Pages:
Author

Topic: Why Bitcoin Could be Beat. - page 2. (Read 5215 times)

full member
Activity: 126
Merit: 100
April 01, 2014, 11:36:32 AM
#40
legendary
Activity: 2142
Merit: 1010
Newbie
April 01, 2014, 11:34:18 AM
#39
The new guy may be not necessarily brand new, he may have the part of the blockchain before the bad guy forging the secret chain.

So, if the new guy has chosen the bad guy as his "well-know nodes", he will go on with the secret chain, and the network will be forked. This is true for both PoW and PoS. right?

Right.
full member
Activity: 126
Merit: 100
April 01, 2014, 11:33:14 AM
#38
The new guy (who has no actual blockchain yet) must choose "well-known nodes" to get the blockchain from. He won't accept ur secret chain coz he will get the legit one from other nodes. U have to "isolate" him, but the same attack is applied to Bitcoin as well and can't be counteracted if the new guy has no information about what nodes r legit.

The new guy may be not necessarily brand new, he may have the part of the blockchain before the bad guy forging the secret chain.

So, if the new guy has chosen the bad guy as his "well-know nodes", he will go on with the secret chain, and the network will be forked. This is true for both PoW and PoS. right?
legendary
Activity: 2142
Merit: 1010
Newbie
April 01, 2014, 11:13:59 AM
#37
Case 1: the attacker forges on both the legit and secret branch
- Consider the attacker has two computer, computer A is connected to the internet and computer B is offline.
- The attacker use his account to forge on the legit branch as usual with computer A, and at the same time he also use his account to forge on the secret branch with computer B.
- After some time, he connects the computer B to the internet and broadcast his secret branch to other accounts. he can do this with computer A online or turn computer A offline.

Case 2: the attacker skip his turn on the legit branch and forges only on the secret branch
- The attacker use only one computer.
- At first, the computer is connect to the internet, the attacker forges on the legit branch as usual.
- At some time point, he turns the computer offline, begins to forge his secret branch.
- After some time, he turns the computer online

In case 1, because the legit branch has more stake involved in the forging than the secret one, every account has no problem to tell which one is valid. right?

In case 2, though more stake is involved in the secret branch, every account that forges on the legit branch know that the attacker's account has been penalized, so they will not accept the secret branch. but for an account that was offline when all this happened, how does it know which account(s) has been penalized for forging on a secret branch when it comes back online? the secret branch can also be interpreted as the legit because all other accounts have been forging on a secret branch.


The new guy (who has no actual blockchain yet) must choose "well-known nodes" to get the blockchain from. He won't accept ur secret chain coz he will get the legit one from other nodes. U have to "isolate" him, but the same attack is applied to Bitcoin as well and can't be counteracted if the new guy has no information about what nodes r legit.
full member
Activity: 126
Merit: 100
April 01, 2014, 11:01:46 AM
#36
Then what stops the adversary and tells the account that is offline during the procedure which branch is legit when it comes back online?

Explain ur attack step by step if u want to get a detailed explanation. Unfortunatelly, most of guys ask general questions and become upset when get general answers.

Ok, I'll try later after giving it more thought.


Well, just try to understand how an account choose the legit branch

Assume the attacker has 51%+ of the stake

Case 1: the attacker forges on both the legit and secret branch
- Consider the attacker has two computer, computer A is connected to the internet and computer B is offline.
- The attacker use his account to forge on the legit branch as usual with computer A, and at the same time he also use his account to forge on the secret branch with computer B.
- After some time, he connects the computer B to the internet and broadcast his secret branch to other accounts. he can do this with computer A online or turn computer A offline.

Case 2: the attacker skip his turn on the legit branch and forges only on the secret branch
- The attacker use only one computer.
- At first, the computer is connect to the internet, the attacker forges on the legit branch as usual.
- At some time point, he turns the computer offline, begins to forge his secret branch.
- After some time, he turns the computer online

In case 1, because the legit branch has more stake involved in the forging than the secret one, every account has no problem to tell which one is valid. right?

In case 2, though more stake is involved in the secret branch, every account that forges on the legit branch know that the attacker's account has been penalized, so they will not accept the secret branch. but for an account that was offline when all this happened, how does it know which account(s) has been penalized for forging on a secret branch when it comes back online? the secret branch can also be interpreted as the legit because all other accounts have been forging on a secret branch.
full member
Activity: 126
Merit: 100
April 01, 2014, 05:17:23 AM
#35
Then what stops the adversary and tells the account that is offline during the procedure which branch is legit when it comes back online?

Explain ur attack step by step if u want to get a detailed explanation. Unfortunatelly, most of guys ask general questions and become upset when get general answers.

Ok, I'll try later after giving it more thought.
legendary
Activity: 2142
Merit: 1010
Newbie
April 01, 2014, 05:09:38 AM
#34
Then what stops the adversary and tells the account that is offline during the procedure which branch is legit when it comes back online?

Explain ur attack step by step if u want to get a detailed explanation. Unfortunatelly, most of guys ask general questions and become upset when get general answers.
full member
Activity: 126
Merit: 100
April 01, 2014, 04:55:43 AM
#33
Now the mechanism that was stopping forging is disabled.

Then what stops the adversary and tells the account that is offline during the procedure which branch is legit when it comes back online?
legendary
Activity: 2142
Merit: 1010
Newbie
April 01, 2014, 04:47:13 AM
#32
Whether the adversary works on only the secret branch and gets penalized or works on both branches without being penalized, the two branches both have 100% "hashing" power. So, without the advanced consensus mechanisms, the two branches will statistically have the same length and for an account being offline during the procedure, it cannot recognize the legit branch from the one generated secretly. This issue is supposed to be resolved by the advanced consensus mechanisms,

Regarding the advanced consensus mechanisms, we know that, when one account is left on a fork alone, it will generating all the blocks, but after some blocks, it stops. Only after some other accounts join in, can it continue to generate blocks. I believe this is caused by the advanced consensus mechanisms. It is obvious that the adversary cannot attack Nxt by working on a secret branch using only a few accounts. But that's all what I know about it. How will the advanced consensus mechanisms counteract if the adversary introduces enough accounts for the secret branch? Can you explain it, CfB?


Now the mechanism that was stopping forging is disabled.
full member
Activity: 126
Merit: 100
April 01, 2014, 04:44:06 AM
#31
He would have only 15 sec to release his "secret" chain. 16 sec later and it's too late to do an attack.

This can never be true because a previously unconnected or not-well-connected node will not have the "correct" notion of order and time--it must rely on other nodes. There is no guarantee that those nodes will be honest, and it would only take one dishonest node to present a conflicting viewpoint for which the unconnected node has no way of determining the correct chain.

I think I understand lx's concern. It is related to the following description of transparent mining:

Quote
Imagine someone is going to do a "51%" attack against Nxt and he owns 90% of all coins. The adversary must stop generating blocks for legit branch coz he won't be able to compete against 100% mining power with his 90%. So he decides to "skip" his turn to generate a block. The rest 10% of the network detects this and penalizes the adversary by setting his mining power to 0 and distributing it among other miners. Now the network is back to 100% power coz everyone got 10-fold increase. The adversary can mine other branch in a secret place but it won't be able to replace the legit branch. Of course, the 2nd branch will have 100% "hashing" power tied to it as well, coz the attacker will get his 90% bumped to 100% but this can be counteracted by some mechanisms of advanced consensus (still not revealed).

Whether the adversary works on only the secret branch and gets penalized or works on both branches without being penalized, the two branches both have 100% "hashing" power. So, without the advanced consensus mechanisms, the two branches will have the same length and for an account being offline during the procedure, it cannot recognize the legit branch from the one generated secretly. This issue is supposed to be resolved by the advanced consensus mechanisms,

Regarding the advanced consensus mechanisms, we know that, when one account is left on a fork alone, it will generating all the blocks, but after some blocks, it stops. Only after some other accounts join in, can it continue to generate blocks. I believe this is caused by the advanced consensus mechanisms. It is obvious that the adversary cannot attack Nxt by working on a secret branch using only a few accounts. But that's all what I know about it. How will the advanced consensus mechanisms counteract if the adversary introduces enough accounts for the secret branch? Can you explain it, CfB?
legendary
Activity: 2142
Merit: 1010
Newbie
March 30, 2014, 04:46:58 PM
#30
This is solved by hallmarking.

It isn't solved, it is an extension of the same problem. It is already a given that whoever performs such an attack will have plenty of nxt, hallmarking adds only a little effort and no risk, and does not achieve a common consensus in the case of a public (as opposed to secret) attack. And as far as I can tell, hallmarking significantly reduces privacy for no benefit to honest users.

Sorry, but I disagree. Could u explain step by step how would u do such the attack having 100 million coins (10% of the stake)?
Ix
full member
Activity: 218
Merit: 128
March 30, 2014, 04:41:37 PM
#29
This is solved by hallmarking.

It isn't solved, it is an extension of the same problem. It is already a given that whoever performs such an attack will have plenty of nxt, hallmarking adds only a little effort and no risk, and does not achieve a common consensus in the case of a public (as opposed to secret) attack. And as far as I can tell, hallmarking significantly reduces privacy for no benefit to honest users.
legendary
Activity: 2142
Merit: 1010
Newbie
March 30, 2014, 04:08:18 PM
#28
He would have only 15 sec to release his "secret" chain. 16 sec later and it's too late to do an attack.

This can never be true because a previously unconnected or not-well-connected node will not have the "correct" notion of order and time--it must rely on other nodes. There is no guarantee that those nodes will be honest, and it would only take one dishonest node to present a conflicting viewpoint for which the unconnected node has no way of determining the correct chain.

This is solved by hallmarking.
Ix
full member
Activity: 218
Merit: 128
March 30, 2014, 04:03:41 PM
#27
He would have only 15 sec to release his "secret" chain. 16 sec later and it's too late to do an attack.

This can never be true because a previously unconnected or not-well-connected node will not have the "correct" notion of order and time--it must rely on other nodes. There is no guarantee that those nodes will be honest, and it would only take one dishonest node to present a conflicting viewpoint for which the unconnected node has no way of determining the correct chain.
legendary
Activity: 2142
Merit: 1010
Newbie
March 30, 2014, 03:31:57 PM
#26
By malicious miners, I was referring to the article's description of them: ones who are intentionally working on a separate chain. They could presumably work on both and receive no penalty at all. Knowing the order doesn't fix this.

He would have only 15 sec to release his "secret" chain. 16 sec later and it's too late to do an attack.


This is not what the article was referring to. With PoW mining, there is an opportunity cost to mining a different chain: you can't mine the real one at the same time. With PoS, you can. This is a serious issue and doesn't have anything to do with separate chains for messaging or payment, it has to do with forking the "master" chain.

See above.


This is a baffling statement--I thought Nxt used a completely different mechanism.

U were wrong. Nxt uses the same mechanism. Just replace PoW with PoS, each coin is a small mining rig.
hero member
Activity: 812
Merit: 500
March 30, 2014, 03:04:18 PM
#25
Bagholder.

/thread.
Ix
full member
Activity: 218
Merit: 128
March 30, 2014, 03:01:06 PM
#24
Miner(s) of the next block is always known. A malicious miner can't skip his turn to mine a block, coz nodes will simply ask the next miner in the queue.

By malicious miners, I was referring to the article's description of them: ones who are intentionally working on a separate chain. They could presumably work on both and receive no penalty at all. Knowing the order doesn't fix this.

Quote
Every chain is used for a specific case. If a node is not interested in working with chain that used for Messaging then it can spend more resources for another chain, for example, Payments.

This is not what the article was referring to. With PoW mining, there is an opportunity cost to mining a different chain: you can't mine the real one at the same time. With PoS, you can. This is a serious issue and doesn't have anything to do with separate chains for messaging or payment, it has to do with forking the "master" chain.

Quote
Consensus on Master chain is achieved by the same mechanism as used in Bitcoin.

This is a baffling statement--I thought Nxt used a completely different mechanism.
legendary
Activity: 2142
Merit: 1010
Newbie
March 30, 2014, 02:43:31 PM
#23
In what way does transparent forging counteract malicious miners? And why does having multiple consensus chains lead to performance optimizations? How is consensus eventually achieved?

Miner(s) of the next block is always known. A malicious miner can't skip his turn to mine a block, coz nodes will simply ask the next miner in the queue.
Every chain is used for a specific case. If a node is not interested in working with chain that used for Messaging then it can spend more resources for another chain, for example, Payments.
Consensus is achieved by using Master chain as a point of synchronization. Consensus on Master chain is achieved by the same mechanism as used in Bitcoin. Parallel Chains concept has 2 variants, both r not nailed though.
Ix
full member
Activity: 218
Merit: 128
March 30, 2014, 02:29:10 PM
#22
In what way does transparent forging counteract malicious miners? And why does having multiple consensus chains lead to performance optimizations? How is consensus eventually achieved?
legendary
Activity: 2142
Merit: 1010
Newbie
March 30, 2014, 02:19:24 PM
#21
You completely evaded the question and promoted what should be a critical failure (allowing double spends and providing no real means of consensus) as some feature of the currency. I'd say you're the one trolling.

Ask again without trolling and u'll get an answer.
Pages:
Jump to: