Pages:
Author

Topic: [PPC] [DISCLOSURE] Stake Generation Vulnerability (Read 16758 times)

legendary
Activity: 1484
Merit: 1005
That's a fallacy. The absence of bad news is not good news. You have to investigate other factors as well. Eg there is almost no incentive right now to do proper research. Thus it progresses slowly. Before full design documents have been published or reverse engineered, the security level is unknown.

I'll echo this.  PPCoin has made sweeping changes to the Bitcoin protocol and it's hard to really tell what will work and won't work in the long run.  One of the great things about Bitcoin was its simplicity in the protocol used to generate the network.  However, with PPCoin, a number of complexities have been added and it's unknown how well they will pan out in the long term.
donator
Activity: 994
Merit: 1000
(bump) Please feel free to post the details for the planned fix when ready, given you appreciate any external review.

The protocol upgrade involves replacing the proof-of-stake difficulty as the hash modifier for proof-of-stake (we call it stake modifier). The new stake modifier is 64 bit and derived from about 9 days worth of blocks after the coin generating the stake. When I get some time over next week I would talk a bit more about how it works.

Has any progress been made with this?
The 0.3 upgrade introduced some changes. However, no serious security analysis of the new code has been published yet.

Empirically though it's been 3 months and is standing up well to stress testing. PPCoin is proving itself just like Bitcoin had too...
That's a fallacy. The absence of bad news is not good news. You have to investigate other factors as well. Eg there is almost no incentive right now to do proper research. Thus it progresses slowly. Before full design documents have been published or reverse engineered, the security level is unknown.
hero member
Activity: 560
Merit: 500
Actually, my friend lost over 50k in apparently incorrect stake generation. Sunny King has been notified of this potential bug.

https://bitcointalksearch.org/topic/m.1736759

That fixed it! Yay! Thank you!
legendary
Activity: 1205
Merit: 1010
Actually, my friend lost over 50k in apparently incorrect stake generation. Sunny King has been notified of this potential bug.

https://bitcointalksearch.org/topic/m.1736759
hero member
Activity: 560
Merit: 500
Actually, my friend lost over 50k in apparently incorrect stake generation. Sunny King has been notified of this potential bug.
legendary
Activity: 1344
Merit: 1001
(bump) Please feel free to post the details for the planned fix when ready, given you appreciate any external review.

The protocol upgrade involves replacing the proof-of-stake difficulty as the hash modifier for proof-of-stake (we call it stake modifier). The new stake modifier is 64 bit and derived from about 9 days worth of blocks after the coin generating the stake. When I get some time over next week I would talk a bit more about how it works.

Has any progress been made with this?
The 0.3 upgrade introduced some changes. However, no serious security analysis of the new code has been published yet.

Empirically though it's been 3 months and is standing up well to stress testing. PPCoin is proving itself just like Bitcoin had too...
donator
Activity: 994
Merit: 1000
(bump) Please feel free to post the details for the planned fix when ready, given you appreciate any external review.

The protocol upgrade involves replacing the proof-of-stake difficulty as the hash modifier for proof-of-stake (we call it stake modifier). The new stake modifier is 64 bit and derived from about 9 days worth of blocks after the coin generating the stake. When I get some time over next week I would talk a bit more about how it works.

Has any progress been made with this?
The 0.3 upgrade introduced some changes. However, no serious security analysis of the new code has been published yet.
hero member
Activity: 868
Merit: 1000
(bump) Please feel free to post the details for the planned fix when ready, given you appreciate any external review.

The protocol upgrade involves replacing the proof-of-stake difficulty as the hash modifier for proof-of-stake (we call it stake modifier). The new stake modifier is 64 bit and derived from about 9 days worth of blocks after the coin generating the stake. When I get some time over next week I would talk a bit more about how it works.

Has any progress been made with this?
legendary
Activity: 1205
Merit: 1010
(bump) Please feel free to post the details for the planned fix when ready, given you appreciate any external review.

The protocol upgrade involves replacing the proof-of-stake difficulty as the hash modifier for proof-of-stake (we call it stake modifier). The new stake modifier is 64 bit and derived from about 9 days worth of blocks after the coin generating the stake. When I get some time over next week I would talk a bit more about how it works.
donator
Activity: 994
Merit: 1000
(bump) Please feel free to post the details for the planned fix when ready, given you appreciate any external review.
member
Activity: 60
Merit: 10
Who actually does the dev for this? Is it just Sunny King?
legendary
Activity: 1358
Merit: 1003
Ron Gross
We will accelerate the development schedule for this fix so stay tuned. I will give an update in my weekly update later this week on the progress of the release.
There are several smart people here who would tell you if your fix will work or not, if you listen to them.

Peer review is not perfect, but is much better than assuming that you will always come up with the best solution.


+1
legendary
Activity: 1652
Merit: 2311
Chief Scientist
We will accelerate the development schedule for this fix so stay tuned. I will give an update in my weekly update later this week on the progress of the release.
There are several smart people here who would tell you if your fix will work or not, if you listen to them.

Peer review is not perfect, but is much better than assuming that you will always come up with the best solution.
legendary
Activity: 1078
Merit: 1005
However, until then I consider the design of this currency unfinished, which makes me think whether a 1 year testnet approach would have been the more responsible decision.
PPC should be considered a test currency. As I say on my exchange:
Quote
The PPCoin network seems to be experimental. It uses a different approach to blockchain security than Bitcoin. This exchange makes no guarantee that the PPCoin network will remain viable or secure in the long term.

Even if the developers released it as a '1 year testnet' coin I'm sure you'd find speculators jumping on it. And probably even continuing with it after the year. Much like when Solidcoin 1 shut down some people kept it going. One a coin is out in the wild, it's a real coin. One way of preventing this for a true '1 year testnet approach' might be to reset the blockchain reguarly. Hard to do on a chain that requires coin age though. The regular chain resets on bitcoin's testnet seem to stop it being used as a currency pretty effectively.
sr. member
Activity: 342
Merit: 250
+1 to the real test as well

I did not consider the fact that the developers announcing the vulnerability might lead to people to exploiting it. However, given the fact that it's mostly nullified by the checkpoints and we're in an informal "test" period, I would have liked to have known about it when it was discovered.

Anyway Sunny King and company good luck solving the problem and I do hope you can come up with a satisfactory solution soon.
legendary
Activity: 2492
Merit: 1491
LEALANA Bitcoin Grim Reaper
Come on guys, is the rhetoric really necessary?

A bug and possible exploit was found in a coin a few months old, using a new concept (POS) that had been discussed but never implemented before.
Did you honestly think there would be no bugs along the way?

Bitcoin has had its share of bugs and exploits https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures.
I cite this not as a criticism to Bitcoin, but to show that every software project can have bugs and exploits.
Yet I do not hear things like "The white paper would have been laughed at" directed at Bitcoin.

We do not know what Sunny or the developers knew or did not know ahead of time. It is easy to be a Monday mourning quarterback, but quite a different story to be in the game.

I do understand the desire to be given a little time to explore the vulnerability before releasing it to the public. I am not advocating secrecy, but give a developer a little time to attempt a fix before every person with malicious intent tries to form an exploit from what is now public information. I have messaged Sunny before about various things with PPC and he has been nothing but professional and responsive to me.

The real test is to see what Sunny and the developers do about this bug in both speed and effectiveness.

Until then, relax a bit, it is a vulnerability that cannot practically be exploited at the moment.





+1
legendary
Activity: 1064
Merit: 1000
Come on guys, is the rhetoric really necessary?

A bug and possible exploit was found in a coin a few months old, using a new concept (POS) that had been discussed but never implemented before.
Did you honestly think there would be no bugs along the way?

Bitcoin has had its share of bugs and exploits https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures.
I cite this not as a criticism to Bitcoin, but to show that every software project can have bugs and exploits.
Yet I do not hear things like "The white paper would have been laughed at" directed at Bitcoin.

We do not know what Sunny or the developers knew or did not know ahead of time. It is easy to be a Monday mourning quarterback, but quite a different story to be in the game.

I do understand the desire to be given a little time to explore the vulnerability before releasing it to the public. I am not advocating secrecy, but give a developer a little time to attempt a fix before every person with malicious intent tries to form an exploit from what is now public information. I have messaged Sunny before about various things with PPC and he has been nothing but professional and responsive to me.

The real test is to see what Sunny and the developers do about this bug in both speed and effectiveness.

Until then, relax a bit, it is a vulnerability that cannot practically be exploited at the moment.



sr. member
Activity: 342
Merit: 250
Well at least we can now see why no proper white-paper was published - everyone would have laughed at it.

This is a bit like making an "energy-efficient" version of a bit-coin miner - by modifying it so it only checks 5 hashes per second. Then praying noone looks at the source-code and decides to increase the number of hashes checked (or uses a different miner).

Well this vulnerability doesn't allow for a sustainable attack without having a huge % of coins, so it's not exactly like that.

I'd just like to know what the design is for a fix - supposedly there is one - and when we can expect it to be implemented.
hero member
Activity: 532
Merit: 500
Well at least we can now see why no proper white-paper was published - everyone would have laughed at it.

This is a bit like making an "energy-efficient" version of a bit-coin miner - by modifying it so it only checks 5 hashes per second. Then praying noone looks at the source-code and decides to increase the number of hashes checked (or uses a different miner).
sr. member
Activity: 342
Merit: 250
Thanks Jut for your alertness and for sharing a detailed breakdown of the issue in a public forum. It's definitely something that should be in the public domain and you deserve credit and gratitude for using your discovery to inform others rather than keep it to yourself. I think you're under no obligation to report vulnerabilities to the PPCoin developers; in fact you're under no obligation to report it at all and it's admirable that you did.

I too want to see a POS coin succeed and at the moment PPCoin seems like the best hope.

I don't think that post you quoted from Sunny King though is dishonest - I don't think he's implying that there are no known vulnerabilities. Although it does seem a bit odd that Sunny King hasn't mentioned this vulnerability and its implications in one of the weekly updates if he's known about it for a while. I don't expect perfect code but I would like there to be more transparency. For example, if we'd known about this earlier we could have known to wait for extra confirmations for important transactions at least until the vulnerability is patched.
Pages:
Jump to: