Setting the Record Straight
Debunking Anatoly Yakovenko's Misconceptions about Security in Distributed Ledger Networks
A couple of days back, I had an interesting interaction with Anatoly Yakovenko, the founder of Solana, and it surprised me how the founder of a 100 billion dollar chain could have such a flawed understanding of security in Distributed Ledger Networks, even about some things that we network architects consider basic.
I never thought a day would come where I would have to elaborate these basic concepts to a fellow builder, but that day came sooner than I anticipated.
So, let me tell you why Anatoly's arguments are wrong and why such a weak understanding of how these systems work will one day make Solana a "weak" network with compromised security.
1. The Honest Majority Assumption
The honest majority assumption is a fundamental security premise that underlies all blockchain consensus models, including both Proof-of-Work (PoW) and Proof-of-Stake (PoS) based systems
This assumption means that the majority of the participants (miners in PoW, validators in PoS) will behave honestly and follow the protocol rules. As long as this holds true, the network maintains its integrity and resists attacks. Additionally, no dishonest party or adversary, no matter how strong, can cause issues or disruptions if they control less than 33% of the network.
It's important to note that not following protocol rules doesn't always mean being an attacker or dishonest. If a participant is faulty, they might fail to follow the rules. If enough participants are faulty, this can cause issues with the network's operation, affecting its liveness and safety, even if no one is acting with malicious intent.
In PoS networks, instead of expending computational power to create blocks as in PoW, the consensus participants stake their tokens as collateral to participate in block production and validation. The probability of a participant being chosen to propose the next block is typically proportional to the amount of tokens they have staked.
The security of PoS networks relies on the idea that as long as the majority of staked tokens are controlled by honest participants, they can collectively prevent misbehavior and attacks by dishonest actors.
Dishonest validators are at risk having their staked tokens "slashed" (penalizing) if they are caught violating the protocol, such as by double signing or proposing invalid blocks. The threat of losing their staked wealth is intended to keep validators honest.
This honest majority assumption applies equally to monolithic PoS blockchains as well as sharded PoS networks.
In a monolithic chain, the assumption is that the overall majority of staked tokens across all validators is honest. In a sharded system, the assumption is that within each shard, the majority of that shard's validators (and their staked tokens) are honest.
Sharding introduces additional complexities, but it does not inherently weaken the security of the network. Sharding distributes the workload across multiple shards, but it does not split the overall security of the network. Mechanisms like random validator assignment and frequent shard rebalancing makes it infeasible for an attacker to concentrate dishonest validators within any single shard at will or with little delay without controlling a supermajority (67%+) of the total stake across the entire network.
Solana and other monolithic blockchains with deterministic safety models operate under the principle that as long as a supermajority (a minimum of 67%) of the network participants act honestly, the network remains secure and functional. However, this statement is nuanced.
If a strong adversary controls 34% of the vote power, they can cause liveness issues at will and potentially safety issues. Conversely, a weak adversary can cause liveness issues but would need 67% to cause safety issues. It's also important to note that not following protocol rules doesn't automatically mean an attacker or dishonest behavior. If enough network participants are faulty, you can have issues around liveness and potentially safety, even if no one is actually adversarial or dishonest.
But if the honest majority in a blockchain is compromised, it undermines the security and integrity of the network. There is no way around it. Even running a full node in such a situation will not help you avoid a double spending attack. This assumption is not unique to any chain but is a fundamental aspect of all blockchain based systems.
But Anatoly seems to have a different understanding about this.
So let me debunk this BS!
Full Nodes Also Operate under The Honest Majority Assumption
Full Nodes and Validator Nodes
Validator Nodes: These nodes participate actively in the consensus process. They validate transactions, create blocks, and maintain the blockchain's current state. Validator nodes must agree (by a supermajority, typically 67% in PoS networks with deterministic finality) on the validity of transactions and blocks before they are added to the blockchain. They use their signatures to certify the current state of the blockchain.
Full Nodes: These nodes don't participate in the consensus process directly. Instead, they observe and rely on the signatures of the validator nodes to verify the blockchain's state. Full nodes store the entire blockchain and use it to verify the validity of new transactions and blocks.
If the majority of validators are dishonest, they can mislead the full nodes into accepting an incorrect state, including double-spent transactions.
Any entity that runs multiple full nodes at this point cannot prevent a double spend attack, which my friend here fails to understand.
So let me go a bit deeper.
Understanding Adversaries and Consensus
When a network is compromised beyond a certain threshold, adversaries can produce blocks and signatures that look valid. Strong adversaries, which one should always assume could exist, have extensive capabilities.
They know the identities of network participants, the random numbers to be generated, and other critical details. Additionally, adversaries can isolate other participants from the rest of the network through eclipse attacks, controlling what information they receive. This allows adversaries to have significant control over the network and potentially manipulate validators into accepting or rejecting transactions based on the adversary's interests.
If these strong adversaries control a large portion of the network, they can create false blocks and certificates that appear legitimate. This means that even sophisticated entities like Circle, which rely on these certificates for validation, could be fooled. Adversaries can choose what information to send to Circle, making it believe that certain transactions are valid when they are not.
Consequences of a Failed Honest Majority Assumption
In a compromised network, where adversaries control 67% of the validator nodes, a double spend attack can be executed with devastating efficiency.
Let's consider how this unfolds with Circle, a company that issues USDC stablecoin (a case study):
The adversaries, by holding a supermajority, can manipulate the blockchain to serve their interests.
They first send USDC to Circle and generate the necessary proof of these transactions.
Relying on the signatures from the validator nodes, Circle validates the transactions and transfers the USDC to the adversaries' bank accounts.Simultaneously, the adversaries present a different version of the blockchain to the honest 33% of the network, which shows no transactions to Circle.
This alternate version appears legitimate to the honest nodes, who then validate it, unaware of the adversaries' deception.
This creates two conflicting versions of the blockchain: one where Circle has transferred the USDC and another where the USDC remains with the adversaries.
Both versions seem valid because they meet the quorum requirements of validator signatures.Circle processes these transactions, moving the USDC to the adversaries' accounts and subsequently to their bank accounts.
The adversaries have already profited by converting the digital currency into fiat money and withdrawing it.
By the time the conflicting blockchain versions are detected, the adversaries have cashed out and left the network.
The realization of double spending occurs too late, and Circle is left with significant financial losses.
Why Full Nodes Can't Detect the Attack
Running full nodes by Circle would not prevent this attack because full nodes rely on the signatures from validator nodes to authenticate the blockchain's state. Full nodes don't participate in the consensus process; they only verify transactions against the current state of the blockchain as attested to by the validators. Since the adversaries control the majority of the validator nodes, they can create a false but seemingly legitimate version of the blockchain that the full nodes would accept as valid.
The adversaries’ manipulation ensures that Circle’s full nodes see only the fraudulent version of the blockchain where the transactions to Circle are valid. At the same time, honest nodes see a different version where these transactions never occurred.
This dual version scenario exploits the reliance of full nodes on validator signatures, making it impossible for the full nodes to detect the discrepancy until the network participants are able to reconcile the different versions. By then, the adversaries have already exited, having double-spent their USDC and causing irreversible financial damage to Circle and other honest participants in the network.
Aftermath and Network Restoration
Once the network participants discover the conflicting blockchain versions, the network will grind to a halt. Both versions appear valid due to the required quorum of validator signatures, causing a safety break.
To resolve this, the network will require manual intervention, often involving social consensus where participants must agree on the correct version through out-of-band communication, like phone calls or messaging platforms.
However, since the adversaries' stake is still recorded in the network, achieving the necessary quorum to restore normal operations becomes challenging. The network must redistribute the remaining stake and potentially introduce new validators to achieve the majority required for future transactions.
In a typical scenario, slashing mechanisms can be used to penalize malicious validators by confiscating their stakes. However, slashing requires a functioning network with liveness and a present, honest majority quorum of validators to come to consensus. Since the adversaries have left, their stake is still recorded in the network, but their validators are no longer participating. This complicates the process, as the network cannot achieve the necessary quorum to slash the dishonest validators' stakes without their participation.
This is a nuclear attack level scenario for a network. A monolithic blockchain like Solana or sharded networks like Near, MultiversX, or Radix will be equally susceptible to ending up in such a situation if there is no longer an honest majority participating in the network.
Distributed ledger networks are supposed to be built with pillars that fortify the system from becoming vulnerable to such an attack. That’s why factors like economic /socio-economic security matter.
This is where I strongly disagree with Anatoly’s take on factors like economic security.
Economic Security Matters for Every PoS Network
Economic security is not everything, but it is one of the factors that could make such an attack on any network really painful.
As a network architect, you want to create a system that is invulnerable to attack within the theoretical bounds. To achieve this, make the system decentralized, geographically distributed, and backed by strong economic security. In a PoS system, the token providing Sybil resistance to the consensus should have high economic value.
Economic security means that validators have significant financial stakes in the network. If they act maliciously, they stand to lose their investment. This economic stake acts as a deterrent because the cost of an attack would outweigh the benefits. The higher the economic value of the tokens providing Sybil resistance to the consensus mechanism, the stronger the deterrence against such attacks.
Geographical distribution of validators adds another layer of security. By spreading validators across different regions, the network reduces the risk of localized attacks or disruptions.
The analogy with nuclear deterrence is apt: nuclear weapons are not intended for attacking an enemy but rather to deter potential nuclear attacks due to the threat of mutually assured destruction.
Similarly, in a distributed ledger network, a significant attack would not only fail but also result in severe losses for the attacker. An attacker would need a significant stake in the network's tokens to gain a majority and compromise the consensus process. However, this comes at a high economic cost. If detected, the attacker risks having their staked tokens "slashed" as a penalty, compounding their losses.
Furthermore, the more value that is present in the network guarding against Sybil attacks, the more value the attack needs to extract for the adversary to avoid a loss. Plotting an attack to "steal" a small amount like $1000 is much easier than an attack which has a potential loss of $100M if it goes wrong. Therefore, the net value extraction of attacking high value networks has to be significantly higher, on the order of $200M for example, to be worth the risk and logistical effort of pulling it off.
The objective is to inflict maximum economic pain on potential attackers, discouraging them from attempting an attack. The goal is to create a system where the risks and costs of attacking outweigh any potential benefits, maintaining network integrity and trust.
The Socio-Economic Cost of “Zero-Cost Attacks”?
This is where pure technologists like Anatoly fail to understand the socio-economic nature of these systems.
The argument that attackers could acquire tokens for free is flawed. Here the concept of economic security can be extended to the idea of "socio-economic" security.
Let me explain.
There's a saying that "there is no free lunch". Likewise, in the case of decentralized distributed ledger networks, there are no "zero-cost attacks." The notion of economic security extends beyond just the direct financial costs of acquiring tokens to attack the network.
Attacks have high indirect socio-economic costs and disincentives. In most cases, the socio-economic costs of lost revenue, slashed rewards, crashed holdings, legal consequences, and catastrophic reputational damage would vastly exceed any potential gains from attacking the network, even if little direct capital was required to acquire the necessary tokens.
This makes such attacks impractical and irrational for major stakeholders like exchanges and staking aggregators, even if they could get the tokens cheaply.
This web of strong economic disincentives and legal/reputational risks for these actors creates a social layer of security on top of the cryptoeconomic security provided by staked value.
Final thoughts
A distributed ledger network is one of the most complex systems ever conceived by humans. The failure of such a system would have catastrophic effects once it becomes the underlying socio-economic coordination layer of a sizable human population.
That’s why I consider all the potential attack vectors and doomsday scenarios and follow all the best practices while designing the system that I am building, because, as the saying goes, hope for the best and plan for the worst.
IMO Anatoly's way of understanding how full nodes work is incorrect. He has a weak grasp on the honest majority assumption and why it has the same implications for monolithic as well as sharded networks. Economic and socio-economic security matter, because what we are building here is not just technology, but a socio-economic base layer for global human coordination.
Your lack of understanding these realities, and the “YOLO” attitude while building these systems will one day make Solana a "weak" network with compromised security.
I hope that day never comes!
Btw, from now on I’ll try to keep this writing a more regular thing,
because it’s just hard to compete with the crypto noise just with tweets, and it also helps me to organize my thoughts.
So just check out my Substack to follow my train of thought.
