators of MAV pools to redelegate to a poll outside the MAV! This is the only solution that works.

Moving stake from one single pool to another will have no effect, the same as moving stake from one MAV pool to another , the concentration remains the same.

I have created a new twitter profile (@CardanoState), this profile will publish on-chain data about the Cardano network, one of these reports will be the Current MAV, this will give the Cardano community a goal-post and a way of measuring our progress. A chance to celebrate when the MAV goes UP and a call to arms when the MAV moves down.

I welcome all of you to follow and be part of the biggest decentralization effort in the history of the world.

We have an opportunity with Cardano to build and own something fair, resilient, and powerful. Something that transcends nation-states, encourages international cooperation and minimizes the attractiveness of war.

We have a real shot at eliminating systemic corruption once and for all, but this can only happen if we do it. Cardano is a proof of stake system, that means, you the stakeholder choses, what will happen with it and what form it will take.

Thank you for Reading :)

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Leantros Holleman

Operator of BSP, ITN OG, Cardano supporter, DevOps Engineer, Stake pool operator.