Nxt source code flaw reports - page 53.

xibeijan

legendary

Activity: 1232

Merit: 1001

Quote from: Come-from-Beyond on January 04, 2014, 11:15:54 AM

Quote from: xibeijan on January 04, 2014, 11:14:31 AM

So, at .99^68 we have a 50% chance of predicting which one of our accounts will mine the 68th block from now.

No. 99% is just a guess. We'll get the real number after I analyze the blockchain.

Perhaps you can try to solve it analytically and get an equation?

ricot

newbie

Activity: 56

Merit: 0

Quote from: Come-from-Beyond on January 04, 2014, 10:49:25 AM

Quote from: ricot on January 04, 2014, 10:46:21 AM

But it doesn't work like a check-pointing... it just gives an angle of attack on the network and I can see no benefit at all...

The code was written with TF in mind. When TF is on it's supposed to work as a checkpoint.

Even with transparent mining, I can't see how that is avoided. Peers on the forked network will just mine further blocks on the forked network and the situation will get more confusing because the block creation speed increases.

Come-from-Beyond

legendary

Activity: 2142

Merit: 1009

Newbie

Quote from: NxtChoice on January 04, 2014, 11:15:55 AM

where

Code:

if ((amount + fee) * 100L > account.unconfirmedBalance)

should be

Code:

if ((amount + fee) * 100L > account.balance)

Why?

NxtChoice

full member

Activity: 238

Merit: 100

Code:

Account account = accounts.get(Account.getId(publicKey));
													if (account == null) {
														
														response.put("errorCode", 6);
														response.put("errorDescription", "Not enough funds");
														
													} else {
														
														if ((amount + fee) * 100L > account.unconfirmedBalance) {
															
															response.put("errorCode", 6);
															response.put("errorDescription", "Not enough funds");
															
														}

where

Code:

if ((amount + fee) * 100L > account.unconfirmedBalance)

should be

Code:

if ((amount + fee) * 100L > account.balance)

Come-from-Beyond

legendary

Activity: 2142

Merit: 1009

Newbie

Quote from: xibeijan on January 04, 2014, 11:14:31 AM

So, at .99^68 we have a 50% chance of predicting which one of our accounts will mine the 68th block from now.

No. 99% is just a guess. We'll get the real number after I analyze the blockchain.

Come-from-Beyond

legendary

Activity: 2142

Merit: 1009

Newbie

Quote from: FrictionlessCoin on January 04, 2014, 11:12:03 AM

But I think with transparent mining, you can predict forever into the future.

Thank u for ur competent opinion.

xibeijan

legendary

Activity: 1232

Merit: 1001

Quote from: Come-from-Beyond on January 04, 2014, 11:10:45 AM

Quote from: xibeijan on January 04, 2014, 11:09:04 AM

Is the account that forges the next block is still randomised? How far ahead can one predict?

Yes, accounts r randomized. Next block u can predict with 99% chance, 2nd - 99%*99%, 3rd - 0.99^3 and so on.

So, at 0.99^68 an adversary has a 50% chance of predicting which one of his M accounts will mine the 68th block from now.

I think you should seriously consider raising the forging penalty for moving NXT from 1 block to 1440 blocks.

This means the probability of an adversary predicting which of his M accounts will mine block 1440 is only 5.18e-7.

FrictionlessCoin

legendary

Activity: 868

Merit: 1000

Cryptotalk.org - Get paid for every post!

Quote from: xibeijan on January 04, 2014, 11:09:04 AM

Quote from: Come-from-Beyond on January 04, 2014, 11:07:36 AM

Quote from: FrictionlessCoin on January 04, 2014, 11:04:50 AM

Not sure how it should work here since nobody has provided a spec.

Anyway, for Nakamoto's bitcoin, no single miner has exclusive right to mine a block. So you see competing blocks submitted to the network and eventually the block that is in the longest chain gets committed and the rest become orphaned.

With this system, it appears that a single miner gets the right to mine a block. So there is an assumption that you never see competing blocks commited to the network and you never need to decide which is the longest block.

I honestly think this is a bad assumption, and the protocol should allow for competing blocks to be submitted.

U r wrong. The only difference that in Nxt u can predict who will forge next block. That's the main point of Transparent Forging.

Is the account that forges the next block is still randomised? How far ahead can one predict?

Again, still no spec.

But I think with transparent mining, you can predict forever into the future.

xibeijan

legendary

Activity: 1232

Merit: 1001

Quote from: ricot on January 04, 2014, 10:59:40 AM

Quote from: xibeijan on January 04, 2014, 10:55:32 AM

Quote from: FrictionlessCoin on January 04, 2014, 10:09:11 AM

Quote from: ImmortAlex on January 04, 2014, 09:55:41 AM

What was new for me, is that target doesn't directly depend on time your previous generation. There's no "coin days" like in PPC or NVC.

No coin days, so miners can game the system since with what they call 'transparent mining' they know beforehand if it is there turn to mine, so they can move around their coins to the miner that is going to get its turn.

So to game this system, you have a bunch of say N miners and then you have a balance of M that you move around to the miner that will be mining next. So effectively you get N*M more profitability.

Sadly, that won't work because when you move your coins there's a penalty of 1440 blocks before they can be used for mining again.

The penalty is 1 block, not 1440 blocks. 1440 blocks is only for new accounts.

If this does turn out to be a weakness, then I would suggest changing penalty from 1 block to 1440 blocks.

Then an adversary would need to predict 1439 blocks into the future, because the account to mine the next block depends on the who mined (and what the contents were of) the previous block.

FrictionlessCoin

legendary

Activity: 868

Merit: 1000

Cryptotalk.org - Get paid for every post!

Quote from: Come-from-Beyond on January 04, 2014, 11:07:36 AM

Quote from: FrictionlessCoin on January 04, 2014, 11:04:50 AM

Not sure how it should work here since nobody has provided a spec.

Anyway, for Nakamoto's bitcoin, no single miner has exclusive right to mine a block. So you see competing blocks submitted to the network and eventually the block that is in the longest chain gets committed and the rest become orphaned.

With this system, it appears that a single miner gets the right to mine a block. So there is an assumption that you never see competing blocks commited to the network and you never need to decide which is the longest block.

I honestly think this is a bad assumption, and the protocol should allow for competing blocks to be submitted.

U r wrong. The only difference that in Nxt u can predict who will forge next block. That's the main point of Transparent Forging.

That is exactly what I am saying, if you can predict which miner is allowed to forge the block then you trust that miner to forge the block correctly.

What I am saying is that this assumption is problematic. You cannot trust miners to be available or to be trust worthy, so you need other competing blocks.

Come-from-Beyond

legendary

Activity: 2142

Merit: 1009

Newbie

Quote from: xibeijan on January 04, 2014, 11:09:04 AM

Is the account that forges the next block is still randomised? How far ahead can one predict?

Yes, accounts r randomized. Next block u can predict with 99% chance, 2nd - 99%*99%, 3rd - 0.99^3 and so on.

xibeijan

legendary

Activity: 1232

Merit: 1001

Quote from: Come-from-Beyond on January 04, 2014, 11:07:36 AM

Quote from: FrictionlessCoin on January 04, 2014, 11:04:50 AM

Not sure how it should work here since nobody has provided a spec.

Anyway, for Nakamoto's bitcoin, no single miner has exclusive right to mine a block. So you see competing blocks submitted to the network and eventually the block that is in the longest chain gets committed and the rest become orphaned.

With this system, it appears that a single miner gets the right to mine a block. So there is an assumption that you never see competing blocks commited to the network and you never need to decide which is the longest block.

I honestly think this is a bad assumption, and the protocol should allow for competing blocks to be submitted.

U r wrong. The only difference that in Nxt u can predict who will forge next block. That's the main point of Transparent Forging.

Is the account that forges the next block is still randomised? How far ahead can one predict?

Come-from-Beyond

legendary

Activity: 2142

Merit: 1009

Newbie

Quote from: FrictionlessCoin on January 04, 2014, 11:04:50 AM

Not sure how it should work here since nobody has provided a spec.

Anyway, for Nakamoto's bitcoin, no single miner has exclusive right to mine a block. So you see competing blocks submitted to the network and eventually the block that is in the longest chain gets committed and the rest become orphaned.

With this system, it appears that a single miner gets the right to mine a block. So there is an assumption that you never see competing blocks commited to the network and you never need to decide which is the longest block.

I honestly think this is a bad assumption, and the protocol should allow for competing blocks to be submitted.

U r wrong. The only difference that in Nxt u can predict who will forge next block. That's the main point of Transparent Forging.

FrictionlessCoin

legendary

Activity: 868

Merit: 1000

Cryptotalk.org - Get paid for every post!

Quote from: vamdor on January 04, 2014, 10:46:41 AM

Quote from: Come-from-Beyond on January 04, 2014, 10:43:52 AM

Quote from: vamdor on January 04, 2014, 10:38:05 AM

Then what is rationale behind it? Pretty much the main point of proof-of-work is that this can't be done.

This can be done in PoW too.

No. In PoW the cumulative work clearly decides the valid branch, there is no option that you see two branches and can't decide which one is the "real one" accepted as the consensus.

Not sure how it should work here since nobody has provided a spec.

Anyway, for Nakamoto's bitcoin, no single miner has exclusive right to mine a block. So you see competing blocks submitted to the network and eventually the block that is in the longest chain gets committed and the rest become orphaned.

With this system, it appears that a single miner gets the right to mine a block. So there is an assumption that you never see competing blocks commited to the network and you never need to decide which is the longest block.

I honestly think this is a bad assumption, and the protocol should allow for competing blocks to be submitted.

xibeijan

legendary

Activity: 1232

Merit: 1001

Quote from: ImmortAlex on January 04, 2014, 10:59:21 AM

Quote from: xibeijan on January 04, 2014, 10:55:32 AM

Quote from: FrictionlessCoin on January 04, 2014, 10:09:11 AM

Quote from: ImmortAlex on January 04, 2014, 09:55:41 AM

What was new for me, is that target doesn't directly depend on time your previous generation. There's no "coin days" like in PPC or NVC.

No coin days, so miners can game the system since with what they call 'transparent mining' they know beforehand if it is there turn to mine, so they can move around their coins to the miner that is going to get its turn.

So to game this system, you have a bunch of say N miners and then you have a balance of M that you move around to the miner that will be mining next. So effectively you get N*M more profitability.

Sadly, that won't work because when you move your coins there's a penalty of 1440 blocks before they can be used for mining again.

AFAIK 1440 blocks penalty is only for new account. Account can forge 1440 blocks after first only transaction.

I thought it's once the coins are moved. Thought I saw that in source. Anyway, no reason it couldn't/shouldn't be a 1440 penalty. Would make forging a lot more interesting and possibly more secure.

Come-from-Beyond

legendary

Activity: 2142

Merit: 1009

Newbie

Quote from: ImmortAlex on January 04, 2014, 10:59:21 AM

AFAIK 1440 blocks penalty is only for new account. Account can forge 1440 blocks after first only transaction.

Right. But if u decide to add some numbers u'll see that u get no advantage, except paying fees to other miners.

ricot

newbie

Activity: 56

Merit: 0

Quote from: xibeijan on January 04, 2014, 10:55:32 AM

Quote from: FrictionlessCoin on January 04, 2014, 10:09:11 AM

Quote from: ImmortAlex on January 04, 2014, 09:55:41 AM

What was new for me, is that target doesn't directly depend on time your previous generation. There's no "coin days" like in PPC or NVC.

No coin days, so miners can game the system since with what they call 'transparent mining' they know beforehand if it is there turn to mine, so they can move around their coins to the miner that is going to get its turn.

So to game this system, you have a bunch of say N miners and then you have a balance of M that you move around to the miner that will be mining next. So effectively you get N*M more profitability.

Sadly, that won't work because when you move your coins there's a penalty of 1440 blocks before they can be used for mining again.

The penalty is 1 block, not 1440 blocks. 1440 blocks is only for new accounts.

ImmortAlex

hero member

Activity: 784

Merit: 501

Quote from: xibeijan on January 04, 2014, 10:55:32 AM

Quote from: FrictionlessCoin on January 04, 2014, 10:09:11 AM

Quote from: ImmortAlex on January 04, 2014, 09:55:41 AM

What was new for me, is that target doesn't directly depend on time your previous generation. There's no "coin days" like in PPC or NVC.

No coin days, so miners can game the system since with what they call 'transparent mining' they know beforehand if it is there turn to mine, so they can move around their coins to the miner that is going to get its turn.

So to game this system, you have a bunch of say N miners and then you have a balance of M that you move around to the miner that will be mining next. So effectively you get N*M more profitability.

Sadly, that won't work because when you move your coins there's a penalty of 1440 blocks before they can be used for mining again.

AFAIK 1440 blocks penalty is only for new account. Account can forge 1440 blocks after first only transaction.

xibeijan

legendary

Activity: 1232

Merit: 1001

Quote from: FrictionlessCoin on January 04, 2014, 10:09:11 AM

Quote from: ImmortAlex on January 04, 2014, 09:55:41 AM

What was new for me, is that target doesn't directly depend on time your previous generation. There's no "coin days" like in PPC or NVC.

No coin days, so miners can game the system since with what they call 'transparent mining' they know beforehand if it is there turn to mine, so they can move around their coins to the miner that is going to get its turn.

So to game this system, you have a bunch of say N miners and then you have a balance of M that you move around to the miner that will be mining next. So effectively you get N*M more profitability.

Fortunately, your idea won't work because when you move your coins there's a penalty of 1440 blocks before they can be used for mining again.

N.B. the account to mine the next block also depends on the previous blocks, so you'd have something like 1439 unknown blocks to predict.

ImmortAlex

hero member

Activity: 784

Merit: 501

Quote from: Come-from-Beyond on January 04, 2014, 10:47:15 AM

Quote from: gsan1 on January 04, 2014, 10:40:54 AM

If announcedAddress is not null, it adds it as a member variable to object peer. Afterwards it checks if peer is not null. Could there be a null pointer exception? Or is announcedAdress only not null when peer is not null?

Looks like a non-critical bug, I'll check it, thx. This is not the flaw.

https://bitcointalksearch.org/topic/m.4288242

Topic: Nxt source code flaw reports - page 53. (Read 113359 times)