Topic: It's about time to turn off PoW mining - page 20. (Read 39732 times)

BINGO

This is exactly why PoS coins will never succeed. If you are able to roll back transactions of what you think are an attack on the network then you can roll back transactions on people who are simply unpopular to the network. This will make it so people will be afraid to use/adopt the coin because they will be afraid what they are doing is unpopular enough so any payment to them would simply be unwound.

With DPoS, 30% wouldn't matter. You would need 51% of the money supply. Even an attacker obtained 51% of the money supply would not matter.. see the third paragraph of my last post.

I would doubt this. If fungibility of bitcoin is ever put into question then bitcoin would be all but guaranteed to fail. Not only would it be near impossible to prove that the bitcoin was actually stolen, an attacker would likely move the stolen bitcoin through a mixer quickly enough so that it would be near impossible to tell exactly what addresses are "his".

That is an example of why PoS coins are so vulnerable to attacks. If Vericoin was something that was actually used in commerce then it would have been impossible to determine which coins belonged to the hacker

Congrats, now hack my computer to find my delegate node and you are 1/51 of the way there.

Then you must do the same for 50 more delegates, and you code an attack script.

Then we notice your attack and vote the attacking delegates out of power, and roll back the block chain to just before the attack started.

Then life moves on and we laugh and tell stories about it for years to come.  

I think CoinHoarder is a delgate.


from another forum:

Well, there being more variables to being DDOS resistant I can agree with, which you mentioned in you last post. Admittedly I am not an expert in network security, but I am not a complete idiot and am trying to rationalize the pros and cons and offer my opinion as best I can. If I am wrong on something feel free to point it out to me as I am still learning exactly how DPOS works. You bringing up that if the delegates were compromised, then they might as well steal funds and attack (not produce a block in a timely manner, sign a bad block, or not include valid transactions.) That is true.. a DDoS at that point would be silly, so let's go over that.

Suppose 51% of the delegates happened to be compromised and attacked the network, they could then be voted out and replaced with new delegates. Also.. It is not implemented right now, but there is also the possibility to program it into the client where if a delegate was to sign two blocks (double spend), that the client could automatically vote them out.

If the attacker gains a 51% stake then we can't vote out the attacker and it is similar to a 51% attack on a PoW coin, except it results in the non nefarious owners doubling their stake in the DPoS coin! If someone gets 51% stake, we could then take a snapshot of the attacked chain by identifying the unspent transaction outputs which were voting for the corrupt delegates at the time of the attack, and create a new genesis block from that snapshot with those particular unspent transaction outputs made void. A chain identical to the previous failed one is created using this new genesis block, which takes stake control away from the attacker leaving the other innocent 49% of stake holders with 100% of the stake of the new chain. Those who sold to the attacker should be happy because they made a voluntary exchange and got out before the attack. And those who did not sell to the attacker are also happy because they doubled their stake in the honest chain that will quickly regain its old value, which should hopefully compensate them for the brief outage of the chain.

uh that is still not an example of successful 51% attack.

If someone stole 30% of total Bitcoin from an exchange, I would think Bitcoin will hardfork and block the thief's address too. Otherwise the eco-system will probably fail.

Well sure, if they are compromised they may as well steal their coins or attack the network directly rather than mount a DDoS attack. I wasn't discussing best strategy for a hacker with you but merely pointing out there are many more variables into being DDOS resistant than simply having a harder to find dynamic IP.

To attack a PoW pool you would need a very large botnet and it would essentially temporarily hurt the pool operators and not effect the miners unless they cloud mine because they have their asics configured with fallback pools.

You can produce a list of names, not IP addresses. You would then need to compromise those people's computers to get the IP address of their delegate server, no? There is an added layer of security there, whereas I can get the IP addresses for all Bitcoin pools with 10 minutes worth of work as pool addresses are much easier attainable. I think you are making it out to be easier than it actually is.

Even if you were able to figure out the IPs of 80% to 90% of the delegate servers and DDOS them, all it would do is slow down the network.. It wouldn't make it vulnerable to attack. When one delegate misses a block, the next delegate includes their block and the previous missed block into the block chain. I believe in the unlikely event that 80 or 90 consecutive (likely it would be less because it is extremely unlikely that the delegates turns for that specific round were in exactly that order) blocks were missed, they would be recorded by the 81st or 91st delegate into the block chain.

It seems like a lot of work to only inconvenience the chain (slow it down.) Whereas a DDOS on the pools of a PoW coin can have security implications because then less hash power is needed to mount a possible attack.

You are ignoring many other variables like CDN's, Firewalls, available bandwidth, network security specialists, quality of the server configuration, and the fact that miners have fallback pools that they instantly mine on if their primary pool gets hit with a DDOS attack.

The delegates likely have none of these benefits and thus could easily be knocked down with a small botnet.  

Yes, many of the delegates are publicly known with a degree of probability.... I can produce a list of names that I can DOX with a likely 80-90% probability that they are a delegate. I don't need to have 100% confidence to what delegate username matches with the actual delegate to attack them. In the future I would also suspect delegates that are publicly recognized would tend to garner more support and more votes so this makes them even more vulnerable to being manipulated.

I believe you are good intentioned with trying to help people but you really are unfamiliar with network security as evidenced in this thread. People that understand good security are humble, as everything is vulnerable. Notice how I repeatedly mention how and why bitcoin is vulnerable?

FYI.... I like DPOS in reality and think there is a very important function for the coin. I am just trying to help people see through the propaganda.

I'd say a DDOS attack is less likely with DPOS than it is with Bitcoin's PoW. It is harder for a hacker to find out delegates IP addresses than Ghash or discus fish IP addresses, as there are many delegates and delegates don't have public facing web sites and pool information. All delegate's identities are not publicly known.

I admit my wording of that statement was poor.

This isn't just misleading, but false. It is trivial for any hacker to gain access to the IP's of many of the delegates. 

The best you could say is DPoS is designed where script kiddies cannot easily take an off the shelf ICMP tool to attack a delegate.

Where are you getting your security "facts" from? Think critically about any claims, especially if they are coming from a biased sources.

It seems you don't know what you're talking about. Without 51% of the money supply so you can vote in your own attacking delegates, this is not possible. There are only two attacks that are known for DPoS.. a 51% attack and DDOS of the delegates. DPoS is further protected against a DDOS attack because the delegates are only known to the public through their account names, and no one knows the IPs of all (or even some) delegate nodes.

More about DPoS: http://bitshares.org/delegated-proof-of-stake/
Even more about DPoS: http://wiki.bitshares.org/index.php/DPOS
Old discussions on DPoS: https://bitsharestalk.org/index.php?topic=4009.0
Discussions regarding "nothing at stake" attacks: https://bitsharestalk.org/index.php?topic=6584.0
More discussion about NaS attack: https://bitsharestalk.org/index.php?topic=6638.0

This is false, as you are simply internalizing the risks with PoS instead of externalizing them. You would simply need to hack 8 to 12 peoples computers(Nxt  as the example since you mention PoS- http://charts.nxtcrypto.org/cDistribution.aspx) or they would have to decide to attack the system themselves if they are coerced to or have some reason.

I am not suggesting that PoS doesn't have any advantages over PoW , merely suggesting that your claims are fallacious. If we make PoW more distributed and people adopted p2p pools Bitcoin would be far more secure than any PoS coin.

Vericoin forked because someone stole 20-30% (dont remember the exact ammount) of the coin supply from mintpal, after staking the coins they would be able do attacks.


This could easily happen, even PoS coins are horded at exchanges and NOT staked because people are trading them, not staking them.

Interesting.

Bitcoin is a protocol which has hardware, software, firmware, and developers specifically designed to interact with it. So it is more akin to SMTP/HTML/IPv4 protocols where despite their many flaws remain around to this day and other technologies are simply scaffolded around them. Cellphones, TV's, and other electronics are consumable items that need to be replaced on a regular basis anyways, unlike the Bitcoin protocol or any other protocol or standard. Protocols and standards may be eventually phased out but that is a slow and gradual process(20+ years) and often never happens. (Blueray players still read dvd discs and CD disks despite being over 30+ years old). Another aspect that matters is familiarity and training. The Dvorak Keyboard is superior to the Qwerty Keyboard but the qwerty keyboard has dominated for over 140 years because it has had first mover advantage. You keep mentioning how vested interests are a bad thing and fail to mention the positive aspects. Examples have been already manifested by all the Nxt PoS clone failures. Vested interests of originally stake holders is a good thing as well as they create a solid support base and developer base because you need to incentivize these early supporters.

All of this being said I do believe that DPoS/PoS could slowly be phased into bitcoin over time without to many transitional problems. The problem with doing this is it does disrupts large industries which support the bitcoin ecosystem and you are still not acknowledging the inherent flaws within DPoS and PoS. Some of us understand the flaws within PoW and have clear plans on how to correct them as previously mentioned without introducing a whole new different set of flaws.

Judging by your massive post count you will someday be a legendary member.  People might read this thread, see lots of gold coins by your name and get confused.  Hahaha

BTW, I agree with you other arguments too.  Broadly looking at any technology, we can see that the first generation was passed by a second generation.  In some cases, they still exist side by side with the first generation keeping some of its marketshare, but the second generation becoming much bigger. 

Examples:  Credit cards are more popular than cash in the US, but cash still exists.  Smartphones are more popular than cheapy phones, but a person can still go into a phone shop and get a flip phone.  Cars are much more popular than riding horses, yet in some places people with cars still choose on occasion to ride horses. 

Did someone mention that PoW coins are backed by energy it took to create them?

Well, you guys should study history of money and definitions better.

'Backing currency with something' means you can convert the currency back to a pre-determined amount of the underlying asset, that's why it's called 'backing'. You can't convert Bitcoins or any other PoW currency to a pre-determined amount of energy any better than you can convert a PoS coin. The only value a coin has is utility value, which is what it can be used for. The more functions the coin has, the higher the utility value, and that's how the price is discovered on the market. The argument of 'PoW is backed by energy' doesn't hold water.

Dot.com in the late 1990s was $7 trillion of wealth and 2% of the global population was using the internet back then.

Bitcoin instead is only used by an estimated 500K-2 million people.  I don't think Bitcoin has any holding power yet in a potential $Trillion market involving 150+ million people (later billions).  Bitcoin to me has been very complacent compared with all these interesting developments among the alternates.