This stuff ain't just theoretical; CSW's attempted "I'll mine a lot on BCH to get everyone else to hop off as it's unprofitable, and that way take over the chain" spiel was arguably partially a discouragement attack.

— Vitalik Non-giver of Ether (@VitalikButerin) December 18, 2018

**-**A majority attack is a discouragement attack where the attacker controls a majority of the validators.

**-**A minority attack is a discouragement attack where the attacker controls a minority of the validators.

(1) - As we saw in the introduction, majority attacks have the potential to bring down blockchains -- since the attacker controls a majority of the validators, she has the power to censor messages coming from other validators, reducing their rewards to zero.

(2) - This results in honest validators being discouraged from participating (hence the term discouragement attack). Eventually they drop out, giving the attacker even more control over the chain.

(3) - We introduced the term reward distribution function to refer to the function that determines the reward received by (visibly) signing validators.

(4) - The chain we analyzed in the introduction had a reward distribution function of \frac{R}{N}. This resulted in its griefing factor being unbounded, in other words \infty.

(5) - By changing the reward distribution function to \frac{R}{N} \times \frac{M}{N} -- in other words by tying each individual validator's reward to the total number of validators seen signing -- we can bound the griefing factor between 2 and 3.

In the paragraphs below, you'll see some green numbers. Drag them with your mouse to adjust them. The consequences of your adjustments will be reflected in the graphs and blue numbers below.

B = \frac{R}{N} \times \frac{M}{N} = \frac{200}{100} \times \frac{100}{100} = 2 \times 1 = 2 coins each round.

Group 1: Validators controlled by the attacker When k validators have been censored, the reward for all online (visibly signing) validators -- including the attacker's -- falls to A = \frac{R}{N} \times \frac{N-k}{N}= 1.5 coins. This means the attacker's loss per validator per round is B - A = 0.5 coins. And since she controls C = \frac{N}{2} validators, her total loss is L1 = C \times (B-A) = 25 coins.

Group 2: Validators censored by the attacker Since they aren't seen signing, validators in this group have their reward cut to A' = 0 coins. This means the loss per validator per round in this group is B - A' = 2 coins. And since there are C' = k = 25 validators in this group, their total loss is L2 = C' \times (B - A') = 50 coins.

Group 3: Remaining uncensored validators We've seen that the reward for all online (visibly signing) validators -- i.e all validators in this group -- falls to A = \frac{R}{N} \times \frac{N-k}{N}= 1.5 coins. So, as with group 1, the loss per validator per round in this group is B - A = 0.5 coins . And since there are C'' = \frac{N}{2} - k = 25 validators in this group, their total loss is L3 = C'' \times (B-A) = 12.5 coins.

Now that we've calculated the losses to all groups involved, the griefing factor basically falls out. We've seen that the attacker loses L1 and the other participants lose L2 + L3.

Since the griefing factor of an attack is defined as the losses to the other participants (groups 2 and 3) divided by the losses to the attacker (group 1), the griefing factor is simply equal to \frac{L2 + L3}{L1} = 2.50.

In the paragraph below, you'll see a green number. Drag it with your mouse to adjust it. The consequences of your adjustments will be reflected immediately in the graphs and blue numbers below.