Pages:
Author

Topic: Regarding Auroracoin TW exploit (Fix included) - page 5. (Read 27362 times)

member
Activity: 252
Merit: 10
This coin is a total waste.

just like your post..
legendary
Activity: 996
Merit: 1013

As always, I could be wrong, and point out any mistakes I have made if I am wrong.

I think that is the correct explanation.
The attack chain has individual blocks of low difficulty, but because it's longer, it has higher sum of difficulty.

Or as the discoverer of this exploit wrote:

That's the whole point, the current network will happily accept chain-of-massive-number-of-low-diff-blocks over chain-of-less-harder-blocks as long as the sum of difficulty of the first is higher and it follows the "rules set in stone" (no invalid tx, generation amount <= calculated amount, difficulty == getNextDifficulty(prevblock), block nTime > median of prev 11 blocks, block nTime can't be more than 2 h in the future, ...).


ArtForz also noted that any asymmetrical algorithm will be vulnerable. Because KGW is designed to deal with multipool problems and abrupt jumps in difficulty that are caused by fast increases in hashrate, it makes increasing diff harder than decreasing it. Because of that, attacker can get a lot of lower difficulty blocks at the cost of few larger difficulty blocks when he jumps back and forth in time.
legendary
Activity: 2940
Merit: 1090
How is this exploitable as a fork attack exactly? The "exploited" chain allows for more blocks at lower difficulty, but the same amount of work goes into those blocks, so even though you have more blocks, you have less work and thus the chain shouldn't be regarded as the main chain by the software. Can anyone explain why this is wrong?

Of-course miners could deliberately try to push the difficulty down and decrease the time between blocks, increasing inflation of coins and the blockchain. Maybe some existing attacks could be made worse by this issue, but not critically so.

Please explain why I'm wrong if anyone can.

I believe the main chain is the one which is longest, rather than which has the highest sum of work or difficulty.  I'm sure someone can correct me if this is mistaken.

I think saying the 'longest' chain is the valid chain is a misnomer.  Longest implies a length or a count, but if I am not mistaken, the valid chain is the one with the greatest proof-of-work.  In other words, the sum of the difficulty from each block in the chain.  A quick search brings up this link (http://bitcoin.stackexchange.com/questions/17837/longer-fake-block-chain-with-valid-transactions) which suggests what I have just said.

If we think back to science class, it was taught that work was equal to the product of force and distance.  For example, a 100 force by 5 distance results in 500 work, and a 10 force by 50 distance results in 500 work.  Both examples result in the same amount of work being accomplished, but they have arrived at that result from different paths.  This would be comparative to the main Auroracoin chain and BCX's attack chain.  The main chain was solving less blocks at a higher difficulty (the first example), while BCX was solving significantly more blocks at a lower difficulty (the second example).  Eventually, if given enough hashing power and time, BCX would have caught up with the main chain in amount of work done.  

As always, I could be wrong, and point out any mistakes I have made if I am wrong.

WTF? If that is true, then all this hassle is just bullshit. BCX would never have succeeded. Well, there is some source code where to check this.
Also, if it is so, it means all the other alt coins should be safe also.

Edit: As allways, I could have been wrong and you may just have pointed out mistake I have done.. Embarrassing Undecided Why didn't point this out earlier?

Haven't you people been following along? It seems not.

Low difficulty means more chance any one hash gets a block so gets into the blockchain so counts when adding up work.

The higher the difficulty the less chance any one hash happens to get a block so less of the hashes done get into the blockchain to count as work.

So with lots of low difficulty blocks more of the hashes done to get them got into the chain to count as work so the more of the work done to make that chain gets counted when adding up height/length of the chain (the total work). This might also be part of why faster block chains achieve more security in less time; more confirmations (blocks) in the same amount of time is likely to be more actual work counted due to more of the work (hashes) done actually managing to make it into the blockchain.

-MarkM-
legendary
Activity: 3416
Merit: 1912
The Concierge of Crypto
WTF? If that is true, then all this hassle is just bullshit. BCX would never have succeeded. Well, there is some source code where to check this.
Also, if it is so, it means all the other alt coins should be safe also.

Is that a challenge? Would you like to find out? You can't be too careful when dealing with money.

I've never lost important files but I always back up and do a check restore on them every now and then. Don't wait for any kind of possible attack to succeed, prevent it from even becoming an issue.
sr. member
Activity: 477
Merit: 500
How is this exploitable as a fork attack exactly? The "exploited" chain allows for more blocks at lower difficulty, but the same amount of work goes into those blocks, so even though you have more blocks, you have less work and thus the chain shouldn't be regarded as the main chain by the software. Can anyone explain why this is wrong?

Of-course miners could deliberately try to push the difficulty down and decrease the time between blocks, increasing inflation of coins and the blockchain. Maybe some existing attacks could be made worse by this issue, but not critically so.

Please explain why I'm wrong if anyone can.

I believe the main chain is the one which is longest, rather than which has the highest sum of work or difficulty.  I'm sure someone can correct me if this is mistaken.

I think saying the 'longest' chain is the valid chain is a misnomer.  Longest implies a length or a count, but if I am not mistaken, the valid chain is the one with the greatest proof-of-work.  In other words, the sum of the difficulty from each block in the chain.  A quick search brings up this link (http://bitcoin.stackexchange.com/questions/17837/longer-fake-block-chain-with-valid-transactions) which suggests what I have just said.

If we think back to science class, it was taught that work was equal to the product of force and distance.  For example, a 100 force by 5 distance results in 500 work, and a 10 force by 50 distance results in 500 work.  Both examples result in the same amount of work being accomplished, but they have arrived at that result from different paths.  This would be comparative to the main Auroracoin chain and BCX's attack chain.  The main chain was solving less blocks at a higher difficulty (the first example), while BCX was solving significantly more blocks at a lower difficulty (the second example).  Eventually, if given enough hashing power and time, BCX would have caught up with the main chain in amount of work done.  

As always, I could be wrong, and point out any mistakes I have made if I am wrong.

WTF? If that is true, then all this hassle is just bullshit. BCX would never have succeeded. Well, there is some source code where to check this.
Also, if it is so, it means all the other alt coins should be safe also.

Edit: As allways, I could have been wrong and you may just have pointed out mistake I have done.. Embarrassing Undecided Why didn't point this out earlier?
legendary
Activity: 1270
Merit: 1000
So however asshole you are BCX, you are an asshole in a good way, thank you!
Please I work hard to be a regular asshole, don't paint me in a good light. Cheesy
~BCX~
I confirm that BCX is an asshole. Smiley

It's good to see BCX still around and kicking....and living up to his namesake. Maybe it's me who hasn't been around as much (just now finding out about this) but I miss the days where he would wreak havoc on a regular basis Wink

In the end it's beneficial IMO.
legendary
Activity: 924
Merit: 1132
Honestly I believe that the proof-of-work is better measured without regard to the difficulty level.

The way difficulty works, you might need some particular number of  leading zeros to make a block.  If the number is thirty, approximately one in a million hashes actually are capable of making a block.  But regardless of what you need to make a block, every hash that *actually has* thirty-one leading zeros is evidence of approximately two million hashes being done, every hash that *actually has* thirty-two leading zeros is evidence of approximately four million hashes having been done, every hash that *actually has* thirty-three leading zeros is evidence of approximately eight million hashes having been done, and so on.

I'm just saying that you can compare like with like in terms of estimating block difficulty.  Pick a target that definitely would have formed a block, regardless of the time, regardless of which branch -- corresponding to the highest of any difficulty for either branch during the time in question, and count the number of blocks with a hash below that target.  Whichever chain has the most such blocks is, as best anyone can tell, the chain that's had the most hashes done in support of it, regardless of where the difficulty level for the chain was set at the time or how many total blocks are in that chain.

member
Activity: 112
Merit: 10
This coin is a total waste.
full member
Activity: 145
Merit: 100
How is this exploitable as a fork attack exactly? The "exploited" chain allows for more blocks at lower difficulty, but the same amount of work goes into those blocks, so even though you have more blocks, you have less work and thus the chain shouldn't be regarded as the main chain by the software. Can anyone explain why this is wrong?

Of-course miners could deliberately try to push the difficulty down and decrease the time between blocks, increasing inflation of coins and the blockchain. Maybe some existing attacks could be made worse by this issue, but not critically so.

Please explain why I'm wrong if anyone can.

I believe the main chain is the one which is longest, rather than which has the highest sum of work or difficulty.  I'm sure someone can correct me if this is mistaken.
full member
Activity: 196
Merit: 100
Should have kept the exploit to himself and only ask people if they want to help kill off some coins. Would benefit everyone in crypto not having to see 20 coins come out each day...

Blackcoin multipool is one way to dump on other coins, exploits like this should be used as well, on as many coins as possible...
legendary
Activity: 1526
Merit: 1000
the grandpa of cryptos
we should call it BCX+ !
full member
Activity: 182
Merit: 100
Shall we keep calling it KGW or should we call the updated version: KGW+?
legendary
Activity: 1190
Merit: 1004
How is this exploitable as a fork attack exactly? The "exploited" chain allows for more blocks at lower difficulty, but the same amount of work goes into those blocks, so even though you have more blocks, you have less work and thus the chain shouldn't be regarded as the main chain by the software. Can anyone explain why this is wrong?

Of-course miners could deliberately try to push the difficulty down and decrease the time between blocks, increasing inflation of coins and the blockchain. Maybe some existing attacks could be made worse by this issue, but not critically so.

Please explain why I'm wrong if anyone can.
member
Activity: 86
Merit: 10

The unfortunate fact remains that unless Iceland does some sort of official AUR census and asks every single household whether they claimed and received their 31.8 AUR, we might never know if the dev has been laundering and siphoning AUR from the premine into random undisclosed wallets that he and his team hold to dump at a slow and controlled rate to keep the market from crashing and thus maximize profits because of the extreme lack of liquidity of AUR. There is still a huge potential for scam surrounding AUR because of the lack of transparency; and I don't think that will ever really change.

Potential for scam and actual scam are two entirely different things.  We have to work with the world we live in.

No one has yet offered one iota of evidence that a scam is being perpetrated here yet, but evidence does exist that the airdrop is proceeding as advertised.  If you're looking for guarantees you'll have to call the FDIC.

I dont think that aurora is a scam , you have to give time , it took bitcoin 4 years to get some value. 1 aurora in a few years could cost 500 USd.
legendary
Activity: 1291
Merit: 1000

The unfortunate fact remains that unless Iceland does some sort of official AUR census and asks every single household whether they claimed and received their 31.8 AUR, we might never know if the dev has been laundering and siphoning AUR from the premine into random undisclosed wallets that he and his team hold to dump at a slow and controlled rate to keep the market from crashing and thus maximize profits because of the extreme lack of liquidity of AUR. There is still a huge potential for scam surrounding AUR because of the lack of transparency; and I don't think that will ever really change.

Potential for scam and actual scam are two entirely different things.  We have to work with the world we live in.

No one has yet offered one iota of evidence that a scam is being perpetrated here yet, but evidence does exist that the airdrop is proceeding as advertised.  If you're looking for guarantees you'll have to call the FDIC.
full member
Activity: 140
Merit: 100
newbie
Activity: 6
Merit: 0

Yes per our agreement I will pull back the exploit and allow a fix.

As explained by Nite69 I am gaining on the chain with a current running KGW TW.

If the TW exploit isn't pulled back before the hard fork, it will instantly catch up at the next hard fork due to diff swings and be in full full implementation. So either way I win, fix it or don't fix it.


So after month of  posting we end up seeing absolut nothing from you?

Don't get me wrong.. I don't judge what you planed to do.. I don't care... ( although I am  a BIG AUR bag holder since 1 or 2 days: I mined 0.5 AUR hurray!! )

No..but I would like to see a proof of your chain or something in any way or form because I want to know if it was indeed technical possible and not theoretical nature only and I want to see if you had the skills to do so. You talked a bit too selfconfident toward the end to really still believe it's more than just you talking.



Did you read the post by Balduro, the founder and Nite69, the developer brought on by the Auroracoin Team? The exploit is live and is working or else I can assure you an agreement would not have been reached. I am satisfied with the agreement and you as an investor should be satisfied with that.

Of note also, it appears that Balduro is actually delivering the Air Drop as promised. I cannot 100% verify that yet and the method he used screams scam. However I am not above admitting mistakes and it is certainly appearing that Balduro has made the all time mother of implementing the right idea with the wrong execution!

More to come on this as I dig deeper.


~BCX~

I can state honestly, so help me God, that what I have seen here in Reykjavik is fair distribution of the coins.  

Of course, there were some who had difficulties.   That "resolved itself" a few days ago.  Actually, I am sure Baldur and crew made some changes to improve claim rates.

Also, of course, there have been who have claiming for many relatives, however that is up to the family and relatives in question.

Have there been some "thefts" ?  I honestly don't know, I'm sure some small percentage.   Just like there was a small percentage who may have lost their coins due to Server Overload and unsuccessful transactions from the pre-mined mint -> verification -> blockchain -> wallet.   There were even people who just clicked ahead, past the page that said to print out their wallet... so...

my thoughts (continued) are that as we are creeping towards 10 percent claimed, in as many days, I sense a general feeling of fairness from the hundreds ( okay, five dozen or so ) of Icelanders I have questioned.  ( friends, taxi drivers, store owners, restaurant owners )

So, yes, BCX, Baldur does seem to be delivering.    AND perhaps his strategy (Facebook and SMS) had flaws.     But when I came to think about it (that night when the details became obvious)    it actually made ALOT of sense to use FB as there are many checks available, cross references, and what? about 95% Facebook usage in Iceland ?  

So, for getting out 10% of 330,000 people, and 10,500,000 coins  ( 31.Cool   I would say it is as open as possible.

And then of course we have round 2 and round 3 and round 4 of the airdrop still to come..... Which I am quite sure will even be an improvement over previous rounds.....    

Anyway, that is my 1 AUR worth.       Thank you for contributing to the strength of Auroracoin.   I can promise you that when all of the dust settles the Icelandic people will be much more informed about all the developments and responsibilities of this coin.  

takk takk frá Íslandi.... come to visit some day, we welcome you as a friend.

MHz
hero member
Activity: 966
Merit: 1003

By the way, how many coin developers have copied KGW to their coins without having a good understanding of the internals just because it's a popular trend? That's a rhetorical question.

Billions and billions.

That's a rhetorical answer. Smiley

-MarkM-


And how many of those coins have insanely insecure hashrates?  Tongue

-illodin-
legendary
Activity: 2940
Merit: 1090

By the way, how many coin developers have copied KGW to their coins without having a good understanding of the internals just because it's a popular trend? That's a rhetorical question.

Billions and billions.

That's a rhetorical answer. Smiley

-MarkM-
newbie
Activity: 6
Merit: 0
So however asshole you are BCX, you are an asshole in a good way, thank you!



Please I work hard to be a regular asshole, don't paint me in a good light. Cheesy


~BCX~

I confirm that BCX is an asshole. Smiley

one that i find very interesting though. 

though, i have only joined since Auroracoin....  ( hold the tomato's please ) 

but programming since 83, so lets just say its been quite a ride.   very impressed with the "new" generation.

MHz
Pages:
Jump to: