It is not real for Bitcoin. It is real (or about to be if they go ahead with their ill-advised hardfork) for AUR however. Bitcoin, like AUR, allows timestamps before the previous block (down to the median of the last 11 blocks) but because it adjusts difficulty once every 2016 blocks, you cannot use that feature to jump back over more than one difficulty adjustment. AUR has a maximum 20% upward/downward difficulty adjustment using KGW starting after a scheduled hardfork any day now, and adjusts EVERY BLOCK. So the attacker can mine 5 blocks with timestamps reaching as far into the future as necessary to get the 20% easier adjustment each, then mine a block with a timestamp as far back in time from there as he can get, making up all or most of the time increment his prior five blocks have added but incurring the 20% difficulty penalty only once. It doesn't take a genius to see that if you adjust difficulty downward five times and up once by the same amount, you get a ridiculously low difficulty fast. BTCX has warned them about this vulnerability and warned them that he will exploit it immediately if they do this hardfork. And let's face it, he makes deadly serious warnings, not idle threats. He keeps alt developers honest, at least in terms of calling them out on easy exploits. You cannot look at the things he's already done to other alts and exchanges that made stupid security blunders, and believe that he will not carry through with the exploit he's already warned them about. But they appear to be going ahead with the hardfork anyway. So grab some popcorn and pull up a seat. |
|
|
|
My transaction
Status: 0/unconfirmed
Date: 12.03.2014 17:04
To: fcx7GNy8fQ5xDkXDEuEqag1QqrJkrYNdAu
Debit: -999.998 FAC
Transaction fee: -0.001 FAC
Net amount: -999.999 FAC
Transaction ID: 76edd864614e65e1df6c853bfa0160aa13058b830f0b23c86b450800e6a4c09c
Is not getting any confirmation , do you know why this would happen?
Um, because you're trying to cheat, and nobody will let you make a transaction to "send" someone a negative amount? |
|
|
|
|
Nah. If the key is lost, the guy who lost the key doesn't get a vote as to how it goes. There may be laws about that later, but for now the consequences are no worse than losing your key in a regular bitcoin transaction -- you don't get paid.
And yes, that is still two different agents having to collude to defraud the third, even if you are one of the two. The arbiter's risk is reduced because if either you *or* the exchange is honest, he's okay. The exchange's risk is reduced because if either you *or* the arbiter is honest, he's okay. Your risk is reduced because if either the exchange *or* the arbiter is honest, you're okay.
|
|
|
|
|
Even at that, botnets are keeping the chain secure and getting paid for it, just like regular miners. The fact that they're stealing the compute power and electricity to do it doesn't directly affect the altcoin itself.
It is kinda scummy though.
|
|
|
|
Keep in mind, anything that is limited to the cpu level of mining will totally owned by the botnetters as soon as any coin becomes profitable.
Damn, you're right. Idiots run Windows boxes and continually get Pwned by botnets. |
|
|
|
Second, in any multisig system you still have to place trust in a third party. In the link above, you actually have to place your trust in *two* third parties. Both buyer and seller have to trust the arbiter to be honest. The buyer and seller both have to trust the clearing house--the seller has to trust that the clearing house will give them the buyer's cash after the seller signs the multisig transaction, while the buyer has to trust the clearing house not to take the cash and run.
Actually, the deal with the 2-of-3 multisig is that each person has to trust that *at least one* of the other parties is honest -- it takes two parties colluding to commit a fraud. And the roles are carefully crafted such that no party has much of an incentive to cooperate with one of the others against the third. A single instance of such would not net very much money compared to the destruction of business it would entail. Also, nobody could simply claim incompetence and thereby profit; without collusion you couldn't get "oh we lost the keys" meaning "I just took all your money and I'm *claiming* I just lost your keys." If somebody *actually* loses the keys, (a) he doesn't profit and (b) the coins aren't lost because the other two actors can still cooperate to spend them. It really is a much better system than what we've had going so far. |
|
|
|
|
Irrelevant to the AUR test I know, but I've been considering using AES256 as the basis of a "hash" function for the altcoin, because AES256 is built into hardware on most modern CPUs and so you could easily create mining software to take advantage of the capability. Instead of incrementally building up to ASIC miners, we'd be starting with everybody having ASIC miners (with only as much parallelism as the CPU, but still significant).
GPUs can do AES in parallel, but they don't have it built into hardware so even in parallel they're still not as fast as an 8-core CPU at it. The eventual custom ASICs would build that massive parallelism, but I think an altcoin could be well established before they arise and inevitably centralize mining.
|
|
|
|
|
BTCX, as dev of a not-yet-released altcoin, I admire your work on examining and revealing security flaws in altcoins.
If/When I release, I'd really like you to have a crack or two at mine, just to make sure if I got it right and, if no breaks are found or if every break found is quickly fixed, increase long-term confidence.
The multi-petahash hash rate of Bitcoin is indeed excellent assurance against any "reasonable" attack. But as you have said, most people who thought they could "improve" on the design have instead demonstrated why the design is more robust than their improvements.
The fact that ASIC mining rigs have reached the current standards for high-performance chips at 28nm also means that Bitcoin is relatively safe from further very rapid advances in mining rig speed or exploits by people who take advantage of higher tech. The hash rate from here grows as fast as people acquire more machinery and as fast as computer hardware in general advances, rather than with the overwhelming advantage of faster machinery becoming available much more rapidly because people apply increasingly advanced process to it.
But the fact that those rigs exist is deadly for altcoins on SHA256; people with multi-Ghash mining rigs jump on and off of altcoins mining low difficulties with machinery that would, if it mined steadily, result in considerably higher difficulty. Also the 51% attack -- even straight up with no exploits due to stupidity like the time warp attack -- is very hard to defend an altchain against. So that's a real quandary for altcoin devs. With an altcoin you can't take advantage of the SHA256 infrastructure because people who've invested $millions in hashing hardware have the ability to instead take advantage of you.
I keep looking at some variation on proof-of-stake, but the current implementations of PoS are all flawed (and all in more or less the same way) because people can use their stake to mine more than one branch of a chainfork simultaneously instead of committing to one or the other.
|
|
|
|
|
[quote author=S4VV4S link=topic=508880.msg5691668#msg5691668
Guys stupid question here:
You all refer to the amount of energy required.
Can't that be achieved using Nuclear Power?
[/quote]
Well, yeah, obviously. We've been talking about the output of the sun, and the sun is just a giant nuclear fusion reactor, after all.
Seriously, though? Producing that much power via nuclear reaction still involves converting thousands of times the mass of our entire planet into energy. And the stuff the Earth is made of mostly isn't suitable for either fusion or fission, so we can't even use all of a single earth-mass as nuclear fuel.
The sun can do that (eventually) but we would have a problem doing it here, because we actually want to continue to have a planet to stand on while we do it.
|
|
|
|
|
Yeah, Bitcoin is safe because 2016 blocks is longer than the ~5 blocks or so that the median-of-last-11 blocks rule allows anyone to jump backward. You can play silly buggers with timestamps but the effect of it will be small enough that it's pointless. The fix proposed above is for cryptocurrencies that have introduced a vulnerability by retargeting every block.
|
|
|
|
And I do agree with this as in TODAY, the math is simple, our most powerfull supercomputers calculates in 30sh PFlops that's about 30x10^15 Flops Time in year = 3600x(24x365+6) = 31557600s and 2^256 ~ 1.14x10^77 so it will take to crack it with the usumption that it will require 100Flops per combination = 1.14x10^79/(31557600x30x10^15) =~ 1.20x10^55 years !
BUT THAT'S NOT THE POINT! My point is if you consider only classical computing in the last 30 years we've moved from KiloFlops to PentaFlops or 10^15Flops in terms of processing power, it is easy to assume that in the next few decades, we can easly achieve 10^30 / 10^40 (we've already gone past the point of cracking 2^128 or 128bits in a few seconds) and it will reach eventually 10^70+.
The advance of computing hardware is irrelevant relative to the strength of a 256-bit key. Seriously, irrelevant. If you rely on hardware improvements, you get to the point where you can flip a bit with one electron volt of energy, and there is NO FURTHER IMPROVEMENT TO BE MADE BEYOND THAT POINT. And that point, is still not relevant - to the tune of taking billions of years of the total output of the sun. And no matter how fast the computers get, that isn't relevant either, because they can't run faster than they can get the energy. We're not talking anymore about circuits and design - we're talking about fundamental limits of physics. Now, if you're anticipating that we're going to get through it by learning better algorithms, that's essentially saying that the code isn't secure *now*. Which, in theory anyway, could be. Right now we don't know any way to attack the problem short of brute force. In fact, that's pretty much the definition of cryptographic algorithms... but there are a lot of cryptographic algorithms that turned out not to hold up to the mathematical insights of later generations. ECDSA could be another of them. BTW, back in the 80's I was the guy saying "56 bits? That's maybe enough for most things now, but not for anything worth a million dollars or more, not for national security, and not for more than a couple more years at most..." |
|
|
|
1. Mine blocks to the future getting 10% lower diff every block.
2. When you are at the lowest diff, stay on that time by jumping forward-backward-forward-backward..
For this to sucess, one must be able to generate blocks without going forward on time while keeping diff low. So jumping forward- backward has to generate higher diff/block than going forward only.
Edit: Not sure but I think this scenario would not work; he would get 10% lower diff every time he goes forward, but 20% higher when backward -> he would end up very high diff shortly.
Exactly. When you jump backward in time you undo any lowered diff you got by going forward in time. And because backward is a negative interval, it counts as shorter than the minimum interval to get a maximum upward difficulty bump. So the sequence is Forward (lowers diff by 10%) Backward (undoes that, and raises diff by 10%) Forward (lowers diff by 10%) Backward (undoes that, and raises diff by 10%) etc... If you do the forward/backward thing, you raise the difficulty by 10% each time you jump backward, so you rapidly get to the point where the main chain is producing blocks much faster than you. |
|
|
|
To think that a coin trading for one Satoshi cannot go any lower? Yeah, that's wrong. It goes lower when the exchange drops it.  Or, if the exchange is prepared to deal with it, it can start offering the coin in lots -- a hundred for twenty satoshi? A hundred for twenty-five satoshi? |
|
|
|
|
Time quantized trading - definitely.
It's a simple thing; you collect buy and sell orders for a period, then at the end of the period, execute all orders in one big transaction, at the same price - whichever price allows the greatest amount of trade. No high-speed trading, no edge given to trading bots, no exploits against those whose system doesn't run as fast.
The timing of the periods should not be constant or predictable; if you do that you get silly people trying to exploit the end of the period. So if, say, you want the trading periods to average ten minutes, just let the probability of the period closing during a particular second be one-in-six-hundred.
Other than time quantized trading, the basic feature is that nobody should ever have to trust the exchange. An exchange is not supposed to invest the customers' money other than on command, nor do a darn thing with it that the customer does not command them to do. So there is no point in the exchange having the ability to lose the customers' money in the first place. The customer who does entrust money to the exchange, ought to at the very least get a huge red security message if for any reason the exchange has moved his funds out of the deposit address. And if it's not a movement the customer ordered, then it is strongly to be suspected that the exchange is cheating.
|
|
|
|
|
Op has a point,although I don't think he's jumping to the right conclusion. The best of all possible worlds is where we don't need political help to enforce anything we can get mathematics to enforce for us.
The question is whether we can get mathematics to do the enforcement on the rules we actually want and whether the rules we can get mathematics to enforce are adequate to create a safe environment for doing business.
I believe in the fairness of mathematics. It's the same no matter who you are. It doesn't cut deals, it doesn't break promises, and it never stops paying attention. Whatever rules we need math is the best possible way to enforce them.
But the op is right that we need some additional kind of rules to prevent stuff like Gox. I consider it a question of protocol and individual choices, not a question of law enforcement.
We need protocol to prevent exchanges from doing what Gox did. And that's going to be more complicated than just digital cash.
If we can't figure out how to get math to do this enforcement, then we will get stuck with police and politics, or cryptocurrencies will fail completely.
|
|
|
|
|
Never mind the traders. The volume numbers that matter are retail sales. It's a shame that you can't tell them apart easily. But the exchanges volume can only tell you what happens today. Tracking actual use can tell you what happens a month from now or more.
|
|
|
|
|
Simple rule. You go back to the most recent block that is timestamped earlier than the current one. Whether or not the previous block is also backward in time it's later than the current one or we wouldn't be calling the current block backward in time.
As for a modified block with a fake timestamp, that can't happen because it would not match its hash. Nobody would mistake that for a valid block.
|
|
|
|
|
Show Posts
