Author

Topic: Refutation of the QuarkChain Whitepaper (Read 83 times)

legendary
Activity: 1098
Merit: 1000
Angel investor.
June 06, 2018, 12:46:03 AM
#1
The essence of the security of the QuarkChain ledger consensus system is presented in §3.4 Consensus Algorithm on pg. 19 of the whitepaper.

In 2015, I had contemplated this (c.f. also) exact design of a root (master) layer proof-of-work blockchain controlling numerous proof-of-work blockchain shards. I quickly discarded the design idea because it’s so egregiously insecure.

And sub-seconds confirmations aren’t possible in proof-of-work because the block period must be orders-of-magnitude greater than the network latency (and network latency isn’t scaling by Moore’s law). Otherwise the orphan rate becomes too high (c.f. the derivation) such that the chain might not even converge on a longest.

The QuarkChain whitepaper claims that the percentage of hashrate needed to double-spend drops from just over 50% in Bitcoin’s Nakamoto proof-of-work to (at worst1) just over 25%, which is already a horrible reduction in security (and selfish mining would be 17%). But the actual security is even worse.

There are numerous game theory security vulnerabilities related to incentives compatibility, transaction fees, and the ability of the miners to move their hashrate around at-will between root chain and any of the shards. Which include vulnerabilities similar to those that Byzcoin attempts but fails to fix about Nakamoto proof-of-work, as well as the failure modes of Byzcoin which I cited in my analysis of OmniLedger. Additionally I describe another vulnerability as follows.

Unlike with Nakamoto proof-of-work where all miners have a vested interest in not defecting and they all thus validate the blocks of each other, QuarkChain destroys that Nash Equilibrium because with control just over 50% of the hashrate of a shard, the attacker can censor shard transactions and/or extort high transaction fees. With 10 shards splitting 50% of the system hashrate that remains from the 50% for the root chain, the attacker would only need 5% of the system hashrate to wreck such havoc. With 50 shards, the attacker only needs 1% of the system hashrate. Rented hashrate attacks on proof-of-work altcoins are quite plausible. Verge is a recent example that such attacks aren’t just theoretical.

To prevent DoS attacks which destroy the scalability of the sharding wherein an attacker simultaneously issues a transaction to spend on every shard (note for scalability that shards don’t validate other shards and root chain miners don’t validate any shards), the hostage UTXO must only be spent on another shard after recording in the root chain a lock commitment. The committed shard can then validate the hostage UTXO lineage before accepting the transaction. Yet the attacker’s hashrate could move to the targeted shard to sustain the censorship/extortion indefinitely.

The double-spending protection claimed by the QuarkChain whitepaper is impotent against the above attack, because it only records the shard’s block hashes in the root chain. Only the shard’s miners validate and determine the contents of the blocks in the shard.

Merkle tree based fraud proofs issued by honest observers can’t prove anything about censorship of transactions.

Presumably as a coordination mechanism to override the above attack, QuarkChain proposes the mechanism of super-nodes in §5.1 Horizontal Anti-Centralization Scalability Expansion on pg. 24 with the union of super-nodes providing validation for the root and all shards. What the QuarkChain designers apparently don’t realize (or don’t want us to realize) is that these super-nodes must collectively possess just over 50% of the system hashrate for their decisions on validation to be adhered to. So in essence QuarkChain must be run by an oligarchy of whales who coordinate their validation of the entire system. Centralizing a ledger is a way of obtaining scalability, yet a distributed and centralized database isn’t accomplishing anything for trustlessness and permissionlessness. The antifragility vulnerabilities of centralized cartel control are:

a single-point of weakness that can be attacked, e.g. by the government regulators.

the cartel wants to maximize the extraction of rents from the system.

such maximization may turn against the best interest and desired features the users of the system want and need.

OmniLedger which I analyze below resolves this problem by creating shards which have a PBFT consensus algorithm instead of proof-of-work (which has a higher security threshold of 67%) and the set of validators is randomized2 so that the attacker can’t target a specific shard so as to weaken the security below that of the root chain’s 50% proof-of-work security threshold. One disadvantage of the OmniLedger design is that the liveness drops to 33% which is one of the weakness of any deterministic Byzantine agreement protocol such as PBFT.

As shocked as I am that (Ethereum's Casper design team lead by) Vitalik expended 3+ years to produce a totally flawed slashing proof-of-stake design (c.f. also), I am perhaps even more shocked at the blatantly obvious insecurity of the Quark[Quack]Chain design considering the number of PhDs listed in the §9 Development Team on pg. 35 and §Advisors on pg. 37. But really this should be expected from an opportunity cost economics analysis in the current gold-rush FOMO (fear-of-missing-out) race to extract a slice of the greater fool, agape n00bs speculative bubble. Even dozens of celebrities are pimped in the gold-rush.

Seriously, QuarkChain is more or less as useful as any of the series of shitcoin parodies such as the 100% Useless Token and those [ANN]ounced by the outrageously hilarious Gleb Gamow, which include the Bitcoin Pussy “The Wife of Dick” and YuTü.Co.in “Catering to YouTube 📷 Creators”.

As I proceed below responding to the QuarkChain whitepaper’s summary analysis of competing attempts to design a scalable, decentralized, secure ledger consensus system, I’ll explain the tradeoffs in the extant, published designs for other projects such as Bitcoin (Nakamoto proof-of-work), Lightning Networks, Ethereum, EOS (DPoS including STEEM) , OmniLedger, and other proof-of-stake derivatives such as NEM, Nxt, NEO, Qtum, etc.. And hybrids such as Dash and PIVX.

In a subsequent section I’ll cover the DAGs such as Byteball, Hashgraph’s Swirlds, Iota, and SPECTRE. And finally hopefully I will add a section on reputation-based designs such as Radix (formerly named Emunie) and Stellar’s SCIP consensus systems.

1 The 25% presumes a large number of reasonably equivalently hashrate weighted shards that divides the other 50% into a very small percentage. Thus the 25% rises to for example ~30% if there are only 10 shards. That is in the presumptions of their (incomplete and inadequate) conceptual security model.

2 Note it wouldn’t be secure to randomize the validator sets for the proof-of-work shards of QuarkChain because unlike deterministic Byzantine agreement protocols, proof-of-work isn’t one vote per cryptographic identity (i.e. per validator). There’s no way to limit or know the hashrate of each such identity and that’s why it’s useless to even assign identity to miner validators in proof-of-work.
Jump to: