Casper Censorship Attack

A serious risk for any consensus protocol is the formation of a coalition that wants to maximize member profits at the expense of non-members. A Casper censorship attack could occur if 34% or more of validators refused to finalize blocks that contain transactions they want to stop, but the chain otherwise kept going and blocks continued to be finalized. A majority can censor blocks created by honest nodes who include these valid transactions.

Ethereum PoW miners currently play a “zero-sum” game where, if a miner’s block is censored/gets lost, then every one of the competing miners benefits accordingly. Casper organically resists censorship by shifting the network to a “coordination game” where everyone benefits if all of the blocks that validators bet on are included on the chain. Even so, there must be censorship-resistance protocols because the Ethereum blockchain, by itself, cannot determine which of these events actually happened:

“User A tried to send transaction X but it was unfairly censored”
“User A tried to send transaction X but it never got in because the transaction fee was insufficient”
“User A never tried to send transaction X at all”

A majority coalition could censor non-members to increase its share of transaction fees, or bribe nodes to exclude transactions crediting or debiting certain addresses. But Casper detects and flags deviations, and then withholds transaction fees and forfeits validator deposits accordingly. Revenue gains made from betting correctly on blocks is superlinear because Casper establishes a cooperative consensus process whereby nodes are most profitable when they try to create a block in protocol-prescribed order.

Mild Censorship Attack

A mild censorship attack could be expected to interfere with a few specific applications and perhaps open a single Raiden-style shard to theft. The Bitcoin lightning network has a similar vulnerability.

Strong Censorship Attack

A strong censorship attack might block all transactions. There are two types of possible strong attack:

1. Attacker gains control of 34-67% of the stake, then programs compromised validators to refuse to finalize or build on blocks that they subjectively believe are clearly censoring transactions, thus becoming more of a liveness attack.
2. Attacker gains control of more than 67% of the stake, and then can block any transactions they wish to block and refuse to build on any blocks that do contain such transactions.

There are two lines of defense against a strong attack:

1. Ethereum is Turing-complete and, therefore, somewhat resistant to censorship. Protocol features can be added to Casper where transactions will automatically schedule future events, making it extremely difficult to try to foresee the result of executed scheduled events and the events resulting from those scheduled events, diluting the strong censorship attacker to below 33%.

2. “Active fork choice rule” is a strong censorship attack solution where part of a validator node’s process for determining whether or not a given chain is valid is trying to interact with it and verifying that it is not trying to censor the node. The node repeatedly sends a transaction scheduling an ether deposit and then cancel the deposit at the last moment. If many nodes detect censorship, and then follows through with deposit, thus temporarily joining the validator pool en masse, they would dilute attacker below 33%. If a validator cartel then censored the deposit attempts, the nodes running the “active fork choice rule” reject the chain, thus collapsing the censorship attack into liveness denial attack which could be resolved through same means as other liveness denial attacks.