Reputation-based Blockchain Guarantees Security against 51% Attacks
March 2019 by Emmanuelle Lamandé
Researchers at the University of Luxembourg are part of an international team that has proposed the first blockchain system to guarantee proper performance even when more than 51% of the system’s computing power is controlled by an attacker.
The system, RepuCoin, introduces the concept of “reputation” to blockchain, effectively making it thousands of times more expensive to attack than Bitcoin. It was developed at the University’s Interdisciplinary Centre for Security, Reliability and Trust (SnT), and has the potential to be applied in a number of global sectors including fintech, energy, food supply chains, health care and future 5G telecommunications networks.
One of the main advantages of blockchain-based systems, such as Bitcoin, is that the whole network sees and approves changes to data through democratic consensus. Users don’t have to place their trust – and money – in the hands of a single central authority. However, to achieve this, existing systems equate a miner’s computational power used for mining new blocks with their voting power, used to decide which blocks of transactions to commit to the ledger.
This gives rise to an inherent weakness: as soon as one miner controls over 50% of the system’s computational power s/he also controls the voting power; the system effectively ceases to be decentralised. That miner could reject blocks proposed by competing miners, prevent selected transactions from being added to blocks and even replace blocks that were already on the ledger.
To solve this, RepuCoin calculates voting power according to a miner’s “reputation”. Unlike social reputation, this is a strictly mathematical quality which accumulates through consistent and honest mining over long periods, like charging a battery before it can be used. It makes RepuCoin the first such system to be resilient against miners holding 51% or more of the network’s computing resources.
Attacking RepuCoin with 68% of the system’s total mining power would take at least six months once the system has been running for a year, and would be at least 5760 times as expensive as conducting the same attack on Bitcoin. And because of the way reputation accumulates, the longer RepuCoin runs, the more resilient it is to attack. For example, when the system has been in secure operation for only three months, an attacker would need to harness 90% of the overall computing power for a further month to behave maliciously.