Topic: delete - page 7. (Read 113460 times)

in a poker game, the losers don't know they're drawing dead until all the cards are shown.  for them, the game is also afoot.

it doesn't mean they're any less dead, though.  

_noname_
The fork we've just seen is benign and intended, done by the dev team. But they have now installed an algorithm (KGW) that allows someone to build "a private" blockchain that has fake timestamps and manipulated difficulty. Next, attacker will release his own chain into "official" Auroracoin network, where it will cause another fork to happen, this time a fork that Auroracoin users will not like.

That's the theory, but possibly the devs have some aces in their sleeve.

ps. and the name of this thread is misleading, it should be, game's afoot!

A technological AND socio-economical thought experiment  

After 20 these highly educating pages filled with division, separation, accusation, misunderstanding, and mutual celebration of intellectual high points ... I dare to ask a question to the "two sides" of this fruitful thread:

Could you describe in which aspect "the other side" is right, and could convince you?

Easier: Where do you see common ground now?

@YarkoL

We are going in circles. Caption of this thread is that Auroracoin is forked. As if, it was done by the attacker. But it was a planned fork (announced since weeks). So that fork isn't caused by the attack. Then instead of accepting the mistake BCX talks about timewarp and everyone is circlejerking, ignoring that

1. His initial claim is false
2. Timewarp as well is only possible at the time of fork

The attacker causes a fork, having built a longer chain in isolation and then broadcasting blocks.

@Math

Thanks for trying to explain the problem. I quickly read through the links (I will revisit them). But don't you think an attack is only possible at the moment of fork and that too when attacker is extremely lucky. I noticed a huge jump in hashrate after the fork. To me it seems like an attack was attempted but it failed. Your thoughts?

WTT your 2 AUR 4 AUR coins for every 1 of my I0Coins.

It's a decentralized system.. nothing can both be automated and secure without some kind of peer agreement. 

There is certainly a vulnerability.. however it's not as easy to execute as some people here believe.  There's a window and a "catch the running train" situation that must be overcome.  

I'd be interested in the proof of actually pull off a successful execution.  (not being sarcastic.. i really do want to see it done, and data/proof published so we can all have a look)

So it's actually Peercoin centralized checkpointing?... I thought automatic would mean pretty much what markm said, written automatically after N blocks. Is that kind of system flawed?

Read code (and description) right here: https://github.com/HiroSatou/Hirocoin/commit/dd5b8bec94b0694b365a4dabe5eeb9b78d025b6d

Actually developed by Sunny King.

Einstein said keep things as simple as possible but no simpler.

By what consensus process is the choice of (automated) checkpoints decided?

Or is it nice and simple like each client writes itself a checkpoint each ten or six or whatever blocks?

(Too simple likely; just yelling at the operator if any fork becomes longer than X number of blocks might work just as well as such a simple approach.)

For "distressed nations relief" maybe just a DeVCoin clone would work for however many nations are "distressed", simply adding nations to the "receivers file" when they become "distressed" and removing them once their distress has been alleviated?

(The much vaunted "socioeconomic factors" touted as how national distress alleviation coins are to gain mucho value hopefully making such a clone far more valuable per coin than DeVCoin since DeVCoin is merely a free open source stuff funding coin not a massive international "nations in distress relief fund"...)

-MarkM-

I'd be interested in hearing your thoughts about Hiro's proposed fix i.e. automated checkpoints.

you sound like a bagholder.

May BCX and MARKM never find peace. May they have many ugly WAGs.

For the purported "security without work", yeah.

Simply making something innovative enough that merged mining pools will support it though will at least give you a predictable low tide mark for mining power thus let you set a starting difficulty high enough to minimise the chance of any "instamining" happening and if you convince the right pools your concept is good probably also enough to secure it against most "lets trash the newbie coin" attacks.

I0Coin and GRouPcoin are only on mmpool I think, yet even just mmpool gives them quite a hash rate compared to most non merged SHA256 coins.

Regarding specifically the modified time warp BCX mentions, (s)he admitted at least some, maybe most, of the merged mined SHA256 coins have enough hashing power to make them too powerful for hir to pull off the attack. I would expect that the exceptions include at least CoiLedCoin and GeistGeld, which are not on any public merged mining pools. Whether I0Coin and GRouPcoin, which are only on mmpool as far as I know, have enough hashing power did not seem totally clear to me. But in comparing their difficulties thus mining power bear in mind GRoupcoin's difficulty has to last 10 minutes on average between blocks whereas I0Coin's only has to target 1.5 minutes between blocks. I expect both CoiLedCoin and GeistGeld are trivially easy targets until they get on at least one public merged mining pool, as private merged miners are coasting along mining these at very very low difficulties thus evidently are not pouring much hashing power into them.

mmpool seems to be quite a low power pool though, as it goes hundreds of hours between findings of bitcoin blocks. Likely if there is any doubt whether just being on mmpool would suffice, I suspect there are far more powerful public merged mining pools that could instead or as well be approached.

I have noticed a lot of people creating hybrid PoS or pure PoS coins, have those been tested enough yet to determine whether they are actually secure? Especially the ones that do not rely upon a solidcoin system whereby one or more privileged nodes get to dictate checkpoints to the others? I do not know hence my personal lack of certainty so far as to which if any of the methods of securing a coin without relying upon proof of work actually are in fact secure.

Does anyone actually know or is everyone just blindly spamming out PPCoin clones / variants?

For something like Aurora, merged mining could be particularly suitable as giving 50% of the coins to miners might not be necessary; DeVCoin for example only gives 10% of the minted coins each block to the miners yet has quite high hashing power.

-MarkM-

LOL. Are you an alchemist from the 17th century? You do realize gold cannot be created from your urine, right? The only feasible way to make gold, and therefore exceed the natural "hard cap" on it, is through nuclear bombardment and beta-decay of other precious metals. This process would be insanely more expensive than what you would get out of it, and most of the gold you would get out of it would be radioactive   This is hilarious... So you think because more gold can still be minded it doesn't have a hard cap? So since bitcoin can still be minded it doesn't have a hard cap? Gold was formed during the earliest stages of the earth, and the majority of it and other precious metals sunk into the core. The current available supply of gold exists because of meteorites bombarding earth a long, long time ago- this "flung" gold out of the core of the earth and into accessible regions of the mantle. So, in theory there is another way to increase the accessible "hard cap"- just have to wait until the earth is completely screwed by a bunch of meteorites again... lol.

tl;dr there is no way to increase the amount of available gold i.e. it has a hard cap. once all the accessible gold is mined, there will be no other source- just like bitcoin...

The patch that you link to does nothing to solve the exploit in the KGW.  It does solve, however, a flaw in the linear difficulty re-targeting algorithms that were of common use prior to these past few months.  Bitcoin and Litecoin adjust difficulty in that manner.  For an understanding of what that patch fixes, read through the posts of the individual that wrote that patch.  ArtForz details the possible attack in the following thread: https://bitcointalksearch.org/topic/m.521772

I urge you to read through this (https://bitcointalksearch.org/topic/kimoto-gravity-well-simplier-alternative-505243)(https://bitcointalksearch.org/topic/m.5573196) thread and pay specific attention to the posts belonging to Nite69.  Although BCX never comfirms that Nite69 is on the right track in uncovering the KGW flaw, he is.  If after reading through the two linked threads you still do not understand the flaw, I would be more than happy to try and explain it in greater detail.  

Edit: Although the original link provides some information, the meat of the discussion is in the new link I provide.

Any coin that implements the KGW is vulnerable to a time warp attack, and the only thing that can stop such an attack would be to have significantly more power than the attacker.  Then again, there is no way of knowing how much, if any, power would be needed until such an attack is attempted.  Furthermore, miners that do not have multiple pool or solo mining backups are doing the users of the coin a disservice.  Pools can be brought down, thus reducing the amount of power an attacker needs to fork a chain.  

This exploit is real, and it is only a matter of time before someone takes advantage of everyone's false sense of security.  People can hate on BCX or MarkM all they want, but I would urge those people to understand what they are truly trying to say.  MarkM consistently harps on the idea of hashing power, and for good reason.  If a PoW, blockchain based coin is to be taken seriously and used daily by people around the world, the chain needs to be secure.  The chain can only be secured with hashing.  If a chain is not secure, a malicious individual will attack it.  That is the reality of this world.  Honestly, each and every developer and user of a coin that implements the KGW should be thanking BCX for bringing to light the time warp flaw.  

and yet your explanation of how to do it cointains lot's of "maybe"s, "if"s and "whatever"s and finally a "if any of them work".