Description

Long-range attacks against proof-of-stake blockchain protocols are those where an attacker creates a fork long back in history, over time manages to create a contending chain and challenges honest parties, especially those that join newly or after a long offline period, to choose between the honest and the adversarial chain.

The main tool touted to protect against long-range attacks is forward-secure signatures (FSS), whose signing keys evolve with time. In this talk, we will show a long-range attack even when FSS are employed. Furthermore, we will show the right method to employ FSS that can indeed protect against long-range attacks. Cold-storage devices that are used in staking and that need to employ FSS cannot effectively utilize FSS, since the keys hosted on them are usually "permanent" and are not easily allowed to evolve.

We will present a new, efficient construction of FSS that works well with cold-storage devices.