Topic: [PPC] [DISCLOSURE] Stake Generation Vulnerability - page 2. (Read 16706 times)

Thanks Sunny for the quick response on this issue.

I am aware that the checkpointing policy renders this vulnerability mostly ineffective as of now. However, there is at least one type of attack which is rational and feasible right now (and it may even be in use right now) - but I don't want to communicate that before a solution to this weakness is developed. Rest assured it doesn't put coin holders at any risk.

I deliberately decided against communicating this with you first, for the following reasons:
- this is a wake-up call for both, the developers and the users of ppcoin. Just because vulnerabilities may not get communicated, does not mean they don't exist.
- don't expect people to play nice, especially when money is at stake
- this thing was baked into the cake from the get-go and should have been obvious to you as a designer. I discovered it early on, but wanted to test it empirically first, to make sure I didn't overlook something. A strategy I had to employ because of the lack of design documents.
- you play a game of cover up. E.g here you indicate that you have no knowledge of any serious vulnerabilities:(https://bitcointalksearch.org/topic/m.1403378). This leads me to conclude that killerstorm had the right impression from the start: (https://bitcointalksearch.org/topic/m.1122608). You released half-baked code, effectively gambling with other peoples money.

That said - I still think ppcoin implements an innovative concept for securing the network of a cryptocurrency and I'd like to see problems like these resolved, leading to a better design eventually. And I'll gladly help with the discussions. However, until then I consider the design of this currency unfinished, which makes me think whether a 1 year testnet approach would have been the more responsible decision.

Have you thought of a solution yet?

Jutarul has made a disclosure today of a stake generation vulnerability here:
https://bitcointalksearch.org/topic/ppcoin-stake-burn-through-vulnerability-131901

We have been aware of this vulnerability for a while. A protocol upgrade has been designed and is currently being implemented. Jutarul did not attempt to communicate with us privately before his disclosure today. We appreciate Jutarul's independent research, however given the circumstances it would be more responsible to communicate with me privately to discuss the discovered vulnerability and the schedule of disclosure.

I'll give a summary of the impact here:
Impact level: severe
Description: The current stake generation hashing protocol is vulnerable to a search attack.
Attacker gains advantage of generating more blocks with limited coins.

Given the current checkpoint policy, the impact on the block chains is mostly limited to:

• Attacker may invalidate other nodes' proof-of-stake blocks and force short reorganizations up to 5 blocks (may be mitigated by strengthening the checkpoint policy)
• Pushing up proof-of-stake difficulty to very high level

Given the current checkpoint policy, it is not likely that the following can be achieved by an attacker:

• Preventing transactions from being confirmed.
• Minting more coins than normal through the attack.

We will accelerate the development schedule for this fix so stay tuned. I will give an update in my weekly update later this week on the progress of the release.

Edit: Protocol updated in v0.3.0, switched on March 20, 2013. Issue closed.