Once a stakeholder has moved on (sold their ada, lost interest, or simply stopped running their wallet), their old signing keys lose value to them. A posterior corruption attack collects those dormant keys cheaply and uses them to forge an alternate history in which those past stakeholders re-cast blocks they never actually produced.
Cardano blocks the attack with key-evolving signatures: as the protocol advances through KES periods (about 1.5 days each, 129,600 slots), a stake pool evolves its signing key and erases the previous key state. An attacker who later buys an old key cannot use it to sign historic blocks, because the key that signed those past periods no longer exists.
Explore next
- Proof-of-Stake AttacksThe set of known attack categories against proof-of-stake blockchains and how Cardano's Ouroboros family defends against each.View term
- Proof of StakeA consensus mechanism where validators are selected to create blocks based on the amount of cryptocurrency they hold and stake (commit) to the network.View term
- Long-Range AttackAn attack that tries to rewrite long stretches of blockchain history by building a competing chain from far back in the past.View term
- Bribery AttackAn external attacker pays validators to deviate from the protocol, for example by signing conflicting blocks or handing over dormant keys.View term
- KESKey Evolving Signatures. Block-signing keys that move forward in time to limit the damage of a key compromise.View term