Pages:
Author

Topic: [HOWTO] kill any 100% PoS coins owning less than 1% of all coins. - page 2. (Read 13481 times)

sr. member
Activity: 576
Merit: 250
PND DevTeam
I feel quite safe with my Pandacoin (PND) 1oo% PoS  Current Block: 179,108. PoS Difficulty: 573.69831087. Net Stake Weight: 42,302,817,860.14953613.
The safest PoS coin IMHO and yet still relatively unknown and very inexpensive for now too, so get yourself some and start helping to secure it further while you get paid to Stake Mine your own!

I will be more concerned with PoS if / when someone is successful in attacking one of them, and it will not be Pandacoin(PND) Wink

learn more   https://bitcointalksearch.org/topic/pandacoinpnd-the-only-pos-coin-with-3-mths-pow-mining-phase-multipool-no-premine-or-ipo-632657
legendary
Activity: 1148
Merit: 1018
It's about time -- All merrit accepted !!!
while the op has a valid method, another method or useful variation is to exploit this line in the source code

https://github.com/numbercoin/Numbercoin/blob/master/src/main.h#L54

I am posting this for awareness and security for those running coins, in particular proof of stake.

I am not going to give details. Anyone who understands what is going on with the code will know exactily what this means.

I am certainly not going to go about attacking or exploiting coins at random. 

I see nothing productive in that.

Just let them die naturally, support coins you like, ignore the others...........

Now if I found out someone running another coin was trying to attack one of my projects...... then I may feel differently......

There are multiple security holes in many alt coin wallets all ( or almosts all)  of which (to my knowledge) are detailed around the forums.

You just have to know where to look and have the patience to read through a lot of junk. 
sr. member
Activity: 686
Merit: 266
nobody will believe u before we see u in action,so u ve to kill a coin, choose one and kill it  Grin
or u can create a POS coin, and make a sample...
member
Activity: 210
Merit: 10
Why do you feel the need to post a link to this thread on EVERY PoS coin released? Go fuck yourself. Seriously, go sit on a machete.
hero member
Activity: 686
Merit: 500
PPC has been replaced by darkcoin, which's again pointless.
hero member
Activity: 686
Merit: 500
[...]
The attacker can start forking the chain from the current block minus 2 (forking from the 3rd latest block). By the time 3 other blocks are generated (and the attacker's transaction is confirmed), the probability of the attaker's chain overtaking the genuine chain increases. Once the forked chain is long enough, other miners will now mine on the attacker's forked chain.
[...]

I don't know how that's handled at other implementations, but at Peercoin the difficulty of the PoW and the PoS process are automatically adjusted to let the network create 1 block each 10 minutes - allow me to ignore the PoW blocks in this scenario.

For security the PoS process is relevant, because the trust of PoW blocks is one (which is negligible compared to the PoS block trust of billions at the current difficulty).
The "attacking chain" lets the network adjust the difficulty in "his/her fork" by having less success in minting (due to less coin age in use than the "regular" chain; the scenario is based on an attack with only 1% of coins).
The difficulty gets adjusted and the outcome is 1 block each 10 minutes with less trust than in the "regular" chain (because the trust depends on the difficulty).
The decision which chain to choose in case of forking is based on the chain trust and not by the length of the chain.

I don't believe the point of this attempted attack is to lower the difficulty, but to have more coin age than the rest of the network (due to the fact that very little coin age is lost with staking blocks).  So, if the attacker continues to hold more than 50% of the coin age as he mines blocks, the difficulty would actually increase.  However, there may be other factors taken into consideration that would prevent this, and for PPC in particular the 3 month maximum coin age would severely limit the attack.

The attacker can compensate with more balance.

Actually it depends all on the difficulty.

If you think -- the average age of the coin the network has online will be less, cause no one is just going to keep his wallet offline just to age coins. Only the attacker is going to do that. So that might be an additional advantage to the attacker.
hero member
Activity: 686
Merit: 500
You're missing the point of what I said.  Since you can't divide into less than one coin, that limits your ability to leverage this attack vector.  So the point is you can't just assume you'll have enough leverage for an attack, since there's a hard limit.

Yeah, that's obvious.

Coin age used to mine blocks; I don't understand for what purpose it will determine what chain to follow.

...To prevent attacks like the one you're suggesting (and others).  I am referring to coin age spent on staking blocks, not coin age held in wallets.  Using only coin age spent would obviously be a bad idea as well, so I'm guessing it's some combination of block length and coin age spent taken into consideration, but I don't know specifically what is used in PPC or BC.

That's going to preventing people from mining as a whole. People keep money in their wallet to spend anytime they want. If mining prevents that, they wont mine at all, especially for 1% interest rate. I mean, waiting for 4 days to spend coins is unacceptable!

If this concept fails, you'll not get a return of 1% per annum. All coins in the wallet are treated equally as all coins in the network; each coin doesn't prefer a specific chain.

I think most coins use something different than the simple "longest chain" these days though, even bitcoin factors in work completed.

Longest chain is the only option. A wallet, or any person does not know if the forked chain is cause network latency or an attack. You cant be sure even after an attack unless someone shows someone benefited (i.e. this requires human intervention).
hero member
Activity: 686
Merit: 500
[...]
The attacker can start forking the chain from the current block minus 2 (forking from the 3rd latest block). By the time 3 other blocks are generated (and the attacker's transaction is confirmed), the probability of the attaker's chain overtaking the genuine chain increases. Once the forked chain is long enough, other miners will now mine on the attacker's forked chain.
[...]

I don't know how that's handled at other implementations, but at Peercoin the difficulty of the PoW and the PoS process are automatically adjusted to let the network create 1 block each 10 minutes - allow me to ignore the PoW blocks in this scenario.

For security the PoS process is relevant, because the trust of PoW blocks is one (which is negligible compared to the PoS block trust of billions at the current difficulty).
The "attacking chain" lets the network adjust the difficulty in "his/her fork" by having less success in minting (due to less coin age in use than the "regular" chain; the scenario is based on an attack with only 1% of coins).
The difficulty gets adjusted and the outcome is 1 block each 10 minutes with less trust than in the "regular" chain (because the trust depends on the difficulty).
The decision which chain to choose in case of forking is based on the chain trust and not by the length of the chain.

Result: that forked chain will not be chosen by standard clients.

And this is only a technical evaluation. Evaluating that attack economically is another thing that might question the "success" of such an attack - assuming it is done for economical reasons. It can for sure be considered that some entity simply wants to "kill" a coin.

But let me try the economical evaluation. Say you have 1% of all Peercoins (random example of PoS secured coin Wink ).
You manage to successfully double spend. How many of those Peercoins have you double spent? Half of it?
Say you could successfully double spend half of your 1% Peercoins. Some (only a few) have been used for the attack.
You need to sell 0.5% of all ever created Peercoins in a short period of time (before the attack gets recognized and some kind of panic sell might occur). 0.5% of all Peercoins is a little more than 100,000 PPC. If you have a look at the market depth at even popular markets like btc-e, you see that it'll be a problem to sell those PPC in a short time without a big loss.
You might have double spent a lot of PPC, but you have lost most of the value of the 0.5% you try to sell.
The math would be better if you could double spend more than just the half of the coins. But in that case the attack becomes significantly less likely (and I still doubt you can exactly and deliberately pull off that double spend with only a small share of coins at a chosen point of time - the double spending requires the control over the point of time, though...).

In the end it is neither technically nor economically inviting to try such an attack.
You need to spend coins.
You need to successfully make a fork of the block chain the chosen one at exactly that point of time (like explained above not only not likely but rather impossible (remember the chain trust!) under the given circumstances).
You need to spend the coins again.
You need to sell the remaining coins in a short period of time.

One thing that could be considered: depending on the value of the transaction one might want to wait more than only 6 confirmations before the transaction is considered successful.

You're talking about the difficulty retarget algo.

Quote
If a crypto has fast difficulty re-targets, it's difficulty to do a 51% attack, cause in the forked chain the difficulty will increase rapidly and will soon reach the target block times, the block time of the main chain will be the same, making a 51% attack impossible.
            
If the main chain's difficulty was high cause of the attacker's majority hashing power, it'll drop to sustain a block interval equal to the attacker's fork chain.

So difficulty adjustment every block may not be good enough.

Unfortunately PPcoin's difficulty retarget algo has not be susceptible to multipools and sudden spikes in difficulty, as a result it's not as refined as compared to PoW coins where we have a lot of innovation going on like DGW, KGW, digishield etc... etc... etc... so the possibility of an attack is always lurking cause the difficulty retarget is not swift enough.

As a good e.g. you can see Entropycoin who's pastblockmass in KGW is 2 -- which makes it 51% resistant.

Also '1%' is just in the subject to explain in short "a small amount". The attacker can wait till 90 days before an attack to get maximum coin age.

One can buy a lot of coins to kill PPcoin clones like Mintcoin, blackcoin etc... but PPC is too expensive to just do a mindless attack. There has to be benefits.

Quote
But let me try the economical evaluation. Say you have 1% of all Peercoins (random example of PoS secured coin Wink ).
You manage to successfully double spend. How many of those Peercoins have you double spent? Half of it?
Say you could successfully double spend half of your 1% Peercoins. Some (only a few) have been used for the attack.
You need to sell 0.5% of all ever created Peercoins in a short period of time (before the attack gets recognized and some kind of panic sell might occur). 0.5% of all Peercoins is a little more than 100,000 PPC. If you have a look at the market depth at even popular markets like btc-e, you see that it'll be a problem to sell those PPC in a short time without a big loss.
You might have double spent a lot of PPC, but you have lost most of the value of the 0.5% you try to sell.
The math would be better if you could double spend more than just the half of the coins. But in that case the attack becomes significantly less likely (and I still doubt you can exactly and deliberately pull off that double spend with only a small share of coins at a chosen point of time - the double spending requires the control over the point of time, though...).

Selling coins in an exchange is based on buy orders. Why do you think it'll take time? Sending coins across multiple exchanges hardly takes any time (except confirmations). Also an exchange may not always be used to sell. It can be done in private, all in an exact timing.

If he sold the first genuine batch of PPC at 100% price, he'll atleast get 60% on the second sell. The attack may be timed -- when big buy orders are in place to increase profit.

The attacker may buy PPC at low prices again based on timing (5 or 6 months ago for e.g.), and sell when the prices are high to further increase profit above 200%.

Again 1% is just an e.g. 100,000 PPC is quite a lot for the record (390 BTC).

Quote
One thing that could be considered: depending on the value of the transaction one might want to wait more than only 6 confirmations before the transaction is considered successful.

PPC takes an hour to confirm a transaction; that's too much time. No one has that much patience, especially exchanges which require swift action in volatile markets.

So confirmation times maybe taken as a block, but never more than an hour. As of large transactions, I've never seen an exchange which increases the no. of confirmations based on the amount received.

Quote
For a forked chain, it'll need a high hashing power for a longer amount of time to overcome the main chain, on top of that, the difficulty re-target algorithm will increase the difficulty making it yet more difficult to overcome the main chain.
            
Since the amount of confirmation blocks depends on the receiver, this factor does not have any affect on the ratings.
full member
Activity: 145
Merit: 100
[...]
The attacker can start forking the chain from the current block minus 2 (forking from the 3rd latest block). By the time 3 other blocks are generated (and the attacker's transaction is confirmed), the probability of the attaker's chain overtaking the genuine chain increases. Once the forked chain is long enough, other miners will now mine on the attacker's forked chain.
[...]

I don't know how that's handled at other implementations, but at Peercoin the difficulty of the PoW and the PoS process are automatically adjusted to let the network create 1 block each 10 minutes - allow me to ignore the PoW blocks in this scenario.

For security the PoS process is relevant, because the trust of PoW blocks is one (which is negligible compared to the PoS block trust of billions at the current difficulty).
The "attacking chain" lets the network adjust the difficulty in "his/her fork" by having less success in minting (due to less coin age in use than the "regular" chain; the scenario is based on an attack with only 1% of coins).
The difficulty gets adjusted and the outcome is 1 block each 10 minutes with less trust than in the "regular" chain (because the trust depends on the difficulty).
The decision which chain to choose in case of forking is based on the chain trust and not by the length of the chain.

I don't believe the point of this attempted attack is to lower the difficulty, but to have more coin age than the rest of the network (due to the fact that very little coin age is lost with staking blocks).  So, if the attacker continues to hold more than 50% of the coin age as he mines blocks, the difficulty would actually increase.  However, there may be other factors taken into consideration that would prevent this, and for PPC in particular the 3 month maximum coin age would severely limit the attack.
full member
Activity: 145
Merit: 100
For 0.01 TX fee, the attack will be made just 1% more expensive.

So it doesn't matter.

It does matter. The 0.01 PPC tx fee will dramatically limit your attack power. You have to pay 0.01PPC tx fee for each smaller unit of PPC when you divide each PPC into smaller unit of PPC, so you can't divide one PPC into unlimited smaller unit of PPC.

That comes out as 1% overhead. 0.01/1*100 = 1%

You cant stake mine with balance under 1 coin, so that's the minimum you need to split.

You can't assume the minimum would be adequate.  You may need to subdivide into millions of separate transactions to provide enough leverage for this to work.  And then whether it will work depends on the specific implementation of proof of stake you're talking about.

Assume? It's the reality. In PPcoin (and in most PoS cryptos), you're not eligible for PoS mining if the coin's quantity is less than 1. They attacker may use 2 even, but there's no point in doing that.

To see if this attack will work on not depends on the situation (current difficulty) and not the design. All 100% PoS coins are vulnerable and hybrids are vulnerable to a certain degree.

You're missing the point of what I said.  Since you can't divide into less than one coin, that limits your ability to leverage this attack vector.  So the point is you can't just assume you'll have enough leverage for an attack, since there's a hard limit.

Coin age used to mine blocks; I don't understand for what purpose it will determine what chain to follow.

...To prevent attacks like the one you're suggesting (and others).  I am referring to coin age spent on staking blocks, not coin age held in wallets.  Using only coin age spent would obviously be a bad idea as well, so I'm guessing it's some combination of block length and coin age spent taken into consideration, but I don't know specifically what is used in PPC or BC.

If this concept fails, you'll not get a return of 1% per annum. All coins in the wallet are treated equally as all coins in the network; each coin doesn't prefer a specific chain.

I'm not sure what you're even talking about here.  Of course each coin doesn't pick its own chain, the wallet will use the protocol's rules in determining which chain to follow, simple as that.  I think most coins use something different than the simple "longest chain" these days though, even bitcoin factors in work completed.
sr. member
Activity: 321
Merit: 250
[...]
The attacker can start forking the chain from the current block minus 2 (forking from the 3rd latest block). By the time 3 other blocks are generated (and the attacker's transaction is confirmed), the probability of the attaker's chain overtaking the genuine chain increases. Once the forked chain is long enough, other miners will now mine on the attacker's forked chain.
[...]

I don't know how that's handled at other implementations, but at Peercoin the difficulty of the PoW and the PoS process are automatically adjusted to let the network create 1 block each 10 minutes - allow me to ignore the PoW blocks in this scenario.

For security the PoS process is relevant, because the trust of PoW blocks is one (which is negligible compared to the PoS block trust of billions at the current difficulty).
The "attacking chain" lets the network adjust the difficulty in "his/her fork" by having less success in minting (due to less coin age in use than the "regular" chain; the scenario is based on an attack with only 1% of coins).
The difficulty gets adjusted and the outcome is 1 block each 10 minutes with less trust than in the "regular" chain (because the trust depends on the difficulty).
The decision which chain to choose in case of forking is based on the chain trust and not by the length of the chain.

Result: that forked chain will not be chosen by standard clients.

And this is only a technical evaluation. Evaluating that attack economically is another thing that might question the "success" of such an attack - assuming it is done for economical reasons. It can for sure be considered that some entity simply wants to "kill" a coin.

But let me try the economical evaluation. Say you have 1% of all Peercoins (random example of PoS secured coin Wink ).
You manage to successfully double spend. How many of those Peercoins have you double spent? Half of it?
Say you could successfully double spend half of your 1% Peercoins. Some (only a few) have been used for the attack.
You need to sell 0.5% of all ever created Peercoins in a short period of time (before the attack gets recognized and some kind of panic sell might occur). 0.5% of all Peercoins is a little more than 100,000 PPC. If you have a look at the market depth at even popular markets like btc-e, you see that it'll be a problem to sell those PPC in a short time without a big loss.
You might have double spent a lot of PPC, but you have lost most of the value of the 0.5% you try to sell.
The math would be better if you could double spend more than just the half of the coins. But in that case the attack becomes significantly less likely (and I still doubt you can exactly and deliberately pull off that double spend with only a small share of coins at a chosen point of time - the double spending requires the control over the point of time, though...).

In the end it is neither technically nor economically inviting to try such an attack.
You need to spend coins.
You need to successfully make a fork of the block chain the chosen one at exactly that point of time (like explained above not only not likely but rather impossible (remember the chain trust!) under the given circumstances).
You need to spend the coins again.
You need to sell the remaining coins in a short period of time.

One thing that could be considered: depending on the value of the transaction one might want to wait more than only 6 confirmations before the transaction is considered successful.
hero member
Activity: 686
Merit: 500
However, doesn't the luck increase exponentially rather than evenly, such that a transaction with 4 coins in, is far more probable than 4 single 1 coin transactions to mint a block?

Yes -- this's close to what I'm trying to do. The luck remains the same with 4 single 1 coin transactions, but after a block has been mined, one of the coin's age will be consumed and it'll not be available for mining -- the rest 3 are still available for mining.

So that increases the effective hashing power exponentially and for a long amount of time.

Of course 4 coins is just an e.g. I've already said --

Quote
The larger the value of A, the closer is the mining power to x as a single coin will be less significant for a large value of A.

In this e.g. A = 4 single 1 coin transactions

And x = approx. time to mine a block when A is received as a single full transaction.

I don't know much about the details of other PoS implementations, but I might say something about Peercoin.

The coin age that is used for calculating the probability of successful minting is capped at 90 days.
So you can for sure raise the probability for successful minting subsequent blocks by splitting the coins to separate transactions (4 coins in one tx allows minting one block, whereas 4 coins in 4 tx allows minting 4 blocks), but the probability for creating each of the PoS blocks stays low and is far from "owning the block chain" - at least if you have only a small share of coins.

Like you said in your initial post: It's all on the difficulty.

At the current difficulty it's unlikely to mint a block with a tx that contains only 1 PPC. Even if you have reached the max. considered age of 90 days, the probability for successful minting is roughly 1% in 3 months (at diff 10).
If you have 100 tx with 1 PPC each, you have for each of those a probability of 0.01 to succeed and 0.99 to fail.
To fail at minting with all those tx you have 0.99^100 = 0.36
So you have a chance of of 36% to mint not even one block and a chance of 64% to mint at least one block.
And even if you have an almost similar chance to mint more than one block in those 3 months, it is quite unlikely that these are subsequent blocks (in 3 months you have approx. 13,000 blocks of which the majority are PoS blocks).

If you do the math with bigger numbers, you can for sure push the probability higher and higher. But you risk more and more money the more coins you want to use for this attack...

After successful mininting the coins need to gather an age of at least 30 days before they can be used for minting again. And after successful minting the used coins need to mature for 520 blocks before they can be transferred.



Of course you cant kill PPC with 100 coins, you need a lot more. It appears PPC's POS staking is distributed, so it's hashing rate is higher. But you need clearly much less than 51% to attack the network. Besides 1% interest is hardly any incentive to hold and mine PoS blocks.

Quote
And after successful minting the used coins need to mature for 520 blocks before they can be transferred.

That's the interest you're talking about. That's only a small fraction of what coins he holds (a few blocks worth). The attacker won't care about that. He'll be concerned about selling his already confirmed balance.

The text below also applies to PoW also --

When one tries to fork a chain, he modifies the wallet to fork from a specific block and he'll be the only one mining from that specific block. Even if other miners add in, it's good; that'll help further in elongating the chain and making a double spending successful -- that's what the attacker wants. Other miners cant determine which chain is the attacker's and which is the good one, only the attacker know about it.

The attacker can start forking the chain from the current block minus 2 (forking from the 3rd latest block). By the time 3 other blocks are generated (and the attacker's transaction is confirmed), the probability of the attaker's chain overtaking the genuine chain increases. Once the forked chain is long enough, other miners will now mine on the attacker's forked chain.

As of risks of investment, first a fork in the block chain takes quiet a lot of time to determine. The people who's balances went missing are the ones who are complaining and it'll take at least 6 hours for their voice to be heard and the developers to respond to it. The markets will respond at least 2 to 3 hours later (after potential investors and holders will be made aware of it).

So in 8 to 9 hours the attacker can easily sell his coins for something else. All he needs is an hour for the purpose (confirmation time).
hero member
Activity: 686
Merit: 500
For 0.01 TX fee, the attack will be made just 1% more expensive.

So it doesn't matter.

It does matter. The 0.01 PPC tx fee will dramatically limit your attack power. You have to pay 0.01PPC tx fee for each smaller unit of PPC when you divide each PPC into smaller unit of PPC, so you can't divide one PPC into unlimited smaller unit of PPC.

That comes out as 1% overhead. 0.01/1*100 = 1%

You cant stake mine with balance under 1 coin, so that's the minimum you need to split.

You can't assume the minimum would be adequate.  You may need to subdivide into millions of separate transactions to provide enough leverage for this to work.  And then whether it will work depends on the specific implementation of proof of stake you're talking about.

Assume? It's the reality. In PPcoin (and in most PoS cryptos), you're not eligible for PoS mining if the coin's quantity is less than 1. They attacker may use 2 even, but there's no point in doing that.

To see if this attack will work on not depends on the situation (current difficulty) and not the design. All 100% PoS coins are vulnerable and hybrids are vulnerable to a certain degree.

I've heard that in peer coin that the coin age consumed plays a role in determining the preferred chain the network will follow, which may make this attack ineffective (if that's staking coin age, since you would consume very little in your attacking chain with this method), but I'm not sure on the specifics.  Someone who knows the details on the code would have to weigh in.  Since most PoS coins are forked from Peercoin, this attack may not be an issue.

Coin age used to mine blocks; I don't understand for what purpose it will determine what chain to follow. I mean, chains get forked for genuine reasons (network latency) and all chains will have to be respected for things to work and that includes the attackers chain. There's no way to determine the new forked chain being formed is by an attacker or not.

If this concept fails, you'll not get a return of 1% per annum. All coins in the wallet are treated equally as all coins in the network; each coin doesn't prefer a specific chain.
sr. member
Activity: 321
Merit: 250
However, doesn't the luck increase exponentially rather than evenly, such that a transaction with 4 coins in, is far more probable than 4 single 1 coin transactions to mint a block?

Yes -- this's close to what I'm trying to do. The luck remains the same with 4 single 1 coin transactions, but after a block has been mined, one of the coin's age will be consumed and it'll not be available for mining -- the rest 3 are still available for mining.

So that increases the effective hashing power exponentially and for a long amount of time.

Of course 4 coins is just an e.g. I've already said --

Quote
The larger the value of A, the closer is the mining power to x as a single coin will be less significant for a large value of A.

In this e.g. A = 4 single 1 coin transactions

And x = approx. time to mine a block when A is received as a single full transaction.

I don't know much about the details of other PoS implementations, but I might say something about Peercoin.

The coin age that is used for calculating the probability of successful minting is capped at 90 days.
So you can for sure raise the probability for successful minting subsequent blocks by splitting the coins to separate transactions (4 coins in one tx allows minting one block, whereas 4 coins in 4 tx allows minting 4 blocks), but the probability for creating each of the PoS blocks stays low and is far from "owning the block chain" - at least if you have only a small share of coins.

Like you said in your initial post: It's all on the difficulty.

At the current difficulty it's unlikely to mint a block with a tx that contains only 1 PPC. Even if you have reached the max. considered age of 90 days, the probability for successful minting is roughly 1% in 3 months (at diff 10).
If you have 100 tx with 1 PPC each, you have for each of those a probability of 0.01 to succeed and 0.99 to fail.
To fail at minting with all those tx you have 0.99^100 = 0.36
So you have a chance of of 36% to mint not even one block and a chance of 64% to mint at least one block.
And even if you have an almost similar chance to mint more than one block in those 3 months, it is quite unlikely that these are subsequent blocks (in 3 months you have approx. 13,000 blocks of which the majority are PoS blocks).

If you do the math with bigger numbers, you can for sure push the probability higher and higher. But you risk more and more money the more coins you want to use for this attack...

After successful mininting the coins need to gather an age of at least 30 days before they can be used for minting again. And after successful minting the used coins need to mature for 520 blocks before they can be transferred.

full member
Activity: 145
Merit: 100
For 0.01 TX fee, the attack will be made just 1% more expensive.

So it doesn't matter.

It does matter. The 0.01 PPC tx fee will dramatically limit your attack power. You have to pay 0.01PPC tx fee for each smaller unit of PPC when you divide each PPC into smaller unit of PPC, so you can't divide one PPC into unlimited smaller unit of PPC.

That comes out as 1% overhead. 0.01/1*100 = 1%

You cant stake mine with balance under 1 coin, so that's the minimum you need to split.

You can't assume the minimum would be adequate.  You may need to subdivide into millions of separate transactions to provide enough leverage for this to work.  And then whether it will work depends on the specific implementation of proof of stake you're talking about.

I've heard that in peer coin that the coin age consumed plays a role in determining the preferred chain the network will follow, which may make this attack ineffective (if that's staking coin age, since you would consume very little in your attacking chain with this method), but I'm not sure on the specifics.  Someone who knows the details on the code would have to weigh in.  Since most PoS coins are forked from Peercoin, this attack may not be an issue.

There's also a "PoS 2.0" that's supposed to be coming out in a while for BlackCoin that addresses some PoS security issues, but not sure in particular what those issues are.  Might be more info coming out later.
hero member
Activity: 686
Merit: 500
For 0.01 TX fee, the attack will be made just 1% more expensive.

So it doesn't matter.

It does matter. The 0.01 PPC tx fee will dramatically limit your attack power. You have to pay 0.01PPC tx fee for each smaller unit of PPC when you divide each PPC into smaller unit of PPC, so you can't divide one PPC into unlimited smaller unit of PPC.

That comes out as 1% overhead. 0.01/1*100 = 1%

You cant stake mine with balance under 1 coin, so that's the minimum you need to split.
hero member
Activity: 815
Merit: 502
For 0.01 TX fee, the attack will be made just 1% more expensive.

So it doesn't matter.

It does matter. The 0.01 PPC tx fee will dramatically limit your attack power. You have to pay 0.01PPC tx fee for each smaller unit of PPC when you divide each PPC into smaller unit of PPC, so you can't divide one PPC into unlimited smaller unit of PPC.
hero member
Activity: 835
Merit: 1000
There is NO Freedom without Privacy
Interesting just because i know no one outside of hard core Crypto is going to understand any of that - can i just state it in plain language and you tell me if i far or close to the mark?


PoS  means Proof of ownershipPiece of shit like owning a piece of shit.

When you hold units of crpyto they age like bonds and mature giving back an "interest" stake -  

DE_logics is basically saying  or theorizing that under certain conditions  if you had:


10 Bonds (ten pieces of interest bearing paper) each worth 1 unit + 1 unit of interest.

you would earn more net interest verses:

One single 10 unit Bond + its interest.

* even if the interest is meant to be equal - i.e the 10 bonds should equal the exact same net return as the single Bond because they are the same units net worth and the interest rate is "fixed" by whole the system.

and in this way, this could be a flaw in PoS  because someone could split up their bonds (something you can do with crypto)  and generate enough interest to control the whole game.



how did i do ?

if its on or close to the mark i will post it back on the other thread as it is relevant -
fixed
hero member
Activity: 686
Merit: 500
However, doesn't the luck increase exponentially rather than evenly, such that a transaction with 4 coins in, is far more probable than 4 single 1 coin transactions to mint a block?

Yes -- this's close to what I'm trying to do. The luck remains the same with 4 single 1 coin transactions, but after a block has been mined, one of the coin's age will be consumed and it'll not be available for mining -- the rest 3 are still available for mining.

So that increases the effective hashing power exponentially and for a long amount of time.

Of course 4 coins is just an e.g. I've already said --

Quote
The larger the value of A, the closer is the mining power to x as a single coin will be less significant for a large value of A.

In this e.g. A = 4 single 1 coin transactions

And x = approx. time to mine a block when A is received as a single full transaction.
legendary
Activity: 868
Merit: 1000
ADT developer
i can confirm that the OP is on the right track and it is possible to fork a coin with only a few stake blocks but there are far more reliable and effective ways of making a coin fork

I have been running a POW/POS coin for while now and i have seen a lot of ways people try and attack coins i cant go into how its done but a lot of the coins are no way near as secure as people want you to think 
Pages:
Jump to: