Pages:
Author

Topic: Security analysis of PoW/PoS hybrids with low PoW reward - page 3. (Read 13216 times)

sr. member
Activity: 476
Merit: 250
So basically the claim is that because of this vulnerability it is possible to complete a 51% attack.

Is that or is that not also a possibility with pure PoS coins?

I'm not seeing how the security status of blackcoin is any different than the security status of mintcoin, as both are supposedly vulnerable to this attack. Which from what i gather is quite expensive to launch successfully and therefore highly unlikely in the first place.

Okay, for your understanding:

1) All coins ever created are suspectable to 51% attacks.
2) Mintcoin is PoW/PoS hybrid
3) We have succesfully tested a hypothesis that prevents PoS blocks from being accepted. - This means that MintCoin was PoW-only for one full hour.
4) Due to the low rewards on the Mintcoin PoW chain the hashrate is low. This means that during that time that MintCoin is PoW-only it is very easy to perform a 51% attack.
sr. member
Activity: 248
Merit: 250
tacotime can you please link some info about peercoin pos weaknesses?

ok
https://github.com/ethereum/wiki/wiki/Problems (See 5. Create an incentive-compatible proof-of-stake currency) and also here: http://blog.ethereum.org/2014/01/15/slasher-a-punitive-proof-of-stake-algorithm/

https://bitcointalksearch.org/topic/ppc-disclosure-stake-generation-vulnerability-131940 (addressed by the creation of kernel.h and kernel.cpp which compute the stake modifier, which has its own problems)

Thanks a lot, this is very interesting. To problem #1: What exactly is meant with consensus failure and how does it affect network security? So if I have a faked time stamp that is t seconds in the future, how much less coins do I need to perform a 51% attack?
legendary
Activity: 1484
Merit: 1005
So basically the claim is that because of this vulnerability it is possible to complete a 51% attack.

Is that or is that not also a possibility with pure PoS coins?

I'm not seeing how the security status of blackcoin is any different than the security status of mintcoin, as both are supposedly vulnerable to this attack. Which from what i gather is quite expensive to launch successfully and therefore highly unlikely in the first place.

Quote
In the event of a fork, whether the fork is accidental or a malicious attempt to rewrite history and reverse a transaction, the optimal strategy for any miner is to mine on every chain, so that the miner gets their reward no matter which fork wins. Thus, assuming a large number of economically interested miners, an attacker may be able to send a transaction in exchange for some digital good (usually another cryptocurrency), receive the good, then start a fork of the blockchain from one block behind the transaction and send the money to themselves instead, and even with 1% of the total stake the attacker's fork would win because everyone else is mining on both.
sr. member
Activity: 364
Merit: 250
So basically the claim is that because of this vulnerability it is possible to complete a 51% attack.

Is that or is that not also a possibility with pure PoS coins?

I'm not seeing how the security status of blackcoin is any different than the security status of mintcoin, as both are supposedly vulnerable to this attack. Which from what i gather is quite expensive to launch successfully and therefore highly unlikely in the first place.
legendary
Activity: 1484
Merit: 1005
tacotime can you please link some info about peercoin pos weaknesses?

ok
https://github.com/ethereum/wiki/wiki/Problems (See 5. Create an incentive-compatible proof-of-stake currency) and also here: http://blog.ethereum.org/2014/01/15/slasher-a-punitive-proof-of-stake-algorithm/

https://bitcointalksearch.org/topic/ppc-disclosure-stake-generation-vulnerability-131940 (addressed by the creation of kernel.h and kernel.cpp which compute the stake modifier, which has its own problems)
legendary
Activity: 1484
Merit: 1005
Zero difficulty PoW is open door and cannot be trusted. One of possible fixes is to disable PoW.

Or you can have PoW with a reasonable subsidy and use it to secure the network, but then you just have PeerCoin.  Unsurprisingly, Peercoin works because of this and not in spite of this.  Now you've simply opened yourself to all the catastrophic bugs in PeerCoin's PoS system that you refuse to acknowledge.

There are easy applied fixes for hybrid PoW/PoS with low subsidy that involve adjusting the trust of the timestamping of PoW blocks and content of PoW blocks in general -- but again, there are the same PoS bugs which already exist in PeerCoin, which are non-trivial.
sr. member
Activity: 364
Merit: 250
Quote
I just believe him he proved his trustworthy and transparency so far.
he's one of the one's so helpfully spreading FUD

so no, that is not the type of attention he is attracting

Quote
Zero difficulty PoW is open door and cannot be trusted. One of possible fixes is to disable PoW.

Thank you. I wondered if that was a possibility or not.
full member
Activity: 323
Merit: 197
Two-way squared
Told OP it was a bad idea, was ignored by OP in the Blackcoin thread. If you don't understand the code you're modifying, don't muck with it.

These attacks are not applicable to BlackCoin. Guess why.

My guess is that you modified the trust weighting for PoS blocks so that PoW block or that you manipulated timestamping variability, neither of which are great solutions in the distributed system you're playing with.

It looks like you tried to fix the stake modifier with a hardfork and then broke it in the process, too:
https://github.com/rat4/blackcoin/commit/47d2eec662b738b39cdb45f3ef6f72a13b929268#diff-25d902c24283ab8cfbac54dfa101ad31
https://github.com/rat4/blackcoin/commit/9dea231970c5c73dd6b7e3d0d20210233574a179#diff-25d902c24283ab8cfbac54dfa101ad31

Others vulnerabilities exist and you still refuse to address them (the "nothing at stake" fork, stake modifier manipulation).

Zero difficulty PoW is open door and cannot be trusted. One of possible fixes is to disable PoW.
legendary
Activity: 1302
Merit: 1002
Perhaps now is the time for additional security testing of blackcoin?

We welcome you to, really.

We are talking about systems that keeps track of people's money. People invest in coins with their hard earned money or do it via mining with their expensive equipment. If the coin's system is at risk this is a risk for everyone involved.

If you are successfull, have the same decency as us and report it to the devs. We did for MintCoin and you do not want to read their response. That is the sole reason it has been posted here. We too have money invested in other crypto's and would like them to be as secure as possible, that's why we checkout other coins security and report security risks immediatly.

You mean same decency and also helpfully inform all mintholders to go to BC thread and spread FUD?

No, I won't be doing that.
Sry mgburks77 but Soepkip just answered because some people accuse BC developers Soepkip is one of them...
He is not just random hater, flamer or FUDer...I just believe him he proved his trustworthy and transparency so far.
sr. member
Activity: 364
Merit: 250
Perhaps now is the time for additional security testing of blackcoin?

We welcome you to, really.

We are talking about systems that keeps track of people's money. People invest in coins with their hard earned money or do it via mining with their expensive equipment. If the coin's system is at risk this is a risk for everyone involved.

If you are successfull, have the same decency as us and report it to the devs. We did for MintCoin and you do not want to read their response. That is the sole reason it has been posted here. We too have money invested in other crypto's and would like them to be as secure as possible, that's why we checkout other coins security and report security risks immediatly.

You mean same decency and also helpfully inform all mintholders to go to BC thread and spread FUD?

No, I won't be doing that.
sr. member
Activity: 476
Merit: 250
Perhaps now is the time for additional security testing of blackcoin?

We welcome you to, really.

We are talking about systems that keeps track of people's money. People invest in coins with their hard earned money or do it via mining with their expensive equipment. If the coin's system is at risk this is a risk for everyone involved.

If you are successfull, have the same decency as us and report it to the devs. We did for MintCoin and you do not want to read their response. That is the sole reason it has been posted here. We too have money invested in other crypto's and would like them to be as secure as possible, that's why we checkout other coins security and report security risks immediatly.
sr. member
Activity: 364
Merit: 250
Perhaps now is the time for additional helpful security testing of blackcoin?
legendary
Activity: 1484
Merit: 1005
Told OP it was a bad idea, was ignored by OP in the Blackcoin thread. If you don't understand the code you're modifying, don't muck with it.

These attacks are not applicable to BlackCoin. Guess why.

My guess is that you modified the trust weighting for PoS blocks (to lessen weighting for any individual block based on coinage) or that you manipulated timestamping variability, neither of which are great solutions in the distributed system you're playing with.

It looks like you tried to fix the stake modifier with a hardfork and then broke it in the process, too:
https://github.com/rat4/blackcoin/commit/47d2eec662b738b39cdb45f3ef6f72a13b929268#diff-25d902c24283ab8cfbac54dfa101ad31
https://github.com/rat4/blackcoin/commit/9dea231970c5c73dd6b7e3d0d20210233574a179#diff-25d902c24283ab8cfbac54dfa101ad31

Others vulnerabilities exist and you still refuse to address them (the "nothing at stake" fork, stake modifier manipulation).
sr. member
Activity: 364
Merit: 250
Wow great job rat4 on finding this... while others tried to turn a blind eye to the subject to protect the image of their dear coin, you pointed out the flaws so that they could hopefully fix them.

Great dev!!

Hear hear! This is a true act of community-service, a contribution of enormous value to the evolution of safe and legitimate cryptocurrency. It speaks for itself, from far above the maddening crowd, and partisan mudslinging based on ignorance and greed.

This should NOT have been publicly exposed. If rat4 was truly a good guy he would have communicated this privately with the mintcointeam so that they could work on a fix before all was revealed. Not cool.

That is what someone who is honest would have done, but he went and got a bunch of people from the BC thread to come to this thread and the mintcoin thread to spread FUD

We don't know even if there was actually a successful attack or not yet, that hasn't been confirmed. I certainly didn't notice any attack.
hero member
Activity: 882
Merit: 517
cloverdex.io
Wow great job rat4 on finding this... while others tried to turn a blind eye to the subject to protect the image of their dear coin, you pointed out the flaws so that they could hopefully fix them.

Great dev!!

Hear hear! This is a true act of community-service, a contribution of enormous value to the evolution of safe and legitimate cryptocurrency. It speaks for itself, from far above the maddening crowd, and partisan mudslinging based on ignorance and greed.

This should NOT have been publicly exposed. If rat4 was truly a good guy he would have communicated this privately with the mintcointeam so that they could work on a fix before all was revealed. Not cool.

That was done. This was posted 18 hours after notifying the mintcoin dev's.
full member
Activity: 323
Merit: 197
Two-way squared
Told OP it was a bad idea, was ignored by OP in the Blackcoin thread. If you don't understand the code you're modifying, don't muck with it.

These attacks are not applicable to BlackCoin. Guess why.
legendary
Activity: 980
Merit: 1004
Wow great job rat4 on finding this... while others tried to turn a blind eye to the subject to protect the image of their dear coin, you pointed out the flaws so that they could hopefully fix them.

Great dev!!

Hear hear! This is a true act of community-service, a contribution of enormous value to the evolution of safe and legitimate cryptocurrency. It speaks for itself, from far above the maddening crowd, and partisan mudslinging based on ignorance and greed.

This should NOT have been publicly exposed. If rat4 was truly a good guy he would have communicated this privately with the mintcointeam so that they could work on a fix before all was revealed. Not cool.
sr. member
Activity: 364
Merit: 250
I expect some apologies from people in here calling fud when he was trying to help other coins..

looks like the fud is still happening, I wouldn't hold your breath

legendary
Activity: 1484
Merit: 1005
Told OP it was a bad idea, was ignored by OP in the Blackcoin thread. If you don't understand the code you're modifying, don't muck with it.

https://bitcointalksearch.org/topic/m.5651789
https://bitcointalksearch.org/topic/m.5651892

There is another issue with using stake modifiers derived only from PoS blocks as well.
full member
Activity: 214
Merit: 100
I expect some apologies from people in here calling fud when he was trying to help other coins..
Pages:
Jump to: