Pages:
Author

Topic: Cleanup: I'll attack some coins - I owned APEXcoin for 90 blocks (Read 17295 times)

legendary
Activity: 1512
Merit: 1004
Looks like Argon18 has taken his outraged sense of justice somewhere else.

Anyone else worrying about cynicSOBs reward for his work.....don't.
NXT has always been happy to pay up for solid information on exploits, and we're giving cynicSOB a free run on NXT Testnet, which is identical to Mainnet, but a much smaller sandbox environment...and TestNXT instead of the real thing.

Like most NXT projects, we'll talk/argue a lot and finally agree something after a vote or three, and if cynicSOBs work checks out, he'll get bountied.  
Any result?
hero member
Activity: 854
Merit: 1001
Looks like Argon18 has taken his outraged sense of justice somewhere else.

Anyone else worrying about cynicSOBs reward for his work.....don't.
NXT has always been happy to pay up for solid information on exploits, and we're giving cynicSOB a free run on NXT Testnet, which is identical to Mainnet, but a much smaller sandbox environment...and TestNXT instead of the real thing.

Like most NXT projects, we'll talk/argue a lot and finally agree something after a vote or three, and if cynicSOBs work checks out, he'll get bountied.  
hero member
Activity: 644
Merit: 500

Don't trust just words , but what he did to apex was proof it can be done.


WTF apex has to do with Nxt? After Apex attack,  nxt users asked him to demonstrate the attack on Nxt. He has not yet demonstrated the attack, not even on testnet, that has fewer nodes. It's been a month.

full member
Activity: 182
Merit: 123
"PLEASE SCULPT YOUR SHIT BEFORE THROWING. Thank U"
lots of people complain about the quantity of coins and how the forum is flooded... some proposed ideas to clean it up....
I'll show you how it's done - I'll start attacking weak coins accelerating their death

just wait and see the results, I'll soon show the first victim. Let's start with PoS coins: some people think you need 51% of the supply but this is bs, you need only a very little % if you just want to do a single double spend.

the point of this thread is to see how people react to this: I won't steal from anyone, but some may lose "money".

Some questions:

1. is this a good idea?
2. would you donate so I can attack more POS coins? (maybe spare some coins you are bagholding)
3. would you pay to know the time of the attack and the victim in advance?
4. would you pay for "double spend as a service" (in this case you decide coin and the timing of the attack)?
5. is this legal?
6. do you think someone would pay to have me killed?

go!

update: apexcoin attack successful with 0,07% of available supply

so cool! I love it! I will try to find more time to read the topic, but I wish you fun... I hope those under attacks will be able to develop some counter measures, it will make the "game" more interesting... pow next?
legendary
Activity: 826
Merit: 1002
amarha

Regarding the double spend every 30hs, I have given all the technical details (which were never a secret, that's just how POW and POS work), so you'll have to admit it's possible: the only problem is acquiring the forging weight (be it leasing or buying/scamming/stealing/whatever).

Is this any different from the stuff outlined in Kushti's paper? Or is this different?
member
Activity: 106
Merit: 10
yes, sometimes I'm a cynical SOB
No, my approach does not require much extra computation.
Could you please point me to some literature on the well-known trade-off? I've read some things about that, but they seemed unpractical. I'd like to know if we're talking about the same thing.

By its very definition activated "Economic clustering" can't open new attack vectors in technical domain. Socioengineering attacks - yes, political attacks - maybe, but technical ones - unbelievable.
Is there a clear definition of how will "Economic clustering" be implemented? if you have a new consensus algorithm, there will be new strengths and new flaws. I'd rather not go into deeper discussion of something that is still not defined.


All this stuff is not systematized and I, unfortunatelly, don't have links ready.

Anyway, my approach does not rely on heavy computation, and it also has the potential of more than a 200% increase: no asymptotes here.


Regarding the double spend every 30hs, I have given all the technical details (which were never a secret, that's just how POW and POS work), so you'll have to admit it's possible: the only problem is acquiring the forging weight (be it leasing or buying/scamming/stealing/whatever).

edit: well, not the ONLY problem, you have to be able to forge a private chain, calculate the probability of actually double spending and have the ability to make the transaction that you want to reverse, still, it's possible.
legendary
Activity: 2142
Merit: 1010
Newbie
No, my approach does not require much extra computation.
Could you please point me to some literature on the well-known trade-off? I've read some things about that, but they seemed unpractical. I'd like to know if we're talking about the same thing.

By its very definition activated "Economic clustering" can't open new attack vectors in technical domain. Socioengineering attacks - yes, political attacks - maybe, but technical ones - unbelievable.
Is there a clear definition of how will "Economic clustering" be implemented? if you have a new consensus algorithm, there will be new strengths and new flaws. I'd rather not go into deeper discussion of something that is still not defined.


All this stuff is not systematized and I, unfortunatelly, don't have links ready.
member
Activity: 106
Merit: 10
yes, sometimes I'm a cynical SOB
I can exploit how NXT works so I will forge more often than I should. I could make 1M NXT forge as often as 2M should.

This is a well-known stake vs computations trade-off. Effective stake asymptotically approaches 200% if burned electricity approaches infinity.

No, my approach does not require much extra computation.
Could you please point me to some literature on the well-known trade-off? I've read some things about that, but they seemed unpractical. I'd like to know if we're talking about the same thing.

By its very definition activated "Economic clustering" can't open new attack vectors in technical domain. Socioengineering attacks - yes, political attacks - maybe, but technical ones - unbelievable.
Is there a clear definition of how will "Economic clustering" be implemented? if you have a new consensus algorithm, there will be new strengths and new flaws. I'd rather not go into deeper discussion of something that is still not defined.
G2M
sr. member
Activity: 280
Merit: 250
Activity: 616
Curious, is the number of computations capped in the network, or potentially infinite as well? Can multiple stakers compete for this 200%?

If multiple stakers compete for 200% then the quotient is lowered from 200% to, say, 180%. If all the stakers compete then it's back to 100%.

Hm, do they obtain 200% of their own stake relative to the network, or is the result a higher net subsidy created overall?

No subsidy in NXT, only fees. So it's not as big of a problem as it would be if there were block rewards that inflated the supply.

So, no incentive to perform this attack at all, other than temporarily centralizing it for the cost of power, or potential motivated destruction?

I suppose the solution toward removing it as a MAD attack vector, would be to introduce a subsidy.
legendary
Activity: 826
Merit: 1002
amarha
Curious, is the number of computations capped in the network, or potentially infinite as well? Can multiple stakers compete for this 200%?

If multiple stakers compete for 200% then the quotient is lowered from 200% to, say, 180%. If all the stakers compete then it's back to 100%.

Hm, do they obtain 200% of their own stake relative to the network, or is the result a higher net subsidy created overall?

No subsidy in NXT, only fees. So it's not as big of a problem as it would be if there were block rewards that inflated the supply.
legendary
Activity: 2142
Merit: 1010
Newbie
Hm, do they obtain 200% of their own stake relative to the network, or is the result a higher net subsidy created overall?

They just forge blocks 2 times more often.
G2M
sr. member
Activity: 280
Merit: 250
Activity: 616
Curious, is the number of computations capped in the network, or potentially infinite as well? Can multiple stakers compete for this 200%?

If multiple stakers compete for 200% then the quotient is lowered from 200% to, say, 180%. If all the stakers compete then it's back to 100%.

Hm, do they obtain 200% of their own stake relative to the network, or is the result a higher net subsidy created overall?
legendary
Activity: 2142
Merit: 1010
Newbie
Curious, is the number of computations capped in the network, or potentially infinite as well? Can multiple stakers compete for this 200%?

If multiple stakers compete for 200% then the quotient is lowered from 200% to, say, 180%. If all the stakers compete then it's back to 100%.
legendary
Activity: 2142
Merit: 1010
Newbie
Bad news is it cannot be really completely fixed. Some say "transparent forging" or "economic clustering" can fix this, but I say they can't because they would open new attack vectors.

By its very definition activated "Economic clustering" can't open new attack vectors in technical domain. Socioengineering attacks - yes, political attacks - maybe, but technical ones - unbelievable.
G2M
sr. member
Activity: 280
Merit: 250
Activity: 616
I can exploit how NXT works so I will forge more often than I should. I could make 1M NXT forge as often as 2M should.

This is a well-known stake vs computations trade-off. Effective stake asymptotically approaches 200% if burned electricity approaches infinity.

Curious, is the number of computations capped in the network, or potentially infinite as well? Can multiple stakers compete for this 200%?
legendary
Activity: 2142
Merit: 1010
Newbie
I can exploit how NXT works so I will forge more often than I should. I could make 1M NXT forge as often as 2M should.

This is a well-known stake vs computations trade-off. Effective stake asymptotically approaches 200% if burned electricity approaches infinity.
legendary
Activity: 2548
Merit: 1054
CPU Web Mining 🕸️ on webmining.io
This thread is an example of someone who thinks they understand something a lot more than they actually do
member
Activity: 106
Merit: 10
yes, sometimes I'm a cynical SOB
with 10 confirms, the chance of a person with 20% staking power forging 10 consecutive blocks would be (0.2)^10 would take over a million blocks to happen.

Not (0.2)^10. Look at bitcoin's original paper: if I mine my own private chain the chances are much higher.
20% with 11 confirms gives a probability of 0.1%
So, 1 in 1000.
1000 NXT blocks is about 10hs one double spend every 10 hs
EDIT: 1000 NXT blocks is about 30hs, one double spend every 30 hs

I'm not asking to be paid in advance: we haven't discussed the terms yet (escrow or not? show code to everyone or just devs? etc), I just want to know how much would I get so I can decide if it's worth the effort or not.

There are two different attacks, that might or might not be combined.

1) Double spending with only small % of the supply

This is a private chain attack. This is by design and it applies to all POS implementations.
I've read some people say that NXTs are like simulated POW mining rigs. The analogy works for many situations so think of it like this: coins that are not forging are like mining rigs that are not powered on - useless. So the total network hashrate that I need to beat it not the total supply: it's only the total amount of coins that is actively forging at the specific time of the attack.
Now if NXT coins work like simulated POW miners you can read Satoshi's original Bitcoin paper and see how to calculate the probability of a double spend with only a few % of the network's hashrate. That % of the network's hashrate translates to a % of the actively forging coins (NOT THE TOTAL SUPPLY).
Good news is this can be mitigated by waiting for more confirmations. Bad news is it cannot be really completely fixed. Some say "transparent forging" or "economic clustering" can fix this, but I say they can't because they would open new attack vectors.

I can demonstrate this With 2M testnet (can be leased) or 50M mainnet (can be leased too), but I need to modify the client first.

2) Staking weight inflation

I can exploit how NXT works so I will forge more often than I should. I could make 1M NXT forge as often as 2M should. This might allow a 51% attack with only 25%.
I can demonstrate this against others in testnet: make an account with 206K and have it forge. My 206K account with my secret sauce will forge more blocks in the same time (we should let it run for a few days to make sure there is an edge and it's not just luck). I still need to modify the client first and until I test it in practice I don't know exactly how much will the advantage be. Estimations are that I can double my weight.
This can be fixed, and I would give the code used to attack and the idea on how to fix it.
hero member
Activity: 574
Merit: 500
The desperation is palpable...  Roll Eyes

Come on Cynic, prove your theories and let us pay you for them  Cheesy
legendary
Activity: 1225
Merit: 1000
want to pull more words from a dictionary.

Yes!

Welcher = someone who refuses to pay his or her debts after a bet
Pages:
Jump to: