By Winston - 23 Oct 2017
XY Attack Vector (IOTA's version of the 34% attack)
In blockchains, as we all know, the most well-known attack vector is the “51% attack”. Research has been done in the years since that theoretical attack was postulated, and it was actually found that it would only take 34% of network hashing power to carry out the attack. So right off the bat, there is a fundamental public misunderstanding of this attack vector (people think that it requires having the majority of the network hash rate when it actually only requires 34% of it). But the exact percentage is semantics anyway – let’s move to how this attack applies to IOTA.
As you continue in this article, you’ll notice that “34% attack” is not actually a 34% attack in IOTA (let's refer to this attack in IOTA as the XY attack to stress the dual-variable requirement).
The most crucial first step to understanding all of this is that IOTA mesh net topology. This differs greatly from all other blockchain protocols. Mutual tethering and the future of IoT connectivity are the factors that make IOTA a mesh net, which has some very implications for network security, the most important of which is how this topology strengthens network resiliency against the XY attack.
IOTA mesh net: Each full node only sees one tiny part of the Tangle – through their handful of neighbors. No one has a list of all IPs of all nodes.
Now, let’s address the XY attack in IOTA. Because blockchains are not in mesh nets, the 34% attack in blockchains just means that if you get enough hash power, you can successfully conduct the attack. Percentage of network hash rate is the only variable in the block chain 34% attack. However, in IOTA, there are THREE variables required for this attack (one is fixed).
1. X percentage of network hash rate
A sufficiently large portion of the network hashing rate (“X%” [any number]. We’ll establish the multivariate “gradient” concept later in this writeup): Just like in Bitcoin, the attacker would have to achieve a certain very large amount of network hashing power in order to overtake the network. But this is NOT the only variable in IOTA as you can see. There also isn’t an “all or nothing” network takeover in IOTA. This idea probably requires an entire article in and of itself, but suffice to say that XY attacks only take down layers of the Tangle, requiring an exponentially stronger XY attack to propagate deeper and deeper into the Tangle.
Seeing the entire network topology at once. “Having an overview of the network”
To deploy attack resources properly and efficiently, an attack would need to get a broad overview of every full node connection in the Tangle. This is obviously impossible since every connection is kept private, and no entity is able to map the network.
3. Y percentage of omnipotence
Being paired with a certain % of all full nodes in the network.
Neighboring with a sufficiently large portion of the network (Y% omnipotence): The attacker must be able to push their massive amount of hashing power (X% of the network’s hash power) through the tangle suddenly (a non-sudden attack is not an attack, so suddenness *is a sub-category of this 3rd requirement).
For example: An attacker needs X% of network hashing rate and is paired with Y% of all neighbors in the Tangle. It would greatly help to be able to have an overview of every connection in the network in order to optimize the attacker’s attack propagation, but this is impossible so it can be ignored henceforth.
Let’s say that X = 25% and Y = 15%: The attacker would bring down a small number of “edge nodes” (the nodes that the attacker is connected to). This is where the “gradient” concept comes into play. The combination of X and Y will determine what percentage of edge nodes are taken down in the attack, and thus the effectiveness of the attack. X can be 99%, but without sufficient Y, the attack can only bring down a very small percentage of edge nodes (around Y%!). The edge nodes and nodes surrounding some of those edge nodes would be overwhelmed with the attack and restart or just blacklist the attacker so that their nodes can become functional again. The low latency nature of a mesh net means that there is a gradient of attack that depends on X and Y.
Now let’s say that the attacker wants to propagate their attack deeper into the Tangle. X = 40% and Y = 20%: The attacker would bring down many more edge nodes and be able to propagate the attack deeper than the attacker in the first example above. The bigger/better the X & Y combination, the deeper the attacker can propagate the attack into the Tangle. This would theoretically require exponential increases in both hash power AND neighbor finding & maintenance to make marginal increases in Tangle attack depth, making the Tangle orders of magnitude more resilient to such attacks than the non-mesh net topology block chains.
Originally posted on IOTA slack as a wrap up to a #tanglemath conversation.
***This is not official***
Later posted on TangleBlog. ctrl+f "attack vector"