Topic: How much do POS coins have to worry about history key attacks? (Read 681 times)
Which PoS coin(s) have been victimized by history key attacks? can you give example of any coin that suffered this kind of attack?
Checkpoints (both hard and sync-checkpoints distributed by checkpoint server), reorg limits in the code, and of course the maximum stake age parameter all limit the probability of such an attack. Is it impossible? No. Is it easy? No. Just like a 51% attack is possible but not easy.
history key is not a major worry, other POS coins is the real headache
Think about it.. once you sell your coins, you have no loyalty to the coin and are likely to sell your passwords for fairly cheap.
How much of a risk is it?
How much of a risk is it?
Economic Clustering solves this issue completely, so I would say that the risk is small.
You can use decentralized checkpointing: hardcode that the nodes in the network won't accept reorgs deeper than x blocks. The window for re-writes will then always be x blocks.
Once x+1 blocks have passed, the devs can put a checkpoint in the next release to add an extra dead bolt to the door.
If you do manage to get on a fork, you will realize when Poloniex/BTER.. are't receiving your transactions. Peter R had a good analogy: if it were possible to connect to "the wrong internet", you would realize when you find your friends aren't getting any of your emails. This forces the number of forks in the network to continuously converge toward 1.
Once x+1 blocks have passed, the devs can put a checkpoint in the next release to add an extra dead bolt to the door.
If you do manage to get on a fork, you will realize when Poloniex/BTER.. are't receiving your transactions. Peter R had a good analogy: if it were possible to connect to "the wrong internet", you would realize when you find your friends aren't getting any of your emails. This forces the number of forks in the network to continuously converge toward 1.
History rewriting attacks can start from the distribution of coins that existed at any point in history.
So, yah, in a "pure" PoS coin where block formation is decided by stake and chain security is measured by majority of coin-days destroyed, if someone gets their hands on the privkeys that controlled 60% of the coins at block 6500, it doesn't matter if the "real" block chain is at block 65000, he can force a reorg. And if people will sell cheap the privkeys to txouts that have already been spent, someone could do that.
In practice, PoS coins vulnerable to this kind of history rewriting need to make very frequent "checkpoints" that lock in the history prior to a fairly recent block to prevent this attack. If you've recorded a checkpoint at block 64000, then you're immune to any history rewrite that originates earlier than that block. This makes the rewrite attack harder because now the attacker has to buy all those keys from security-idiots in less than the time between the updated checkpoints coming out.
So, yah, in a "pure" PoS coin where block formation is decided by stake and chain security is measured by majority of coin-days destroyed, if someone gets their hands on the privkeys that controlled 60% of the coins at block 6500, it doesn't matter if the "real" block chain is at block 65000, he can force a reorg. And if people will sell cheap the privkeys to txouts that have already been spent, someone could do that.
In practice, PoS coins vulnerable to this kind of history rewriting need to make very frequent "checkpoints" that lock in the history prior to a fairly recent block to prevent this attack. If you've recorded a checkpoint at block 64000, then you're immune to any history rewrite that originates earlier than that block. This makes the rewrite attack harder because now the attacker has to buy all those keys from security-idiots in less than the time between the updated checkpoints coming out.
Passwords to accounts that have zero crypto in them.
Sounds like a huge liability
Sounds like a huge liability
But, once had huge amounts of crypto in them!
If you could take a snapshot of the network at a certain block height and capture approximately 50% of the mining power at that point in time, you could start spinning all sort of fake forks.. and good luck trustlessly figuring out which one is the correct fork when you are a new miner/client just joining the network and downloading the chain!
Passwords to accounts that have zero crypto in them.
Sounds like a huge liability
Sounds like a huge liability
Think about it.. once you sell your coins, you have no loyalty to the coin and are likely to sell your passwords for fairly cheap.
How much of a risk is it?
How much of a risk is it?
you know there are papers that have disproved the theory right...?
enough of the beating of the dead horse please..
Haven't seen any, could you share one?
Think about it.. once you sell your coins, you have no loyalty to the coin and are likely to sell your passwords for fairly cheap.
How much of a risk is it?
How much of a risk is it?
Jump to: