Nxt source code flaw reports - page 9.

jkoil

hero member

Activity: 834

Merit: 524

Nxt NEM

Quote from: Come-from-Beyond on January 30, 2014, 04:54:46 PM

For those who prefer practice, not theory:

Account 4747512364439223888 stats:

Balance = 50'000'000
Number of forged blocks = 7496

Nxt blockchain stats:

Total number of blocks = 54230
Average base target = ~500%

"4747" forged 13.8% of all blocks. Theoretically "4747" should have forged (50M / 1000M) * (500% / 100%) = 5% * 5 = 25% of all blocks if he forged all the time and without orphaned blocks. So we see that jettico's math is proved wrong by what we see in the reality.

"if he forged all the time "

Is it known how much time he used?
What if he used only half of the time ...
Wouldn't the expected % then be 12.5% < 13.8% ?

More statistics, plz

Those I've wanted from the beginning ...

Come-from-Beyond

legendary

Activity: 2142

Merit: 1010

Newbie

For those who prefer practice, not theory:

Account 4747512364439223888 stats:

Balance = 50'000'000
Number of forged blocks = 7496

Nxt blockchain stats:

Total number of blocks = 54230
Average base target = ~500%

"4747" forged 13.8% of all blocks. Theoretically "4747" should have forged (50M / 1000M) * (500% / 100%) = 5% * 5 = 25% of all blocks if he forged all the time and without orphaned blocks. So we see that jettico's math is proved wrong by what we see in the reality.

opticalcarrier

full member

Activity: 238

Merit: 100

Quote from: Come-from-Beyond on January 30, 2014, 04:15:18 PM

Quote from: jettico on January 30, 2014, 03:52:17 PM

No, he didn't provide any sensible answer in any thread.

Repost:

Quote from: Come-from-Beyond on January 30, 2014, 04:10:09 PM

Quote from: jettico on January 30, 2014, 03:25:33 PM

The analogy with throwing dice is for illustrative purposes only.

This is the problem. 100K account does have advantage over 100x 1K accounts. But this advantage is small. In ur example it's noticeable coz u use conventional dice. If u used dice with 2^64 faces u would get other results.

thanks for this explanation. yes, the 'advantage' is extremely small

Come-from-Beyond

legendary

Activity: 2142

Merit: 1010

Newbie

Quote from: jettico on January 30, 2014, 03:52:17 PM

No, he didn't provide any sensible answer in any thread.

Repost:

Quote from: Come-from-Beyond on January 30, 2014, 04:10:09 PM

Quote from: jettico on January 30, 2014, 03:25:33 PM

The analogy with throwing dice is for illustrative purposes only.

This is the problem. 100K account does have advantage over 100x 1K accounts. But this advantage is small. In ur example it's noticeable coz u use conventional dice. If u used dice with 2^64 faces u would get other results.

jettico

member

Activity: 80

Merit: 10

No, he didn't provide any sensible answer in any thread.

opticalcarrier

full member

Activity: 238

Merit: 100

Quote from: Come-from-Beyond on January 30, 2014, 03:23:50 PM

Answered in that thread.

I didnt see a response from you to his description. You did respond to an earlier message about dice, but not the post here:
https://bitcointalksearch.org/topic/m.4844888 or the post right after that one that had a bit more detail.

Or do you refer to the russian thread?

Come-from-Beyond

legendary

Activity: 2142

Merit: 1010

Newbie

Quote from: opticalcarrier on January 30, 2014, 03:19:54 PM

CfB, have you verified that it is a flaw?

Answered in that thread.

opticalcarrier

full member

Activity: 238

Merit: 100

Quote from: Come-from-Beyond on January 30, 2014, 02:54:45 PM

Quote from: jettico on January 30, 2014, 02:50:18 PM

I've found a flaw in the unpublished part of the source code, in the Transparent Forging algorithm.

Rich people get richer faster than poor.

1 NXT coin forging power depends on the wallet size.

Details here: https://bitcointalksearch.org/topic/m.4844888

This is not the injected flaw.

CfB, have you verified that it is a flaw?

Come-from-Beyond

legendary

Activity: 2142

Merit: 1010

Newbie

Quote from: jettico on January 30, 2014, 02:50:18 PM

I've found a flaw in the unpublished part of the source code, in the Transparent Forging algorithm.

Rich people get richer faster than poor.

1 NXT coin forging power depends on the wallet size.

Details here: https://bitcointalksearch.org/topic/m.4844888

This is not the injected flaw.

jettico

member

Activity: 80

Merit: 10

I've found a serious flaw in the unpublished part of the source code, in the Transparent Forging algorithm.

Rich people get richer faster than poor.

1 NXT coin forging power depends on the wallet size.

Details here: https://bitcointalksearch.org/topic/m.4844888

ZeroTheGreat

hero member

Activity: 644

Merit: 500

Quote from: Come-from-Beyond on January 29, 2014, 06:37:11 AM

@superresistant

Thank u you. I completely overlooked that my slang makes it impossible to translate the text via automatic translators.

That's a good thing. Anything'd be thinking-required. Other way of doing things brought us unmeasurable amount of scams and fraudulent today. And so small amount of anyone's base knowledge. Our memory may be unlimited (at least for 90-120 years of functionality for sure), no need to artificially decrease capabilities of it.

For translators: Can't make/update your translator slang-acceptable? Don't use it. Or use it carefully with non-automated corrections.

ZeroTheGreat

hero member

Activity: 644

Merit: 500

Quote from: Come-from-Beyond on January 29, 2014, 06:14:52 AM

U can. That's why it's called Transparent Forging. Not Opaque, not Semi-Transparent.

)))

Russian: cpaзy нaпoмнилo пpo пoлтopa зeмлeкoпa и 3.5 aнoнимyca ))

Jean-Luc

sr. member

Activity: 392

Merit: 250

Quote from: alpha_one_x86 on January 29, 2014, 09:39:08 AM

Error:

Quote

[2014-01-28 12:34:48.426] DEBUG: Error in block generation thread
java.lang.NullPointerException

You use the return of the function without take care of the return value! Nxt.blocks.get() can return invalid value like here.

Yes, and I see nothing wrong with that. This is what exceptions are for. If a block that should be in the Nxt.blocks map is no longer there, something is wrong and there is no point in trying to continue. What would you do, ignore the missing block and pretend all is fine?
See that little DEBUG notice on top? If debug output was not enabled, the end user would not even see the exception. Because it is caught at a higher level, and the block generation thread just skips the current iteration and starts over.

Quote

No it's because you use an language more resistant that's you can't have security problem. (With gcc 4.8 and modern CPU you can have same security with C++ code).

Now I see where you are coming from...

FrictionlessCoin

legendary

Activity: 868

Merit: 1000

Cryptotalk.org - Get paid for every post!

Quote from: alpha_one_x86 on January 29, 2014, 09:39:08 AM

Error:

Quote

[2014-01-28 12:34:48.426] DEBUG: Error in block generation thread
java.lang.NullPointerException
at Nxt$Block.getLastBlocks(Nxt.java:1353)
at Nxt$Account.getGuaranteedBalance(Nxt.java:579)
at Nxt$Account.getEffectiveBalance(Nxt.java:516)
at Nxt$8.run(Nxt.java:6574)
at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:471)
at java.util.concurrent.FutureTask.runAndReset(FutureTask.java:304)
at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.access$301(ScheduledThreadPoolExecutor.java:178)
at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:293)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
at java.lang.Thread.run(Thread.java:744)

Code:

static ArrayList getLastBlocks(int numberOfBlocks)
  {
   ArrayList lastBlocks = new ArrayList(numberOfBlocks);

   long curBlock = ((Block)Nxt.lastBlock.get()).getId();
   do
   {
   Block block = (Block)Nxt.blocks.get(Long.valueOf(curBlock));
   lastBlocks.add(block);
   curBlock = block.previousBlock;
   } while ((lastBlocks.size() < numberOfBlocks) && (curBlock != 0L));
   return lastBlocks;
  }

You use the return of the function without take care of the return value! Nxt.blocks.get() can return invalid value like here.
Please, be more serious with the code, don't do beginer error like that's. Because do the wallet vulnerability!
No it's because you use an language more resistant that's you can't have security problem. (With gcc 4.8 and modern CPU you can have same security with C++ code).

watching

Come-from-Beyond

legendary

Activity: 2142

Merit: 1010

Newbie

Quote from: alpha_one_x86 on January 29, 2014, 09:39:08 AM

Please, be more serious with the code, don't do beginer error like that's. Because do the wallet vulnerability!

I see that Erlang approach to handle exceptions is not very popular. Ok.

alpha_one_x86

sr. member

Activity: 281

Merit: 250

Developer of Ultracopier and Supercopier

Error:

Quote

[2014-01-28 12:34:48.426] DEBUG: Error in block generation thread
java.lang.NullPointerException
at Nxt$Block.getLastBlocks(Nxt.java:1353)
at Nxt$Account.getGuaranteedBalance(Nxt.java:579)
at Nxt$Account.getEffectiveBalance(Nxt.java:516)
at Nxt$8.run(Nxt.java:6574)
at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:471)
at java.util.concurrent.FutureTask.runAndReset(FutureTask.java:304)
at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.access$301(ScheduledThreadPoolExecutor.java:178)
at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:293)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
at java.lang.Thread.run(Thread.java:744)

Code:

static ArrayList getLastBlocks(int numberOfBlocks)
  {
   ArrayList lastBlocks = new ArrayList(numberOfBlocks);

   long curBlock = ((Block)Nxt.lastBlock.get()).getId();
   do
   {
   Block block = (Block)Nxt.blocks.get(Long.valueOf(curBlock));
   lastBlocks.add(block);
   curBlock = block.previousBlock;
   } while ((lastBlocks.size() < numberOfBlocks) && (curBlock != 0L));
   return lastBlocks;
  }

You use the return of the function without take care of the return value! Nxt.blocks.get() can return invalid value like here.
Please, be more serious with the code, don't do beginer error like that's. Because do the wallet vulnerability!
No it's because you use an language more resistant that's you can't have security problem. (With gcc 4.8 and modern CPU you can have same security with C++ code).

perl

legendary

Activity: 1918

Merit: 1190

Quote from: BloodyRookie on January 29, 2014, 06:15:27 AM

If you got all blocks, you got all information about the accounts.

Yep , I can know amount of all account connect and notconnect .
I can not know amount of account only connect. ( Principe of P2P )
Your principe is good if person as bad intention.

Believe in miracles all node know sum amount for all account connected.

200 node with 1 Amount ( Power 200 )
and
1 node with 2,000,000 Amount ( Power 2.000.000 )

You accept all devil node with sum account 200 NXT can punish innocent account with 2,000,000 NXT?
If you do not accept this! And make a weight with the sum amount of accounts

The biggest amount group can punish all other node.

P.S: I am very critical, if only to help the NXT and do go in the right direction

All innocents and little account can not forge ( for 2 choice )

Just for the joke:
Your transform exploit of 50% in POW ( probability on success )
in
Exploit of the 50% (certainty )

Come-from-Beyond

legendary

Activity: 2142

Merit: 1010

Newbie

@superresistant

Thank u you. I completely overlooked that my slang makes it impossible to translate the text via automatic translators.

superresistant

legendary

Activity: 2156

Merit: 1131

@perl :

Quote from: Come-from-Beyond on January 28, 2014, 08:40:30 AM

One of the next steps to 100% Transparent Forging will include changes that will lead to "grouping" of forging accounts. The main purpose is to make it impossible to predict who will forge the next block. If Alice, Bob, Charlie and Dan r next candidates to forge a block, then Alice, Bob or Charlie can do it, no matter if Alice would forge the block 5 seconds earlier than Bob or Charlie. The gap between blocks will be exactly 60 seconds and timestamp will be used only to determine an order of events. No sense to wait 93 seconds for the next block if we already know who would forge it. This is what I call "time warp". If Bob's block wins the race then Alice and Charlie will be penalized for 1440 blocks.

Une des prochaines étapes de la forge transparente sera de permettre le regroupement des forgeurs. Le but étant de rendre impossible la prédiction de la génération de blocks. Si Alice, Bob, Charlie et Dan sont les prochains candidats pour la forge d'un block alors Alice, Bob ou Charlie peuvent le faire, peut importe que Alice puisse forger le block 5 secondes avant Bob ou Charlie. L'écart entre les blocks sera exactement 60 secondes et la date ne sera utilisé que pour déterminer l'ordre des événements. Ça n'a pas de sens d'attendre 93 secondes pour le prochain block si l'on sait déjà qui va le forger. C'est ce que j’appelle la "faille temporelle" (espace temps ou déformation temporelle). Si le block de Bob gagne la course alors Alice et Charlie seront pénalisé pour 1440 blocks.

Quote from: Come-from-Beyond on January 29, 2014, 06:13:04 AM

Coz Charlie wasn't the winner in this race. Win or die, no half-measures.
PS: This is an example of dynamical equilibrium that heavily exploited in Nxt concept.

Parce que Charlie n'était pas le vainqueur de la course. Gagne ou crève, pas de demi-mesure.
PS: C'est un exemple de l'équilibre dynamique qui est lourdement exploité dans le concept du Nxt.

BloodyRookie

hero member

Activity: 687

Merit: 500

Quote from: perl on January 29, 2014, 05:34:45 AM

Account or peer is same probleme.

You can not get the full list all account ready forge the next block.

If you got all blocks, you got all information about the accounts.

Topic: Nxt source code flaw reports - page 9. (Read 113378 times)