Monero Under Attack!

At time of writing, the Monero Blockchain is under attack, and not by some secretive group of hackers, as is usually the case, but by the leaders of a rival coin, qubic (QUBIC). Qubic didn't do anything clever. Qubic said to Monero's miners: "Keep mining XMR, but do it under our control, and we'll triple your profit." Admittedly, it doesn't take much to lure a miner. I think Monero's miners are more loyal than others.¹ I suspect that Qubic lured away far fewer miners of monero (XMR) than implied. The whole organization smells fishy to me, but I won't go down that rabbit-hole here.

There's a lot of cap-and-gown disquisition at the moment. Proof-of-Work in general is under scrutiny. Well-meaning nerds reach for technical solutions by default, but I think Satoshi's system was successful due to behavioural economics.

As an aside, qubic does not use Proof-of-Work. It's not even a mined cryptocurrency. It uses computation which superficially resembles mining. It's actually a Distributed Proof-of-Resource system. 'Proof-of-Resource', developed by the brilliant Bram Cohen, means that one's ability to verify transactions depends on one's pledge of resources. For Bram Cohen's cryptocurrency chia (XCH), the resource is disk space. For qubic, the resource is CPUs. The CPUs don't just sit idle, but train A.I. Do you see the difference? Qubic's so-called 'miners' might be doing work, but it's not to proove the contents of their blockchain.

The Gambler's Fallacy

You have just tossed five heads in a row.

Now, what's the chance you'll get a tails? 50%. It's always 50% percent. This is because the previous coin-tosses do not affect the current coin-toss. They are all independent events.

In statistics, there are dependent or independent events. This has profound ramifications for statistical probability.

The Gambler's Fallacy states that future events seem dependent on past events when they are not. Imagine a Roulette player. He has just won the last two spins of the wheel and now believes himself to be 'on a hot streak'. He expects the next spin to be a win too. But the next spin of the Roulette wheel is independent of the past spins. The Roulette player's odds of winning are the same for each turn.

The Gambler's Fallacy is relevant because people talk about a group of miners having 51% of the 'hashing power' but each hash is a guess; the data changes for each guess; hashes with changed data yield utterly unpredictable results; and hence each guess is an independent event. 51% counts for shit in the nanosecond. Each guess is a one in a trillion chance, or whatever it is. This is why the bitcoin mining pool Antfarm went twenty rounds recently without winning. Antfarm controls about 20% of the hashing power of bitcoin. You would expect them to win one in five times, but that would be the Gambler's Fallacy.

To be clear, stats play a part. There's a reason why we don't end up with 99 heads out of 100 coin-tosses. Independent events obey the law of averages over time.²

The relevant thing for this whole Qubic saga is that the attack manifested as 'reorgs'. Under Satoshi's method, which the Monero Blockchain follows, a miner can delete the most recent update to the transaction log, i.e. a block. This is a drastic action and can only be done under strict rules. For the purposes of this discussion, the main rule is that the miner must come up with two new blocks instead of one, or three new blocks instead of two, or four new blocks instead of three, etc. A reorg entails a miner pulling ahead of the pack.

Here's where the Gambler's Fallacy comes into play. It's hard to win a series of guessing games. No matter how powerful you are, some dude with a laptop might beat you. It's unpredictable. To publish that newest block, you might need to hit on the right guess in 2 minutes, but it might take you 20 minutes, by which time you are five blocks behind the rest. All the time you are spending electricity. All the time you are foregoing your reward. Remember that, if you want to pull ahead with two new blocks instead of one, you must have kept one unpublished. Unpublished equals unrewarded.

Essentially, these malevolent miners need deep pockets and a big appetite for risk.

Either the buy-in or the ante must be high

Having said all that, did Qubic really need a big appetite for risk? Did they forego much? On a good day, you'll be rewarded US$300 for a winning guess on the Monero network. Of that, only ~$3 is the fees. Monero prides itself on low fees. That's a noble goal, but is it self-defeating? Turning down the rewards of one, two, three or more blocks doesn't add up to much foregoing.

Trying to win three or four blocks in a row is like gambling. Let's narrow down the scope to card games like Poker. The 'ante' in Poker affects the play. The ante is the initial bet. If the ante is high, it places much more risk on a player with a more complicated stratagem. At the same time, it wipes out the players with a brute force stratagem. The so-called 'loose/aggressive' card player meets his match with high antes, because, before he can use his ballsy bluffs, he has to use that money the same as everyone else. The ante is a leveller. High-ante card games reward simple, conservative strategies, and punish the extremes.

Monero plays low ante games. Its fees are pathetic. Qubic was able to put into play a mix of brute force and longterm strategy. We only saw their wins. They would have been failing a lot in the shadows of their server racks, but grinding on. Low ante games let the grinders grind.

High antes aren't the only way of knocking out grinders. A high buy-in works too. Think of the VIP room at casinos. A typical buy-in is $20,000. It keeps out the riff-raff so to speak. Zcash (ZEC) and Pirate Chain (ARRR) are examples of cryptocurrencies with a high buy-in. Mining these cryptos needs ASICs and the Equihash protocol. Equihash is the Rolls Royce of Proof-of-Work protocols. Monero opted for a cheap buy-in. You just need an average CPU. This allows anyone to participate. That's a noble goal but it's risky. A nation-state could create a bot army of CPUs easily.

Monero is a low buy-in, low ante game. A low buy-in, low ante game can't resist attackers in the long run. There's an arrogance in thinking that a technical solution will do the trick. There are always new strategies. The best card players will get worn down. If the Monero thought-leaders want to maintain the low buy-in, they will need to up the ante. They need to stop thinking of fees as bad per se.

The wasp's sting

If you're anything like me, you do a spastic dance when a wasp makes like to land on you. I'm not allergic to them; a wasp can't kill me, and I can easily kill it. All the same, who wants the pain? Wasps are scary.

There must be a cost to those who would do you harm.

Skunks are probably an even better example. Very few creatures attack a skunk. The stink poses no physical threat but is just so awful.

The Moneristoj³ briefly DDOSed⁴ the Qubic nodes. I thought it would last longer, but I guess that data centers have pretty good anti-DOS measures these days. At any rate, revenge attacks are haphazard; they are no basis for a secure cryptocurrency.

The basis should be economic. There should be an immediate and exponential escalation of cost for the attacker. An army of 'reservists' should be on standby. They should do two things at least:

This is the equivalent of pushing up the ante. The higher number of miners makes it less likely the atttacker will make the winning guesses, and if the attacker is renting CPUs, it will take longer to have any impact, and hence cost more. With the higher fees, the attacker foregoes more money, and pool-members are lured away. Mining empty blocks will seem foolish. There needs to be an immune response ready to go. More on this in the next blog post.

Here's the crux: An advertized, ready-to-roll counterattack does 90% of the work. Most attackers won't bother. Wasps seldom sting, because we avoid them.

Key Takeaways