Over the past weekend, on block 11380000, a solution for the prevention of 51% attacks was introduced to the Ethereum Classic (ETC) community. Several such attacks have recently placed ETC at a crossroads, leaving the very survival of the chain uncertain. In the weeks that followed these attacks, the community worked to evaluate numerous potential solutions.
The first one that has been implemented is called MESS, which stands for Modified Exponential Subjective Scoring. Its predecessor was first suggested by Vitalik Buterin back in 2014. It builds on the assumption that while small chain reorganizations that go back a few blocks are perfectly normal, the ones proposing reorganizations going back hundreds and even thousands of blocks are highly suspicious.
With most proof-of-work blockchains, the longest chain with the most work wins. This means that malicious attackers must mine a longer chain in isolation and then, propose it to the world. This was the case during recent attacks, which cost honest participants millions of dollars.
MESS disincentivizes shadow mining by weighing chains differently depending on the time of publication. Isaac Ardis, one of ETC Core’s developers, explained this mechanism to Cointelegraph:
“The intention with that is to weight chains which occur and are available first over chains that come later. And so in that way, there is an incentive to publish work on the chain and it disincentivizes chains that are defined in private and that would come later.”
The algorithm employs a multiplier that determines the required difficulty from a proposed chain in order to be considered canonical. The multiplier ranges from 1 to 31 and depends on the aforementioned time of publication. The more suspicious the proposed reorganization, the higher the multiplier. Thus a shadow chain would have to provide manifold more proof-of-work to be deemed canonical.
MESS does not make 51% attacks impossible as it is rather a probabilistic and not deterministic solution, but it makes them prohibitively expensive. This is one of the reasons why the community has discussed implementing it in conjunction with a checkpointing solution. Ardis said that although it is a possibility, there does not seem to be much benefit to this duplication:
“Though you can use them together, you may not have to use them together and may not even want to use them together.”
MESS has several advantages. The code base is compact and it will not require a hard fork to implement. The nodes that choose to run MESS will be compatible with the ones that do not. Any discordance will only come into play when and if another 51% attack happens, said Ardis:
“If there is a large attack, then the miners, the operators and the nodes who have activated MESS, we certainly hope, will successfully dissuade the attacker while those nodes that haven’t upgraded would move to the attacker’s chain.”
The assumption is that most of these attacks tend to be short-termed and opportunistic. Once the attacker leaves, the remaining honest miners will rejoin the canonical fork.
MESS appears to be a short to mid-term solution. Although Ardis believes than no chain is immune from a 51% attack, he agreed that the only viable protection is the network’s growth. One of the bets is on Ethereum (ETH) miners joining Ethereum Classic after the former migrates to the proof-of-stake consensus. Another is taking advantage of the compatibility between the two networks, which allows for a painless migration from a congested Ethereum to Ethereum Classic. Ardis said that now that they are done with this mess, the team can focus on developing new tools for ETC.
Things just got MESSy for potential Ethereum Classic 51% attackers
The developers of