Bitcoin Forum

lots of people complain about the quantity of coins and how the forum is flooded... some proposed ideas to clean it up....
I'll show you how it's done - I'll start attacking weak coins accelerating their death

just wait and see the results, I'll soon show the first victim. Let's start with PoS coins: some people think you need 51% of the supply but this is bs, you need only a very little % if you just want to do a single double spend.

the point of this thread is to see how people react to this: I won't steal from anyone, but some may lose "money".

Some questions:

1. is this a good idea?
2. would you donate so I can attack more POS coins? (maybe spare some coins you are bagholding)
3. would you pay to know the time of the attack and the victim in advance?
4. would you pay for "double spend as a service" (in this case you decide coin and the timing of the attack)?
5. is this legal?
6. do you think someone would pay to have me killed?

go!

update: apexcoin attack successful with 0,07% of available supply

Spoetnik..?

no, I might even attack some of his coins...  who knows

Ok, I believe you..

As you are such a pro on POS and Nothing at Stake, you might be interested in this...


***
Some rigorous research into POS, which includes some findings relating to the so called "Nothing at Stake problem" has been published >>> https://bitcointalk.org/index.php?topic=897488.0

You can play with the models used to get the findings yourself. There is still some questions to answer (which will be done in subsequent papers) but the authors found "it's nearly impossible to attack a proof-of-stake currency with '1% stake even' as stated by Buterin".


Please comment in the thread >>> https://bitcointalk.org/index.php?topic=897488.0 to hopefully get a good quality discussion going for the benefit of the crypto scene, let's leave tribalism at the door.
***

I am sure everyone would like to hear your theories on what makes you say "some people think you need 51% of the supply but this is bs, you need only a very little % if you just want to do a single double spend." The two PHDs who wrote that research say it "nearly impossible" to do what you say is trivial...

no need for everyone to hear my theories... just watch my practice...

I'll tell you my theories anyway: the two PhDs who wrote that research have a clear nxt bias. Look at their hidden multibranch section: they say that they got 3/20 of 500 blocks with 10% stake. 3/20 of 500 is 75 blocks. They got 75 blocks! if people wait for 6 confirmations, I only need 6 blocks, not 75. So I can do with much less than 10% stake. Of course 10% stake means 10% of actively forging coins, which means 10% of 10% of supply. So, much less than 1% of supply to double spend. Of course that's still a few hundred BTCs for NXT so I'll start with a smaller coin.

I already bought a few coins... just wait until age is accumulated...

1. yes kill them all
2. piss off  ;D (kill one first to show that you are able to do it, then we may talk, or you may talk to Bobsurplus... he is the kind of guy paying for things like that)
3 same as 2
4 same as 2 and 3
5. everything is legal in crypto  ;D killing useless coins is even more legal than the rest...

6. same as 2,3 and 4

now if you make a donation to me, I can change my ansers 2,3 and 4  ;D

Not enough swearwords.

There was another thread like this months ago called Operation Shitcoin Cleanout and Clean Up Has Begun.

https://bitcointalk.org/index.php?topic=522235.0

sorry, no donation for you :)
But I'll do one first as you suggest


but did they do anything or is it just talking?
I'm "investing" my own coins for the first attack

I don't know if they did anything or not. I didn't read much of the thread.

Yes, accumulating coin age in Nxt is a sure fire winner  :D :D :D :D let me know how it goes..

POS 2.0 coins remove coinage from the equation, so now what?

Don't be giving too many hints, D.  ;D

And to cynicSOB:

When you carry out your NXT attack, could you go to the trouble of documenting every step and the results ?
Even if you fail (  ;) ) there may be a small bounty for documenting the attack,  and if you succeed, there'll be a bigger bounty.
Good luck, mate, give 'em Hell.

POS 2.0? is that a thing?


Sure, thanks. But attacking nxt requires funding that I don't have. I still claim that it can be attacked with less than 10%
NXT may not have age since last transaction, but it has "age" since last block. It accumulates equally to all miners ("forgers"?), but I believe it can be gamed to obtain more than the fair share of probabilities of creating a fork.

Try a test run on one of the straight NXT clones: NFD, NAS or NTX can all be had for 1-10 satoshi a pop, and would be a good playground.
Problem is that they don't have much network/tx activity, but that might make your job easier.

interesting! I'll start with POS based on PPC and then do one of those. Or maybe POW, renting hashrate has become cheap and some coins are easy targets. But I'll certainly take a look at those.

keep us updated on your progress, will be interesting.

You will? why you didnt?

If you are worried about such thing, how about
giving out your technique here so anyone can try and see
if it works.

That would be fair acceleration of coin evolution, not just
playing BCX Jr.

Yes! Please start with Nxt!

You should have a look at https://github.com/ConsensusResearch/articles-papers/blob/master/multistrategy/multistrategy.pdf before you try  ;)

Unfortunately you will just push the price to epic heights when buying your "very little %" of coin supply.

If you then fail at a successful attack (which is very probable), congratulations, you just made all Nxters rich.

If you sink Bitcoin, you will hurt them all. So that is perfect choice.

Well, I guess this isn't about sinking anything. More likely about making an example and then extort money from the rest :).

FTFY

Probabaly you are right. Thanks for fixing it for me :).

so.... nothing happened?

still hesitating to buy popcorn for this one...

I don't thing anything will happen at all...

just testing the waters before I do

I can't do that. My point is that most POS coins are insecure. And POW coins with low hashrate (most of them!) too. But BTC is safe.

it's no secret and it's been discussed many times. But always some fanboys say that it's not possible, give some wrong arguments and then accuse you of FUD.
The idea for PPC-like POS coins is to make a parallel chain. Eventually you'll succeed in winning against the main chain.

mmm... my business model would be more like "attack as a service" :) not extortion.

Ok, so you're going to buy a loads of coins and then
grow a chain of your own. And once coin operators get a whiff of what you're doing,
they will resort to automated checkpoints and eliminate your fork.

I'm sure it's a nice hobby though.

if checkpoint frequency if faster than standard confirmation times then you don't have POS based consensus, you have centralized bs!

;D

I have been hearing about that sort of attack for months, but nobody tried so far (at least not publicly... which probably means it does not work...)

Yea Peercoin-style PoS is that kind of thing. No argument there.

Preliminary tests look primising but I still need about a week to accumulate age, so I may have spoken too soon.
But it will be worth it: owning a coin buying only 0,05% of the market cap.

 :D

Yeah, just sink Bitcoin

 ;D ;D ;D

I don't think anything will happen.

But, to be fair, you have to give some prior notice of the attack that is blockchain based (encrypted message in Nxt and then post the account password after the attack,  for example). Otherwise, you could just wait for any $40000 coin to dip 50% as say "Ha! That was me. I told you guys I could do it!"  ::)


 :D

C'mon now we haven't got all day, you've been yammering on about it for days now and no results.

Shall we wait for another two weeks?

it's been more than 2 weeks.... but it's happening now.

Take a look at APEX. Block explorer here: https://chainz.cryptoid.info/apex/
Yes, I know it's a small coin, but hey! it's part of the blocknet!

look at the block explorer right now, it will look something like this:

339891   8 minutes   2   69.48547752 APEX   0.0007   Proof of Stake
339890   8 minutes   2   108.7155838 APEX   0.0007   Proof of Stake
339889   9 minutes   2   26.14316426 APEX   0.0006   Proof of Stake
339888   9 minutes   2   102.59570214 APEX   0.0007   Proof of Stake
339887   12 minutes   2   249.74588112 APEX   0.0007   Proof of Stake
339886   13 minutes   2   16.32830821 APEX   0.0006   Proof of Stake
339885   13 minutes   2   346.00373128 APEX   0.0007   Proof of Stake
339884   14 minutes   2   1,026.52179475 APEX   0.0006   Proof of Stake

now wait for my chain to propagate...

in particular this transaction:


with more than 30 confirms will be reversed

Are you successfully gonna kill a dead coin?  :D

I didn't realize it was dead when I decided to do it :)
anyway, the point is that I only use 0,07% of the available supply...

ok, the block explorer has now updated with all my blocks. Since block 339807 up to 339899 they are all mine.
You can see they all come from addresses with 10 APEX which all were split from one large address in this transaction: https://chainz.cryptoid.info/apex/tx.dws?506936.htm (https://chainz.cryptoid.info/apex/tx.dws?506936.htm)

oh, and I made a triple spend in the way.

Nice. But what does it show on a dead coin? There will be a handful of nodes, no one staking... hardly representative. Top 20 coin next time?  :)

according to this: https://chainz.cryptoid.info/apex/#!extraction  10% of supply was staking. Not that bad. Consider that it has a minimum stake of 1 day

PPC has a minimum of 30 days: this means most stakeholders cannot put their PPC holdings at stake even if they wanted to. The problem is PPC's market cap is almost 7M USD. The 3% or 4% I would need are still a lot of money....

And you don't need 90 blocks in a row as I did: you only need 3 blocks for a PPC double-spend on some exchanges.

I had a devastating 90 blocks with a ridiculous 0.07% of the supply.... and I didn't even try to "brute force" the stake modifier...

Are you spreading your stake thinly across multiple accounts and waiting for the coin age to build?

10% is good? Ok  :)

Keep it up, research is good. A paper would be good, eventually.

yes
but just to be sure and to make it easier I overdid it. If an exchange waits for 6 confirmations, you would only need to split it in 6 (maybe 7, not 400 like I did).
I'm researching more advanced stuff like brute-forcing the stake modifier until I get 6 blocks in a row with a high probability of winning against the main chain with much less stake.


thanks... with this technique alone, I could do Reddcoin (26 in coinmarketcap, which includes ripple and other stuff) for 12k USD or about 60BTC - less than 2% of market cap. Still too much for me...

the method is simple, and the only modification to the client was adding the ability to stake without publishing blocks (and then publish the private chain all at once), and to enable/disable listening of blocks and tx from other nodes. This allowed me to spend on one node while using the same coins for minting a parallel chain on another node.

I think Peercoin has implemented checkpoints to guard against this. BCNext recognised the attack and that's why Nxt doesn't use coin age. 

It is good you have proved him right (if you have, I didn't check  :) ), I'm not sure that has been done before.

Do you know any Java?

It's true that the last checkpoint for APEX was months ago, but checkpoints wouldn't help against this because I'm rewinding only the few last blocks.

I know some Java, and I'd like to do Nxt eventually - it doesn't have coin age but it has something similar: the time since the last block makes your target easier as time goes by... I think this can be exploited in a similar way. Split, and then decide (brute force) which of your accounts will you use to mint in order to get more chances on the next block.

bittrex disabled apex deposits and withdrawals as soon as the first reorg happened...

If you have got an attack that isn't listed here (or you think they are wrong)...

https://bitcointalk.org/index.php?topic=897488.msg10152632#msg10152632

...then comment at the bottom of the thread.

I sent all the small batches of 10 APEX to a single address AHh8p4b9Pw9mBY2vNfgi6DE6FmBe4Jw3Pz to prove that they all belong to the same person. This is an address from cryptsy, and I'll try so spend those one more time.
They have a value of about 1USD and it's not like I'm stealing: I'm willing to give it back :)

Why do you copy speech style of FrictionlessCoin (https://bitcointalk.org/index.php?action=profile;u=127521)? I've ran a small program that showed high correlation with that guy.

really? I don't know who that is... I wonder how I correlate to other users...

Interesting, wouldn't checkpoint servers and checkpointing every block combat this though? I like the research, should never give bad credit to finding exploits

yes, but it wouldn't be a decentralized currency! it would be a system controlled by a centralized checkpointer.
If you did decentralized checkpointing every block then the network would split and wouldn't work.

anyway, please ignore the messenger and pay attention to the message!

There are high correlations with some other users, but they can be sockpuppets of the guy. Ok, keep posting, I'll rerun the analysis in a month when get more your posts.

I will comment there, but I think it falls under the "Short-range attack" category.

are you opensourcing your program...(or just care to share a few informations about) that sounds very interesting and clearly more than anything on that thread...

I don't open-source it yet. It works very unreliably with texts written by non-native speakers, because they tend to copy phrases of other people (it's caused by learning of new words).

I don't think being fully decentralized truly matters, having a centralized checkpointer can often be better since there are many people that work in a decentralized fashion but could be trusted enough to manage the checkpointing. IMO a centralized checkpointer is better than a decentralized currency with an open attack vector.

So how about you hit BitcoinDark? Low market cap, center of SuperNet, can't think of a juicier target then that!

In order to check if your attack approach works with nxt, wouldn't it work only with the effective balance? It's what is important to forge, in this this case, you wouldn't need any budget, sure some whales can lease their balances to you and even raise some bounties if you document the attack :)

I'm not an english native speaker, so if I get high correlation with one I'll take it as a compliment...

I'll take a look, but a market cap of 1M USD is not that low... at least for my budget


yes, I can also try with a smaller nxt clone


no way. I prefer old-fashioned POW over anything POS with a centralized checkpoint.

First a clone and then nxt with a more strong network would be great, keep us informed of your intentions and ask for leasing in the nxt forum if you decide to try it

I currently only own about 20K NXT but I'd lease my forging rights to cynicSOB if he wants to try attacking Nxt's PoS.

You can try attacking MMXIV if you want, but it won't work

Let's not get off topic about which implementation is better, I prefer Proof of Stake but also like decentralization and open source so this is very good research for me for helping to solve possible exploits.

Thanks all for the nxt leasing offers. I still need to investigate the code with more detail first...


Of course it will work, for this simple unsofisticated attack I only need 600 coins and 30 days. 600 MMXIV: that's 5% of the supply.  Less than 9 BTC at current rates. Anyone cares to donate?
btc here: 1EqekC9YVhiWLYjG3mfKNJwrf5s3YS46WW

A more complex attack may need even less. I think that with 2,8BTC I have a 50% chance of 6 blocks in a row every day, but I haven't tested the math behind this....

And you have it wrong in your wiki: "someone holding 50% of the currency will generate 50% of all proof-of-stake coin blocks". Of course not. Someone that can stake 50% of the coins acively at stake will generate 50% of blocks. But that's much less than 50% of the currency.

The wiki is just copy paste I don't think anyone updated it yet

Stake weight is more than twice what the entire supply is lol please. There's no way you would even be able to afford buying enough to do it. Let's see how good you are when the total percentage for sale is in the single digits

Challenge issued

I'll take a look, but a market cap of 1M USD is not that low... at least for my budget

[/quote]

So basically you can't hit anything of any kind of value. Looks like the incentives are working to me. This thread is a joke.

Coins claiming an attack requires 51% of supply are the joke. The point of this thread is: "51% my ass, it's actually about 5% for big coins and I did it with less than 1% to a small coin". Not joking about this.

I appreciate your research.

In Nxt, base target gets easier to hit after a long block, but for every account, not just the ones under your control. How would it benefit you?

Ok, wikis are not expected to be 100% accurate.


Ok, then I need 2x the supply. Or maybe I need 1/30 of that and wait 30 days. So I need 1/15 of the supply. That's 6,6% according to your weight estimate. Not far from the 5% that I mentioned. So again: Not 50%. More like 6%

It's only 10BTC but yes, you are right: I can't afford it.


It's true: there's not much for sale at exchanges. But I think that is because of the high staking %, nobody leaves their coins at exchanges and everyone prefers to stake them. I suspect more people are willing to sell than what the exchanges show.

I'll have it in mind :)

Thanks.

Yes, but in PPC-style POS the coin age affects every address too and I was able to benefit from it, right? so the fact that it affects everyone is not a problem.

On top of this, I think how the rounding is done in NXT to adjust the difficulty can be gamed for personal benefit. I don't remember exactly, but it's rounded to 30 seconds, right?

I would bet that this is not the case for btcd. Very high hodl and stake rate due to high incentives.

You would loose your bet. btcd doesn't have a max staking age, meaning if you wait long enough you can attack with as few coins as you want. It's even in a worse position than most others.

Do NXT pls and PM me a result. Will donate a bit if successful.

Pretty cool to see attacks being carried out, and I'm a fan of PoS.

How much does changing the PoS algorithm like this (https://blackcoin.co/blackcoin-pos-protocol-v2-whitepaper.pdf) make it more difficult to attack?

I agree, interesting thread and am curious about future results :)

Whatever comes out.

Bookmarking thread.

yeesss please.
NXT is badass.

The real test for NXT will come if someone sets up a ponzi using NXT.

I have a valid question, that I'm surprised no one has asked yet. What gives you the right to decide that any coin at all needs to be attacked? It shouldn't matter what your opinion is of any particular coin, there are people who have money tied up in those coins, and you are bragging about having the ability to kill those coins and cause people to lose their money. The fact that you are publicly posting this threat is either incredibly bold, or incredibly stupid.

If however the point you are trying to make is to be some way beneficial to the devs and can be used to strengthen the block chains to prevent attacks like this from happening, then more power to you.

I have a funny feeling someone did.....
Yep, they did. (https://bitcointalk.org/index.php?topic=457134.0)
and then...
Someone else did it, too. Twice. (https://nxtforum.org/assets-board/%28ann%29-bad-ponzi-ii-the-new-version-of-the-game-even-better-even-bigger/msg58905/#msg58905)

Moving swiftly on....I reckon it would be a good idea to give cynicSOB a go on the NXT TestNet. That way, we can provide him with as much TestNXT as he needs to carry out an attack, without worrying too much about incurring real-world costs. And, if any of this works out, we should discuss a bounty.....

Have the Apexcoin devs shown any reaction, thanks or communication about the attack ?

Please tell you I didn't say what?

Just what we need after Bitcoin is crashing and people are afraid of hacking, make people afraid of alts and Bitcoin, so they use Apple Pay. Brilliant.

If there are vulnerabilities, maybe inform legit people of them so they can try to repair them, instead of running some new scam?

+1

Best when these things are open because it solves the issue quicker, MintCoin survived and is stronger because of it.

Plus: I hardly think we're going to convince him nót to do it. :D

I'd rather conserve my energy and learn what we can if he's going to do it anyway :)

People should be afraid of POS. It is at a very fundamental level no different from Apple, or a wall street bank, without the safety net provided by the government regulators. POS is a bad emulation of wall street. POW is a good emulation of gold.

Edit: This is not as simple as a code vulnerability that a dev can fix. It is very fundamental.

POW is less safe than POS, because all you need is over 51% mining and you can double spend .
Miners start dropping off as POW mining no longer keeps their profit margin high enough.
POS miners profit margin to stake does not force them to shut down like a POW miner.

If all of us trust government , there would be no cryptocoins.
Cryptocoins exist because less people trust their governments everyday.

 8)

I suggest you read through the thread.

I don't particularly like that investors may loose money over this but its far better than the alternative which is the OP having enough initial funds to really do damage to a larger coin and then keeping the exploit secret.

if OP can successfully demonstrate an exploit on a coin with a larger market cap then all the power to him because it will lead to change for the better.

You somehow managed to completely miss the point of cryptocurrencies.


Yes, because gold miners can double-spend the gold they own.
I'm starting to think you're posting drunk.

Explain how an exploit works is all that is needed to get some coins to make changes.
Then it falls to the coin community to make the change or risk the damages.

Example:
A Guy tells you it is not safe to fall out of a 5 story floor.

Do you think he has the right to push you out of the window of that 5 story floor to prove it to the other people in the office.

Informing is good, causing harm to prove the point is wrong , if you can't see the difference.
Then you have your own issues to deal with.

 8)

Your first paragraph was my original response. But I read past the first 3 sentences and realized that this is a valid cause. The bad coins should be attacked. This is noble work. It's not done out of malice or a general hatred, but to cull the herd or at least toughen the coins that remain standing after the attacks.

Hopefully the OP will share his findings and we will learn more about PoS crypto. I'm very interested in the results.

The "Second Pirate Savings and Trust" attack on Proof-of-Stake. https://bitcointalk.org/index.php?topic=897488.msg10182752#msg10182752 (https://bitcointalk.org/index.php?topic=897488.msg10182752#msg10182752)

Nothing about that "attack" necessitates proof of stake.

If it was a real attack, why don't you do it and prove it like the OP has done with apex? I'll tell you why: because it won't work. Show us the money or STFU.

If one reads the whole attack there is a Proof of Stake specific part and a countermeasure. The countermeasure is the reason I am not launching the attack. Proof of Stake can work, but only with the help of the state. The OP's attack for example could be used as the Proof of Stake specific part / exit strategy so could any other attack on a POS coin that requires stake.

Edit: This is no different from the fiat system Take the state out of the equation and it collapses. This is what nearly happened in 2008. Banks are for the most part proof of stake organizations.

Perhaps you read something that I missed then. In his OP he states his reasoning is because of the "quantity" of coins, not the "quality." Personally I see no reason to attack coins, especially ones that meet his own agenda and not the consensus of the entire crypto community. History has shown that most all shit coins will die natural deaths anyway. Let the herd cull itself instead of having some wannabe savior of the crypto world launch attacks on whatever coins he chooses.   

The whole point of crypto-coins is that they are safe from doublespend. If someone shows that they aren't, then he is doing a service to the cryptocurrency industry.

Crypto is still in early days. We are building bridges, and it's better for someone to stress test the bridges before they are declared safe for the general population. If these bridges are unsafe, I want to know now (even if I lose some money).

You'll notice that many who are invested in PoS coins want attacks to be attempted. Better it happen out in the open now rather than in secret in the future.

Also, his attacks don't seem to be destroying coins, just showing they aren't safe. No reason coins couldn't shore up their defenses after the attack, and come back stronger.

I agree with what you are saying. However, from reading his posts it doesn't seem like he is actually trying to be helpful. It seems more like a "look what I can do" kind of thing. Did the Apexcoin community, whatever there is of it, ask him to attack them? He supposedly successfully attacked Apexcoin, and now the crypto world knows there is a vulnerability in POS. Is there really a need to continue any further attacks? Attack all the dead coins you want, but leave legitimate coins alone.

I think it would be usefull if he works with developers to show the weakness in coins and try to find a solution for that.

To play "god" and decide to kill a coin has no use at all, unless you know that some developer is a known scammer and want to stop him from scamming people.

1. yes
2. no but I'm sure there would be rewards if you show weaknesses
3. no (and frankly, fuck you for offering that)
4. see 3
5. prob impossible to tell as with many things in the crypto-sphere
6. neeehh - prob not.

Has there been any actual proof of your attacks or are you just posting "successfull" messages and everyone is supposed to believe it ?
I'm with most people here. Attack a relatively active NXT clone or fork, show proof and then we can talk.

nkt nakamatodark is a hybrid and low market. I'm curious to know if it can handle the stress.

Bittrex confirmed his APEX attack.

https://bitcointalk.org/index.php?topic=686403.msg10169983#msg10169983

What's next? This is very popcorn

Good to know...thanks for posting that.
Alright then...let's see how easy it is with a more active coin.

Let's create a Hackcoin.

Everyone who is interested in POS security can download the wallet.
Everyone who is interested in hacking can play around with it.
The results could be useful for every honest coin.

We should never forget one thing: We are fighting against the system (banks and governments) - we are not fighting against decentralized digital currencies, am I right?

Some of us believe in what we are doing. The destruction of a random coin isn't the solution.

Cheers,
Ray

There are NXT ponzi on a regular basis.

---

Exactly. United we stand, divided we fall - the coming rise of cryptofiat (https://bitcointalk.org/index.php?topic=809557)

I agree. It's a fascinating topic.

Because a guy does something for his own reasons don't necessarily make it without merit on its own. I agree with you on his apparent motives, but as a POS afficionado, I'd still encourage guys like this because if they can do it, it shows a vulnerability that needs fixing.

^^This, I was to lazy to type it earlier. :)

cynicSOB, what would be the required countermeasure for a staking coin? decrease the maximum coin age?

cynicSOB , will you be attacking the Nxt testnet?

I already have a POS only Coin running on a live network but not sure if I want to do this since it may mean it will break the Coin.

http://s7.postimg.org/tet5l6ccr/wallet1.png
http://s7.postimg.org/hbntxm1aj/wallet2.png
http://s7.postimg.org/odlrjt4wb/wallet3.png
http://s7.postimg.org/kspw0l0cr/wallet4.png

I have local connection problems need resolving but network running smoothly.

http://s4.postimg.org/tj22c6i8t/wallet5.png

Explain? Why not? Do ya think you're the next?

I have other stuff I am working on the protocol level and have limited amounts of time to work on it. I need to bugtest the IRC and adding in StakeforCharity and use of multiple wallets so if we break it then I have to go back and work on that as well.

Also, the specs are

2 minute block time
7/28 day min/max age
8% a year halving down to 4% every 64X difficulty
20 coin fee
Fees included in POS blocks and rewards a bonus 10% more fees received in the block
max amount from Stake is 4000 coins (plus fees on top)

Other stuff than security?
Seems you are not behind your coin. Features are not necessary.

Safe your coin, then you'll have time for the toys.
Your post looks to me like advertising.

Cheers,
Ray

PS: Your sig... Paycoin. It says all.

so something like mintcoin  20/40 min/max stake age would be better protection than the coins with super low min stake age and no max age?

edit: how does getting multiple pos blocks in a row enable someone to double spend? I'm not that tech minded and trying to understand :P

No it does have a purpose.  How would you like to have what you think is a decent coin and it gets attacked and crushed overnight while you are sleeping..   If the op gives warning and then attacks and really hurts what was thought to be a good coin he did you a favor.  

A) Told all coin holders in advance
B) proved the coins weakness

I would say it is a service if he can expose a flaw in a coin.

Yup, from my point of view, if cynicSOB (or any other sod) can successfully attack Nxt.....I want to know everything about it.
He did choose a relatively dead coin for this run, so far I've seen almost zero activity from the Apexcoin 'community' since this happened, and cynicSOB did say that he'd restore any misplaced funds, if needed.

I 'm going to repeat my invitation to cynic (and anyone else who wants to have a go):
Come and have a go on the NXT Testnet, and see if you can do some damage...
https://nxtforum.org/index.php

How much would the award be for attacking the testnet?

I can't show off a project I built myself? And it's PayCon, not PayCoin. I launched mine on Christmas eve and worked on it through the holidays before PayCon launched but the code is very similar so I want to do work on both because I'm interested in this stuff and got some PayCon for cheap.

Good question.

You get nothing for a try......got to be a successful attack, preferably with enough documentation to reproduce it and find a fix.
If someone is serious about having a go....head on over to the NXT forum (or PM me, but I'm both busy and lazy  ;D), start a introduction thread and take it from there.
The NXT community will be happy to help with the set-up for an attack on TestNet, and we can discuss bounties clearly before anyone starts putting serious time and effort into this.
From what I remember (and NXT hasn't had any good serious bugs for a long time, and no successful attacks), we paid out sums from 20,000 to 200,000 NXT for finding vulnerabilities, but as i say, we can negotiate.
The dev team will be the final judges in all of this, btw, not a lowly shill such as myself.

wow! lots of attention recently...


I don't know why I wrote this... I lost focus... actually you need to split the stake as much as you can.
That's the key to the thing: if you split your staking then your staking weight remains the same. But splitting gives you the advantage that on each block you find your staking weight is only marginally affected. If you split in 6 and you hit a block, you are left with 5/6 of your original weight. If you split in hundreds then each block you mint doesn't affect your weight because the age destroyed is minimal. This is why I could do 90 blocks with no extra effort.


I'll try to write a paper about the countermeasures to defend against this kind of things... but it's not directly related to coin age: coin age only makes it cheaper to attack, so coins like blackcoin or nxt can still be attacked with less than 10% of the supply.

And I'll do nxt next (testnet or a clone) but it'll take some time because it's a very different thing I need to get used to.

And a warning: most POW coins are not safe! it's easy to cheaply rent enough hashrate to attack a lot of coins with low to medium hashrate. Only the biggest ones are good.

please write something about NXT. ( the POS is completely different from PPC or Mintcoin style coins)

Oh that's interesting, so then let's say for instance you have...

2 minute block time
minimum stake age at 7 days
maximum at 28 days
19 billion float
8% a year halving down to 4% every 64X difficulty (8%, 6%, 5%, 4.5% etc)
20 coin fee per kb (roughly 6-7 combines)
Fees generate 10% more Coins through retrieval of Stake (someone spends 20 Coins in Fees, you Stake the Block for 22 Coins)
4000 max Stake subsidy per block (plus fees on top)
Split/combine threshold at 200,000 coins at 10 days

Maximum actual inflation per year would be limited to about 5-8% per year

By the way you describe your attack, the result would cause financial detriment to you since you would be paying tens of thousands in fees but Stakers would also get all those Coins plus 10% more!. Plus with the max subsidy capped, it encourages smaller blocks for higher rewards. I can give you a little bit of private Coins you could test with if you want.

If these were fud attacks or something irrelevant to the quality of the code itself, I'd agree with you. But you may miss the point of what the OP intends to do. All coins should be attacked and the weak ones should die. I'd prefer they die because of an exploit (given they have one) than because of neglect by devs or community.

Let's cheer this guy on and hope he delivers some data.

OP doesn't need cheer he needs BTC. It takes money to own a coin

I disagree. Hackcoin is what you get on a testnet. Go after real coins. That's where you have the most to learn. There is more to learn here than whether the OP can achieve a double spend. There is also information in the responses from the devs and the code they produce to compensate. Also, what are the responses from the exchanges, etc. There are many questions that can only be addressed by attacking the live system. It's still early in crypto. It's better to do this now while it can be done. When regulators step in to protect the system, it will be too late to learn this much.

Haven't read all the posts so it may be mentioned before. Current PoS implementations use some sort of wallet weight as a way to handle competitions for blocks. Wallet weight is basically the amount of coins in the wallet. So if I have a big wallet with very small coin blocks (i.e. I transfer the coins in thousands of small transactions), I have the chance of staking a lot of new blocks continuously with the full weight of my wallet each time. That's the problem.

I think the way to fix this is to change the wallet weight to the amount of the coins in the current block that's being split to stake, rather than the full weight of all coins in the wallet. That would mean that you need a lot of coins AND big coin blocks in the wallet to perform a potential blockchain rewrite attack.

Probably, the way to address this is to weight (verb) the weight (noun) based on the size of the stake as well as the total coins in the wallet. I'm not sure how this is handled in peercoin clones. But I'm going to look it up.

Weigh the weight ;)

I have 1% of all stake in 1 wallet. My chance to generate a block is 1%
I have 1% of all stake in 1000 wallets. My chance to generate a block is 1%

I see no problem here. (Nxt)

edit: I guess what you meant is:
I have 1% of all stake in my wallet, and I transferred it there in 1000 small transactions.
I still don't see a problem for PoS.

I support the idea of giving the attacker like 10% of all Testnxts and if the attack was successful(+documentation!) the community should pay a nice bounty. Like 500.000 Nxt or so.
Somehow I like what he's doing. POS and crypto in general is very young, it's necessary that we're getting attacked so we can learn from it.

i agree
come here cynicSOB  https://nxtforum.org/index.php
Sorry english not good  ;D ;D

Agreed, Testnet is a solution - destroying active coins not.

Cheers,
Ray

Start with Litecoin Testnet :)
If you are right, many honest coins will pay you a tax for your work.

Cheers

Yes.

Your chance of generating a block is 1%, next block again 1%, next again 1%. That's a problem. The high weight of your whole coins are used for each individual small stake, increasing your chance every single time which makes you a lot more likely to find consecutive blocks at zero cost.

Ideally your chance shouldn't be 1%, the secure way is 0.001% since you transferred the money in 1000 small transactions. You should either have a big block of coins (1 big transaction), so you have a 1% chance ONCE, or you have 1000 small blocks, so you will have 1000 chances of 0.001%. You should not have a 1% chance, 1000 times.

Litecoin would be too expensive to attack. Not likely.

https://bitcoinwisdom.com/litecoin/difficulty

1,282 GH/s

The solution is to raise the diff for POS Coins? (different algo?)
I am thinking about a rollback system with wallet voting.

The difference for PoW is that it is costly to even try to do such an attack. For PoS, there's only the initial cost of the coins. There's no running cost for tries, retries, etc.

...or the effort taken to steal the coins, or the effort taken to borrow the coins(bank, payment processor, exchange, ponzi, ect..), or the effort made to compromise the wallet of a whale, or the effort made to take many loans out....

Some of the above can be applied to PoW as well, but if you compromise a mining pool operator and you use their miners than there will be an instant reaction and correction to stop such an attack from re-occurring or happening in the first place because there is large amounts of investments and expenses to be paid in mining.

With an attack on a PoS , the transactional history is tainted and any rollbacks ruin the fungibility or anonymity of the currency.

Sorry, I don't get what you mean.
1000 x 0.001% = 1 x 1%
In PoS your stake matters, not your amount of transactions.

Yes, I am no expert on NxT , but from what I understand a higher weight is given to large stakes in a single account vs many small ones as well.

Indeed. The gain of weight with one big account is small but exists.

Unless you have a time machine, you can't tell which mining pools will attack before it happened.

(only if you independently verify you have found a block, but the pool does not broadcast it. This is unlikely, because most miners check the stats of their miner on the pool website, which could be faked.)

Realizing your pool attacks and switching miners to a different pool is not instant.

The point I was making was that attacking PoW has a running economical cost while attacking PoS does not.

Yes, either 1000 x 0.001% or 1 x 1%. It's not the number of transactions, it's the number of coin blocks. Each block stakes once until it matures again (8 hours or whatever), if you have 1000 small blocks in your wallet, you can stake 1000 times right after the other and current implementations give you the full weight of your wallet in the competition for staking, giving you a great chance of finding consecutive blocks.

So basically in simple terms, current implementations give you 1000 x 1%. That's the problem.

yes, but Maestro1 was talking about:

Unfortunately, for Bitcoin , there are some scenarios where there is only a cost in effort to perform an attack.
2 compromised mining pools could perform the attack right now.


Instant in the sense that 2-3 double spends would occur before being caught.


Bitcoin has its on set of security problems. Still more secure than any other coin but insecure nonetheless.

When judging the security of a coin there are many other aspects to consider such as the amount of peer review, the amount of nodes,
the amount of implementations and stacks, the amount of researchers auditing, the amount of developers, the total market cap which
 incentivizes would be attackers from exploiting the currency, ect....

Which specific PoS implementation are you talking about?

really? meh.... why whould they pay?



This would mitigate the attack, but it's not a good thing as it benefits the "rich" over the "poor". If I'm not mistaken, in nxt the difference is so small that it doesn't matter.
BTW: you say "accounts" but is it accounts or tx outputs that are used to forge? in PPC you don't mint with your addresses, it's unspent outputs that are used to mint.

I just made my "cynicSOB" account at nxtforums, so I have the same user name there.

hehe.. well said :) cheers don't hurt though  ;D

Not litecoin, but litecoin testnet: more like 11 MH/s
but is it worth it?
there's no need to prove anything by attacking, just go to hash rental site and see how much it costs to rent that for an hour.

edit: I felt attacking POS was needed to prove the point, because the point has been made and ignored many times.

I'll say it again just in case: you don't need 51% of the supply, you need 51% of the staking weight (actively forging stake, or whatever you call it). And for most coins, that's about 5% of the supply. There's no secret attack. Only splitting the staking weight so it's not affected by each block you mine/mint/forge/whatever.

Because of the safety and the future of CryptoCurrencies.
If you are able to attack LTC testnet I would spend some bucks. (If you tell us how to reconstructing the attack)

Cheers,
Ray

There are already many examples of both SHA256 and Scrypt coins being attacked so wasting time on the litecoin testnet where coins with the exact same algo have been attacked is not needed.

With PoS there are different variations where they make wild claims like impossible to be attacked and despite you proving yourself with Apex they will merely deflect by claiming their algo is different. Better to focus on PoS.

I hardly think that would deter anyone who has
investment in the coin. Just the same as with centralized
checkpointing. Philosophy drops when money talks.

Checkpointing is always centralized. Owners of the private master key (like theymos) are able to set checkpoints on demand.

Cheers,
Ray

Quite so, but whereas in Bitcoin it is more an expediency
that prevents new nodes getting lost while downloading the chain,
in PoS it becomes essential part of the security model, thus
effectively undoing the decentralization aspect.

I would actually love to see where this goes.

Checkpoints are not always centralized. Nxt uses a system where each client sets his own rolling checkpoint 720 blocks in the past.

NXT is centralized. There is no need for centralized checkpoints.

isn't NXT block generation
time about one in a minute? Then if something went wrong
and 12 hours went by with two or more competing chains,
you'd have a set of hard-coded forks. Or is there some
additional mechanism to prevent that?

What is the central authority you speak of?

Not being a programmer, I could be totally wrong here, but I thought that in many coins with checkpointing, it's simply a flag set in the blockchain every so often. I know that peercoin used central checkpointing for a while, but then dropped it in favor of a revised system that depended on live nodes rather than any central checkpointing mechanism. Am I wrong in this?

As for NXT, other than being a cast iron bitch to set up a NXT daemon, I have no opinion on it.

checkpointing a cryptocurrency is believed to be centralized because for the checkpoint to have any effect (different than what the normal consensus would have come up with) it would have to be created by a group of people other than the original consensus group, most of the time this is the developers, so the coin with checkpoints would be centralized around the group of developers.

a good resource: links.org/files/decentralised-currencies.pdf (newbie here so probably wont show up)

wtf is this? are you restricting splitting coins? this restricts valid use cases of a currency...


why pay a lot in fees? the splitting is done in only one transaction. PPC destroys fees, they don't go to the stakers, but others do distribute the fees...

he may be referring to the initial distribution of the coins...


NXT's checkpointing is a nice idea that prevents "long range attacks" or "n@s-style history rewrites". But of course it has the risk of splitting the network and it won't help against this short-range attack.

Thanks, I'll check that out. My knowledge continues to evolve due to people like you :D

The alert system, the github account and the checkpoint system is centralized and controlled by a few people.
Alert/Checkpointing was the idea of SN (Szabono Nickoshi) - that guy who was premining 1M of his coins. Please tell me, what makes Bitcoin/Altcoin decentralized under these circumstances?
It's like democracy - a big lie.

Cheers

Welcome to have a try attack to NXT. :)

I hereby pledge 20k Nxt if you can pull off your attack on the Nxt testnet.

Conditions:

You get 10% of all testnxt
at least 30% of all testnxt has to be forging during your attack
Reorg must be 20 blocks or more
Reorg has to be verified by multiple parties

Please post here for testnxt: https://nxtforum.org/testnet/some-testnxt-to-test-asset-exchange

Too much splitting of Coins causes a very large amount of Bloat, this restricts the lower end of blocks being split so your reward is always more than the cost to combine.

Coins shouldn't be destroyed in transactions because that restricts the amount of active Coins in circulation

I haven't read the whole thread, and I have a question that may already be answered before:
Has cynicSOB, the creator of this thread, been able to prove a PoS currency can be attacked by actually doing so, or is this whole thread another joke from a wannabe hacker?

@DoM P:
APEX coin seems to have been the victim.
Attack confirmed by bittrex: https://bitcointalk.org/index.php?topic=686403.msg10169983#msg10169983

Please don't attack DMD.

I just unvested $10,000 in this sweet deal, which is totally legit:

Actually I have seen DMD around and have poked through their Github a few times over the last few months. I noticed that they have been doing work on their code quite regularly and I think I remember seeing them doing a couple promotional things earlier on as well, some celebration of Block halving and some statistics. I don't think I've seen anything negative about DMD and they've been around for like 8-9 months, mostly low-key stuff. Looks like interest is starting to pick up around DMD, maybe it's a "Diamond in The Rough"?

preliminary results for NXT: only by buying and staking (and ignoring other's people blocks with a one-line modification to the code), you need about 20% of the supply for immediate owning of all the forging blocks.

I think properties can be gamed to lower that value but I want to check this carefully before actually announcing it....

The Nxt network predicts who is next to forge (aka Transparent Forging). How did you get around this?

If the network sees you are forging blocks when it isn't your turn, then the  rest of the network will blacklist you (at least this is the last implementation I know of) and automatically reject your bad blocks.


You can see Transparent Forging live in action here: http://188.138.33.10/


http://s12.postimg.org/n704cvi5p/trick.png

This picture shows potential forgers sorted in chronological order (red ones are those who skipped their turn).

Please provide more details.

Around 20% would be quite a lot, or if I may say, with the current total amount of stake forging around 23% of stake would give you a shot at a 51% attack. (source for forging stake number: http://nxtexplorer.com/nxt/nxt.cgi?action=160)

I think current amount forging is more like 45,7% atm

hi achim  ;)

I assumed 457 mio. = 45.7% = total forging stake

therefore 23% of (total) stake = enough to make 51% of total forging stake

(Could be that this math is completely wrong... and since I need to run and achimsmile is way smarter anyway...
all you readers listen to what he says)

I read it the same way as achimsmile, I think a comma/fullstop/words were missing in your rush  ;D

"Around 20% would be quite a lot, or if I may say, with the current total amount of stake forging. So around 23% of stake would give you a shot at a 51% attack as there is about 45% of the stake forging at the moment."

I think ^ is what you meant. But it read as though only 23% of people were forging.

Yes, all clear now. Sorry, my nickname sucks on bct  :D

Isn't this more or less exactly what's expected? You need around half of the total staking power to attack?

Yes, that's it.



Some simple questions about nxt so I don't have to look them up:

1) Is transparent forging really implemented? I thought not

2) Is https://bitbucket.org/JeanLucPicard/nxt (https://bitbucket.org/JeanLucPicard/nxt) the latest source code? if not, where do I find it? do I really have to decompile Java?

3) If account A transfers some amount to account B (which was already verified) at block N, can B use that stake to forge block N+1? if not, when will it become part of B's effective balance?

4) Is re-leasing possible? if A leases to B, can B re-lease to C without approval from A?

5) which is the best place to ask these questions? nxtforums? which section?

Thanks!

When you find the right moment, 51% is not much. Attacker can close the mint lock and wait.
Most POS coins have an indication showing if blocks are ready. You need one single block with a high amount of matured coins.
You can check that in coincontrol, so no additional coding is needed for this hack.

Question: Is this possible?

If the network is able to detect such a superstaking, it can prohibit or shift transactions.
Network could calculate the average difficulty of the last X blocks or since the last checkpoint +-15%. Everything above is not valid and transactions or the confirmation process have to wait till the diff get normalized. The attacker (or the stakeholder) would get his interest, but that's all.

Cheers,
Ray

Which POS implementation are you referring to Ray? There is a lot of vocabulary in you first paragraph that seems to imply Peercoin family. What is a matured coin?

Yes, I am talking about Peercoin derivates.
With matured I mean an aged block which is ready for minting.

Cheers,
Ray

Ok. I can't answer for Peercoin family  :)

NXT doesn't have such a system for example.

Agreed. But many other coins have it.
I am sure NXT is relatively safe against that kind of attack.

Interesting thread btw.

Cheers

Wouldn't the destruction of shitty PoS coins be faster if you show everyone how to do it, than to spend your own resources?

He has shown how he owned APEX.

yay we have the right to destroy peoples work, decide which coins are "shitcoins" and which ones are "good", which coins have potential or should just be killed... cause we're a bunch of   https://www.youtube.com/watch?v=UrgpZ0fUixs


notice how most true shitcoins die off on their own ;)

agreed and +1
At the end of 2015 many coins will be dead. (Without any attack)

But I want my coin secure. The possibility of an attack is reason enough for me.
Shitcoins will not update their code. Most of them have no active development.
Like I said: Attacking a shitcoin is like killing a zombie. Nobody cares. Look at Apex.

Cheers,
Ray

But killing zombies is a lot of fun.

Do you really want to kill that beautiful lady?

http://www.image-load.net/users/public/images/BtTTM1AIIN.png

so is this :)

c'mon, APEX's price hasn't moved, and they didn't even have checkpointing servers (not that it would have helped, but It shows they didn't care or they were not prepared to run a coin).
I like to think I'm not destroying work, I'm building a more secure future. For our kids! would anybody think about the children !?

exactly killing next to dead coins isn't impressive, nor does it really show what would happen to a "good" coin with a large network. wouldn't using testnet be much more useful?  

I never really followed Apex, was it yet another one with a ditching dev like mobcoin, nebula, xanon, etc, etc , etc ,etc ? cause non of them are on exchanges or have people trying to make something happen with them. (even if their just bag holders looking for a dev to take over)  just dead

apex was still on an exchange even if any trading movement was just to get the .2 btc daily so they didn't get kicked off the exchange.

I don't know seems like if you guys were just interested in making good coins safer you'd use testnet, find weaknesses and make coins stronger... if your killing zombies just for fun... your still killing just for fun and it's still quite psychotic ;)

Hey cynicSOB,
what do you think about that: https://bitcointalk.org/index.php?topic=897493.msg10208018#msg10208018

Would it lower your success?

Cheers,
Ray

I think it wouldn't work: how can you tell an attack from normal use? if you have 2 chains that look similar but have one conflicting tx you have to choose one, there's just no way to avoid that. How do you define which is the "good" one? an attack may not even change the difficulty

testnet is not enough for some security research
the blockchain doesn't behave exactly the same, and the coin being half-alive and in an exchange gives me the opportunity to see how they react to the attack

He is using testnet as well. In fact he's just been working on NXT testnet at the request of many. I'm guessing you haven't read the thread thus far. He's doing a good job so far and lots of people are interested in seeing more of his attempts.

This type of thing is critical for PoS to really be considered a robust consensus system. Actually it's not great that it's taken this long for some good public stress testing/attacks. Anyone interested in the idea of PoS should be supporting people who can help strengthen it.

My thought was, that the high diff comes from one single node.
That could be a major stakeholder or an attacker. But I am with you. Idea has gaps.

Whatever, someone will find a solution.  ;)

Cheers,
Ray

https://blackcoin.co/blackcoin-pos-protocol-v2-whitepaper.pdf

These changes made BC less like Peercoin and more like Nxt (possibly, exactly the same as Nxt. What are the chances.. :D) .



https://nxtforum.org/general-discussion/price-speculation/msg56825/#msg56825


https://nxtforum.org/general-discussion/price-speculation/msg56825/#msg56825

Nxt recommends 10 blocks for normal confirmation, 720 to be sure. (There's a rolling check point at 720.)

Generally Nxt has 40-50% forging, so 10% stake means 4-5% of supply.

I don't know what you're talking about here. Nxt makes newly moved coins wait 1440 blocks before their weight is counted, but after that their weight counts in every block. I don't know what you mean by "age [that] accumulates equally to all miners". The chance of forging a block does not depend on how long it is since the previous block you forged. It depends on what fraction of the forging coins you have.

What is your criteria for a successful attack?

I like how the NXT community is pushing for an attack on its blockchain!

The Nxt community knows the Nxt blockchain doesn't have much to do with APEX.
Let's have it... ;)

The theory behind it is , it blocks both Normal Use or Attack of anything that might have the potential to stake over the % where the attack could happen. So in theory if there are 2 blocks, anything over the % line is blocked, but anything below the % line is accepted normally, and if you have 2 block come in 1 over the % line , and 1 under , the one under it would be accepted , complete opposite of its normal behavior.
If both blocks are under the % line, then it stakes normally. If both are over the % line , then both are blocked for another block under the % line.
Kind of like we have to give the prize to the 2nd or 3rd place runner, cause the 1st one was too fast.
It would affect staking for a lot of users, but would be worth it, if it could remove the 51% vulnerability for all POS coins.

Thanks,
Kiklo

but you didn't solve anything... how do you know the 2nd or 3rd place runners are not the attacker? maybe he placed the first one to trick you into selecting the second one which is also his...

It depends on both. Your "hit" is calculated by multiplying your stake by the seconds since the last block.

this one is easy: either successful double spend or proving you have 10 (or whatever is required for confirmation) blocks in a row.
I did both for Apex.

Thanks for responding, it would not know if the 2nd or 3rd place or 15th are attacks or normal,
it would only block everything that could be a potential attack , which means some normal stakers would also have their stakes blocked , if it had the potential and was over the % line and only allow stakers below the % to ever add any stakes.  Basically can not a filter using some calculations involving total # of coins and current difficulty be created to block potential attacks , even though it will also block some normal stakers.
That is what I was wondering.

Thanks,
Kiklo

 

I'm not saying that I fully agree with how this "stress testing" is being done, but am glad to actually see it done sooner than later. Just imagine if this wasn't pointed out, flaws of P.O.S. in 100's of coins till there was Millions of people holding 100's of wallets not opened for months? Not many people can sit back & think about how many things in the world are "stress tested", creating something more reliable & stable. Just think about a world without "stress testing", the wheel would still be just a wheel & break from the slightest bump ;)

// Not that wording would change much, but maybe replace "attack < stress testing for the public".

So, found any holes the Nxt devs missed in their implementation?  :)

I think so... but as I said, I need some time to implement the attack and completely understand the implications... attacking still requires a lot of stake, looking how to improve that...

Were you not able to gather enough testnet stake to test your theories?

I didn't even get to the part were I know how much I need. Patience! remember it took me some time with Apex but I delivered.

Keep going, This is what keeps me interested while all my coins plummet. :D

This looks interesting, reminds me of BCX and Monero

these poor coins are in trouble  ;D

what happened with that? was there an attack or not?

There was an attempted attack, but it fizzled.

Which is why borrowing state becomes an option for someone wishing to attack a POS coin. That is the essence of the "Second Pirate Savings and Trust" attack.

Not even close, BCX was full of shit.

So where can one lend large amounts of PoS coins?

Nxt allows balance leasing.  The coins stay with the original account, but the PoS power goes to whom the balanced is leased to.   One Nxt is a simulated Bitcoin mining rig so think of it as a simulation of a Bitcoin pool.

I think borrowing coins/leased forging and such is the only major danger that I've seen thus far to a solid PoS set up like NXT. In general I think PoS communities need to be vigilant about discouraging mass lending as it seems to be the only plausible way that an attacker could gain a sufficient amount of stake.

Agreed.
But there is not enough economic incentive in Nxt forging to form such large pools.

1M Nxt would have earned about 68USD if forging 24/7 over the whole last year.

^

I believe that ArcticMine typically assumes some kind of super-ponzi-scheme to get a huge amount of stake/borrowed stake.
(The economic incentives would be based on this illusion/fictive returns)

True, but he forgets how anally fixated large stakeholders are.

There are already promising assets such as supernet or Jinn, which aims to revolutionize CPU's, by going from binary to trinary data processing (in theory it can beat any CPU manufacturer in terms off efficiency. disclaimer: I don't own any Jinn assets)

All of these super promising projects did not attract a large percentage of overall NXt. I don't know what would.

Certainly not "a digital hedge fund that promises weekly returns of up to 7%" like pirate40's.
Remember that there is a lot more money in bitcoin, so 5,6M$ was not a lot of overall bitcoin stake.

I would never invest in such a fund, and I bet larger stakeholders wouldn't either.

We believe the same.

Plus, ideas like his could kill PoW coins as well: create very attractive mining pools, attract a lot of hashrate by asking for zero fees (use the typically lagged payout as your resource to pay the servers), as soon as your pools reach critical size, make bets against the coin with big leverage and then effect a 51% attack... not really gave it too much thought, but something around those lines.

That's exactly what happened with Ghash too. Zero fees and >50% hashing.

And then before that we had Deepbit over 50, and BTCGuild dangerously close to 50%.

Maybe PoS isn't in it's final fully robust form yet, but I think it sounds pretty solid. Someone could borrow or rent miners in PoW too. Or hack a pool like Ghash. And in PoS people get bent out of shape when they see a single account with 4-5% of supply when Bitcoin itself has had 3 separate mining pools around 50% already.

BCX threatened Monero and their price fell, but nothing happened after a while.

Watching

hey, there's no sendmany in nxt? If I want to split my nxt in 50 accounts then I have to pay 50 NXT in fees, right? that's a bummer....

I post here because I don't have my nxtforum password with me right now....

Yes, that's right. For each transaction you have to pay the transaction fee of 1 NXT (so multiply by 50, in your case).

For anyone wondering, CynicSOB is working on nxtforum.org to try and break the testnet. You can follow here:

https://nxtforum.org/testnet/nxt-security-audit-attack-simulations-on-testnet/

Thanks I'll follow along, interesting stuff.

Cool. The main problem I see that I spoke about earlier was how to get around Transparent Forging. Each forger/miner can predict who is due to forge the next block with high probability. You can see the predictions live from the real Nxt mainnet here:

http://188.138.33.10/
(red are accounts that missed their turn, blue are ones competing for Nxt block with a prediction for the time to next block)


If cynicSOB starts broadcasting blocks when it isn't his turn, the network with blacklist him/reject all his blocks. He will have to fool many nodes in the network to tell the remainder of the network that he is next for his blocks to be accepted. And it might only lead to a temporary fork, with the network reorging later on (upt to 720 blocks later) and orphaning all his blocks. Not a trivial problem to crack.

You can read more about the background to Transparent Forging here, if you are interested: https://bitcointalk.org/index.php?topic=364218

Is TF already running and working on the testnet ?

The "ability to predict the next forger to a high prbability" part of Transparent Forging is already running on the mainnet.

Check the forging accounts of the next few blocks against the predictions here...

http://188.138.33.10

...to prove it.


The first stages of Transparent Forging were added to NRS v.0.4.8, if you check the change logs. That was block 30000 (1st Jan 2014). (It was planned for 32000 but there was a hiccup  ;D ). The roll out of TF on the mainnet as been happening for over a year.

See: https://bitcointalk.org/index.php?topic=345619.msg4235982#msg4235982 for Jean-Luc's announcement.


There won't be a point where you can say "that is when TF began", the algos are tweaked to turn bits on and additions made over time.

I think the better question is, what's the percentage of TF already implemented in the current version of NRS 1.4.10

@Daedelus, do you have a number?

More than 50%.


Only because CfB said that 50% was implemented about 6-9 months ago  :D


Edit: Tried to find the link but couldn't  :-\

Thanks mate, ... although, thinking about it,... seems a bit rough your number  ;D

Looking at the constants we can see that 8 steps have been made so far:

transparent forging isn't a magic silver bullet. I think it doesn't solve much.

My understanding is that only the predicting part is implemented, but they don't do anything with that prediction... quoting this: https://bitcointalk.org/index.php?topic=364218 (https://bitcointalk.org/index.php?topic=364218)


I read "not revealed" as " not implemented". And even if implemented, I'm attacking with 2% of the stake: I don't need to skip blocks. The analysis on that post doesn't apply to my attack.

Hmm, still can't see how you can jump the forging queue if it calculated and known to all other forgers independently. They will all see you pushing in the queue when it isn't your turn  :D If you think you can, I'm interested to see what happens then  ;D


(The 'not revealed' has now been revealed but you're right that it isn't implemented yet)

Nxt Forum
_______________________________________________________________________________ ________
Quote from: cynicSOB on February 10, 2015, 08:51:02 pm

    updates:

    - I found no advantage in splitting the stake in various accounts.
    - NXT's POS using block generator signatures is robust, probably even better than PPC's stake modifiers. You should probably thank Cunicula for that: his discussions with cfb led to that design.
    - It's still POS, so 20% of the staking weight, which is at best 10% of the total supply, is enough to double spend once every 30hs. Here, double-spend is calculated for 10 confirmations. For 4 confirmations (like some exchanges use) half of that much is more than enough
    - I found a hole that allows me to (aprox) double my staking weight: I can make 1M NXT forge as often as 2M should. This would allow a 51% attack with 25% stake. This is still theory, I need to modify the client to generate the attack.

    So, I can't attack testnet with only 200K.. that thing was an underestimation... but I could with 2M. And I found a serious security problem, so please organize a bounty and set the goals to claim it. Come on, let's gather some 200K real NXT (not just testnet) :) I'm sure once the devs understand this they'll agree and fix it.
    Since I don't need to split the NXT in several accounts, if I wanted to try to double spend with 10% of the supply I could do it with leasing.
    Leasing is a good idea: I think it's the reason why the total network staking weight is high for NXT compared to others.
_______________________________________________________________________________ ____

Quote from: jones
I'm skeptical, as always :)

I'm not sure how 20% staking weight can double-spend a transaction every thirty hours if the person waits the normal 10 confs. A finney attack would be regular, the evil forger wouldn't include the block when it forged, and the person that accepted after one confirm would be double spent on, when we wait more than one confirm, the security increases with all the different forgers that pile blocks on top, with 10 confirms, the chance of a person with 20% staking power forging 10 consecutive blocks would be (0.2)^10 would take over a million blocks to happen. (0.2)^4 is much less, but since the largest staker has about 10% right now (0.1)^4 is small enough to only happen twice so far in nxt's existence.

Doubling the staking power is interesting, I'll do some more thinking and try to figure this out for myself, my bounty is 0 though :)

_______________________________________________________________________________ __


@cynicSOB

It looks like NXT devs are trying to welch on any bounty, bad form on their part.
You could just post their vulnerability for them acting that way.

Or reach some whales and secretly hand over them the code for the attack...

Many people on the nxtforum are in favor of a bounty. But you have to understand that some are sceptic and want to see evidence first.

cynicSOB said himself that his attack is only theoretic so far, and he has yet to modify the client and try. I'm 100% sure that he will get a bounty once he provides evidence.

Nxters have been quite fair with bounties so far.

Doctorevil recieved a bounty for doing a security audit.
Minusbalancer recieved a bounty for finding a bug.
There were 3 bounties paid for finding (purposely set) flaws

etc.

edit: He was already wrong once:

his 2% stake requirement has now gone up to 10% stake

If NXT really wanted to see evidence , they would have used the regular network and not testnet.
He found something and now they want all of the info without paying him.

Welching is Welching , no matter what kind of spin you put on it.
At least we know NXT is untrustworthy now plus a major security flaw in its code.

I know how to attack Bitcoin with a 30 GH/s mining rig but noone paid me bounty in advance.
Well, at least we know BTC is untrustworthy now plus a major security flaw in its code...

If they had invited you to a forum and you spent a few days testing your theory which would benefit them by helping secure their network , they would owe you something for your efforts.
And I would call them welchers too.

With the evidence we have so far, CfB's 30GH/s attack on bitcoin is just as possible as cynicSOB's is on Nxt.

Do you see the problem?

I like what cynicSOB is doing and hope he finds something, and I'm glad to donate some Nxt if he found a flaw,
but you shouldn't trust just words from strangers on the internet.

You seem to be from the future where time machine is an ordinary device and bets are paid before the evidence is provided. In our time we used to go the other way around.

Don't trust just words , but what he did to apex was proof it can be done.
And if you follow the numbers he did it with 20% of apex stake weight.
Nxt could have said let's pick a 3rd party both trust to hold the bounty and received the info ,
if it turned out to be true, cynicSOB is paid by 3rd party and 3rd party relays the info to NXT,
if it turned out false 3rd party returns the bounty to NXT and deletes the info cynicSOB sent them without giving it to NXT.

The 3rd party would make the decision if it was true or not, just pick someone both sides agree too.

The 3rd party must decide on the amount too in this case. I believe his attack is not worth 200k NXT.

You Found me Out ,
 Yes I am from the Future where we Know NXT can't be trusted.
  What you get to ponder is just how soon before that future is your present.

@Argon18

WTF, why are you trolling here?

Just read what was written...
IMO, NXT developers haven't had welching tendencies ever.

Being skeptical until proof is produced is normal.

Low-quality trolling. You all in the future degraded too much.  :D

Not Trolling , just don't like Welchers.
Skeptical is fine, but if you read there forum they said they would figure it out themselves, but only after he brought it up, they would have not even know to look for it.
NXT=Welchers
So last post here, so you know I am not trolling.
__________________________________________________________________

Just to show you are not as smart as you think you are Come-from-Beyond
That Post did not come from me, so you insulted my IQ , but was proof yours is lacking,
since I did not send you a post!

Editing the Last Post is still the last Post ,Come-from-Beyond.
or are you too limited to see that, and want to pull more words from a dictionary.
You just ill, because you were wrong!
And now see me everywhere, sad.

Funny 7 posts after this one , still trying to dispute NXT=Welchers
Insults , will not change the facts, so keeping adding posts to support your weak arguments.

Now, after you suddenly got a lot of free time, you could spend it on a little education. Read http://en.wikipedia.org/wiki/Fallacy, you'll find a lot of revelations here.


PS: Oops, looks like I made him upset because right after my reply I got such the PM:

So many sockpuppets around these days... (ab592726692ce7ce3999a4f59e53b3616f8a8416a869203c57de56a1e38c5ad3)

By breaking a bike lock I don't proof that I can crack a safe.

Jones said "Doubling the staking power is interesting, I'll do some more thinking and try to figure this out for myself, my bounty is 0 though Smiley"

1. He is not "they", he is Jones and Jones obviously likes to dig deeper (I'd like to remind you that NXT is decentralized)
2. And that does hardly have an influence on a possible bounty if CynicSOB found a real flaw and gives proof.

Oh, you have come back to edit your "last" post? I bet you don't know what "integrity" is...

If you choose to troll in this way, you have to affect an air of indifference to maintain any credibility in your baseless claims. Unfortunately,  you failed as it painfully obvious you are desperate for "Nxt=Welchers" to be seen as the truth :D

I am waiting for the modified client tests. If proven, I have never seen a bounty not be paid in this situation.

It's a novel trick! Guys from the future are not that bad as I judged looking at you.  :D

Yes!

Welcher = someone who refuses to pay his or her debts after a bet

The desperation is palpable...  ::)

Come on Cynic, prove your theories and let us pay you for them  :D

Not (0.2)^10. Look at bitcoin's original paper: if I mine my own private chain the chances are much higher.
20% with 11 confirms gives a probability of 0.1%
So, 1 in 1000.
1000 NXT blocks is about 10hs one double spend every 10 hs
EDIT: 1000 NXT blocks is about 30hs, one double spend every 30 hs

I'm not asking to be paid in advance: we haven't discussed the terms yet (escrow or not? show code to everyone or just devs? etc), I just want to know how much would I get so I can decide if it's worth the effort or not.

There are two different attacks, that might or might not be combined.

1) Double spending with only small % of the supply

This is a private chain attack. This is by design and it applies to all POS implementations.
I've read some people say that NXTs are like simulated POW mining rigs. The analogy works for many situations so think of it like this: coins that are not forging are like mining rigs that are not powered on - useless. So the total network hashrate that I need to beat it not the total supply: it's only the total amount of coins that is actively forging at the specific time of the attack.
Now if NXT coins work like simulated POW miners you can read Satoshi's original Bitcoin paper and see how to calculate the probability of a double spend with only a few % of the network's hashrate. That % of the network's hashrate translates to a % of the actively forging coins (NOT THE TOTAL SUPPLY).
Good news is this can be mitigated by waiting for more confirmations. Bad news is it cannot be really completely fixed. Some say "transparent forging" or "economic clustering" can fix this, but I say they can't because they would open new attack vectors.

I can demonstrate this With 2M testnet (can be leased) or 50M mainnet (can be leased too), but I need to modify the client first.

2) Staking weight inflation

I can exploit how NXT works so I will forge more often than I should. I could make 1M NXT forge as often as 2M should. This might allow a 51% attack with only 25%.
I can demonstrate this against others in testnet: make an account with 206K and have it forge. My 206K account with my secret sauce will forge more blocks in the same time (we should let it run for a few days to make sure there is an edge and it's not just luck). I still need to modify the client first and until I test it in practice I don't know exactly how much will the advantage be. Estimations are that I can double my weight.
This can be fixed, and I would give the code used to attack and the idea on how to fix it.

This thread is an example of someone who thinks they understand something a lot more than they actually do

This is a well-known stake vs computations trade-off. Effective stake asymptotically approaches 200% if burned electricity approaches infinity.

Curious, is the number of computations capped in the network, or potentially infinite as well? Can multiple stakers compete for this 200%?

By its very definition activated "Economic clustering" can't open new attack vectors in technical domain. Socioengineering attacks - yes, political attacks - maybe, but technical ones - unbelievable.

If multiple stakers compete for 200% then the quotient is lowered from 200% to, say, 180%. If all the stakers compete then it's back to 100%.

Hm, do they obtain 200% of their own stake relative to the network, or is the result a higher net subsidy created overall?

They just forge blocks 2 times more often.

No subsidy in NXT, only fees. So it's not as big of a problem as it would be if there were block rewards that inflated the supply.

So, no incentive to perform this attack at all, other than temporarily centralizing it for the cost of power, or potential motivated destruction?

I suppose the solution toward removing it as a MAD attack vector, would be to introduce a subsidy.

No, my approach does not require much extra computation.
Could you please point me to some literature on the well-known trade-off? I've read some things about that, but they seemed unpractical. I'd like to know if we're talking about the same thing.

Is there a clear definition of how will "Economic clustering" be implemented? if you have a new consensus algorithm, there will be new strengths and new flaws. I'd rather not go into deeper discussion of something that is still not defined.

All this stuff is not systematized and I, unfortunatelly, don't have links ready.

Anyway, my approach does not rely on heavy computation, and it also has the potential of more than a 200% increase: no asymptotes here.


Regarding the double spend every 30hs, I have given all the technical details (which were never a secret, that's just how POW and POS work), so you'll have to admit it's possible: the only problem is acquiring the forging weight (be it leasing or buying/scamming/stealing/whatever).

edit: well, not the ONLY problem, you have to be able to forge a private chain, calculate the probability of actually double spending and have the ability to make the transaction that you want to reverse, still, it's possible.

Is this any different from the stuff outlined in Kushti's paper? Or is this different?

so cool! I love it! I will try to find more time to read the topic, but I wish you fun... I hope those under attacks will be able to develop some counter measures, it will make the "game" more interesting... pow next?

WTF apex has to do with Nxt? After Apex attack,  nxt users asked him to demonstrate the attack on Nxt. He has not yet demonstrated the attack, not even on testnet, that has fewer nodes. It's been a month.

Looks like Argon18 has taken his outraged sense of justice somewhere else.

Anyone else worrying about cynicSOBs reward for his work.....don't.
NXT has always been happy to pay up for solid information on exploits, and we're giving cynicSOB a free run on NXT Testnet, which is identical to Mainnet, but a much smaller sandbox environment...and TestNXT instead of the real thing.

Like most NXT projects, we'll talk/argue a lot and finally agree something after a vote or three, and if cynicSOBs work checks out, he'll get bountied.  

Any result?