Author

Topic: How much do POS coins have to worry about history key attacks? (Read 695 times)

sr. member
Activity: 1106
Merit: 251
Which PoS coin(s) have been victimized by history key attacks? can you give example of any coin that suffered this kind of attack?
legendary
Activity: 1330
Merit: 1000
Blockchain Developer
Checkpoints (both hard and sync-checkpoints distributed by checkpoint server), reorg limits in the code, and of course the maximum stake age parameter all limit the probability of such an attack. Is it impossible? No. Is it easy? No. Just like a 51% attack is possible but not easy.
full member
Activity: 288
Merit: 102
Yin Yang religion of wisdom, harmony
history key is not a major worry, other POS coins is the real headache
legendary
Activity: 2142
Merit: 1010
Newbie
Think about it.. once you sell your coins, you have no loyalty to the coin and are likely to sell your passwords for fairly cheap.

How much of a risk is it?

Economic Clustering solves this issue completely, so I would say that the risk is small.
hero member
Activity: 574
Merit: 500
You can use decentralized checkpointing: hardcode that the nodes in the network won't accept reorgs deeper than x blocks. The window for re-writes will then always be x blocks.

Once x+1 blocks have passed, the devs can put a checkpoint in the next release to add an extra dead bolt to the door.


If you do manage to get on a fork, you will realize when Poloniex/BTER.. are't receiving your transactions. Peter R had a good analogy: if it were possible to connect to "the wrong internet", you would realize when you find your friends aren't getting any of your emails. This forces the number of forks in the network to continuously converge toward 1.
legendary
Activity: 924
Merit: 1132
History rewriting attacks can start from the distribution of coins that existed at any point in history.

So, yah, in a "pure" PoS coin where block formation is decided by stake and chain security is measured by majority of coin-days destroyed, if someone gets their hands on the privkeys that controlled 60% of the coins at block 6500, it doesn't matter if the "real" block chain is at block 65000, he can force a reorg. And if people will sell cheap the privkeys to txouts that have already been spent, someone could do that.  

In practice, PoS coins vulnerable to this kind of history rewriting need to make very frequent "checkpoints" that lock in the history prior to a fairly recent block to prevent this attack.  If you've recorded a checkpoint at block 64000, then you're immune to any history rewrite that originates earlier than that block.  This makes the rewrite attack harder because now the attacker has to buy all those keys from security-idiots in less than the time between the updated checkpoints coming out.  
hero member
Activity: 527
Merit: 503
Passwords to accounts that have zero crypto in them.



Sounds like a huge liability  Roll Eyes

But, once had huge amounts of crypto in them!

If you could take a snapshot of the network at a certain block height and capture approximately 50% of the mining power at that point in time, you could start spinning all sort of fake forks.. and good luck trustlessly figuring out which one is the correct fork when you are a new miner/client just joining the network and downloading the chain!
legendary
Activity: 1246
Merit: 1000
Passwords to accounts that have zero crypto in them.



Sounds like a huge liability  Roll Eyes
hero member
Activity: 527
Merit: 503
Think about it.. once you sell your coins, you have no loyalty to the coin and are likely to sell your passwords for fairly cheap.

How much of a risk is it?

you know there are papers that have disproved the theory right...?

enough of the beating of the dead horse please.. Wink

Haven't seen any, could you share one?
hero member
Activity: 527
Merit: 503
Think about it.. once you sell your coins, you have no loyalty to the coin and are likely to sell your passwords for fairly cheap.

How much of a risk is it?
Jump to: