I have a concern about the Burstcoin mining process and it possibly being susceptible to selfish mining attacks. I'm hoping that the dev, or someone more familiar with the mining process can alleviate my concerns.
Basically, my concern is that a miner might be able to artificially increase their hashrate by manipulating which transactions get included in a block. A malicious miner could find a block, but only include a set of specially created transactions such that it ensures (or at least increases the odds) they find the next block as well.
Am I missing something, or is this a real concern?
Unlike most coins that try to find a nonce where hashing the block contents meets a target, burst includes information proving an address is eligible to mine that block, and then signs it with that address. This allows us to lock down the numbers used in the calculations by only using information from previous blocks in the algorithm. The only information that is used is generation signature, block height, and the user who mined the last block, so the only manipulation possible is to choose not to mine a block you are able to. The generation signature is based on the same values from the block before it. Changing the transactions won't change anything, so that isn't a valid attack vector.
Ok, thanks for the explanation! I think I am getting a better understanding of how it all works.
However, this brings up another concern. Does this mean that the transactions themselves aren't encoded in the blockchain in any way? If that's the case, then it seems it would be trivial to perform double-spends. Sorry if this is a stupid question!
The transactions are in the block, and the block's transactions are part of the hash that is done while the miner is signing the block, it's just that the transactions don't affect whether that miner is eligible to mine that block.
Ah, ok good. So, the transactions are an input into the generation signature, which I think means that the transactions affect which miner is eligible to sign the
next block, correct?
If so, it seems a selfish mining attack is still possible, but rather complicated. A malicious miner could choose a transaction set which manipulates the generationSignature such that when they do find a block, they're also almost guaranteed to find the next block. I still feel like I must be missing something :/
Dev, can you comment on this?
generation signature is shabal256(lastblock.generationsignate concat lastblock.miner)
scoop is chosen with shabal256(generationsignature concat blockheight) modulous 4096
deadline is calculated shabal256(scoopcontents concat generationsignature) / basetarget
transactions are never factored into eligability.
OK, I think I finally get it now! Thanks for your patience and continued explanations. Please let me know if the following is correct:
There are two signatures:
- The blockSignature, which the account owner must sign. This signature signs the entire block, which includes the transaction hashes, as well as all other pertinent data.
- The generationSignature, which the account owner must also sign. This signature only signs the previous generationSignature as well as the block height and previous block's account address.
So, double spending is prevented by assuming that the same entity won't be able to mine more than a few blocks in a row. However, this is different than bitcoin which actually includes the transaction hashes in the generation signature. As a result, if the same entity does happen to mine multiple burstcoin blocks in a row, it is costless for them to modify the history of transactions by simply modifying the blockSignature. Of course, after 10 of so blocks, the odds of the same entity mining all blocks is very very low.
Also, as a corollary, it also seems that a burstcoin transaction with just 1 confirmation is much less secure than a bitcoin transaction with 1 confirmation. It's possible for a malicious miner to create multiple versions of a block, all which spend their burstcoin differently, and then broadcast each version of the block to different portions of the network. Of course, as soon as another block is found by a different entity, all but one malicious block will be dropped. Basically, it seems that 1 confirmation in burstcoin is analogous security-wise to zero confirmations in bitcoin.
Is my understanding correct now? Thanks again for your continued explanations! Assuming you confirm that I'm right, I think my understanding is now strong enough to confidently explain this all to others.
for the first share, everything works fine, and the following shares show the mentioned errors.