Getting started
Constructions
Useful resources
Background
SNARKs Vector Commitments Collision-resistant Hash Function
Possible Attacks
Adversarial provers could exploit to get rewarded for storage they are not providing: Sybil attack, outsourcing attacks, generation attacks.
- Sybil Attacks: Malicious provers could pretend to store (and get paid for) more copies than the ones physically stored by creating multiple Sybil identities, but storing the data only once.
- Outsourcing Attacks: Malicious provers could commit to store more data than the amount they can physically store, relying on quickly fetching data from other storage providers.
- Generation Attacks: Malicious provers could claim to be storing a large amount of data which they are instead efficiently generating on-demand using a small program.
Security
Latency model: A PoS is considered secure if for a prover who does not store the full replica, during the execution phase generating a valid response to the challenge will need a running time superior to the duration of the challenge-response communication.
Cost model: In this model we assume a rational adversary that chooses the less expensive in terms of costs solution, and that should be storing the entire replica over the expected period of time.
There may exist a successful adversarial strategy that does not require the adversary to store the entire replica over time, but this strategy will be more costly than the honest one, where the adversary dedicates storage in order to answer challenges.
Then, we will not ask a rational prover to show exactly which resource was spent in the execution phase, but just to show they spent some expected amount of resources.
This allows the prover to choose arbitrarily a trade-off between storing the entire replica or recomputing parts of it.
The naive way to is for the prover to discard most of the stored data after the initialization and rerun the initialization in the execution phase.
If the prover prefers to use computation over storage, then that is that the cost of storing the data between the phases is greater than the cost of rerunning the initialization.
By setting parameters correctly, we can ensure that rational provers will prefer to store the replica over computation, and make sure this is the best strategy.
← Previous
Next →