Topic: Feathercoin Advanced Checkpointing released today - page 5. (Read 11094 times)

LOL.

It seems that something really serious happened with your eyes. Hint: see the OP's user name.

Is it possible to use 96pt? Not everyone can see this from Australia, letters are too small.

so you say solution is no better then any other solution... except you have control. good for you.


you seems to be so sure of that your solution is right(hint: it's not). so this will be my last reply.

and the warning again, with a little extra added:
THIS SOLUTION IS _NOT_ SECURE, AND IS MOST LIKELY A SCAM MADE BY THE CREATOR.

In the fantasy universe maybe. But in the real world developers are not stupid. Every client will switch into safe mode and "invalid checkpoint found" / "invalid chain found" warning will be displayed in such case before the big split will happen.

Compromised private key becomes completely useless and everyone waiting for the client update (with hardened checkpoint and the new master key or removed sync checkpoints support). It's the catastrophic event, but it happens sometimes even without checkpoints. Anyway, no double-spends / long forks possible in such situation.

By the way, that isn't quite right. Checkpoints are being confirmed by the corresponding block, but not otherwise. Checkpoint will never mature, if client has no suitable block in own copy of block chain.

1PFYcabWEwZFm2Ez5LGTx3ftz, it was just an example. Of course, real attacker wouldn't submit the first checkpoint.

Your scenario is possible if there will be no another checkpoints node (i.e. #6).

P.S. I think that it will be simpler to execute DDoS against checkpoint node in addition to usual 51% attack.

1) 7 blocks found on the main chain;
2) checkpointing node, which is stolen by the attacker, does not send checkpoint for the 2nd block (because the attacker controls it);
3) attacker generates 8 blocks in offline, then sends checkpoint for the 2nd block in his chain, and then publishes his chain;
4) attacker's block chain does not conflict with anything, and is accepted as the main chain;
5)

Please explain to me, why is this not possible?

This attempt fails because checkpoint already sent by his node at step 2. It's just an example, real attacker wouldn't do that. Real attacker would act according to #4 (+ regular 51% attack) or #6.

Thank you for your detailed illustration. I think I understand checkpointing better now but I'm confused about scenario 5. Why does the attacker fail with submitting checkpoint for the 1st block of his chain? There is an existing checkpoint for that 1st block done by some other server?

we have block 1,2a,2b,3a,3b.

we have checkpoint a which comfirms block 1, signed by uber master key.
we have now 2 more checkpoints b and c, checkpoint b confirms block 2a, and checkpoint c confirms 2b. both signed by the uber master key.
both checkpoints is then introduced to the network. half of the network gets ckp a, and the rest ckp b.

hmm but checkpoints can't be replaced you said, well then now 50% of the network is mining on top of block 2a, and the rest on 2b. and thus creating 3a and 3b, and the network is finally split.

sorry dude you lose.

and i will repeat my warning(now with big red warning letters):

THIS SOLUTION IS _NOT_ SECURE.

Yay, go Feathercoin and good job devs!

Caps, underline, red color and another formatting proves nothing except your emotional condition. We are not monkeys, we shouldn't care about emotions while trying to talk about the IT related issues. Turn your emotions off, please.

It's the second attempt to post this bullshit, maybe you should try to do something with your erudition?


Dude, it's not funny. Don't be a preaching idiot, just read and try to understand how things really are. Otherwise there will be no differences between you and RealSolid.

P.S. Actually, I don't like FTC. But even more I don't like ignorant "preachers" like smoothie or CH/RS.

a compromised checkpoint key can lead to a 1% attack, else the security that the checkpoints provide would be useless.

also if the checkpoints are unremovable in the client, multiple conflicting checkpoints created with a cmpromised key, will lead to a network split.


THIS SOLUTION IS _NOT_ SECURE.

It's quite simple, there are only a few rules:

1) you can create checkpoint, if it has no conflicts with existing checkpoints;
2) you can't replace existing checkpoint with the new one;
3) you can't create checkpoint for the block with height before existing checkpoint, if this block belongs to another chain;
4) you can't create checkpoint for non-existing block (actually you can submit checkpoint with the random block hash value, but this checkpoint will never mature).

This allows attacker to perform some scenarios:

1. Without checkpoints, or with patched client:

1) 7 blocks found on the main chain;
2) attacker generates 8 blocks in offline, and then publishes his block chain;
3) 7 blocks from the main chain are getting orphaned and replaced by the 8 blocks, which generated by attacker;
4) the miners or a scam victims are crashing their heads against the wall.

2. With checkpoints:

1) 7 blocks found on the main chain;
2) checkpointing node sends checkpoint for the 2nd block;
3) attacker generates 8 blocks in offline, and then publishes his chain;
4) attacker's block chain conflicts with the checkpoint and rejected by network, the main chain is unchanged.
5) attacker is crashing his head against the wall.

3. With compromised checkpointing key:

1) 7 blocks found on the main chain;
2) real checkpointing node sends checkpoint for the 2nd block;
3) attacker generates 8 blocks in offline, and then publishes his chain;
4) attacker's block chain conflicts with the checkpoint and rejected by network, the main chain is unchanged;
5) attacker uses compromised key and trying to submit checkpoint for the first block of his chain, in order to overtake existing checkpoint;
6) the new checkpoint has conflict with already existing checkpoint and as the result, it's rejected by the network;
7) attacker is crashing his head against the wall.

4. With compromised checkpointing key, stolen or DDoS'd server:

1) Users are getting message that existing checkpoint is too old. This message convinces them to use escrow, while this issue isn't resolved.

5. With compromised checkpointing key and stolen or DDoS'd server, which replaced with the new one, belongs to attacker (1st scenario):

1) 7 blocks found on the main chain;
2) attacker node sends checkpoint for the 2nd block;
3) attacker generates 8 blocks in offline, and then publishes his chain;
4) attacker uses compromised key and tries to submit checkpoint for the first block of his chain;
6) the new checkpoint has conflict with already existing checkpoint and as the result, it's rejected by the network;
7) attacker is crashing his head against the wall.

6. With compromised checkpointing key and stolen or DDoS'd server, which replaced with the new one, belongs to attacker (2nd scenario):

1) 7 blocks found on the main chain;
2) attacker ignores them, and generates own block instead;
3) attacker uses compromised key and tries to submit checkpoint for the first block of his own chain;
4) users are syncronizing with attacker's chain instead the original one, because original one conflicts with the checkpoint.

As the result, key holder has very restricted rights in the system. His abilities are limited with existing history protection, he can't alter network history if it was checkpointed before.

Maybe I missed something, haven't slept for 47h. %)

Anyway, I think that client must include an option, which allows user to bypass checkpoints without applying the custom patches.

That doesn't answer my question - if theft of this server would not compromise security in any way, then why is this server needed at all and how does this server improve security?

If something improves security, then removing (stealing) that thing, would decrease security. Am I wrong?

Existing checkpoints can't be replaced, so attacker can't perform double-spend or existing chain invalidation.

But there is another possibility still exist - thief able to mine his own chain and send checkpoints for own blocks only. This will be equal to the DoS attack scenario. But that's would be only a temporary problem, because the next client update will resolve this issue.

Anyway, I don't think that this feature is necessary, especially if nobody asked for this.

Also, I can't help but wonder - who was behind this idea of AC? It almost seems as if someone decided to sabotage feathercoin, and came up with this ridiculous decision to do "Advanced Checkpointing". Who requested this? In http://feedback.feathercoin.com the Advanced Checkpointing is not even mentioned. But there are a lot of suggested ideas, like:

1. ZEROCOIN INTEGRATION!!! This has more votes than all other suggestions combined.
2. GUI miner.
3. Merged mining.
4. Integrate OT/Bitmessage.
5. Mobile wallet.
6. Import backed up encrypted wallet feature in feathercoin-qt.
7. Ability to install client anywhere (including USB stick).

...instead, we get Advanced Checkpointing (a.k.a. Advanced Centralization) which NOBODY asked for. I am not trolling, but I seriously don't understand the "logic" in this decision.

If checkpointing server can be stolen and it would not make any difference, then what is the point (pun not intended) of having a checkpointing server at all?

It contradicts itself - if this checkpointing server is so important for security, then how can the theft of this server not compromise security in any way?

If so, then Litecoin is centralized too.

Just read again:


There is no way to "have fun", even if checkpointing server will be stolen from the DC. If you would try to change checkpoints in the past, such attempts will be rejected by network.

Incorrect, this is centralization, and has been admitted to completely, don't sugar coat it. It has a single point that everything passes through, so therefore, in every sense of the definition it is centralization. I find it amazing that developers would think that was a good idea, no matter what the issues are with security.

So if market cap gets big enough, someone will just kidnap Peter and have fun.

Again, I'm rather level headed on the idea of centralization, but I'd be shocked to see the majority of the community embracing this.

atomicchaos

Checkpoints is not a centralization as is. Users still voting with their hashing power, checkpointing changes nothing there. It's just a labels for the events which happened in the past.

By the way, that's why normally this solution doesn't provide a full protection against 51% attacks. It is still possible to perform DoS type of 51% attack without any limitations.

This is unacceptable solution, such policy has practically no differences with solidcoin (except for absence of the double-spend ability). Chain shold have a chance for normal reorganization. Otherwise it will be simpler to resurrect the solidcoin approach.

That's not accurate, checkpoint can be broadcasted with immediate policy to defend against 51% transaction DoS. In XPM (also FTC now) if operator sets configuration checkpointdepth=0, blocks are immediately checkpointed. PPC and NVC can operate in this mode too by patching the daemon (in fact PPC v0.3 still has immediate policy running on PoW blocks). This is strongest protection mode against 51% attack but also the most centralized.

We spoke about this in the Trollbox, and while I'm not completely against centralization, as it will happen eventually due to a small number of people with a mass amount of hashing power for other coins, I don't like centralization on an Alt coin. While this might solve the problem for their many attacks, it comes with a price, and I, for one, do not trust Feathercoin at this moment with centralization.

They are simply trying to force this coin through the fast track of gaining natural mining support. FTC is very shady with it's massive amount of pumpers, and the coin seems to go on pumps during attacks, so they do not have my trust. They might have a community that is active, and that will be posting to dispel anything I type soon after, but centralization in FTC means even more loss of credibility to me.

If implemented, there should be some type of non-biased escrow that would give temporary monitored access to the central server only under specific circumstances. And no, I don't mean Koolio's escrow service.