Topic: [HOWTO] kill any 100% PoS coins owning less than 1% of all coins. - page 2. (Read 13434 times)

I feel quite safe with my Pandacoin (PND) 1oo% PoS  Current Block: 179,108. PoS Difficulty: 573.69831087. Net Stake Weight: 42,302,817,860.14953613.
The safest PoS coin IMHO and yet still relatively unknown and very inexpensive for now too, so get yourself some and start helping to secure it further while you get paid to Stake Mine your own!

I will be more concerned with PoS if / when someone is successful in attacking one of them, and it will not be Pandacoin(PND)

learn more   https://bitcointalksearch.org/topic/pandacoinpnd-the-only-pos-coin-with-3-mths-pow-mining-phase-multipool-no-premine-or-ipo-632657

while the op has a valid method, another method or useful variation is to exploit this line in the source code

https://github.com/numbercoin/Numbercoin/blob/master/src/main.h#L54

I am posting this for awareness and security for those running coins, in particular proof of stake.

I am not going to give details. Anyone who understands what is going on with the code will know exactily what this means.

I am certainly not going to go about attacking or exploiting coins at random. 

I see nothing productive in that.

Just let them die naturally, support coins you like, ignore the others...........

Now if I found out someone running another coin was trying to attack one of my projects...... then I may feel differently......

There are multiple security holes in many alt coin wallets all ( or almosts all)  of which (to my knowledge) are detailed around the forums.

You just have to know where to look and have the patience to read through a lot of junk. 

nobody will believe u before we see u in action,so u ve to kill a coin, choose one and kill it 
or u can create a POS coin, and make a sample...

Why do you feel the need to post a link to this thread on EVERY PoS coin released? Go fuck yourself. Seriously, go sit on a machete.

PPC has been replaced by darkcoin, which's again pointless.

The attacker can compensate with more balance.

Actually it depends all on the difficulty.

If you think -- the average age of the coin the network has online will be less, cause no one is just going to keep his wallet offline just to age coins. Only the attacker is going to do that. So that might be an additional advantage to the attacker.

Yeah, that's obvious.



That's going to preventing people from mining as a whole. People keep money in their wallet to spend anytime they want. If mining prevents that, they wont mine at all, especially for 1% interest rate. I mean, waiting for 4 days to spend coins is unacceptable!



Longest chain is the only option. A wallet, or any person does not know if the forked chain is cause network latency or an attack. You cant be sure even after an attack unless someone shows someone benefited (i.e. this requires human intervention).

You're talking about the difficulty retarget algo.


So difficulty adjustment every block may not be good enough.

Unfortunately PPcoin's difficulty retarget algo has not be susceptible to multipools and sudden spikes in difficulty, as a result it's not as refined as compared to PoW coins where we have a lot of innovation going on like DGW, KGW, digishield etc... etc... etc... so the possibility of an attack is always lurking cause the difficulty retarget is not swift enough.

As a good e.g. you can see Entropycoin who's pastblockmass in KGW is 2 -- which makes it 51% resistant.

Also '1%' is just in the subject to explain in short "a small amount". The attacker can wait till 90 days before an attack to get maximum coin age.

One can buy a lot of coins to kill PPcoin clones like Mintcoin, blackcoin etc... but PPC is too expensive to just do a mindless attack. There has to be benefits.


Selling coins in an exchange is based on buy orders. Why do you think it'll take time? Sending coins across multiple exchanges hardly takes any time (except confirmations). Also an exchange may not always be used to sell. It can be done in private, all in an exact timing.

If he sold the first genuine batch of PPC at 100% price, he'll atleast get 60% on the second sell. The attack may be timed -- when big buy orders are in place to increase profit.

The attacker may buy PPC at low prices again based on timing (5 or 6 months ago for e.g.), and sell when the prices are high to further increase profit above 200%.

Again 1% is just an e.g. 100,000 PPC is quite a lot for the record (390 BTC).


PPC takes an hour to confirm a transaction; that's too much time. No one has that much patience, especially exchanges which require swift action in volatile markets.

So confirmation times maybe taken as a block, but never more than an hour. As of large transactions, I've never seen an exchange which increases the no. of confirmations based on the amount received.

I don't believe the point of this attempted attack is to lower the difficulty, but to have more coin age than the rest of the network (due to the fact that very little coin age is lost with staking blocks).  So, if the attacker continues to hold more than 50% of the coin age as he mines blocks, the difficulty would actually increase.  However, there may be other factors taken into consideration that would prevent this, and for PPC in particular the 3 month maximum coin age would severely limit the attack.

You're missing the point of what I said.  Since you can't divide into less than one coin, that limits your ability to leverage this attack vector.  So the point is you can't just assume you'll have enough leverage for an attack, since there's a hard limit.


...To prevent attacks like the one you're suggesting (and others).  I am referring to coin age spent on staking blocks, not coin age held in wallets.  Using only coin age spent would obviously be a bad idea as well, so I'm guessing it's some combination of block length and coin age spent taken into consideration, but I don't know specifically what is used in PPC or BC.


I'm not sure what you're even talking about here.  Of course each coin doesn't pick its own chain, the wallet will use the protocol's rules in determining which chain to follow, simple as that.  I think most coins use something different than the simple "longest chain" these days though, even bitcoin factors in work completed.

I don't know how that's handled at other implementations, but at Peercoin the difficulty of the PoW and the PoS process are automatically adjusted to let the network create 1 block each 10 minutes - allow me to ignore the PoW blocks in this scenario.

For security the PoS process is relevant, because the trust of PoW blocks is one (which is negligible compared to the PoS block trust of billions at the current difficulty).
The "attacking chain" lets the network adjust the difficulty in "his/her fork" by having less success in minting (due to less coin age in use than the "regular" chain; the scenario is based on an attack with only 1% of coins).
The difficulty gets adjusted and the outcome is 1 block each 10 minutes with less trust than in the "regular" chain (because the trust depends on the difficulty).
The decision which chain to choose in case of forking is based on the chain trust and not by the length of the chain.

Result: that forked chain will not be chosen by standard clients.

And this is only a technical evaluation. Evaluating that attack economically is another thing that might question the "success" of such an attack - assuming it is done for economical reasons. It can for sure be considered that some entity simply wants to "kill" a coin.

But let me try the economical evaluation. Say you have 1% of all Peercoins (random example of PoS secured coin ).
You manage to successfully double spend. How many of those Peercoins have you double spent? Half of it?
Say you could successfully double spend half of your 1% Peercoins. Some (only a few) have been used for the attack.
You need to sell 0.5% of all ever created Peercoins in a short period of time (before the attack gets recognized and some kind of panic sell might occur). 0.5% of all Peercoins is a little more than 100,000 PPC. If you have a look at the market depth at even popular markets like btc-e, you see that it'll be a problem to sell those PPC in a short time without a big loss.
You might have double spent a lot of PPC, but you have lost most of the value of the 0.5% you try to sell.
The math would be better if you could double spend more than just the half of the coins. But in that case the attack becomes significantly less likely (and I still doubt you can exactly and deliberately pull off that double spend with only a small share of coins at a chosen point of time - the double spending requires the control over the point of time, though...).

In the end it is neither technically nor economically inviting to try such an attack.
You need to spend coins.
You need to successfully make a fork of the block chain the chosen one at exactly that point of time (like explained above not only not likely but rather impossible (remember the chain trust!) under the given circumstances).
You need to spend the coins again.
You need to sell the remaining coins in a short period of time.

One thing that could be considered: depending on the value of the transaction one might want to wait more than only 6 confirmations before the transaction is considered successful.

Of course you cant kill PPC with 100 coins, you need a lot more. It appears PPC's POS staking is distributed, so it's hashing rate is higher. But you need clearly much less than 51% to attack the network. Besides 1% interest is hardly any incentive to hold and mine PoS blocks.


That's the interest you're talking about. That's only a small fraction of what coins he holds (a few blocks worth). The attacker won't care about that. He'll be concerned about selling his already confirmed balance.

The text below also applies to PoW also --

When one tries to fork a chain, he modifies the wallet to fork from a specific block and he'll be the only one mining from that specific block. Even if other miners add in, it's good; that'll help further in elongating the chain and making a double spending successful -- that's what the attacker wants. Other miners cant determine which chain is the attacker's and which is the good one, only the attacker know about it.

The attacker can start forking the chain from the current block minus 2 (forking from the 3rd latest block). By the time 3 other blocks are generated (and the attacker's transaction is confirmed), the probability of the attaker's chain overtaking the genuine chain increases. Once the forked chain is long enough, other miners will now mine on the attacker's forked chain.

As of risks of investment, first a fork in the block chain takes quiet a lot of time to determine. The people who's balances went missing are the ones who are complaining and it'll take at least 6 hours for their voice to be heard and the developers to respond to it. The markets will respond at least 2 to 3 hours later (after potential investors and holders will be made aware of it).

So in 8 to 9 hours the attacker can easily sell his coins for something else. All he needs is an hour for the purpose (confirmation time).

Assume? It's the reality. In PPcoin (and in most PoS cryptos), you're not eligible for PoS mining if the coin's quantity is less than 1. They attacker may use 2 even, but there's no point in doing that.

To see if this attack will work on not depends on the situation (current difficulty) and not the design. All 100% PoS coins are vulnerable and hybrids are vulnerable to a certain degree.


Coin age used to mine blocks; I don't understand for what purpose it will determine what chain to follow. I mean, chains get forked for genuine reasons (network latency) and all chains will have to be respected for things to work and that includes the attackers chain. There's no way to determine the new forked chain being formed is by an attacker or not.

If this concept fails, you'll not get a return of 1% per annum. All coins in the wallet are treated equally as all coins in the network; each coin doesn't prefer a specific chain.

I don't know much about the details of other PoS implementations, but I might say something about Peercoin.

The coin age that is used for calculating the probability of successful minting is capped at 90 days.
So you can for sure raise the probability for successful minting subsequent blocks by splitting the coins to separate transactions (4 coins in one tx allows minting one block, whereas 4 coins in 4 tx allows minting 4 blocks), but the probability for creating each of the PoS blocks stays low and is far from "owning the block chain" - at least if you have only a small share of coins.

Like you said in your initial post: It's all on the difficulty.

At the current difficulty it's unlikely to mint a block with a tx that contains only 1 PPC. Even if you have reached the max. considered age of 90 days, the probability for successful minting is roughly 1% in 3 months (at diff 10).
If you have 100 tx with 1 PPC each, you have for each of those a probability of 0.01 to succeed and 0.99 to fail.
To fail at minting with all those tx you have 0.99^100 = 0.36
So you have a chance of of 36% to mint not even one block and a chance of 64% to mint at least one block.
And even if you have an almost similar chance to mint more than one block in those 3 months, it is quite unlikely that these are subsequent blocks (in 3 months you have approx. 13,000 blocks of which the majority are PoS blocks).

If you do the math with bigger numbers, you can for sure push the probability higher and higher. But you risk more and more money the more coins you want to use for this attack...

After successful mininting the coins need to gather an age of at least 30 days before they can be used for minting again. And after successful minting the used coins need to mature for 520 blocks before they can be transferred.

You can't assume the minimum would be adequate.  You may need to subdivide into millions of separate transactions to provide enough leverage for this to work.  And then whether it will work depends on the specific implementation of proof of stake you're talking about.

I've heard that in peer coin that the coin age consumed plays a role in determining the preferred chain the network will follow, which may make this attack ineffective (if that's staking coin age, since you would consume very little in your attacking chain with this method), but I'm not sure on the specifics.  Someone who knows the details on the code would have to weigh in.  Since most PoS coins are forked from Peercoin, this attack may not be an issue.

There's also a "PoS 2.0" that's supposed to be coming out in a while for BlackCoin that addresses some PoS security issues, but not sure in particular what those issues are.  Might be more info coming out later.

That comes out as 1% overhead. 0.01/1*100 = 1%

You cant stake mine with balance under 1 coin, so that's the minimum you need to split.

It does matter. The 0.01 PPC tx fee will dramatically limit your attack power. You have to pay 0.01PPC tx fee for each smaller unit of PPC when you divide each PPC into smaller unit of PPC, so you can't divide one PPC into unlimited smaller unit of PPC.

fixed

Yes -- this's close to what I'm trying to do. The luck remains the same with 4 single 1 coin transactions, but after a block has been mined, one of the coin's age will be consumed and it'll not be available for mining -- the rest 3 are still available for mining.

So that increases the effective hashing power exponentially and for a long amount of time.

Of course 4 coins is just an e.g. I've already said --


In this e.g. A = 4 single 1 coin transactions

And x = approx. time to mine a block when A is received as a single full transaction.

i can confirm that the OP is on the right track and it is possible to fork a coin with only a few stake blocks but there are far more reliable and effective ways of making a coin fork

I have been running a POW/POS coin for while now and i have seen a lot of ways people try and attack coins i cant go into how its done but a lot of the coins are no way near as secure as people want you to think