This article is a response to a comment about using the Modified Exponential Subjective Scoring (MESS) system on Ethereum Classic (ETC), by Reddit user AusIV, on the Ethereum Classic sub-reddit.
Below I copied the comment and following it I wrote my response. I am posting it here on Etherplan to facilitate distribution, preserve the record, and raise visibility.
EDIT: This is the original MESS Ethereum Classic Improvement Proposal – ECIP-1100: https://ecips.ethereumclassic.org/ECIPs/ecip-1100
EDIT: Following my response below I added a basic explanation of what is Modified Exponential Subjective Scoring (MESS).
EDIT: On September 30th, 2020 I wrote a followup article with my final comments about MESS: Final Comments on the Implementation of MESS on Ethereum Classic.
AusIV’s Comment
That’s only true during an active attack, which would be prohibitively expensive to maintain for its own sake.
As we’ve been working on MESS, we’ve had two main concerns:
Prevent people from being able to execute cost effective doublespend attacks over extended periods of time.
Prevent people from being able to cheaply bifurcate the network in a way that the network won’t resolve itself after the attack ends.
Getting 51% of the ETC network costs about $16k an hour at the current hash rate. If you can pay that for an hour and split the network permanently, that’s obviously bad. If you can pay that for 12 hours and undo million dollar transactions, that’s obviously bad. Both of those have means that an attacker could plausibly profit significantly at the expense of others on the network.
It seems unlikely that someone is going to pay $16k an hour indefinitely just to make it so that people have a hard time figuring out which chain they should be on. When no active attack is occurring, people will still be able to permissionlessly enter and exit the network. If an active attack is happening, they may need to do a bit of research to find out what block they ought to whitelist to make sure they get on the right chain, but that’s a short lived scenario, and if they stand up a node and walk away they will end up on the right chain as a matter of course, unless you believe someone is going to spend thousands of dollars an hour indefinitely to maintain a network split.
My Response
The way you express yourself makes it seem you are part of the team working with Isaac and ETC Labs on MESS.
If so, let me tell you that you are missing the point, therefore have the wrong mindset. The security philosophy and assumptions implicit in your comments are extremely naive (and unprofessional from a computer science systems security perspective) especially in the context of highly secure blockchains.
OF COURSE when there is no attack any system will work fine. It doesn’t matter whether it is proof of work, proof of stake, or plain old byzantine consensus vulnerable, distributed computing systems, for that matter.
If what you are saying is that when there is an actual attack, then that is precisely the moment network participants would need “to do a bit of research”, i.e. use a friend, block explorer, website, a trusted computing base, or any other sort of trusted third party, then your are implicitly debasing proof of work and making it useless, therefore redundant.
Why doesn’t Bitcoin or Ethereum Classic have a few friendly laptops doing “research”, or some block explorers, acting as beacons or oracles, just announcing what is the honest chain every 15 seconds? That would be much cheaper than burning millions in electricity to build blocks, and diluting the monetary base to pay them!
Once you establish proof of work is redundant, which is what “weak subjectivity” does, it is absolutely insane to inflate the monetary base and holdings of ETC users and investors by printing ~6,700,000 ETC a year (current era) just to pay miners for nothing useful.
Or, you can redirect that money to pay validators in a proof of stake system, for that matter. But, why would you pay stakers if everyone can do “a bit of research” and know exactly where the head of the chain is anyway?
In other words, it doesn’t make ANY SENSE to add a gadget to proof of work that eliminates the most proof of work (longest chain) rule. And makes it extremely insecure, just like plain old traditional fiat or distributed systems.
—
As to the naive “who will incur in such cost to attack ETC with MESS?” argument; first, it is not enough, from a security standpoint, to impose an additional cost to merely reduce attack intensity or frequency, at the expense of debasing the entire security model of proof of work based Nakamoto consensus; second, splits or network partitions don’t happen only when miners reorg the chain with sheer hash power to do basic double spends.
There are all sort of partition and delay attacks possible in proof of work blockchains at the internet infrastructure level. They can even happen spontaneously, with no malicious intent. And, the only way to ensure that all nodes go back to a unified chain (without doing “a bit of research”) is by using the most proof of work chain (longest chain) rule. Not checking with friends or doing an online consensus convention on Zoom!!
Also, it is not only a regression to old insecure systems to add a MESS gadget to ETC, but extremely naive (and unprofessional) to assume that node operators can count with trusted friends or computing bases to inform them which is the longest chain at any time.
At present time there are entire engineering teams designing and testing shortwave HAM radio Bitcoin nodes to actually BYPASS THE ENTIRE INTERNET ALTOGETHER to prevent base infrastructure partition attacks through ISPs, which typically overlap with national boundaries. One such hypothesis seeks to bypass the Chinese Great Firewall to minimize the case of nation state attacks.
It is extremely naive to think that all miners and node operators live in Western countries in Europe or North America, have free speech and legal protections, and a sufficiently secure environment to join from scratch, or get in and out of the network easily by consulting trusted external sources.
ETC has to work seamlessly anywhere in the world regardless of political and security conditions. Think of China, North Korea, Cuba, Venezuela, Iran, or any other authoritarian environment, not San Francisco, Toronto, London, or Berlin.
For this, the ONLY STRATEGY possible is for the system to be INTERNALLY SECURE WITH NO EXTERNAL AIDS, and the only proven method for that is proof of work.
Bitcoin and ETC were designed with a military grade, maximum security mindset and philosophy, this is why they need to be secure in ANY AND ALL conditions, even nuclear wars.
What Is Modified Exponential Subjective Scoring (MESS) and Why It Is a Bad Idea
MESS basically adds a “score”, called gravity, requirement for any parallel reorg chain incoming to the network. This means that for all nodes present in the network, when they see an incoming reorg, they will compare it to the present chain from the point of the split, and arbitrarily demand an additional quantity of work to the incoming reorg chain. This “gravity” quantity is negligible in the first few blocks of reorgs (this is why mini forks/reorgs can happen in the short term) but increases exponentially as more blocks are reorganized. This is why it becomes very costly (exponentially) for attackers to reorg many blocks, as opposed to very cheap (linearly) without MESS.
However, during an attack, new nodes joining or nodes that were disconnected for a long time, don’t know where the split happened, they only see two chains, one heavier and one lighter, and will follow the heavier one, while the other nodes who were present before will reject the new heavier reorg due to MESS. This makes it impossible for new nodes to know what the hell is happening!
Even worse, in the case of partition or delay attacks on ETC (the separation of the global chain into regions due to internet infrastructure attacks — e.g. ISPs or nation states separating the network by disconnecting their internet message pathways across national or regional borders) say, a 10,000 block split in the global network, both sides would be “honest”, and, if both sides have MESS, then both sides will persistently reject the other side when they meet again because they will each interpret that the other side is a long range attacker.
The above scenarios would not happen with plain proof of work based Nakamoto consensus, as all nodes and miners would just drop the lighter chain and always use the heavier chain (or most proof of work chain, or longest chain, whichever way the rule is named).
Code Is Law