Introducing Ouroboros Phalanx – breaking the economics of grinding attacks
Phalanx aims to enhance Ouroboros with stronger randomness generation, preventing grinding attacks and delivering faster, more reliable transaction settlement
22 October 2025 9 分で読めます
Summary:
- Ouroboros Phalanx strengthens Cardano’s consensus foundation by addressing a subtle but important vulnerability in randomness generation known as grinding attacks
- By introducing verifiable delay functions (VDFs) and extending how randomness is built across epochs, Phalanx makes such attacks exponentially more costly and practically infeasible
- This upgrade not only enhances security but also improves performance, reducing transaction settlement times by up to 30%
- Built as an extension of Ouroboros Praos, Phalanx aims to maintain full compatibility with existing systems while preparing the network for future scalability improvements like Peras.
Ouroboros Praos uses verifiable random functions (VRFs) to fairly select slot leaders for adding blocks. This ensures security, fairness, and decentralization. However, as outlined in (CPS) 0021: Ouroboros Randomness Manipulation, randomness generation carries a potential weakness. Adversaries with a large stake could try ‘grinding attacks’ to bias the randomness, giving them unfair control over leader selection and potentially causing transaction delays and network disruptions.
Ouroboros Phalanx tackles this by extending the randomness process over two epochs and adding a resource-intensive step using verifiable delay functions (VDFs). Drawing from the eponymous ancient Greek military formation, where soldiers formed a tightly organized wall, Phalanx raises the effort needed for attacks while keeping things straightforward for regular participants. It not only addresses CPS-0021 but also helps improve transaction settlement speeds through more reliable randomness.
Phalanx belongs to the broader Ouroboros family of consensus protocols that power Cardano’s proof-of-stake system. Ouroboros began with the original Classic and Praos designs, which established secure and energy-efficient block production. Later iterations, such as Genesis, Peras, and Leios, aim to extend Ouroboros to support features like dynamic availability, scalability, and higher throughput. Phalanx builds directly on Praos, strengthening its randomness mechanism to make Cardano even more resilient to manipulation as the network scales.
In this overview, we'll cover the key issues in Praos, how Phalanx works, its use of VDFs, and the benefits it brings.
The challenge: grinding attacks in Ouroboros Praos
In Praos, VRFs from stake pools create the randomness (called η) that selects slot leaders, and stabilizes after a set number of slots. This randomness decides who leads each slot. However, adversaries controlling a significant stake – such as over 20% (approximately 4.36bn ada as of March 2025) – may encounter opportunities to perform ‘grinding’ attacks, where they test multiple possibilities to bias the outcome in their favor. These opportunities depend on a probabilistic chance factor, or ‘luck’, but relying on such unpredictability for the system's security is not desirable.
The supporting analysis models different attack levels, from simple (‘ant glance’) to advanced (‘owl survey’), based on grinding depth (ρ):
| Feasibility category | Ant glance | Ant patrol | Owl stare | Owl survey |
| Trivial for any adversary | 0→53.6 | 0→32.9 | 0→31.6 | 0→31.1 |
| Feasible with standard resources | 53.6→60 | 32.9→39.5 | 31.6→38.3 | 31.1→37.8 |
| Large-scale infrastructure required | 60→69.7 | 39.5→49.5 | 38.3→48.2 | 37.8→47.7 |
| Borderline infeasible | 69.7→79.4 | 49.5→59.5 | 48.2→58.2 | 47.7→57.7 |
| Infeasible | 79.4→256 | 59.5→256 | 58.2→256 | 57.7→256 |
Attack costs vary from as little as $56 for basic attempts to up to $3.1bn for large-scale efforts. At higher grinding depths, such as ρ=57.7 – which allows an attacker to try approximately 2^{57.7} different random slot distributions – adversaries can amplify the probability of rare adverse events, resulting in longer wait times for secure transaction confirmations to preserve the network's safety levels.
How Phalanx works: key updates to Praos
Phalanx adjusts the timing of stake and randomness stabilization by one epoch back and introduces a parallel ‘ϕ stream’ alongside the existing ‘η stream’. The ϕ stream uses a special function (Φ) based on VDFs to build randomness step-by-step over 120 intervals in a 5-day epoch.
Main changes:
- Stake and randomness timing: based on data from three epochs ago (instead of two), giving more time for secure processing
- Initial randomness step: a pre-randomness value stabilizes, then gets processed through Φ over a defined period
- ϕ stream process: starts with the pre-value, updates per slot, and incorporates verified contributions from leaders
- Final randomness: combines the processed outputs to create the secure η for leader election.
The system flows through stages: setup, a grace period to start, main computation (82 intervals), and a recovery phase (up to 37 intervals) to handle disruptions like network outages.
Using Wesolowski's VDF in Phalanx
Phalanx employs Wesolowski's VDF for consistent results, quick checks, and guaranteed effort. It sets up a mathematical group based on security settings and the pre-randomness. Each interval computes a value through repeated operations, with an easy-to-verify proof.
Aggregation tools combine all contributions into one verifiable proof, making network syncing efficient.
Suggested settings:
- Security levels balanced for long-term safety and practicality (eg, large enough numbers to resist attacks)
- Total effort around 12 hours on standard hardware, split into manageable 10-minute tasks per interval.
Performance:
- Creating a block: about 22.6 seconds for key computations
- Checking: around 15 milliseconds per proof; aggregation speeds up overall verification.
Gains in security and performance
Phalanx increases the time and resources needed for grinding by adding the VDF cost. For a moderate setup (two hours total effort), attack costs rise dramatically (10^{10.2} times), changing feasibility:
| Feasibility category | Phalanx (moderate - ant glance) | Higher effort | Maximum effort |
| Trivial | 0→19.6 | 0→16.3 | 0→13.0 |
| Feasible | 19.6→26.3 | 16.3→23.0 | 13.0→19.6 |
| Infrastructure required | 26.3→36.2 | 23.0→32.9 | 19.6→29.6 |
| Borderline infeasible | 36.2→46.2 | 32.9→42.9 | 29.6→39.5 |
| Infeasible | 46.2→256 | 42.9→256 | 39.5→256 |
This reduces the range of easy attack opportunities by 37-76%. For settlements, it shortens confirmation waits by approximately 20-30% while maintaining equivalent safety levels.
Integration and next steps
Phalanx complements other upgrades like Peras for quicker finality. It is currently in the innovation phase of the Ouroboros development pipeline – its protocol design and security analysis have been completed, and the proposal is undergoing technical validation. The next stage will involve implementation and integration into node software, followed by testnet trials and eventual mainnet deployment through a hard fork. Community governance will oversee configuration and rollout decisions, ensuring transparency and alignment with Cardano’s long-term roadmap.
To learn more, check out the Ouroboros Phalanx repo and dive in!
最新の記事
Introducing Ouroboros Phalanx – breaking the economics of grinding attacks 筆者: Kris Bennett
22 October 2025
レベルアップしたCardanoのスマートコントラクト検証で、かつてない恒常的な安全性を実現 筆者: Romain Soulat
14 October 2025
Input | Output Researchがコミュニティに年度中間研究報告へのフィードバックを呼びかけ 筆者: Fergie Miller
29 August 2025