Security analysis of PoW/PoS hybrids with low PoW reward - page 3.

Soepkip

sr. member

Activity: 476

Merit: 250

Quote from: mgburks77 on April 02, 2014, 09:05:46 AM

So basically the claim is that because of this vulnerability it is possible to complete a 51% attack.

Is that or is that not also a possibility with pure PoS coins?

I'm not seeing how the security status of blackcoin is any different than the security status of mintcoin, as both are supposedly vulnerable to this attack. Which from what i gather is quite expensive to launch successfully and therefore highly unlikely in the first place.

Okay, for your understanding:

1) All coins ever created are suspectable to 51% attacks.
2) Mintcoin is PoW/PoS hybrid
3) We have succesfully tested a hypothesis that prevents PoS blocks from being accepted. - This means that MintCoin was PoW-only for one full hour.
4) Due to the low rewards on the Mintcoin PoW chain the hashrate is low. This means that during that time that MintCoin is PoW-only it is very easy to perform a 51% attack.

noerc

sr. member

Activity: 248

Merit: 250

Quote from: tacotime on April 02, 2014, 08:45:53 AM

Quote from: ?? on ??

tacotime can you please link some info about peercoin pos weaknesses?

ok
https://github.com/ethereum/wiki/wiki/Problems (See 5. Create an incentive-compatible proof-of-stake currency) and also here: http://blog.ethereum.org/2014/01/15/slasher-a-punitive-proof-of-stake-algorithm/

https://bitcointalksearch.org/topic/ppc-disclosure-stake-generation-vulnerability-131940 (addressed by the creation of kernel.h and kernel.cpp which compute the stake modifier, which has its own problems)

Thanks a lot, this is very interesting. To problem #1: What exactly is meant with consensus failure and how does it affect network security? So if I have a faked time stamp that is t seconds in the future, how much less coins do I need to perform a 51% attack?

tacotime

legendary

Activity: 1484

Merit: 1005

Quote from: mgburks77 on April 02, 2014, 09:05:46 AM

So basically the claim is that because of this vulnerability it is possible to complete a 51% attack.

Is that or is that not also a possibility with pure PoS coins?

I'm not seeing how the security status of blackcoin is any different than the security status of mintcoin, as both are supposedly vulnerable to this attack. Which from what i gather is quite expensive to launch successfully and therefore highly unlikely in the first place.

Quote

In the event of a fork, whether the fork is accidental or a malicious attempt to rewrite history and reverse a transaction, the optimal strategy for any miner is to mine on every chain, so that the miner gets their reward no matter which fork wins. Thus, assuming a large number of economically interested miners, an attacker may be able to send a transaction in exchange for some digital good (usually another cryptocurrency), receive the good, then start a fork of the blockchain from one block behind the transaction and send the money to themselves instead, and even with 1% of the total stake the attacker's fork would win because everyone else is mining on both.

mgburks77

sr. member

Activity: 364

Merit: 250

So basically the claim is that because of this vulnerability it is possible to complete a 51% attack.

Is that or is that not also a possibility with pure PoS coins?

I'm not seeing how the security status of blackcoin is any different than the security status of mintcoin, as both are supposedly vulnerable to this attack. Which from what i gather is quite expensive to launch successfully and therefore highly unlikely in the first place.

tacotime

legendary

Activity: 1484

Merit: 1005

Quote from: ?? on ??

tacotime can you please link some info about peercoin pos weaknesses?

ok
https://github.com/ethereum/wiki/wiki/Problems (See 5. Create an incentive-compatible proof-of-stake currency) and also here: http://blog.ethereum.org/2014/01/15/slasher-a-punitive-proof-of-stake-algorithm/

https://bitcointalksearch.org/topic/ppc-disclosure-stake-generation-vulnerability-131940 (addressed by the creation of kernel.h and kernel.cpp which compute the stake modifier, which has its own problems)

tacotime

legendary

Activity: 1484

Merit: 1005

Quote from: rat4 on April 02, 2014, 08:28:37 AM

Zero difficulty PoW is open door and cannot be trusted. One of possible fixes is to disable PoW.

Or you can have PoW with a reasonable subsidy and use it to secure the network, but then you just have PeerCoin. Unsurprisingly, Peercoin works because of this and not in spite of this. Now you've simply opened yourself to all the catastrophic bugs in PeerCoin's PoS system that you refuse to acknowledge.

There are easy applied fixes for hybrid PoW/PoS with low subsidy that involve adjusting the trust of the timestamping of PoW blocks and content of PoW blocks in general -- but again, there are the same PoS bugs which already exist in PeerCoin, which are non-trivial.

mgburks77

sr. member

Activity: 364

Merit: 250

Quote

I just believe him he proved his trustworthy and transparency so far.

he's one of the one's so helpfully spreading FUD

so no, that is not the type of attention he is attracting

Quote

Zero difficulty PoW is open door and cannot be trusted. One of possible fixes is to disable PoW.

Thank you. I wondered if that was a possibility or not.

rat4

full member

Activity: 327

Merit: 197

Two-way squared

Quote from: tacotime on April 02, 2014, 08:10:43 AM

Quote from: rat4 on April 02, 2014, 08:06:39 AM

Quote from: tacotime on April 02, 2014, 07:58:33 AM

Told OP it was a bad idea, was ignored by OP in the Blackcoin thread. If you don't understand the code you're modifying, don't muck with it.

These attacks are not applicable to BlackCoin. Guess why.

My guess is that you modified the trust weighting for PoS blocks so that PoW block or that you manipulated timestamping variability, neither of which are great solutions in the distributed system you're playing with.

It looks like you tried to fix the stake modifier with a hardfork and then broke it in the process, too:
https://github.com/rat4/blackcoin/commit/47d2eec662b738b39cdb45f3ef6f72a13b929268#diff-25d902c24283ab8cfbac54dfa101ad31
https://github.com/rat4/blackcoin/commit/9dea231970c5c73dd6b7e3d0d20210233574a179#diff-25d902c24283ab8cfbac54dfa101ad31

Others vulnerabilities exist and you still refuse to address them (the "nothing at stake" fork, stake modifier manipulation).

Zero difficulty PoW is open door and cannot be trusted. One of possible fixes is to disable PoW.

XbladeX

legendary

Activity: 1302

Merit: 1002

Quote from: mgburks77 on April 02, 2014, 08:18:53 AM

Quote from: Soepkip on April 02, 2014, 08:16:25 AM

Quote from: mgburks77 on April 02, 2014, 08:12:05 AM

Perhaps now is the time for additional security testing of blackcoin?

We welcome you to, really.

We are talking about systems that keeps track of people's money. People invest in coins with their hard earned money or do it via mining with their expensive equipment. If the coin's system is at risk this is a risk for everyone involved.

If you are successfull, have the same decency as us and report it to the devs. We did for MintCoin and you do not want to read their response. That is the sole reason it has been posted here. We too have money invested in other crypto's and would like them to be as secure as possible, that's why we checkout other coins security and report security risks immediatly.

You mean same decency and also helpfully inform all mintholders to go to BC thread and spread FUD?

No, I won't be doing that.

Sry mgburks77 but Soepkip just answered because some people accuse BC developers Soepkip is one of them...
He is not just random hater, flamer or FUDer...I just believe him he proved his trustworthy and transparency so far.

mgburks77

sr. member

Activity: 364

Merit: 250

Quote from: Soepkip on April 02, 2014, 08:16:25 AM

Quote from: mgburks77 on April 02, 2014, 08:12:05 AM

Perhaps now is the time for additional security testing of blackcoin?

We welcome you to, really.

We are talking about systems that keeps track of people's money. People invest in coins with their hard earned money or do it via mining with their expensive equipment. If the coin's system is at risk this is a risk for everyone involved.

If you are successfull, have the same decency as us and report it to the devs. We did for MintCoin and you do not want to read their response. That is the sole reason it has been posted here. We too have money invested in other crypto's and would like them to be as secure as possible, that's why we checkout other coins security and report security risks immediatly.

You mean same decency and also helpfully inform all mintholders to go to BC thread and spread FUD?

No, I won't be doing that.

Soepkip

sr. member

Activity: 476

Merit: 250

Quote from: mgburks77 on April 02, 2014, 08:12:05 AM

Perhaps now is the time for additional security testing of blackcoin?

We welcome you to, really.

We are talking about systems that keeps track of people's money. People invest in coins with their hard earned money or do it via mining with their expensive equipment. If the coin's system is at risk this is a risk for everyone involved.

If you are successfull, have the same decency as us and report it to the devs. We did for MintCoin and you do not want to read their response. That is the sole reason it has been posted here. We too have money invested in other crypto's and would like them to be as secure as possible, that's why we checkout other coins security and report security risks immediatly.

mgburks77

sr. member

Activity: 364

Merit: 250

Perhaps now is the time for additional helpful security testing of blackcoin?

tacotime

legendary

Activity: 1484

Merit: 1005

Quote from: rat4 on April 02, 2014, 08:06:39 AM

Quote from: tacotime on April 02, 2014, 07:58:33 AM

Told OP it was a bad idea, was ignored by OP in the Blackcoin thread. If you don't understand the code you're modifying, don't muck with it.

These attacks are not applicable to BlackCoin. Guess why.

My guess is that you modified the trust weighting for PoS blocks (to lessen weighting for any individual block based on coinage) or that you manipulated timestamping variability, neither of which are great solutions in the distributed system you're playing with.

It looks like you tried to fix the stake modifier with a hardfork and then broke it in the process, too:
https://github.com/rat4/blackcoin/commit/47d2eec662b738b39cdb45f3ef6f72a13b929268#diff-25d902c24283ab8cfbac54dfa101ad31
https://github.com/rat4/blackcoin/commit/9dea231970c5c73dd6b7e3d0d20210233574a179#diff-25d902c24283ab8cfbac54dfa101ad31

Others vulnerabilities exist and you still refuse to address them (the "nothing at stake" fork, stake modifier manipulation).

mgburks77

sr. member

Activity: 364

Merit: 250

Quote from: brokedummy on April 02, 2014, 08:04:26 AM

Quote from: Jabulon on April 02, 2014, 07:53:07 AM

Quote from: mellomike on April 02, 2014, 07:46:13 AM

Wow great job rat4 on finding this... while others tried to turn a blind eye to the subject to protect the image of their dear coin, you pointed out the flaws so that they could hopefully fix them.

Great dev!!

Hear hear! This is a true act of community-service, a contribution of enormous value to the evolution of safe and legitimate cryptocurrency. It speaks for itself, from far above the maddening crowd, and partisan mudslinging based on ignorance and greed.

This should NOT have been publicly exposed. If rat4 was truly a good guy he would have communicated this privately with the mintcointeam so that they could work on a fix before all was revealed. Not cool.

That is what someone who is honest would have done, but he went and got a bunch of people from the BC thread to come to this thread and the mintcoin thread to spread FUD

We don't know even if there was actually a successful attack or not yet, that hasn't been confirmed. I certainly didn't notice any attack.

maarx

hero member

Activity: 882

Merit: 517

cloverdex.io

Quote from: brokedummy on April 02, 2014, 08:04:26 AM

Quote from: Jabulon on April 02, 2014, 07:53:07 AM

Quote from: mellomike on April 02, 2014, 07:46:13 AM

Wow great job rat4 on finding this... while others tried to turn a blind eye to the subject to protect the image of their dear coin, you pointed out the flaws so that they could hopefully fix them.

Great dev!!

Hear hear! This is a true act of community-service, a contribution of enormous value to the evolution of safe and legitimate cryptocurrency. It speaks for itself, from far above the maddening crowd, and partisan mudslinging based on ignorance and greed.

This should NOT have been publicly exposed. If rat4 was truly a good guy he would have communicated this privately with the mintcointeam so that they could work on a fix before all was revealed. Not cool.

That was done. This was posted 18 hours after notifying the mintcoin dev's.

rat4

full member

Activity: 327

Merit: 197

Two-way squared

Quote from: tacotime on April 02, 2014, 07:58:33 AM

Told OP it was a bad idea, was ignored by OP in the Blackcoin thread. If you don't understand the code you're modifying, don't muck with it.

These attacks are not applicable to BlackCoin. Guess why.

brokedummy

legendary

Activity: 980

Merit: 1004

Quote from: Jabulon on April 02, 2014, 07:53:07 AM

Quote from: mellomike on April 02, 2014, 07:46:13 AM

Wow great job rat4 on finding this... while others tried to turn a blind eye to the subject to protect the image of their dear coin, you pointed out the flaws so that they could hopefully fix them.

Great dev!!

Hear hear! This is a true act of community-service, a contribution of enormous value to the evolution of safe and legitimate cryptocurrency. It speaks for itself, from far above the maddening crowd, and partisan mudslinging based on ignorance and greed.

This should NOT have been publicly exposed. If rat4 was truly a good guy he would have communicated this privately with the mintcointeam so that they could work on a fix before all was revealed. Not cool.

mgburks77

sr. member

Activity: 364

Merit: 250

Quote from: PhilippeStevens on April 02, 2014, 07:54:49 AM

I expect some apologies from people in here calling fud when he was trying to help other coins..

looks like the fud is still happening, I wouldn't hold your breath

tacotime

legendary

Activity: 1484

Merit: 1005

Told OP it was a bad idea, was ignored by OP in the Blackcoin thread. If you don't understand the code you're modifying, don't muck with it.

https://bitcointalksearch.org/topic/m.5651789
https://bitcointalksearch.org/topic/m.5651892

There is another issue with using stake modifiers derived only from PoS blocks as well.

PhilippeStevens

full member

Activity: 214

Merit: 100

I expect some apologies from people in here calling fud when he was trying to help other coins..

Topic: Security analysis of PoW/PoS hybrids with low PoW reward - page 3. (Read 13268 times)