If an attacker simulated an Ethereum network, with 1 million validators in it. He has keys to all validators, because the entire thing is his simulation. He simulates several decades, which in real time is probably several hours.
Then he broadcasts his simulated network to the real Ethereum network, and claim his is the real one. All his 1 million validators start communicate with the real validators. Since his network history has more “total attestations”, his network should be the real one according to the chain selection rule.
This is impossible in PoW, because he would need more hash power than all the other miners combined to simulate a “heavier” history. But that is not the case in PoS. I am curious, how does PoS solve this?
The attacker cannot just enter the network, each validator needs to deposit the 32 ETH and then there is the waiting queue: 1 million validators cannot enter in an instant, only a couple per epoch. So the first few enter and they cannot present their version of the truth, because they are a tiny minority.
It would be more problematic if someone somehow steals access to the majority of existing validators. This is more difficult the more different entities there are.
If the chain selection rules doesn’t have something like “All addresses must start at zero, except for that one premine wallet”, the attacker can start the chain with 1 million addresses that already have 32 ETH in it.
He simulates several decades of on-chain time (hours in real time). 1 million validators entering the system is probably done in the first year.
The idea is that he starts Ethereum network from when the ledger is empty. This is not far-fetched, because the real Ethereum network also started form an empty ledger. How do we tell one is real, the other is not?
Slashing
How is he creating 1 million valid validators?
The validators at time = 1 decide the validators for time = 2. He needs to somehow control the keys for 1 million validators at some point in time for this to be possible.
It is possible if they are buying the old keys from people who have stopped validating (although still difficult). To protect against this Ethereum uses weak subjectivity. https://notes.ethereum.org/@adiasg/weak-subjectvity-eth2
His historical version of the eth blockchain would be different 'cos he would need all the past validator’s keys to sign etc. If he broadcast his network history, it would still get rejected 'cos the history part fails and his simulated network would just be a separate colliding chain, like ETC vs ETHW?
This is a good question. You are a little confused about the validators ability to play things in fast forward to simulate decades though, they must all agree with each other and a random longer chain cannot appear out of nowhere like it can in PoW.
How finality is achieved is actually a lot more complex on ethereum 2s beacon chain. An epoch is considered final is 66% of the stake had attested to it. Now you are asking what if a large portion of those validators are compromised?
How it would play out would depend on how much stake the attacked gained.
Scenario 1: attacker gains <33% of the stake
if an attacker tries to create an alternate chain history with less than 33% of the stake agreeing on it, the network will reject this as invalid and all the validators will be ejected and have their stake slashed as punishment. Once the compromised validators are removed then things will progress normally
Scenario 2: attacker gains > 33% but <66% of the stake
if an attacker gained between 33% and 66% of the stake then the attacker can disrupt the network. As the network needs 66% of the stake to agree to finalise a block the chain will continue in a non finalised state. The nodes that attack the network will all get slashed and removed from the network, and the remaining honest validators can reach consensus. At the same time: the attackers nodes will slash everyone who remains on the legitimate chain, as they will see this as malicious. This will end up with a chain split with the attackers stuck on their own dead chain.
Scenario 3: attacker gains control of >66% of the stake
If an attacker can gain over 66% of the stake, then they can cause the network to stall for a very long period of time. By simply refusing to vote, they can cause the network to be unable to finalise blocks. Any node that attacks the network will be slashed and their stake removed from the active stake, and any validator that remains offline would slowly be charged a penalty for being offline, called the “inactivity leak”. This means, over time, the offline nodes portion of the stake will reduce until the network can finalise with 66% of the stake coming to consensus.
The amounts charged for inactivity leak and slashing amount due to double signing scales quadratically so the more people involved in the attack the higher the punishment to restore order faster.
In all cases, no matter how large the attack is, the honest validators will still be able to reach consensus amongst themselves given enough time, while removing the malicious validators.
You’re essentially describing a long range attack. That is the tradeoff that PoS makes over PoW’s full objectivity, in that a node who comes online for the first time (or after being offline for a while) cannot fully-objectively distinguish between the real fork and an attacker’s fork who simulated years of attestations.
It’s where the term “weak subjectivity” comes into play, you just need a recent state root from a node you trust (be it a friend running a node or a block explorer or whatever) and that’s what will tell your node which fork is the real one, and from there you can just keep following attestations from real validators and the long-range attackers can’t hurt you
Perfect response. Learnt something good today.