Proof of Stake の Stake Grinding 攻撃について
Altcoin – Bitcoin
There are also “stake grinding” attacks which require a trivial amount of currency. In a stake grinding attack, the attacker has a small amount of stake and goes through the history of the blockchain and finds places where their stake wins a block. In order to consecutively win, they modify the next block header until some stake they own wins once again. This attack requires a bit of computation, but definately isn’t impractical.
Because these attacks exists, including Peercoin and Blackcoin proof of stake cryptocurrencies have “master” public keys that control the blockchain.
This class of cryptocurrency is either insecure or centralized, however proof of stake (based on a PoW currency) is useful in some systems because gaining stake is costly, but it isn’t workable for bootstrapping distributed consensus.
Ethereum: Proof of Stake FAQ
Version 1 of the myth: Using only a limited amount of coin age, the blockchain history can be re-written by grinding through the probabilities involved in creating the longest blockchain. As long as there is only a little coin age left, it is possible to create one more block. This makes Proof-of-Work arbitrator in Peercoin.
ppcoin – stake burn-through vulnerability
Stake grinding was a technique based around PoS currencies which used coin age, which nxt never was. BCnext originally was going to use coin age, but was dissuaded to do so by cunicula if I remember my history correctly.
blog by Paul Sztorc
When applied to naive proof of stake (PoS), this principle implied the attack-phenomenon known as “stake grinding”, a version of PoW (“attempting multiple-block chain-histories until you found a history which granted you the coins”) that was markedly less-cumulative. Because the cumulative work wasn’t measured (as it is with Bitcoin’s “difficulty”), it wouldn’t be readily obvious that “total work” = “total expected value of the blockreward”.