Priority by Threat -- Designing a block with security features

The current protocol doesn't differentiate between a spammer and a user. However, If we prioritize the transactions by the threat they pose to increase the cps, we can create a priority queue where spammers are forced to do the POW first.

Definitions:

Spammer: An entity whose behavior tends to increase the cps of the network.
flagged accounts: Accounts who have violated the design principle

Variables:

network_cps : the cps of the network at an epoch X
network_time: X (X is an unix epoch, that increases in an interval Y)*
account_tps: (block_height - previous_confirmedBlock_height)/z if z==0, z=1
account_age: account_age + z
z = network_time - previous confirmed block's network_time

Model

The model calculates the threat of an account being a spam.

An account is a spam account, if its behavior increases the network_cps. So by definition, the network_cps should stay static or decrease.

network_cps stays static or decreases, when an account does network_cps/total_number_accounts many transactions per second at most (considering all accounts are active). In other words, for an account not to be a threat as a spammer, an account can not do more than the allocated tps. Thus, 'threat' can be defined as the rate at which an account is using the allocated tps. If the tps allocated is network_cps, we have:

threat = account_tps / network_cps

To create a barrier of entry for future spammers, the threat is further amplified by multiplying it with the inverse of account_age. Thus:

. threat = account_tps / (network_cps * account_age)

Algorithm:

  • The network calculates the network_cps every Y seconds, such that network_time X = previousX + Y.

  • During the creation of transaction, the node requests network_cps and network_time from the network.

  • The response of step1 of creation of transaction will also include these variables plus the threat as well.

  • A block is created with all the variables mentioned above plus the threat.

  • Once the transaction is created, the network checks if the network_cps and the network_time that the block has is same as the ones that were sent. If they are different, the transaction will not get a place in the back-log table -- the account will be flagged, and higher POW will be required from the account for further transactions for an hour. Even with the highest POW, the block's priority will still be lower than that of the unflagged accounts'.

  • The network will broadcast it.

  • The priority is based on unflagged accounts first, then POW, then the threat.

  • The first node to vote on the block will also validate whether the threat and the account_age are falsified or not. If they are falsified, and the quorum agrees, the transaction won't be confirmed, the account and the node will be flagged, and the POW for the account and the transactions coming from the node will increase significantly.

Attack Scenario

Mass account attack and Sleeper cell attack:

Mass account attack is when millions of accounts are sending transactions. And a Sleeper cell attack is a mass account attack but with the accounts created in the past.

In a sleeper cell attack, the attacker will be able to use account_age to its advantage, as much as imaginable. The model doesn't offer any solution for it, except getting rid of account_age.

However, maybe, a variable level_tps can be added that tracks the average tps of the level-by-stake.

level_tps: avg(account_tps) of the accounts at the level-by-stake
tps allocated for the level = network_tps
level_threat = level_tps/network_tps
threat = threat * level_threat

In case of a sleeper cell attack, or a mass account attack, the level_threat rises significantly, increasing the threat. Although it is best that level_tps is updated dynamically to reflect the organic growth in the cps, it can also be initialized to censor attacks like current low-raw attacks.

Conclusion

It was shown that a block can be designed with features that can be used to differentiate a user's block from a spammer's block. Once we know a user block from a spammer block, a priority queue can be created, effectively forcing the spammers to do the higher pow first.

2 Likes