KasMedia Logo
Understanding GHOSTDAG

Understanding GHOSTDAG, Exercises for Chapter 1C

September 10, 2024Shai (Deshe) Wyborski2 min read

(This post is part of the Understanding GHOSTDAG series)

  1. * Prove that no chain selection rule can satisfy the first attempt at defining safety.

  2. Do the computation showing that an HCR chain with orphan rate δ\delta can only be secure for α\alpha attackers with α<12(1δ2δ).\alpha<\frac{1}{2}\left(1-\frac{\delta}{2-\delta}\right)\text{.}

  3. * Is HCR secure against an attacker with exactly half of the hash power?

  4. ** The consequences of increasing block sizes can be described by noting that each new transaction to verify increases the time it takes to validate the block, and this aggregates in each hop. That is, if it takes 1010 hops for a block to get from Alice to node Bob, then by increasing the transaction count by one, you increase the number of validations along the way from Alice to Bob by the time it takes to do ten verifications. Use this to argue that increasing the block size has a similar effect to decreasing the block delay (you argument will have to appeal to the topology of the network).

  5. ** Extend the computation we did on the increase of orphan rates to also include orphan chains of length two.

  6. Prove that the antichain condition for a set of blocks is equivalent to the following condition: it is maximal with respecct to the property that no two blocks in the set are reachable from one another.

  7. An ECDSA secret-key is chosen uniformly at random from 21282^{128} possibilities. According to the approximated formula ε(C,α)(α1α)C\varepsilon(C,\alpha) \sim \left(\frac{\alpha}{1-\alpha}\right)^C, how much confirmation do we need against a 30% attacker before we are confident that the probability the transaction reverts is smaller than the probability to correctly guess an ECDSA key in a single try through dumb luck alone? What is this number for a general α<1/2\alpha<1/2? Plot the graph of CC as a function of α\alpha.

  8. ** Complete the proof of the bound on revert probabilities in the sketch of the Bitcoin security proof.

  9. * Show that for a troll who tries to revert any transaction with CC confirmations, the time the attack would take is inversely proportional to ε\varepsilon’

  10. * Complete all the cases for the Eyal-Sirer selfish-mining attack.

Enjoyed reading this article?

More articles like this

Comments

No comments yet!

Post a comment

KasMedia logo