sometimes I think about 10 miners that 8 of them have 10% of hash power and the ninth with 9% and the tenth with 11% and while they all are in parallel processing, why the tenth miner won't be able to hide himself and solve the nonce quicker than the other miners?
I just visit this web site and found it very useful for some risk analysis and possible attacks to PoW. these sort of information are necessary for planning an attack. if you look for amazing stats, just compare bitcoin, bitcoin cash and bitcoin sv: https://miningpoolstats.stream/bitcoinUPDATED: the link above shows many of pools in several coins are (or could simply become) the majority of their network!! very interesting to see a power outage, a maintenance in major pools could be harmful.. |
|
|
|
1- As of power consumption decrease: No such thing at all in your proposal, and it is not even possible to replace energy by space or bandwidth. Think about it! The adversary could equip himself with enough amount of such resources with neglectable cost. Security in decentralized ecosystem is about the equilibrium state of network in which attack costs considerably are higher than incentives/potential benefits for the attacker.
the built-in pool system in PoC need temporary space for accounting purposes - this has nothing to do with attacking/defending anything. I have described above the equilibrium policy of PoC. the miners and nodes with higher amount of transfer fee / reward fee have the most power in voting - which carries the power cost of mining and its related marketing cost into the equation. It is another bad idea, with a multiple layer of chaotic consequences.
when you do not need marketing knowledge and marketing process for your job, this means you have someone else in a higher level is doing it (in other words, this means you are a slave or an employee in a centralized system. Pools in PoW, and PoW in huge processing power providers - in the case of bitcoin, ASIC provider companies). with marketable mining, you could have your own job in a decentralized market.  As I remember, you have already mentioned Butterin's ridiculous 99.5% which is based on such a version of Albanian Generals Problem both dependent on signed and synchronous messaging and I refuted such weird and obsolete ideas to be useful for cryptocurrencies, and as I remember, you retracted from this. Now once again, you are bringing it up! What for? To cover the obvious weakness in your block generation algorithm. IOW, instead of simply taking back your proposal about blocks not enriched by nonce (work) you prefer to commit suicide  It is really suicide, jumping to dark zones of non-BGP issues. First you propose miners advertising themselves and now your nodes are trying to 'synchronize' by (apparently) signing blocks in an accumulative way (otherwise how they are non-rewritable or irreversible?) it is Buterin's 99.5% joke. There is a reason for Pow being asynchronous and blocks not signed by peers: it is permissionless, p2p, public network of anonymous participants. Any proposal that requires synchronization or fame/signature is not considered part of cryptocurrency discourse imo. I strongly suggest choosing mainstream cryptocurrency basics instead of sticking with flawed proposals, like disparately. now I could see you didn't read that paper about The Chinese Generals Problem. pay attention, the isomorphic ring of generals is 100% vulnerable to traitor nodes, which means one traitor node is enough to break the consensus. I use this property in DETECTING traitor nodes, then immediately drop them out of isomorphic ring (replace the 1st ring with a non-isomorphic version) based on the policies of the PoC protocol. after block creation, the block confirmation process begins by voting that we need to see how percent of traitor nodes may defeat it. ** primary calculations show the fault tolerant is still 51%. and this has nothing to do with AGP and that 99% protection in ETH.. where did you get it from?! and blocks are not reversible means there is no *the longest chain is the valid one* rule in PoC - so reaching consensus will be a time consuming process. I am rewriting this, God. the worst thing that ever could happen here is transaction censorship that an end user could resend it to another miner. P.S. sometimes I really surprise how we accept weaknesses of PoW as under control equilibrium, but others weaknesses as out of control sinking ship come one, there is no 100% guaranty in any of these systems at all and PoC has its own characteristics in this area. |
|
|
|
As much as I appreciate your dedication and ambitious spirit, I need to maintain my previous objections almost unchanged:
your technical notes and the time you spend to show weaknesses of the new idea is respectable. please continue. 1- You should reconsider the idea of "green PoW". Seriously, there is not such thing at all. Keeping blockchain secure needs resource consumption and electricity is the main resource in this context, for a given price and attack threat level, less electricity consumption means less security because malicious behavior costs drop as well. Period.
2- Miners 'working' on transaction level is not good idea, forget about it. For this to happen they should generate single transaction blocks (pointing to the legitimate chain (32 bytes), attaching a coinbase to claim their reward (32 bytes) , timestamping (4 bytes), ... ), it is obviously a waste of space and bandwidth.
1 & 2 - with PoC I try to decrease the power consumption and replace it (trade off) with space & bandwidth consumption. space & bandwidth consumption are much more power efficient. also, the space that we use for fees and rewards are temporary and could vanish after calculation - because they simply could recalculate based on the blockchain. after 1 year these sort of data will worth nothing. 4- Users picking a miner to inform him of their raw transaction is another bad idea. It makes transaction propagation a nightmare vulnerable to censorship and availability problems.
4- don't think like a PoW believer  in PoC miner's Marketing Knowledge is inevitable for receiving job from end user. this opens new horizons of social marketing and face-to-face marketing among end users and miners. in fact, instead of counting on processing power of a miner in PoW, I try to count on the legitimacy of a miner in real world. e.g. a charity organization may host a PoC mining facility and end users that know them very good may give their raw transactions to them. in PoC miners act locally and nodes act globally. 5- Synchronizing such "enriched by work transactions" to be prioritized by a block is the most ugly part. Blockchain technology is about prioritizing transactions, a mechanism for doing it. Competing blocks need a definitive measure to win the race and it is the amount of work they represent, when transactions carry the work (and not blocks) it would be so easy for adversaries to collect enough votes for chain rewrite attacks.
5- how you can say UGLY to the most beautiful part of PoC  (JK ).. I need to explain the situation. in Byzantine Generals Problem, the synchronization process initiates from one node that we call it "commander" among other generals - and this suits the PoW where a miner finds a nonce first and act as a commander in the current round of block creation. but in PoC, there are several pre-mined transactions that are valid and gathered by each general - separately. so simple voting system doesn't work in PoC. this is where The Chinese Generals Problem get involve in the PoC: http://citeseerx.ist.psu.edu/viewdoc/download;jsessionid=C55D9B5E6954B0AC79C53040430024F6?doi=10.1.1.532.4485&rep=rep1&type=pdfthe CGP is about several sensor nodes that individually sense a value (0/1) from the environment and then decide to sync them among each other to reach the consensus - all around an isomorphic ring. there is no commander node in CGP. the paper above shows how vulnerable is an isomorphic ring to consensus, and this is exactly what I need in PoC - because simply could show there is a traitor among nodes. any consensus value less than 100% will reject (and drops out the traitor) and reforms by a non-isomorphic ring that could handle the synchronization process. however in contrary of pre-mined transaction values, a sensor value is editable and this makes CGP just a good background research/ solution for PoC. and this is the point that I should define The Persian Generals Problem which completely suits the PoC. in PoC with The Persian Generals Problem, those miners and nodes which have more transfer fee / reward fee has more voting power in the round. please take in mind that the circulated data in the network is not editable and after block creation is not irreversible. there is no *longer chain is valid* law in PoC. instead of creating a block and wait 1 hour for enough confirmation in PoW, in PoC we decide to wait 1 hour for solving The Persian Generals Problem, then publish a concrete block.. As an admirer and a friend who wishes best for you, I strongly recommend not wasting your time and resources on the core idea of this proposal and starting a less disruptive one as an improvement to current technology rather than a full rewrite. cheers  I really hope to do so, but it is impossible for great achievements with current approach of PoW. PoW has its own weaknesses too, you know, based on proofs in Two Generals' Problem the 100% safety never happens - we only could mitigate it. P.S
I've been advised more than once to formalize my proposals, define projects, get investors, ... and I had always kinda hesitation about it. I believe ideas should be shared in their infancy before you've invested too much (time, reputation, money, ...) on them and before they have been advertised as an achievement. I mean it, we make ideas not the opposite. We should not be taken as hostage by our ideas. We need to keep the right of throwing out the whole idea and start fresh without too much pain and financial/personal consequences.
Institutional researchers act differently, they pick some idea no matter what then generate a lot of documents including a whitepaper besides passing a budget. After a while, when digging a hole in a desert fails to look fruitful and the budget is no longer feasible to e revised, they simply accuse community of not being thoughtful or bitcoin of being ahead because of its historical and brand premium, ... it is why institutional research doesn't work in cryptocurrency. Otherwise Faketosh Wrong and the army of hired programmers around him had something to be proud of, they do not.
True. we call it MVP in innovation management. also, as a blue skies researcher I know that how much FAILURES are worthy and respectable - we call them EXPERIENCE. so every thing is under control.. |
|
|
|
Are the parallels to Bitcoin Cash intentional? :3
Currently it definitely seems like social attacks would be the most effective way to damage Bitcoin in the long term.
and centralized mining-pools here (because of providing the information about the overall hash-power of the network, that the network protocol is blind about it) are responsible for such damages to the crypto community. you know very well that blockchains set up their block difficulty by timing that they need - not the hash power of decentralized miners around it. hash power is the sort of information that comes from pools. if someone really wants to perform an attack, needs to monitor the activity of pools and the distribution of processing power among them. the paper bellow (which discusses the selfish miners behavior and their effects on a crypto-currency. based on the paper selfish miners could attack a network by 25% processing power) has some good notes in this area too: http://www.mixoftix.net/knowledge_base/blockchain/Bitcoin_Mining_is_Vulnerable.pdfand this is where we could understand the importance of ideas in post entitled "Getting rid of pools: Proof of Collaborative Work": https://bitcointalk.org/index.php?topic=4438334.0 |
|
|
|
Upon checking it out, I found out that the cost needed to successfully launch a 51% BTC attack is just $285,785 at the current hash rate of 42,023 PH/s (an one hour attack). Does this mean the attack would work for one hour as soon as someone pays around $300k for rented equipment?
Hello Kevin, these days, there are several videos out there showing you could buy some editions of farm's ASIC devices for 5 Chinese-Yuan (0.72 USD) per pound! but as HeRetiK said above, you can't directly include these parameters in a lets_do_51_attack() function. this need a huge planning for attack - BUT: I could imagine a consortia of farmers who decide to have their own coin as a new rival to bitcoin. they should be insane to break down the bitcoin and then advertise their new coin, this is not how the market work - a continuous pumping/dumping in prices of all coins do. do a little math, assume that you have 2000 BTC in your pocket and you also have a farm with 1 PH/s processing power. you are also a member of consortia which enrolls 20 PH/s of the bitcoin. now when BTC is in 7000 USD, you could sell 1000 of your coins and divert your hash power into a fork that you could buy 10'000 of them at 5 USD. you tell me, what happens if the price of BTC dumps down to 4000 USD and the price of new forked coin pumps up to 15 USD (downgraded hash-power and electricity usage)? just in the BTC part, you can save 3000 USD x 1000 BTC = 3'000'000 USD for investment in a new fork just by diverting your hash power and by (buying those 1000 BTC back) diverting you hash-power back to BTC when the price is 7000 USD again you could earn another 3'000'000 USD, why you should attack it?! I call it a shadowed social attack to BTC users. ====================== there is also an interesting note in paper of the byzantine generals problem that includes the number of traitor generals, the paper also is talking about the paths that connect generals to each other. in PoW scheme, I could interpret the path parameter as the distribution of hash power among miner entities. if we have 10 miners in our network, and if 2 of them hold 80% of the hash power of the network (40% for each of them) this is more likely to have double spend transactions in our network than when each of our 10 miners holds 10% of hash power - equally. The distribution of hash power is important and ASIC is against it. P.S. sometimes I think about 10 miners that 8 of them have 10% of hash power and the ninth with 9% and the tenth with 11% and while they all are in parallel processing, why the tenth miner won't be able to hide himself and solve the nonce quicker than the other miners? |
|
|
|
Take RNN-LSTM, you know you can train ML to do math, right?
hello btc-room. you know, I never underestimate anything new in this area, and I follow your post in url bellow about your called RNN-LSTM: https://bitcointalk.org/index.php?topic=5075651.0and before get in, I need you take a look at this post too, where we have discussed the way it could happen to predict "narrow-input" values for RNG that may influence the whole key-pair generation process: "Quantum Computing and Bitcoin" https://bitcointalk.org/index.php?topic=5075137.0and as bob123 said above, most of the time security-break happens during implementation steps, not in the math. for example you could also take a look at a post to IETF that talks about using multiple keys with multiple certificate authorities in a TLS session - in the case one authority compromised: https://www.ietf.org/mail-archive/web/tls/current/msg15293.html============== now you are talking about breaking ECDSA in its narrow-input level. I need to know: 1- if the problem that you are talking about is a backdoor in the field of "Kleptography"? in other words, the main math is correct but in some implementations (ECDSA) there is a backdoor in the algorithm? however this is again another problem in implementation, but if it is widely in use, then we could take it serious. 2- while this is a good idea to train your machine and then provide a web page that accepts some addresses and generates their private-keys for users, why don't you do that? then we could generate our addresses in pack of comma separated e.g. 10 addresses/pack and see how your codes works in practice. the result that we get from your online solution (with an existing trained machine - not a pure code) will make us read more and follow it.. |
|
|
|
this note about Sybil attack (which you try to do with you raspi-army) is coming from https://en.bitcoin.it/wiki/Weaknesses that means your raspi-army could still be harmful to the entire network: =================== Sybil attackIf an attacker attempts to fill the network with clients that they control, you would then be very likely to connect only to attacker nodes. Although Bitcoin never uses a count of nodes for anything, completely isolating a node from the honest network can be helpful in the execution of other attacks. This state can be exploited in (at least) the following ways: - the attacker can refuse to relay blocks and transactions from everyone, effectively disconnecting you from the network - the attacker can relay only blocks that they create, effectively putting you on a separate network and then also leaving you open to double-spending attacks - if you rely on transactions with 0 confirmations, the attacker can just filter out certain transactions to execute double-spending attacks - low-latency encryption/anonymization of Bitcoin's transmissions (with Tor, JAP, etc.) can be defeated relatively easily with a timing attack if you're connected to several of the attacker's nodes and the attacker is watching your transmissions at your ISP Bitcoin makes these attacks more difficult by only making an outbound connection to one IP address per /16 (x.y.0.0). Incoming connections are unlimited and unregulated, but this is generally only a problem in the anonymity case where you're probably already unable to accept incoming connections. Looking for suspiciously-low network hash-rates may help prevent the second one. |
|
|
|
Proof-of-Consistency (PoC) module (pages 11-16) included to the previous data structure - available at: http://www.mixoftix.net/knowledge_base/blockchain/shahin_go-round_v_1_1.pdfafter reading the feedbacks and making proper changes: - rescue transactions totally removed - reward fee got back to block creation - miners will benefit from transaction fee also "Dither Effect" has a major role in the whole process and causes: + putting the whole process of block creation under effect of a controlled random noise + network fee that wipes out a part of transfer fee + oxidation fee that wipes out a part of transfer fee for old unused records. all feedbacks are welcome. UPDATED: in summary, the PoC enforces all participants to fully check the consistency of the network over and over. |
|
|
|
thanks for the paper, my friend. these sort of encryption algorithms belong to a major family of algorithms that we call them One-Time-Pad: https://en.wikipedia.org/wiki/One-time_padthe operator XOR (or MOD when you try to work with ASCII values of characters) is necessary - not a simple ADD operation. including fibo sequence here doesn't provide a better level of security.. |
|
|
|
Wrong. There is no shortcut for sha2 and if it would be ever possible to find such a shortcut the whole bitcoin blockchain security will become void and you don't need to wait for QC to bring it down.
misunderstood. the SHA256 is not broken in output. what I wrote above is about the weakness in providing input for the SHA256 - because of weakness in random number generation. this is much more about vulnerabilities that exist in implementation stages of a secure platform - not the Math behind it. so we need to know how QC could influences in the structure of providing (and predict) input for SHA256 (or any other hash algorithm). UPDATE: we all know several online/offline bitcoin address generators that only run random function in javascript / server-side script. better solutions make the user to move her mouse to reach better amount of randomness. as I know we have no control over quality of randomness in bitcoin protocol. hope the paper bellow help: http://www.mixoftix.net/knowledge_base/security/Key_Generation_with_Verifiable_Randomness.pdf |
|
|
|
I think if we are at the point in technology that a QC can be made that can break SHA256 in a relatively trivial manner
Wrong; quantum computers need to run for 2^80 steps to find a private key mapping to a given 160 bit public key. That will remain infeasible for decades to come. however the threat of QC is 51% attack, not directly breaking the key-pairs but while cryptographers think in probability space (2^80) of breaking something secure (in theory), there are Cryptanalysis methods out there to find shortcuts (in practice) and decrease the steps they need to pass: https://en.wikipedia.org/wiki/Cryptanalysisthe most important point of failure that I see in asymmetric encryption is running a Random Function in key generation stage. providing real randomness is one of the hardest problems that I ever seen - because what you think is random at first sight, in fact carries a hidden pattern inside. so most of the time random number generation is where Cryptanalysis begin their job from. |
|
|
|
|
this is the most paradoxical approach to a decentralized project, because the word Patent here relays the fact that there is something centralized here - at least for next 20 years!!
|
|
|
|
|
eBay’s security breach 2014 was the beginning of a series of cyber attacks to enterprises from inside via their own employees and one of the serious security concerns that exist in centralized databases is data manipulation.
What a private blockchain could offer here, is a database that is highly sensitive to data manipulation. In the case of a data manipulation by an untrusted employee in a common centralized model, you just have a field of data that could simply change and detection process of such scrambled data is quietly hard. But in private blockchain you somehow have a summarized hash root that could simply get verified by end user.
|
|
|
|
How does this analogy apply to Bitcoin and PoW? A blockchain is not less stable merely because early blocks were mined at a lower difficulty.
let me explain it in another way. look, I have a very good archive from the first days that I have begun coding till now - which means a text file/pdf file that I have in my backup-chain (in DVDs) under e.g. Windows NT in my old 386-XT processor desktop computer is as secure and trusted as a text file that I have written yesterday in my Windows 10 notebook. I have this level of security just because I have upgraded my operating systems regularly. and operating systems sometimes patched/upgraded and sometimes they also changed generation to work with a new hardware. if my Windows 10 doesn't work properly with a new hardware or malware, I could simply restore (FORK) my data back from my backup-chain (BLOCK-CHAIN) for a while, but this can't long too much - new operating system (blockchain core) should be available in market very soon. ASIC is the station that makes crypto-currencies to migrate into a new generation. Commercial miners will usually be able to mine much cheaper than hobby miners, due to economics of scales. So while a hobby miner may be willing to mine less profitably, commercial miners are able to stick around longer due to larger profit margins. Therefore I don't think hobby miners are necessarily more likely to keep mining during a bear market than commercial miners. I do think that hobby miners are more likely to hold onto their mined coins than commercial miners though, due to the latter's requirement to keep a consistent (fiat) cashflow.
I'm working on this. I hope you guys do so, then we could share our observations. during these days of drop in prices, I could see a huge downgrade in hash rates of bitcoin and ethereum, but it seems monero (asic-free crypto) hash rate remains unchanged. I think the opinion factor is working in this case. ---------------------- UPDATED: I found this website with amazing collection of coins and the theoretical cost of a 51% attack on each network: https://www.crypto51.app/ |
|
|
|
3 - Take the output from point 1 and run it through some sort of neural net AI type thing. See if you can subconsciously train it to guess the keys for addresses.
sometimes this happens to tech guys who learn about AI / Unsupervised Learning Methods - just because unsupervised learning identifies commonalities in the data and reacts based on the presence or absence of such commonalities in each new piece of data - and you need to know that an encrypted message in not a normal data. there is a big misunderstanding here, because an encrypted message is the output of an Incorrect Algorithm. in definition of correct/incorrect algorithm we have: "An algorithm is said to be correct if, for every input instance, it halts with the correct ouput. We say that a correct algorithm solves the given computational problem. An incorrect algorithm might not halt at all on some input instances, or it might halt with an answer other than the desired one. Contrary to what one might expect, incorrect algorithms can sometimes be useful, if their error rate can be controlled." so we use incorrect algorithms in cryptography (to protect the plain data) and you can not find anything valuable in encrypted messages, because they are the output of incorrect algorithms. existing uncontrolled error rates in an incorrect algorithm means, encryption algorithms that build based on them are not standard or broken (perhaps most of unpublished encryption algorithms belong to this club). the bitcoin uses published encryption algorithm which been under accurate analysis of scientists for years - so don't waste your time in this part. |
|
|
|
Edit:
I just realized that I've overlooked the drop in hashrate and its consequence on decreasing the amount of power needed to attack the network, and it is not a small issue. Though, I think it won't change the situation in opposite direction, hashrate never drops in a complete linear and proportionally equal rate with price.
and let me add another note here.. the incentives are different among FARMERS (huge facilities of mining) and MINERS (rigs at home). miners do mine for fun, opinion, curiosity, learning or investment. miners also 100% own their tools (paid in cash) and usually have no employees and are loyal to some coins. but farmers are a group of stakeholders who invest in setting up huge mining facilities (paid by loans) just for PROFIT and have employees for physical security, accounting, operation, etc. farmers also are not loyal to a specific coin - even if they equip their farms by ASIC devices. therefore these two group of miners show different reactions in pricing crisis. it seems we always could count on MINERS group. |
|
|
|
A drop in bitcoin price decreases the stakes involved (and the incentives to attack the network) proportionally.
unfortunately, coin price is not always the VALUE that attackers look for. Unlike what you propose, in terms of security measures, I'm more concerned about the situations when price skyrockets and we are short of hashrate, in such cases, I'm hopefully counting on short supply of rental hashrates and the increase in their prices.
I do so. the Bullwhip Effect exactly addresses this situation too. granted ranges of tolerance around a miner hash power should be considered - of course not by software tricks. |
|
|
|
The question is then not how many confirmations suffice, but how long an adversary can hold 51% of the network's hashrate.
Well, there is one thing that we should consider: "genesis block mined by CPU". This obviously influences the early consensus estimations of PoW. Just like the effect of center of mass in Pisa Tower, the granted tolerance of forces is important to the final stability. Even adding equal huge amounts of forces in different direction of Pisa Tower may still preserve its stability, but this time they are far above the granted tolerance and absence of one force in one moment will break down that beautiful tower.. The PoW has passed from the GPU and ASIC - and I think ASIC is out of granted tolerance of genesis block in many ways - (and who knows when we will access the quantum computing in market). Miners invest in their farms to earn PROFIT, and PROFIT could mislead by many kinds of motivations. The way we talk about economy around PoW is like we write a code that pulls two digits inside a function and divide digit 1 on digit 2 while we insist on: "lets do not check digit 2 for division by zero! because there is no motivation for end user to do so.." look at this scenario: "bitcoin price goes down and main farms turn off their machines. then hash rate goes down too and DIFFICULTY follows them down. now bad guys RENT those farms for 1 month and do what they want to do to crash the TRUST to one coin/all coins". this could be a kind of supply chain Bullwhip Effect in crypto ecosystem: https://en.wikipedia.org/wiki/Bullwhip_effectto RENT and not to INVEST in farms to access huge amounts of process will be a real threat. we need to find out how to adjust the tolerance in forces (hash power), and not in the way Monero tries to do.. bitcoin is safe now, and will be. what we are talking about may bring extra strength to the network. |
|
|
|
2- Limited user vulnerability: The main targets of 50%+1 attack with its short-range chain rewrite consequences are merchants and exchanges that do not take proper security measures by waiting for enough confirmations (blockchain growth) for high stake transactions. This vulnerability could be mitigated if users closely observe the network overall 50%+1 attack cost and wait for more confirmations up to safe thresholds.
I think this piece of code in JavaScript could help merchants to understand how much confirmations would be enough for their trades - so mitigate the vulnerability. Wallets could generate such information for end users: https://people.xiph.org/~greg/attack_success.html |
|
|
|
|
Show Posts
