Pages:
Author

Topic: delete - page 32. (Read 165538 times)

sr. member
Activity: 462
Merit: 250
October 06, 2014, 06:31:18 AM
If we increase the total hash power, will that elongate the judgement day?

More honest hash power is always more secure for any coin. Beyond that everything is a matter of guesswork.

Is this the reason why the hash rate is so high compared to the price?
hero member
Activity: 714
Merit: 504
October 06, 2014, 06:27:39 AM
I said 22 days for it to come through, this is day 11.

ETA is Oct. 12, 5 days from now.

That's not long... I'll be happy when this saga is behind us. For better or worse.

(If worse I'll be a little more angry than happy...but so be it)

Yeh.... Until 22 days passes with nothing happening and BCX and TFM decide to change the goalposts yet again: "Oh, sorry everyone - just made a new calculation and it transpires the attack won't materialise for another 6 months..."

Wake up people. This is a psychological attack not a technical one.
legendary
Activity: 2968
Merit: 1198
October 06, 2014, 06:21:03 AM
If we increase the total hash power, will that elongate the judgement day?

More honest hash power is always more secure for any coin. Beyond that everything is a matter of guesswork.

sr. member
Activity: 462
Merit: 250
October 06, 2014, 06:19:24 AM
If we increase the total hash power, will that elongate the judgement day?
member
Activity: 84
Merit: 10
October 06, 2014, 06:12:03 AM
I said 22 days for it to come through, this is day 11.

ETA is Oct. 12, 5 days from now.

That's not long... I'll be happy when this saga is behind us. For better or worse.

(If worse I'll be a little more angry than happy...but so be it)
legendary
Activity: 2968
Merit: 1198
October 06, 2014, 06:10:05 AM
As far as I know the only time wrap exploit that has ever been clearly identified and described is the original off-by-one bug identified by ArtForz in BTC and its clones.

Evan claims a KGW exploit was deployed against DRK.

I see no evidence that anyone on that thread has any idea what they are talking about with the possible exception of Cryddit. Nevertheless KGW looks like kind of a train wreck to me, and probably DGW too (but I haven't really looked that closely).

Quote
Clearly you see now the potential problem in Cryptonote with the 20% discard rule. It enables the secret chain to hide a bunch of blocks without causing a rise in difficulty.

No, it isn't clear. You can't really hide any blocks just by making them outliers because the outliers starting at the most recent end of the adjustment window (for example if you timestamped into the future) still have to slide through the middle before exiting the window on the other end. So you can only defer them from contributing to the adjustment for a little while, but eventually they do get counted (similar in effect to a window-based adjustment like Bitcoin).  The outliers at the farthest-in-the-past end might be able to slide off without ever being counted, but even if you could figure out how to drop blocks there right away, that would only increase difficulty, not decrease it. There still might be a flaw, but we have to do better than that to graduate from FUD.

Quote
Thus the secret chain can end up the longest chain without needing 50% of the hashrate.

This can never happen because the chain length is sum of difficulty not block count, although with some probability you might have a slightly lower hash rate and still get lucky and win more than half of the (weighted) blocks, as usual.

newbie
Activity: 42
Merit: 0
October 06, 2014, 06:07:00 AM
I said 22 days for it to come through, this is day 11.

ETA is Oct. 12, 5 days from now.
sgk
legendary
Activity: 1470
Merit: 1002
!! HODL !!
October 06, 2014, 05:52:21 AM
When I look at numerous Monero threads on forum, all hailing this greatest masterpiece coin, one of Seth Godin's post always comes to my mind:

Quote
You're right, they're wrong, but they won

Why is that? Is the world so unfair?

Actually, it might be because the other guys took the time and invested the effort to build a movement. They showed up, every time, again and again. They never contemplated that they might lose, even though they're wrong, sub-par or not as good as you are. Their operating system, corporate structure, political ideas or economic approach won.

Perhaps they told a story that resonated, one that resonated not with the better angels of our nature, but with our urgent desires. And most probably, they built a tribe, not one in their image, but in the image (and dreams) of those that wanted to belong.

But mostly, it's because they were prepared to spend a decade (or two or three) to change the culture of their part of the world in the direction that mattered to them.

http://sethgodin.typepad.com/seths_blog/2014/10/youre-right-theyre-wrong-but-they-won.html
newbie
Activity: 42
Merit: 0
October 06, 2014, 05:30:25 AM
As far as I know the only time wrap exploit that has ever been clearly identified and described is the original off-by-one bug identified by ArtForz in BTC and its clones.

Evan claims a KGW exploit was deployed against DRK.

The descriptions of the theory of such an exploit explain the difficulty can be reduced quickly by setting the timestamp of the latest block far into the future for the secret chain so the secret chain is mined with much lower difficulty, and then the secret chain can be brought back to the present time before publishing it, because timestamps that walk backwards in time aren't fully counted.

To compute the relative PoW of a chain, sum the modular additive inverse of each hash (e.g. hash subtracted from 2256). The secret chain can't end up with more blocks thus has a lower sum and isn't chosen as the longest chain. Or what appears to be more correct (what that thread is alleging) is if the longest chain is chosen by the greater number of blocks, the secret chain can mine more blocks since it is at a lower difficulty. The key is being able to mine faster at a lower difficulty by being able to move forward and then backward in time asymmetrically.

KGW offers other vulnerabilities because the secret chain can drop the difficulty, then mine faster without causing a rise of difficulty for up a day or so, by staying under the exponential well trigger threshold.

Clearly you see now the potential problem in Cryptonote with the 20% discard rule. It enables the secret chain to hide a bunch of fast blocks (bunching them together in time) without causing a rise in difficulty. Thus the secret chain can end up the longest chain without needing 50% of the hashrate.

I now change my opinion to very likely that BCX is building a secret chain nowRescinded. How many more days to the 22 day countdown?
newbie
Activity: 42
Merit: 0
October 06, 2014, 02:14:29 AM
If I have time I will write up what I think I found in KGW more carefully and see if it really holds up. Perhaps some of the coins using it will find that interesting.

Count me as interested.

Edit: it might be the asymmetry of the threshold between increase and decrease (i.e. 100+20 is +20%, but 120-20 is -16.7%). Others had mentioned that already and it is obvious on the chart.
legendary
Activity: 2968
Merit: 1198
October 06, 2014, 02:13:46 AM
On KGW, that should take you about 15 minutes if you are really interested.

To start I said I wasn't interested in KGW. But nevertheless, that was interesting and after reviewing it I think I understand where the exploit in KGW lies (and no it isn't what you suggested, exactly, nor is it merely "adjusting too fast"). But in any case the same exploit doesn't exist in cryptonote coins. Of course that doesn't rule out a different one.

If I have time I will write up what I think I found in KGW more carefully and see if it really holds up. Perhaps some of the coins using it will find that interesting.

newbie
Activity: 42
Merit: 0
October 06, 2014, 02:12:09 AM
The selfish mining paper shows that above 25%, the attackers % of the hashrate is amplified.

That is assuming you have employed the γ = 0.5 fix suggested in the paper which afaik Bitcoin never did so I assume CN copied the Bitcoin flaw? Otherwise the amplification starts from 0%. See the chart on page 11 of the paper.

So the attacker can selfish mine at the same time, to further amplify his hashrate.

BCX mentioned 20%, so it appears if γ = 0, his would be amplified to 25% and that is not including the KGW exploit.

Any way, it appears you only need enough to get the ball rolling downhill, because your hashrate grows over time as other miners drop off due to the drag on their profitability.

I still agree you need to quantify how much the potential KGW exploit accelerates over the selfish mining by itself. It is already known that all PoW coins in existence can theoretically be destroyed with selfish mining and 25% of the hashrate, but it might take a heck of a long time (perhaps exhausting the attacker's hardware rental capital or the profit he earn from such an attack) depending on if γ = 0 or the hashrate is higher such as 33%.
newbie
Activity: 42
Merit: 0
October 06, 2014, 01:48:46 AM
This needs to be quantified to be real. If the hash rate you are using to drive and then pulling is large enough

On KGW, that should take you about 15 minutes if you are really interested. There is your 20% hashrate triggering at less than a day...

http://bitcoin.stackexchange.com/a/22265/3441

newbie
Activity: 42
Merit: 0
October 06, 2014, 01:33:37 AM
Here is a quadruple dose of FUD...

Wouldn't it be ideal if a coin's whitepaper has a mathematical proof that it isn't vulnerable to anything less than a 50% attack (other than the normal 6 confirmations type risk of double-spend)?

And wouldn't it be porn, if that proof showed that every other proof-of-work coin (including Bitcoin) is so vulnerable?

And wouldn't it triple sexy if that proof showed that all (untraceable block chain) anonymous coins can't be fixed to remove that vulnerability?

Excuse my drooling, I can't contain myself.

Edit: I have not withheld any quantification of TW attack on CN afaik. I shared all of my (limited) knowledge on that. I am referring to something different above.
legendary
Activity: 2968
Merit: 1198
October 06, 2014, 01:02:52 AM
TT who claimed that BBR's compression is insecure in some grand degree?

You are confusing trust model with being insecure, so you are misquoting, unless tacotime said something else I'm not aware of.

In any case, no tacotime was not one of the people who has claimed no exploit in KGW (that I'm aware of, but indeed maybe he has, it wouldn't surprise me).

Quote
KGW clearly has an exploit because it is thresholded at an exponentially declining well. So if you have enough hashrate, you can drive the hashrate adjustment at the time of your choosing. So you can ramp it up very high, then pull your hashrate slow enough to mine a secret fork while the hashrate doesn't adjust.

This needs to be quantified to be real. If the hash rate you are using to drive and then pulling is large enough, this adds little to the well known greedy mining or 51% attacks. If it can be done with less, then it would be significant.

Anyway, I'm not particularly interested in KGW specifically, but it is a good example of an area where vague claims are made on both sides without specific proof (again on both sides), and it is impossible to tell who to believe without solid facts.


newbie
Activity: 42
Merit: 0
October 06, 2014, 12:48:50 AM
Isn't this what was happening to Auroracoin where it had declined from 16 ghps to 2.4 ghps

Not necessarily. What happens on many coins, especially lesser Scrypt coins, and what KGW was designed to partially address, is that hash rate comes and goes very quickly as large multipools move their hash rate around. This causes very rapid changes in hash rate and block times until the difficulty adjusts. Adjusting too slowly can be as bad or worse than adjusting too quickly, because you can be stuck with extremely dysfunctional block times for a long period.

If you adjust too quickly then even without any TW, the last few blocks of before the difficulty adjustment (to reduced difficulty) the attacker grabs with higher probability are a higher percentage of all the blocks.

As I described previously the attacker can ramp up the hashrate for one period, then pull his hash rate from the next.

So too quick is not an option. Period. BCX said this, so he shows he knows his shit.

As I wrote before, this cycling of the hashrate higher drives away miners, combined with stealing blocks on the lower hashrate cycle drives away miners.

BCX said this, so he shows he knows his shit.

You are apparently not thinking deep enough on this yet.

I don't really know whether it is true or not, but I've heard from some people who are not complete idiots

TT who claimed that BBR's compression is insecure in some grand degree?

He was involved about Scrypt coins.


that there was never a time warp exploit in KGW, and what as changed in AUR was window dressing serving as FUD repellant. And I'd add that ultimately didn't matter because all the "country coins" died anyway

As far as I know the only time wrap exploit that has ever been clearly identified and described is the original off-by-one bug identified by ArtForz in BTC and its clones.

I'm not ruling out that KGW might have an exploit or cryptonote difficulty adjustment might have an exploit, but big changes in hash rate or block times on AUR certainly don't demonstrate it at all.

KGW clearly has an exploit because it is thresholded at an exponentially declining well. So if you have enough hashrate, you can drive the hashrate adjustment at the time of your choosing. So you can ramp it up very high, then pull your hashrate slow enough to mine a secret fork while the hashrate doesn't adjust.

And the real huge flaw is KGW will stop at the most recent block, if you hit the threshold. So you can shorten the difficulty adjustment intervals and take over the chain per what I wrote above.

That is very obvious conceptually.
newbie
Activity: 42
Merit: 0
October 06, 2014, 12:30:37 AM
so I answered you: 1. No fraudulent 82% premine or other scamminess; 2. Ongoing work since the fork by independent developers.

Perhaps not even claiming "no fraud" (because claiming it is a form of fraud) would be better

You are misquoting me, but in any case, I'm capable of deciding what to claim or not claim on my own.

...

I agree about freedom and not judging. I was trying to sincerely offer an interpretation of what is happening. I understandam empathetic to your predicamentcircumstances, so maybe it is best I say nothing. I am guessing you don't share my interpretation at this time, and I don't blame you for that, or even assume with certainty my interpretation is the correct one.

P.S. my interpretation of the predicament is whether you like it or not, you've gotten yourself joined at the hip with the net effect of all the politics. My Dog, I hate politics. What an enormous clusterfuck blackhole on time it can be.
newbie
Activity: 42
Merit: 0
October 06, 2014, 12:25:38 AM
Quote
Oh my dog, Sputnuts noise is back.  Cry

Enjoy the walls of text.

newbie
Activity: 42
Merit: 0
October 06, 2014, 12:21:44 AM
You have been playing games on this topic for a long time now don't you think it's about enough ?

legendary
Activity: 2968
Merit: 1198
October 06, 2014, 12:13:45 AM
so I answered you: 1. No fraudulent 82% premine or other scamminess; 2. Ongoing work since the fork by independent developers.

Perhaps not even claiming "no fraud" (because claiming it is a form of fraud) would be better

You are misquoting me, but in any case, I'm capable of deciding what to claim or not claim on my own.

Quote
because you've also implied that the lead developer of BBR was the developer of the original scam (do we even know if he was just the developer and not the one scheming)

I don't even know if he had anything to do with it at all, and I've never claimed otherwise. I've just pointed out that some questions are there and anonymity plus red flags is not a healthy combination. I've also said on several occasions that Zoidberg is less anonymous than he once was since he now has a visible reputation and track record of at least several months on which he can be judged. I'd prefer not to comment further along that line of inquiry at this time.

Quote
You XMR devs also made a somewhat dubious attack on BBR's compression feature

Giving a different opinion on the merits of a design choice is not an attack. In his last reply, Zoidberg said something along the lines of "I see your point but I disagree." He was not attacking us for our opinion, nor us for his.

Quote
and rpietila did a good job of saying BBR didn't have the qualifications people-wise.

You will have to ask him about that opinion. I don't speak for him nor vice versa.

Quote
Instead tell us about features of XMR and what we can use it for to make ourselves "crap and ejaculate in our pants".

Sorry, Monero has no shocking porn to offer you. Just some interesting privacy-enhancing technology and a team that isn't lying to you.

Quote
Oh my dog, Sputnuts noise is back.  Cry

Enjoy the walls of text.

Pages:
Jump to: