Bitcoin Forum

Seems someone came up with a solution to a 51% attack with goldcoin.
http://gldcoin.com/documents/GoldCoin_0.7_51percent_defense_october_11_2013.pdf

I'm not an expert in cryptography at all but does it sounds legit and if so, is it applicable to bitcoin?

It doesn't sound legitimate at all. It sounds like the writing of someone who doesn't even have a basic understanding of the problem space.

It ignores the existence of sybils, assuming that an attacker is confined to appear to be a single peer to the whole network. This is crazy, If not for sybils there would be no need for mining at all you could just have nodes produce blocks round-robbin or just directly sense a majority of nodes for consensus.

Even the false assumption that sybils don't exist isn't enough for this scheme, as it requires (see the last page) a centrally announced "checkpoint" to make the protection reliable as nodes enter and leave the network.  Moreover, it doesn't describe how it's mechanism wouldn't falsely partition the network in the event that some kind of topology disruption resulted in the network having a small min-cut (e.g. fiber cuts between continents), this wasn't adequate explained but many proposals along these lines in the past have resulted in schemes which would never re-converge again after a modest partitioning: from one currency two result, and all coins can be spent twice (one in each side).

What stops me from doing this:

1. Control a large number of nodes.
2. On all except one, broadcast a chain that is always 1 block behind the main chain.
3. Suddenly from the last one release 4 blocks in quick succession. Now you win by 3 blocks (and don't trigger the 51% defense).

It's funny because not only would this proposed system not even work, the goons who proposed it don't even have the technical skills to put it into place to begin with.

The solution to a 51% attack is never let one entity amass that amount.

Where can I read more on this?  I understand that double spend attempts don't even necessarily require 51% of total network.  It's just that with 51% you are statistically guaranteed success.  Right?  But how does a 51% attack kill the blockchain?

There is none, high network hashrate would reduce the chances

Nice to see some constructive criticism. All this will be usefull to improve new update.

This paragraph and the rest of white paper is full of nonsense unfortunately. First of all, not everyone who has 51%+ of network hash power is an attacker. One may mine blocks like anyone else and include other users' transactions in the blocks mined. On the other hand, one may mine empty blocks only and ignore other users' transactions completely, thus paralysing any coin movement on the network. It may be done with less than 51% of hash power to a lesser success though. Double spending is a different matter which involves two block chain forks with coins spent on one of them and unspent on the other which must become the primary chain eventually. Time warps are for difficulty manipulations at retargets. Finally, your defence concept is based on a false assumption of the attacker coming from a single IP or whatever you use for identification. There may be dozens if not hundreds of peers deployed worldwide for a distributed attack. There is no reliable decentralised solution currently to fight back 51% attacks of any kind.

This garbage was posted officially as GoldCoin Propaganda...
So it must have been vetted by several people...
I for one, am tired of these clowns running their pie holes with idiotic predictions, etc.

Get a grip, its just a basic, deflationary LTC clone (with g-o-l-d in the name)...
Its reached the point where crippling GLD would help clean up the Alt Space.

Most of the above points are MOOT.
@ gmaxwell there is no CENTRAL checkpoint, all bans and checkpoints are done locally and in memory only
@ meta.p02 there are a few attacks that bypass this system, but this system was designed primarily to stop most attacks from being profitable.
@Hazard , Please don't talk about technical skill when you don't possess any.
@BitcoinEXpress Anyone with a significant amount of resources can break virtually anything that relies on p2p communication... this is meant to act as a stopgap measure, and as the number of nodes grow, so does the feasibility of this defense. Remember even when submitting with multiple nodes there will be a convergence point to a legitimate peer, and then that legitimate peer will be banned for transmitting too quickly, thereby segmenting the network for 4 hours but keeping many legitimate users safe.
@User705 Correct, it's possible to sloatboat your way around the system over time, but such an attack would be noticable and thus far easier to prepare for(on the dev side of things).
@ghostlander it's not based on the assumption of a single peer, remember that in p2p networks as the network grows larger there is always a convergence point, it will segment the network for 4 hours before allowing them to continue, the segmentation is limited by how many nodes the attacker controls and is a good defense for a large network.
@QuantPlus We don't post propaganda, perhaps you should look to one of the other altcoins? We've backed up every claim we've made to date.

Stop arguing over semantics, this was designed to stop some double spending attacks, basic difficulty attacks, and multipools(and it does that very well). When I say "virtual immunity" - I don't mean total immunity, I mean immunity from pretty much anyone out there who realizes that the cost of the attack would be greater than the gain.

The system is designed to cut off an affected portion of the network in the event of a multi-pronged attack, they will simply reconnect in 4 hours and continue on the main chain. This may make it unfeasible for something with < 100 nodes, but for bitcoin its perfectly usable.

Hazard.. maker of almost ALL shitcoins.

http://thecryptoblog.com/the-anatomy-of-a-scamcoin-7-things-to-know-before-investing-in-an-altcoin-wait/

Check our cryptsy BTC trade history, most of those initial coins were traded away months ago.

Not to mention the line is ONLY FLAT BECAUSE OF A DIFFICULTY ATTACK OF 2GH/S.

Here's the real graph:
http://brontopixel.com/images/2013/10/13/wholestory.png

Any coin that first starts out needs liquidity, and for some reason idiots like you neglect difficulty.

Those coins that had a "fair start" weren't even fair at all because by the time most people started mining the difficulty was much higher than it was for those at the beginning. This is one of the things GoldCoin was designed to work around with those initial super blocks.

The Goldcoin community is at least trying to do something for the crypto community to find somekind a solution to the 51% attacks. We have started something and from here on we build/improve it. To be honest I personally like all this critisme/advise, because it can all be used to improve this defense.

Hilarious. You heard it hear folks: GLDCoin dev thinks giving a handful of people a good portion of all coins in existence is a great idea.

That's not about liquidity. That's about lining your pockets. A coin doesn't even need liquidity when it launches, because there's no economy for it other than speculative trading.

The focus of a coin's launch should be getting the coin into as many different hands as possible. Something that GLD failed miserably at, by design.

We excelled at spreading GLD.. so keep your delusions to yourself please, almost all of those coins were traded in the first week on cryptsy, https://www.cryptsy.com/markets/view/30 (view first week history).

Two, it is about liquidity as most people do not like holding 0.1 coins in their wallet, there is a psychological factor against dealing with decimals for people.

Yeah. You gave a shitload of GLD away for basically free, which was promptly dumped for profit onto bagholders.

Great launch guys. Truly.

Awful reasoning, and unless someone is mining with an old Pentium 3, they will have more coins than that.

Keep trying to justify your shitty launch. You guys are delusional.

Akumaburn and AZIZ,

Why are you even bothering with this thread?

Did you ever notice how most of the old timers and serious developers do not have anything to do with him?

He is entertainment, plain and simple. He writes in a blog about developers he has never had any real conversation with and just assumes his observations are correct. He has a small band of newbies that cheer him on.

His 15 minutes will fade and another will take his place.

As the cypto community continues to grow, more like him will come on scene and he will be only a small voice among many others who proclaim to be "internet celebrities". The community will also grow in those that are of reasonable mind, and will work to make a difference and grow the community. Put your efforts into appealing to the later, and realize the former are nothing more then a daily chuckle.  :D

Oh, the irony.

Did you ever notice how most of the old timers and serious developers do not have anything to do with goldcoin? :D

gmaxwell:

"It doesn't sound legitimate at all.
It sounds like the writing of someone...
Who doesn't even have a basic understanding of the problem space."

Heres a serious Dev pointing out...
The paper was a Promo Piece designed to give a false sense of security to GoldCoin owners...
And the last thing on earth we need is "help" from a bunch of Promoters.

Gmaxwell can be wrong, he is a human. Everyone here should use their own brain. Let's continue the discussion.

Why do you assume that someone with more than 51% needs to submit blocks faster than the 5 in ten minutes? Very bad assumption. How are you going to deal with that when a number of legit users get banned. Miners will not take to that too well. What happens when someone hits you with a diff attack and causes about half your network to exceed the limit and gets banned therefore opening up the entire block chain to an attacker remaining within the defined limits?



Another bad assumption on your part. What if an attacker is paid to attack a chain and has zero intention to trade the coins? What if an attacker does it just because they're bored or just to do it?



Again start cutting off legit miners and see how fast your chain dies.

Also in banning "legit" peers, what are you going to do when someone builds a list of lets say a 1000 peers, connects and starts sending "bad blocks" to them, ban them all? That in itself is an exploit I could build in only the time needed to scan for peers.

I applaud you guys for trying to find a solution to attacks but the smart thing to do is develop them, keep them quiet to keep and don't invite public ridicule with some posted half baked ideas that were obviously never tested


~BCX~

"Virtual immunity" for double spends already exists.  It's called real life economics.  Here is the scenario.  A bad actor acquires X amount of coins costing Y in real/fiat value.  He then proceeds to buy ASICs to attempt the double spend.  Most large real life transactions for fiat would likely take a day or two so the resources needed to pull this off are big.  Let's say it's successful and the bad actor receives the amount Y.  Let's set aside the fact that this Y will likely be lower because of possibly exchange rate flux and costs.  So the bad actor now has Y amount in fiat and X amount in coins but the X amount of coins is now greatly devalued since a large double spend was revealed.  So he has gained almost nothing and his ASICs are now greatly devalued because of the great drop in exchange rate.  What he could've mined in block rewards in his lifetime would greatly outweigh the reward of a double spend which wouldn't even be double.  How that applies after block rewards stop or become very low will be a future issue for bitcoin to deal with.

Well as one of them 'bagholders' I was more then happy to acquire them :)

I have to say out of all the alts, gld does give more away (to spread the coin) then pretty much any alt, and thats a good thing, love them or hate them (and as much as you continue to throw mud at them) microguys current team behind gldcoin have proven pretty much by now they are in for the long haul not a quick pump n dump profit.

I sincerely appreciate the many constructive criticisms presented in this discussion.

Of all the jobs and businesses that I've been a part of over the course of my life, never have I worked with such dedicated, kind, and eager people as those that make up the GoldCoin team and community. The recent FeatherCoin video made mention of the importance of the community and I couldn't agree more.

Over the last 4 months we've come a long way. We started with a coin near death and have now rebuilt the currency and made it strong. The community has grown in numbers and the markets have shown their appreciation. We're even getting calls now from outside financial groups looking to invest in an emerging altcoin.

We're going to take this experience to learn and perhaps reevaluate our release procedures and protocols. I read one commenter suggesting we needed more testing and others pointing out certain weaknesses in the defense. This is valuable information and will help us to make GoldCoin even stronger as we work on the next update.

Thanks again to all of you who have offered helpful suggestions and advice.  :)

How are you going to stop an attack done by a pool relaying blocks through a dozen of peers located in different subnets? There are many other possible scenarios. Have you got any simulations done on what you call a network segmentation? Your white paper is not backed by any practical research, I see only some theories which are not impressive. Exchanges can protect themselves without them.

@1: They do not need to.. however most attacks do have this done, as they need to outrace the main blockchain to be successful! As I said before, it is possible to slow boat the system but a "slow-boat" style attack is much more noticeable.

@2: Plenty of "What ifs" in life, yes this doesn't protect us from every conceivable scenario, but it does stop some, you have to give it that.

@3: That will only be the case in the event of a multipronged 51% attack, which I'm fairly certain would be fatal if those "legit miners" were not cut off for 4 hours anyways. IMO It's like saying why wear a bulletproof vest when it cant protect you from an RPG?

Attention is good for our market right now.. I realize the optimal solution is to do things quietly, however right now there is plenty of attention on genuinely shitcoins that could be on GoldCoin.

Why do keep fixating on "longest chain"? ? ?

The longest chain does not determine the accepted chain. With no disrespect intended it is clear that you do not even have a basic fundamental understanding of 51% attacks or any other for that matter. Everything proposed as "protection" in this thread is flawed to say the least.


~BCX~

Correct me if I am wrong, but the longest valid chain is the accepted chain no?

No if it's behind the last checkpoint for instance.

Yes, but checkpoints don't affect this system(other than the hard checkpoints we manually put in), as the auto-checkpointing is done locally and only stored in memory, it is lost upon closing the client.

I don't see how that affects us, this system works before the block validity checks.. Those are still done afterwards.

This system will simply remove(as best it can) all the longest chains that had any 6 blocks in a row that were produced too quickly (contain 6 blocks produced < 10 minutes).(Past block 100K)

It does this by banning peers locally(for 4 hours) and scheduling a temporary checkpoint 12 blocks ahead(checkpoints live only in memory and are erased upon client restart) who try to submit these new blocks with timestamps that fit the criteria.

It has extra checks for blocks prior to 100K as we have parts of our chain that do not fit that criteria atm and we don't want clients to be banned for sending those older blocks.

It's essentially a throttle on how fast valid chains can mine their blocks.

That's what I'd like you to explain in depth including why you think it's better than ACP which is a proven solution.

I have modified my post accordingly,

By ACP, I assume you mean feathercoin's solution, I've not read that much about it in detail however from what I know

ACP may be "proven" but its still centralized... all one has to do is take down the checkpoint server(s) and then proceed with the attack.

This is a decentralized defense system that does the same job, arguably better for certain kinds of attacks.

I can see both sides of this argument/discussion, and both are idiotic.

The 'solution' looks lifted from another source and poorly implemented here. The knockers seem to think its claiming to be the answer to all attacks yet it isn't.

Concern is with such a system (and I've seen and tested similar in a different situation), banning legit peers by accident or as a centralised form of control on purpose, or by malace.

It is centralised to some extent, though optional while enabled by default. Clients may unsubscribe if they wish to. In order to take down the master node(s), the attackers have to find those first as their IPs are not coded in the client. Even if they succeed, a new master node may be set up in a matter of minute.



Goldcoin's block target of 2 minutes and 60 blocks to retarget assumed. Your white paper says: "No one peer may transmit more than 5 blocks every 10 minutes, regardless of their origin."  Do you understand there is quite a big difference between both statements? What do you use for peer identification? What if there are many peers attacking? What if they fake time stamps? What if it's a legit pool like Multipool or Middlecoin? There are many ifs.

0. The actual implementation of the code only acts on the 6th received block as that is what is necessary for a full confirmation.

To further clarify: if 5 blocks are sent by one peer, and another block is received by the same peer that has a timestamp within 10 minutes of the first block sent by that initial peer, the peer that sent those 6 blocks is banned.

1. Ip address is used for peer identification.

2. If there are many peers attacking the converging node will be banned and the network will be segmented for a few hours before repairing itself.

3. Faking timestamps is a whole other issue, but Bitcoin generally has resolved this by limiting how far in the future timestamps can be(+2h), thus while such an attack may work, it is fairly easy to counter by limiting the range of the timestamps/mode of determining the current time.

Don't blame us for this, blame the people who decided a non-accurate timestamp was A-OK.

I will look into a way around this inherent flaw in Bitcoin as it seems a hornets nest ready to unravel.

The defense makes no distinction between an attacker and someone who has > 51% of the hashpower... they are equally threatening.

4. Cryptocoin mining should be as distributed as possible, these mega-multi-pools only cause trouble by creating mass spikes of supply where its not wanted and the market no longer needs it.


With regards to the third point, I may decide to abandon the standard Bitcoin client entirely and come up with a new client from scratch and perhaps even a new blockchain (time and life allowing). There are many design decisions that were made by the Bitcoin team that I disagree heavily with. It's time-laxity being one of them.

SELL!!!  ;D

Lol :)

Ofcourse, if I do come up with a new chain, I will likely transfer all existing coins to the new chain somehow.

So no worries, your coins are safe from my ideological improvements...  8)

Is it ur coin - https://bitcointalk.org/index.php?topic=303898.0?



Mastercoin and Nxt already showed the way. :)


Btw, Nxt creator claims that he solved 51% attack...

Irony much?

 :-\ :-\ :-\ :-\ :-\ :-\   resistance to a 51% attack.

Your cure is worse than the disease. Said enough I suppose. Good luck with your ambitious plans.

Nxt is proof of stake.. GoldCoin (GLD) is proof of work and I've never stolen anything.

This was 100% my idea and 100% my implementation. I will correct anything that is wrong with it and the full responsibility for its implications is mine.


What irony?




Said enough of nothing, yes you've said enough  8)

It's not important, carry on...

Hi,

I see a fundamental Problem in the current goldcoin solution: The target time of gldcoin 2mins, and it now does not allow more than 5 blocks in 10 mins.
Diff keeps declining so far that it is negligible.
Essentially, right now we just have a race for the one to first find a block after the 10mins are up.
Also, with the Client accepting blocks that are up to 45 secs into the future, he who sets his machine 45secs into the future(by manipulating GetAdjustedTime() for instance)  probably wins this race, even with only 1-2 decent GPUs mining.
Sorry, but this solution isn't.

Kind regards
Mike

Hello,
Do you know which alt currency provides the best security against attacks such as 51% attack? Unfortunately I am newbie and I don't understand yet all this discussion.
I am looking for this because I think it will be war if a day an e-currency is very high.
And some governments have unlimited power and money...!
Thanks

Nxt (https://bitcointalk.org/index.php?topic=303898.0) does.

PEERCOIN is shielded from 51% attack, and it encourages decentralization by giving minting incentives. It does not consume much electricity too because it uses a genius Proof of Stake system. (No one will be motivated to kill the network if they have 51% of the stake in it. It will be stupid to stab himself.)
Their design has successfully slowed down the blockchain size increase to 0.6GB after 5 years, compared to 110 GB for bitcoin.
Read the discussion here for more info on Peercoin:
https://talk.peercoin.net/t/suggestion-for-better-ppc-better-system-for-reward-less-transaction-fee-when-trading-one-that-will-make-ppc-better-than-bitcoin-for-sure/4504/6

Why risk our hard-earned money to some chance that 51% attack may/may not happen?
Everytime it happens, bitcoin value will drop, and we will lose value. Every time we have to move our money in and out of the bitcoin because of our fear. The financial brokers love to see that because every time we move our money, they get a percentage of our money. The implication of 51% attack is bad. Values will be lost over and over again. In the end we will be slaves to the biggest financial institutions: the banks.