In the 01 activity of the chainnode white paper decryption reading club, Liu Qiushan, senior researcher of Biyuan chain, led you to read the white paper “mov: the next generation to the center cross chain layer 2 value exchange agreement”, which attracted many fans’ attention. Among them, gentledog’s reading post “some thoughts on mov inspector system” won the first place in the reading activity.
The text is as follows:
According to the white paper, MOV has the position of inspector to prevent the side chain from doing evil. I was wondering, is there any loophole in this system? After some thinking, it seems that there are several ways to attack: 1. The inspector of copying transaction attacks finds problems and initiates a transaction on the main chain. After someone obtains the content of the transaction, he / she raises the handling fee or hides the transaction directly from the network, and then initiates a transaction with the same content, so as to steal the inspector’s labor achievements. In this case, the benefits that inspectors can obtain are almost zero, or even negative, so there is no incentive to patrol. There is a solution to this attack. There’s one thing the perpetrator can’t copy: the wallet address! The mode of proposal (commitment) + evidence can be adopted. The inspector can submit the commitment (data + hash value of wallet address) first, wait for the block to confirm, and then publish the data (wallet address can not be published). In this way, we can solve the problem perfectly. 2. Pretending to do evil attack can be used when the reward given by the net joint is greater than the loss suffered by the side chain perpetrator. The side chain perpetrator can pretend to do evil, and then collude with the inspector to submit the evidence of doing evil first, and cheat the reward from the gateway node. When the reward is greater than the punishment received by the perpetrator, the perpetrator gains. This kind of attack shows that the reward given by the gateway node has a upper limit, which can not be greater than the punishment of the perpetrator, and it is not necessarily equal to the degree of the perpetrator. 3. DOS attack when the side chain does evil and involves a large amount of money, it initiates a garbage transaction on the network, temporarily blocking the network, making the inspector’s supervision cost far greater than the reward he can get (because pretending to do evil attacks, the reward is limited, it is not equal to the degree of evil). Once the dispute period is over, the perpetrator will succeed. DOS attack is not impossible (see EtherCAT and Eidos airdrop). The perpetrator can choose to attack when the network is congested to reduce the cost.
First of all, let’s leave the DoS attack aside, and the next interview is to analyze the inspector system from an economic perspective. First, take an observation period, set in this observation period, the patrol cost of the inspector is u, the reward of the gateway node is V, the loss suffered by the perpetrator when the evidence is presented is r, the gain obtained when the perpetrator is successful is s, the probability of perpetrator is p, the average number of patrol officers is Q, and the probability of a single patrol officer is t. It is assumed that the opportunities of inspectors are equal, that is, when the number of inspectors is Q, the probability of successful proof is 1 / Q. The game between a single inspector and the perpetrator is as follows:The expected payment for a single inspector isUnder the condition of complete competition, the expected payment of a single inspector should be close to 0. From this, we can calculate。 From this we can know that whenWhen, q = 0. Furthermore, we can calculate the best probability of doing evil. We might as well setAndSo,。 The expected return of the perpetrator isIn the intervalThe formula is monotonically decreasing. So, inGet the maximum value at. Therefore, the best probability of doing evil is, no patrol at this time!
The above “observation period” refers to a sufficiently small and indivisible period of time. If it is a long time period T, how to calculate the probability of doing evil? The patrol cost of the inspector in unit time is u. The time period T is divided into n (sufficiently large) small time periods. Then the probability of doing evil in each small period is about。 Then the probability of doing evil in N time periods is about。 Therefore, in a long period of time t, the probability of doing evil is。
We can draw the following conclusions: 1. The inspector system can reduce the probability of side chain evil. 2. The probability of the side chain doing evil is related to the patrol cost U of the inspector and the reward V of the gateway node. Reducing u or increasing V can reduce the probability of doing evil. 3. The probability of doing evil in the side chain has nothing to do with the income s obtained when doing evil successfully, that is to say, reducing the assets in custody on the side chain will not help to reduce the probability of doing evil. 4. The probability of the side chain doing evil has nothing to do with the loss r suffered by the perpetrator when he is adduced evidence (if the relationship of V ≤ R is ignored), that is to say, only increasing the margin of the side chain operator will not reduce the probability of doing evil without increasing the reward of the gateway node. 5. The reward V of gateway node can not be increased infinitely due to pretending to do evil attack. The inspector’s inspection cost u cannot be infinitely reduced. The inspector system can not prevent the occurrence of evils.