So, in the first part we dealt with what tempography is, and today we are going to try to talk about its dark side. At least let us begin.
Disclaimer: This text was contributed by co-founder of DAO Synergis. The views, thoughts, and opinions expressed in the article are the author's own and do not reflect the opinion of the editorial.
Zero-day is an extremely rare, complicated and expensive phenomenon in the world of hacking, but Zero-time is, in fact, a legal hack from the point of view of a system, into which a malicious hacker inserts, it is a way to stop it.
Why is this possible and how does it happen?
This is where Solana comes to our rescue, yes, that's right, which is known to operate in the style of old-school offline shops: with a lunch break. Because of the complex consensus (PoS+PoH+wrappers), block production can be stopped in a whole host of ways.
Then there is a restart and the validator system has to accept the external consensus already. But there is still a "but": for the whole period before the restart, the actual time in the network is zero.
What does it give?
First of all, a huge layer of advanced DDoS attacks. After all, what does DDoS actually do? That's right: it slows down, or better, stops, the network, the service, the application for an outside observer to attack the heart of the system - the server - in the meantime. In decentralized and distributed systems, the place of the server is taken by full nodes or similar elements, but it can also be taken by clients, if you add here one of the varieties of Sibylline attacks.
Zero time seems like a trifle... until it's about your money and systems have entered the multichain era. After all, how do you decide which branch of a stopped chain is truly valid? You can go and question validators of various sizes, hoping they're not colluding, which of course increases centralisation, or find an external regulator like a more robust pow-system, which is not so popular these days. Both solutions are not ideal.
What is scarier is that such attacks can be destructive: it is one thing for, say, encryption viruses that want to give you access to your files after payment, and another thing for viruses and killer worms that format the disk and then kill the boot-sector.
But not many people think about this nowadays: PoS is not a river of money, it's a torrent of mudslides. There is no time for reflection. Well, that's everyone's choice, but we're moving on.
For those who suffer - I recommend another study:
- IBC as a supplement to tendermint when hanging on ⅔;
- Polkadot node synchronizer;
- Other similar systems.
Ahead of time
Selfish mining is a mining strategy in which groups of miners conspire to increase their income, but let's look at this technique from a timing perspective: in fact, miners conspire not only to predict an event, but to trigger a chain of related events that forces that same event to occur.
This is not a fair game of anticipation. And this can be found in a number of other examples - especially noticeable in the example of front-running bots on the Ether network:
"Front-running is a game of anticipation. For example, if someone is about to buy a large amount of Etherium (ETH) on Uniswap, which could lead to a price increase, one way to make money would be to buy ETH just before making a large purchase with an immediate sale after the order is executed."
So time travel is not a fairy tale, but a true story. And a rather dangerous fable: in fact, the approaches described mean that a hacker with decent hardware and software (and, if you follow the logic of the reasoning to the end, a hacker with excellent social engineering skills) can do a lot in networks.
And especially PoS. Why?
Because all such networks focus on protection via stacking and possible sanctions to this pool of coins, but overlook many obvious points, such as user security and most importantly, low-level security (when the system is restarted, re-created and in such cases).
Max Pain time
Again Solana went over the top not so long ago and the "wall clock" actually ran away from network time by 30 minutes. So far everyone is turning a blind eye to these problems, but once again: Avalanche subchains, Cosmos hubs, Polkadot parachains have different but essentially similar synchronisation mechanisms. Which means? Which means - any delay in such synchronisation would mean:
Possible reduction in epoch rewards;
Possible problems in complex systems with many smart contracts;
Possible delays and reduced inter-network TPS score;
Other similar problems.
It should also be understood that in any system there is an allowable "stratification" time, i.e. the time variation that each node is willing to accept: somewhere, like in Bitcoin, it is as much as 2 hours, and somewhere it is only a few minutes (taking into account finalization).
Therefore, these anomalies will have to be considered next time and in more detail, but today I will focus on one more group to conclude.
"What? What is that anyway?" the incredulous reader will ask. But let me explain: the point is that in blockchains, the median (not even the everage) value for many metrics is extremely important. In Bitcoin, for example, a block tends to 10 minutes of "standard" offline time, while in Solana it tends to 0.4 sec.
Be that as it may, a Bitcoin block mined in 60 minutes or a Solana block mined in 2.5 sec is roughly the same problem for both systems, but 60*60 != 2.5 and hence the question of discreteness of time arises.
Let me remind you:
"Discrete is a process changing between several different stable states, e.g. the process of moving the second hand in a mechanical watch. Discrete systems (objects) are regarded as consisting of clearly delimited (logically or physically) elements; also discrete are sometimes called the elements of a discrete system. Discreteness is a universal property of matter".
We can go further: An analogue signal is a continuous signal with an infinite number of closely related data within a maximum, all of whose parameters are described by a time-dependent variable. A digital signal is a discrete signal described by a discrete time function, respectively at each point in time, the magnitude of the signal amplitude has a strictly defined value.
And the paradox of discrete-time decentralised and distributed systems is that, due to automation and possible time variations, such systems become more analogue than digital. Particularly when it comes to connectivity.
Here we find an important attack vector: the coupling of old attacks on third-party channels (which include timing attacks) and a new type of attack - by means of templating.
But all that is not about today. For now everything and see you in the metaverse!