Topic: rpietila Altcoin Observer - page 142. (Read 387493 times)

Unless you can design a system that adapts to emerging attack vectors you are always going to see better locks producing better lock picks. It is an arms race.

Gaming machines are certainly going to be newer than many light-usage home machines (web + email generally). I don't know what cafe machines are like.

I also think gaming machines are likely to be running newer software better maintained, less frequently used for random crap on the Internet (no time since the gamers are spending 20 hours a day gaming). So in general less likely to become part of a botnet. This does not mean that no gaming machines are part of botnets, but the number is likely quite small, relatively speaking.

If the number is not small, then why are GPU-mined coins allegedly not overrun by botnets, and the why is the problem of botnets attached to CPU-mined coins?


I don't agree with it. I expect the fairly frictionless marketplace to sort out to more or less the same ownership as would otherwise exist. People who value the coin more will buy it, and the botnet owner who already owns a valuable asset, the botnet will sell it for whatever he values most, giving him a return on his asset.


I am pretty sure it is flawed. I don't care. Everything is flawed. If you mandate perfection, you spend years contemplating everything and delivering nothing.

I prefer to deliver something that might work, and then see if it does. The world is complex and chaotic enough that I don't believe this is knowable without real world experience.


None. As a volunteer I work on things that interest me. Neither of those interest me particularly.

Do you know how many of those 100K are already botnets?


Do you not agree that non-level playing field for distribution and concentrating coins more than would be normally is a flaw?

Especially when most of the coins that will ever be mined are occurring very early in the mining life, even more so than for Bitcoin. This is potential death to the future of the coin for transactions. We discussed this in depth already in the Monero thread.

No it can also mean they are running on a 32-bit operating system which is apparently still 50% of the universe.

I am in the Philippines and I go around to internet cafes and see a lot of newer computers running 32-bit Windows 7 and they are all loaded up with crapware and probably malware too. You do realize that 50 million people here are mostly accessing the internet via netcafes and not their own computers at home. Ditto Indonesia, etc..

And those Asian gaming machines might be running 64-bit and are newer hardware according to the steam survey I cited (and according to the sources I cited are available for 1000 computers for $15).


You ignored my main point which is the 50% attack but rather disproportionate concentration of the ownership of the coin.




When you are buying them for $15 per 1000, even running on only 1 core and efficiency is not enough to cause them to not get coins too cheaply.




I've noticed you are a person who ignores all threats until they are proven beyond any doubt. You don't like to entertain any possibilities that would cause you to make the conclusion that Monero is flawed.

How much effort have you done to investigate the botnets?

How much effort have you applied to investigating my points about your proof-of-work?

It's cool! Can't wait to have more alts and maybe a USD market  
I can't believe features like MGW and Blackhalo isn't famous yet

If botnets are predominantly 32 bit (I don't know, but this claim is often made) then they are primarily older computers as well, with smaller caches, often no AES-NI, and (on cheaper models at least) fewer cores. That is much more than 2x. Together it is closer to 10x.

The numbers I've seen are that roughly 50% or perhaps slightly more of Windows 7 installs are 64 bit and Window 8 installs predominantly are 64 bit. 32 bit computers are going to have a high concentration of Windows XP (i.e. old, mostly corporate) or Vista (still hard for me to believe anyone ever used that, but there is a percentage out there).

I don't doubt there are some botnets that target higher end gaming computers, but we don't have numbers. The article cited prices "per 1000" but we don't know how much that can scale. 10K computers for example, would only serve to further secure the network, not attack it.

Without further data I remain unconvinced that botnets are frequently high end systems with good GPUs. And of course if they are then the whole argument of GPU mining being GPU-resistant is completely wrong. Even then the size distribution matters a lot.

EDIT: There is another factor I forgot. Since the botnet has to evade detection it will run at a lower duty cycle, only mine when the computer is even turned on, and suspend or slow down mining while the computer is in use. This likely reduces efficiency over an intentional miner by at least a factor of 2, but perhaps 5 or more (if the computer is powered down a lot).

A footnote[3] from my L3crypt whitepaper provides data that might say you are incorrect on your appraisal of the average computer out there for botnets.

[3] http://store.steampowered.com/hwsurvey/

http://www.forbes.com/sites/eliseackerman/2012/05/19/i-run-a-small-botnet-and-sell-stolen-information-ask-me-anything/


Agreed the 50+% attack becomes more improbable as mining usage increases. But don't forget Meni Rosenfeld's white paper, you don't actually need 50% to achieve an n confirmation attack with some smaller probability.

But more importantly, also the 50% doesn't apply to botnets that could get your coin at much lower than market prices, which concentrates ownership (or they sell driving prices down and also concentrates ownership into whales like rpietila who would be sitting on the bid if they want to acquire more). Which is especially a concern with a coin such as Monero which rapidly declines the rate of debasement so that early on most of the coins are mined (when the most vulnerability to botnets getting coins cheaply exists). As your mining network increases after years, then the botnets can't be such a significant percentage.

Sorry but I find some many flaws in Monero and I know you don't like me, but I speak frankly on the technical facts (no it isn't "philosophical", it is technology). It isn't personal, even you childish guys try to make it personal.


Agreed. But they also get coins cheaply, which is a problem as I explained above.

As you mention in your subsequent post, algorithms that make use of recent CPU and OS features are likely to hinder botnets to a significant degree. This is already the case with Cryptonight. Older botnet computers are less likely to have AES-NI, more likely to be 32 bit, and more likely to have older, slower CPUs with fewer cores and/or less cache. Together these reduce the effectiveness of a botnet computer relative to an efficient CPU or GPU miner by perhaps a factor of 10. Exotic botnets (routers, etc.) will fair much worse.

Currently the Monero network consists of the hash rate equivalent of very roughly 100K modern desktop computers (64-bit, AES-NI, 8 MB cache) or mid range mining rig GPUs (750 Ti, etc.). For a botnet to 51% attack that would require roughly 1M of these more-likely-to-be-botted computers. That is certainly possible, but it is a obstacle. How many botnets are 1M+?

Smaller botnets that decide to honestly mine instead of attack increase the hash rate and help secure the network against attacks. They are a problem for the computer owner, but they help secure the coin just like any other miner. The more of these there are, the harder it is to ever attack the coin, even with a botnet. How many smaller botnets are there compared to 1M+ bot ones?

Also someone else might beat them to it and actually solve the problem with isolating viruses that they have apparently not yet solved.

I think waiting to buy when there is a market price is much wiser on a risk vs. reward calculation. Your money would be entirely illiquid interim, while the landscape may change.

I also don't have perfect vision on all the outcomes, but I also have a somewhat insider position in the sense that I am competing and analyzing all the technologies.

Astute. I designed a highly ASIC-resistent proof-of-work that is conceptually similar to Monero's (designed late 2013 so perhaps before them), and my design is apparently 100 - 1000x faster than Monero's and doesn't suffer from what I believe to be cryptographic error in the way Monero employed the AES-NI instructions.

The slow speed of Monero's (all Cryptonote coins') Pow hash is a serious problem. Perhaps it is mitigated by other factors, but I still think it could end up being a significant hindrance at some point in some way.

I would be willing to open source the work I did, if someone offered to pay me for the work I did on it. There is pseudo-code and a whitepaper which explains in great detail the relationship of the algorithm to the original Scrypt. As well I wrote some test code in Javascript to test some its properties (not speed of course). Much of it, some people already have thought about. But there are probably a few insights or organization that clarifies matters.

Also, it employs a 4096-bit (512B) hash that is similar to the Salsa that Scrypt uses which employs AVX2 to be very fast (which I believe might also make it GPU resistant but I didn't test this), and this is what makes mine so much faster. I did write down the assembly language for this hash.

This AVX2 would defeat botnets almost entirely (near-term which is when it is important concern any way), because AVX2 doesn't work on pre-Haswell nor on earlier versions of operating systems.

I think open sourcing this would help Monero look at their options for improving their hash.

But do note that neither Monero nor my hash will be ASIC proof. Given enough monetary incentive it can be made more efficient on an ASIC.

And I've argued that a complex Pow algorithm that can eventually be made more efficient on an ASIC is actually an inferior strategy (long-term) than one that tries to get ASICs to be ubiquitous as early as possible. The reason being that less vendors may be able to produce this very complex ASIC and lockup the market. However, Monero could use such a complex algorithm for the medium-term if they were sure they could change as necessary.

Incorrect. Could have the opposite effect, unless the ASICs are ubiquitous, i.e. on every motherboard as I suggested might be the case for example if everyone is using AES encryption.


Botnets are only a significant concern while the mining usage is small.

And that applies whether your Pow is designed to be ASIC resistant or not. However it perhaps does beg for making the GPU at roughly power efficiency parity to the CPU.

John and I discussed the technical detail and it seems as the number of simple cores increases his algorithm would be favored, but still not surely ASICs resistant. But we agreed it needed to be tested on more cores. Someone needs to buy that guy a Tilera64 so he can do more testing.

That's exactly what I alluded to earlier in this thread - here: https://bitcointalksearch.org/topic/m.7986694

I don't understand why anyone would want something ASIC resistant as PoW. Heeello botnets... Specialized hardware for mining actually makes sense. It also levels the playing field against three letter agencies who might otherwise have access to equipment regular people doesn't have.

You mean nothing is ASIC proof right? Things can be ASIC resistant.

I don't understand why people try to make coins ASIC resistant. Nothing is ASIC resistant.

Might be big enough not far away in the future.

Actually, "evil NSU CPU cluster" was intended just as a flippant example of an organisation that is believed to have a lot of CPU power.  If governments wanted to shut to cryptocurrency, they'd most likely do it through the courts...

I agree that the nature of cryptocurrency regulation is a big unknown, of course, and how this pans out could certainly affect values a lot...

roy

Yes I agree mining while charging makes great sense. Given the number of smartphones out there it could represent a huge resource of computing power, possibly larger than computers someday even if only operating for part of the day.