Topic: delete - page 55. (Read 165521 times)

Certainly there are.  Multipools would be an example, not so much an attack as an unintended consequence of optimal mining.
This has killed coins.

Multipooling is when a large mining pool will mine whatever coin(s) will produce the most revenue in the moment and switch targets as swiftly as possible to optimally mine another coin if the revenue falls.  This can have the effect of ramping up the difficulty on a coin when the pool is mining it, and then after it mines a bunch of blocks, dumping them on the market it has effectively reduced the price, and increased the difficulty, making mining that coin less rewarding... it then switches to another coin.

The coin it just left, is then stuck with a difficulty that its normal miners can not easily achieve, and a crashed market for its coins.

There may be other examples, that's the one that pop into my head at the moment.

Theoretically 25-33%.  Selfish mining is more difficult to detect with CN coins than some others due to the anonymity features, and the fast block times.

I probably do not understand this question very well.

I think you may be asking how much hashrate could be hidden from the difficulty algorithm if it was only used <20% of the time?  I think that there isn't a maximum to that.

It is not obvious to me yet what BCX is doing, it is not obvious to me yet that BCX is doing anything at all.


If BCX musters >50% there are a lot of things that can be done which would be very harmful and potential coin killers.
Ignoring checkpoints and replacing chains however, is not one of those things.

What are these facts you speak of?

CN is not a coin. CryptoNote is a technology. XMR is an implementation (clone) of the reference implementation of CryptoNote (aka Bytecoin).

You need to stop dragging all of CryptoNote down when XMR gets attacked via a lone nut or some fundamental flaw in math, even if the XMR currently has the higher market cap. Since you swayed so many people to keep away from BBR, it is your responsibility too if something happens exclusively to XMR (terminally or otherwise).

When AuroraCoin got attacked by BCX, it wasn't an attack on Bitcoin or CryptoCurrencies. It was specifically on AuroraCoin.

I know you know this, but I am just letting you know you cannot wordsmith away, just like you did in the first couple of months to brainwash people into buying into a flawed coin like XMR, the ones who are tirelessly defending it even when facts after facts have stared them straight in the face.

If there is an attack on the private keys using the de-anonymization, then if the attacker controls the winning block, he can take the coins that were sent in the transaction. He wouldn't need to control the entire chain. Even 1% of the hashrate, he could do it 1% of the time.

Again no such vulnerability has been demonstrated nor proven. BCX alleged a coin killer. That would be one, if he had found some way to factor the private key from that information.

Note this is FUD. Because no such vulnerability has been demonstrated nor proven.

I am just making the point that a potential difficulty attack is an orthogonal issue.

How will your checkpoints work if his attack catapults his effective hashrate to 51%? He can then ignore the checkpoints and replace with any chain he wants.

I keep trying to posit there are other forms of difficulty attacks that can't be defeated with checkpoints. I been hinting at it for many days now.

What % of hashrate is needed for selfish mining attack?

How much can he amplify his hashrate by hiding it in the 20%?

Remember he said he needed only 20% of the hashrate. Seems obvious to me what he is doing.

Perhaps he can further amplify it by getting miners to join his pools which are gaining an edge in payouts, but I don't assume that is necessary.

Yes, XMR still throws away 20% difficulty anomalies, those timestamps are not used for determining difficulty.  
Yes, if <20% of the blocks were at much higher difficulty within a 720 block sliding window, it would not trigger a difficulty adjustment.

Chain contention (which would be needed for a successful TW) is based on total sum difficulty, so it would essentially be a 51% attack that is stored up and then dumped on the chain all at once at a later date causing chain contention over which fork is longer, and grabbing all the block rewards for the stored period.  It is defeated by checkpoints.

If BCX is running a forked chain with >50% of the hashpower of the live chain and maintaining that for 22 days in a sandbox, it is a grand waste of effort.  We would also see nothing of it in the live chain.

Does XMR still throw away 20% of the timestamps which are the statistical outliers when computing the difficulty?

So thus I could mine a chain with a much higher cumulative difficulty without triggering a difficulty adjustment, i.e. he could be putting his hashrate into the network undetected.

Have you analyzed this genre of attack vectors?

Correct.

I went down this path a good while back myself.  I even pestered a couple of the devs for a minute to confirm my assessment in the code.
If there is a record of that part, it would be in the IRC log, it was only a few lines.  I didn't want to waste much of their time with it as it is only a matter of perception and not a technical problem needing to be fixed.

I wrote a few words about it yesterday.
https://bitcointalksearch.org/topic/m.9039996

If anything, that BCX pointed to it as meaningful, is less evidence of an attack, not more.

Are you stating that timestamps aren't used to calculate the difficulty? Are you stating there are no possible manipulations of the difficulty via timestamps that could be exploited? If yes, where I can read the analysis?

Edit: I am genuinely interested in analysis of difficulty attacks as it helps me with my work. So I am curious if you know something I don't. Because I am not 100% certain there are no such exploits.

Edit#2: I realize it can be a pain to refute such general attack vectors, and the onus should be on the attacker to prove he has an attack. This is what BCX's reputation has afforded him. I thinking he won't trash his reputation.

We agree on the math.  I've been asleep for the last couple hours so came in on the end of this (but after I'd already mentioned it was not a useful line of inquiry).

But the argument isn't meaningful.  Those time stamps are there for other reasons that may someday in the future be useful (like contract enforcements, or marking an anniversary, or something)  It does not have any affect on the algorithms that govern the block chain.

NewLiberty why are we talking past each other? It seems you are not listening to what I am saying. I don't like hubris when we are dealing with a proven coin killer. Asserting that something only happens once per hour, when in fact the calcuation is once every 3 months, is a form of hubris and premature confidence.

I like facts. I was calling BS on that factoid.

That it is irrelevant is further reason to not use as hubris as was done (not by you, but I didn't see you interjecting).

Edit: I believe it was you who wrote something like we would find many occurrences in the block chain. Don't have time to go searching for a quote. Apologies if I am mistaken.

You won the argument on the math.  I granted that in my initial post many hours ago.   But...
It isn't relevant, simply because it can't be relevant.   The time stamp of the miner's computer effects nothing because it isn't used for anything meaningful.  There isn't a security issue there.

Edit:  If anything BCX's commenting on it is evidence of "no attack" forthcoming.  Why bother with meaningless concern trolling if you have rocket launchers under your bed?   

There isn't going to be any evidence of an attack in where you are looking (time stamps of various miners' blocks compared to each other) simply because it is the wrong type of examination.

Using rpeitila's example you won't find skin cancer from a liver biopsy.  Whether the carefully chosen example from the block chain is anomalous or not, is not going to help you.  It would not show what you are thinking it would show.  Please waste no more of your time on this?

This entire dialog on this line of inquiry probably has BCX shooting Stoli through nostrils with hilarity for all the time and emotion wasted on it.

What's more silly?
Even if the chosen example is very rare, and only occurs once a week, there have been a couple weeks of data from which to pull such an example since the initial threat.

Upthread an assertion that the 4 blocks in 1 minute event would occur ever hour was implied to mean "no evidence for" (and bring on the ridicule of BCX and premature celebrations of victory) and it was not admitted that it was "no evidence for nor against" (inconclusive).

I corrected the math to show there was indeed a rare event, but made no assertions of abnormality nor attack. My point in doing so was to point out that there is "no evidence for nor against" (inconclusive).

That is an extremely relevant concern. And I won the argument. Period. Until someone shows that they have a model that would signal an ongoing TW attack.

Edit: BCX pointed to that rare event implying it might indicate something is going on. But I don't think we can distinguish it from noise (i.e. BCX could be making vacuous points) due to the unreliability of the timestamps (and it is even alleged that network hashrate variance and propagation plays a role via orphan rate in the unreliability, although I'd want to quantify that before I made that assumption). One could try to write a script to do an exhaustive computation of all rarer events.

Edit#2: I know XMR people would like to see closure on this and want to say "if you haven't proven anything, then we don't have to prove anything either". Normally I would agree, but as I said BCX has met his word in the past and he did point me towards an anonymity issue and a dubious ring private key issue. That gives him some credibility. His use of vacuous points subtracts from his credibility, unless the full poker hand is considered.

Correct. Nothing has been proved for nor against. I never posited otherwise. Read more carefully please.


When did I ever cry chicken little in this thread? Just try to quote me.

Yes, I missed it and I don't have time to read it all. It seems you are observing a long random sequence of blocks from a Poisson distribution and AFTER you know the sequence you tell us it's very rear long sequence. What if you calculate the probability from the genesis block to before the BCX exploit using your method? Is the XMR blockchain going to be an impossible sequence, which can't happen in our universe?

No evidence for nor against (no medical exam), is different than no evidence for (completed a medical exam). I am positing that we have the former in this case.

Programmers have these sort of very precise logic skills and demarcation of boundaries of logic (compartmentalization and orthogonality), otherwise bugs appear.


This is astute but only if BCX doesn't have a coin killer attack that can only be fixed by abandoning the anonymity, which seemed to be what he was implying initially (although we may have read too much into his statement and or he may have backed away from that interpretation). Again if it wasn't BCX and if he hadn't been able to predict I could find some potential flaw in the anonymity combined with some unprovable, dubious issue with the rings and private keys, then I would rate his probability of a coin killer to be very low. But...

I must say that I never considered your perspective because I am skeptical about Cryptonote having a long life span, which is a prerequisite for your mathematical point to be valid. I also assumed any successful attack on CN (especially any that exploited de-anonymization) would open the door for competing anonymity technologies but an attack isn't a prerequisite to my skepticism about CN's life span. See I am not calculating as an investor, rather as a technologist.

OTOH, I also considered the possibility that my suggestion for mitigation could make CN stronger. Thus I saw the potential outcome to be much more bimodal or dichotomous thus risky, than you do.

In short, you are calculating black swans (long-tail events) by being diversified, but you may not be reminding your followers of this.


I also thought this. BCX seems to have little effect on the price, except for an initial panic perhaps to shake out weak hands.

"No evidence" (to me, at least) just means "no evidence". I also have no evidence that I have cancer, yet it is still possible that I have cancer, I just don't have evidence.


What I said is that CN will certainly be attacked in the future. Thus P("attack in any given day from now on") >> 0, and if P("BCX attack") is low enough, it does not make a meaningful contribution to the total propensity of attack, and, from a speculator's standpoint, is meaningless.

Speculators are interested in the total probability, and whether the price has over- or underreacted to its changes. XMR price is low atm, but imo it can mainly be attributed to overall weakness in all coins. When BTC starts to rise (or even before if it takes long), I have a conviction that XMR will be one of the best performing alts.

I try to move my contributions to other threads and the MEW however, so thank you for discussion!