SoftLayer (OP)
Newbie
 Offline
Activity: 13
Merit: 0
|
 |
July 31, 2014, 08:26:40 AM |
|
$250 (paid in BTC) for the following two modifications for http://github.com/dogecoin/dogecoin in order to perform a 51% attack: This is not about 51% attacking Bitcoin.1) JSON-RPC command to make the network ignore blocks above a certain height, and restore all state back to specified block (until the client itself mines a block, in which case the height ceiling is incremented by one). Example: Network block height is 1500. I call "setblockheight 1470", and the daemon restores the state back to 1470, and will start mining from 1470. Eventually, it mines to say block 1511, and that overtakes the main chain (as we have >51% hashpower). Now, another mining pool mines block 1512. Because this block isn't ours, and setblockheight is active (still at 1511), the daemon will ignore the other pool's block. When our daemon mines 1512, setblockheight would be incremented by one, and it'll mine 1513, etc. Effect: Orphans everyone else's blocks, allows double spending with (2). 2) JSON-RPC command to reject certain transaction hashes from being in memory pool, included in blocks. This TXID blacklist can be just stored in memory, it doesn't need to be saved to disk. Example: I call "ignoretxid [transaction ID]". The transaction is already in the mempool of the daemon, and would be included in the next block. However, the txid is now removed from the mempool, ignored, and won't be included in the next block. Example 2 (double spend): 1. I'm at block 1500. I send 1000 DGC to [A] with [TXA]. 2. I withdraw the 1000 DGC from [A] when it confirms, at block 1506. 3. I pass "setblockheight 1499" to my daemon , and pass "ignoretxid [TXA]". The [TXA] is now removed from the memory pool. 4. I create [TXB], spending the same inputs, sending the 100 DGC to [.B]. This is accepted in the memory pool, as [TXA] (which previously conflicted) is no longer there. 5. I mine block 1500 with [TXB], and I keep mining up to block 1507. At this point, the network will orphan my previous chain, and the fork with [TXB] is now authoritative. ------ What to modify: http://github.com/dogecoin/dogecoin Pool I will be using: https://github.com/zone117x/node-stratum-pool (I don't think you need to modify anything on the pool, but you might). |
|
|
|
|
|
gogodr
|
|
July 31, 2014, 11:45:50 PM |
|
you want to make a new defective coin?
because if you do that modification you wont be able to implement it into an existing network. It will basically become spam to the network.
I hope that there are still more white hats than black hats in the bitcoin community.
As a white hat, if you detect a flaw that could disrupt a system, you warn and try to fix it. Exploiting it is despicable.
|
|
|
|
|
SoftLayer (OP)
Newbie
Offline
Activity: 13
Merit: 0
|
|
August 01, 2014, 12:21:09 AM |
|
you want to make a new defective coin?
because if you do that modification you wont be able to implement it into an existing network. It will basically become spam to the network.
I hope that there are still more white hats than black hats in the bitcoin community.
As a white hat, if you detect a flaw that could disrupt a system, you warn and try to fix it. Exploiting it is despicable.
This isn't about making a coin, but 51% attacking an existing coin as demonstration. There is nothing to implement it onto the network, it's changing our own node behavior (ordering of transactions), which as we will have >50% hashpower, will become the authoritative one. |
|
|
|
|
TwinWinNerD
Legendary
Offline
Activity: 1680
Merit: 1001
CEO Bitpanda.com
|
|
August 01, 2014, 12:27:21 AM |
|
you want to make a new defective coin?
because if you do that modification you wont be able to implement it into an existing network. It will basically become spam to the network.
I hope that there are still more white hats than black hats in the bitcoin community.
As a white hat, if you detect a flaw that could disrupt a system, you warn and try to fix it. Exploiting it is despicable.
This isn't about making a coin, but 51% attacking an existing coin as demonstration. There is nothing to implement it onto the network, it's changing our own node behavior (ordering of transactions), which as we will have >50% hashpower, will become the authoritative one. I like the idea of showing how insecure those "shitcoins" really are by exploiting their biggest weakness: Using POW when clearly this is no way to secure the coin properly. Go ahead! |
|
|
|
|
gogodr
|
|
August 01, 2014, 12:38:54 AM |
|
you want to make a new defective coin?
because if you do that modification you wont be able to implement it into an existing network. It will basically become spam to the network.
I hope that there are still more white hats than black hats in the bitcoin community.
As a white hat, if you detect a flaw that could disrupt a system, you warn and try to fix it. Exploiting it is despicable.
This isn't about making a coin, but 51% attacking an existing coin as demonstration. There is nothing to implement it onto the network, it's changing our own node behavior (ordering of transactions), which as we will have >50% hashpower, will become the authoritative one. I'm not 100% sure, but I think they wouldn't leave a security flaw so simple to patch. On a decentralized network, even if you win the block you don't tell the other nodes "your truth", they make their own and then verify. hence the transaction verification (they come from different nodes), and if the register is not correct, it will be treated as spam. Sure you can have control of your own node all the time, which means that all the time you will get a defective transaction that wont be accepted by the network. Or at least shouldn't, but in order to infect the network with your defective transactions then you need 51% of processing power on the whole network, so that you can perform (if you are lucky enough) not only the discovery and first verification, but enough verification so that the ones made by the other nodes are the ones treated as spam. If you can pull it off, then it means that there is no real decentralized verification (which is the whole inner working of all crypto currencies) and it should be patched asap. |
|
|
|
|
SoftLayer (OP)
Newbie
Offline
Activity: 13
Merit: 0
|
|
August 01, 2014, 12:42:46 AM |
|
I'm not 100% sure, but I think they wouldn't leave a security flaw so simple to patch.
On a decentralized network, even if you win the block you don't tell the other nodes "your truth", they make their own and then verify. hence the transaction verification (they come from different nodes), and if the register is not correct, it will be treated as spam.
Sure you can have control of your own node all the time, which means that all the time you will get a defective transaction that wont be accepted by the network. Or at least shouldn't, but in order to infect the network with your defective transactions then you need 51% of processing power on the whole network, so that you can perform (if you are lucky enough) not only the discovery and first verification, but enough verification so that the ones made by the other nodes are the ones treated as spam.
That's correct. I do have the ability to get more than 51% of the hashpower of Dogecoin. If you can pull it off, then it means that there is no real decentralized verification (which is the whole inner working of all crypto currencies) and it should be patched asap. No. The decentralized verification assumes that no attacker has more than 51% of the hashpower. There is no flaw, it's simply that this assumption is easy to break for certain altcoins. |
|
|
|
|
TwinWinNerD
Legendary
Offline
Activity: 1680
Merit: 1001
CEO Bitpanda.com
|
|
August 01, 2014, 12:44:18 AM |
|
Luke-jr is constantly killing coins with his hashpower...
|
|
|
|
|
gogodr
|
|
August 01, 2014, 12:51:02 AM |
|
I'm not 100% sure, but I think they wouldn't leave a security flaw so simple to patch.
On a decentralized network, even if you win the block you don't tell the other nodes "your truth", they make their own and then verify. hence the transaction verification (they come from different nodes), and if the register is not correct, it will be treated as spam.
Sure you can have control of your own node all the time, which means that all the time you will get a defective transaction that wont be accepted by the network. Or at least shouldn't, but in order to infect the network with your defective transactions then you need 51% of processing power on the whole network, so that you can perform (if you are lucky enough) not only the discovery and first verification, but enough verification so that the ones made by the other nodes are the ones treated as spam.
That's correct. I do have the ability to get more than 51% of the hashpower of Dogecoin.If you can pull it off, then it means that there is no real decentralized verification (which is the whole inner working of all crypto currencies) and it should be patched asap. No. The decentralized verification assumes that no attacker has more than 51% of the hashpower. There is no flaw, it's simply that this assumption is easy to break for certain altcoins. That's correct, it is the only flaw of the POW system. I assumed you didn't have that amount of power. As of yesterday, to perform a 51% attack on dogecoin you need: 24.33312 Ghash/s of successful Scrypt verifications. to do that you need 857 x 28.4MHs Scrypt Miners. (the most advanced commercial Scrypt ASIC in the market right now) each one of those are currently priced at $ 2,999.99 It is possible to do a 51% attack on dogecoin but your investment on equipment alone would be around $2 571 000.Sadly for your plan, Dogecoin is no little altcoin. sources: http://bitinfocharts.com/dogecoin/http://zoomhash.com/collections/asics/products/28-4mhs-scrypt-miner-300w-5-day-door-to-door-shipping |
|
|
|
|
TwinWinNerD
Legendary
Offline
Activity: 1680
Merit: 1001
CEO Bitpanda.com
|
|
August 01, 2014, 12:55:53 AM |
|
I'm not 100% sure, but I think they wouldn't leave a security flaw so simple to patch.
On a decentralized network, even if you win the block you don't tell the other nodes "your truth", they make their own and then verify. hence the transaction verification (they come from different nodes), and if the register is not correct, it will be treated as spam.
Sure you can have control of your own node all the time, which means that all the time you will get a defective transaction that wont be accepted by the network. Or at least shouldn't, but in order to infect the network with your defective transactions then you need 51% of processing power on the whole network, so that you can perform (if you are lucky enough) not only the discovery and first verification, but enough verification so that the ones made by the other nodes are the ones treated as spam.
That's correct. I do have the ability to get more than 51% of the hashpower of Dogecoin.If you can pull it off, then it means that there is no real decentralized verification (which is the whole inner working of all crypto currencies) and it should be patched asap. No. The decentralized verification assumes that no attacker has more than 51% of the hashpower. There is no flaw, it's simply that this assumption is easy to break for certain altcoins. That's correct, it is the only flaw of the POW system. I assumed you didn't have that amount of power. As of yesterday, to perform a 51% attack on dogecoin you need: 24.33312 Ghash/s of successful Scrypt verifications. to do that you need 857 x 28.4MHs Scrypt Miners. (the most advanced commercial Scrypt ASIC in the market right now) each one of those are currently priced at $ 2,999.99 It is possible to do a 51% attack on dogecoin but your investment on equipment alone would be around $2 571 000.Sadly for your plan, Dogecoin is no little altcoin. sources: http://bitinfocharts.com/dogecoin/http://zoomhash.com/collections/asics/products/28-4mhs-scrypt-miner-300w-5-day-door-to-door-shippingHe only needs the power for a few hours (hour). Renting is way cheaper than buying. If 10000$ of doges are created per hour, than it should be possible to rent the network with xxx% over 10000$ |
|
|
|
|
|
|
gogodr
|
|
August 01, 2014, 01:06:21 AM |
|
I'm not 100% sure, but I think they wouldn't leave a security flaw so simple to patch.
On a decentralized network, even if you win the block you don't tell the other nodes "your truth", they make their own and then verify. hence the transaction verification (they come from different nodes), and if the register is not correct, it will be treated as spam.
Sure you can have control of your own node all the time, which means that all the time you will get a defective transaction that wont be accepted by the network. Or at least shouldn't, but in order to infect the network with your defective transactions then you need 51% of processing power on the whole network, so that you can perform (if you are lucky enough) not only the discovery and first verification, but enough verification so that the ones made by the other nodes are the ones treated as spam.
That's correct. I do have the ability to get more than 51% of the hashpower of Dogecoin.If you can pull it off, then it means that there is no real decentralized verification (which is the whole inner working of all crypto currencies) and it should be patched asap. No. The decentralized verification assumes that no attacker has more than 51% of the hashpower. There is no flaw, it's simply that this assumption is easy to break for certain altcoins. That's correct, it is the only flaw of the POW system. I assumed you didn't have that amount of power. As of yesterday, to perform a 51% attack on dogecoin you need: 24.33312 Ghash/s of successful Scrypt verifications. to do that you need 857 x 28.4MHs Scrypt Miners. (the most advanced commercial Scrypt ASIC in the market right now) each one of those are currently priced at $ 2,999.99 It is possible to do a 51% attack on dogecoin but your investment on equipment alone would be around $2 571 000.Sadly for your plan, Dogecoin is no little altcoin. sources: http://bitinfocharts.com/dogecoin/http://zoomhash.com/collections/asics/products/28-4mhs-scrypt-miner-300w-5-day-door-to-door-shippingHe only needs the power for a few hours (hour). Renting is way cheaper than buying. If 10000$ of doges are created per hour, than it should be possible to rent the network with xxx% over 10000$ Even if he doesn't do it directly, someone will have to. And someone willing to side with him on destroying dogecoin. I'm not saying it is impossible, I'm saying it can be done but it will take a really large investment. The investment can be mitigated by renting, yes, but then there is a huge amount of work only on contracting the miners. Even so, renting a few hours is not enough, he would need to have the control each time he wants a corrupted transaction to pass though without being filtered by the rest. It could have a great impact on the network , but it wont really kill it unless he holds that power until the rest of the network desists from trying and leave it. Also fun fact: You do realize that even combining all the already rented and available machines of both Betarigs and LeaseRig collectively are no where near to the 24GHash/s |
|
|
|
|
TwinWinNerD
Legendary
Offline
Activity: 1680
Merit: 1001
CEO Bitpanda.com
|
|
August 01, 2014, 01:15:25 AM |
|
I'm not 100% sure, but I think they wouldn't leave a security flaw so simple to patch.
On a decentralized network, even if you win the block you don't tell the other nodes "your truth", they make their own and then verify. hence the transaction verification (they come from different nodes), and if the register is not correct, it will be treated as spam.
Sure you can have control of your own node all the time, which means that all the time you will get a defective transaction that wont be accepted by the network. Or at least shouldn't, but in order to infect the network with your defective transactions then you need 51% of processing power on the whole network, so that you can perform (if you are lucky enough) not only the discovery and first verification, but enough verification so that the ones made by the other nodes are the ones treated as spam.
That's correct. I do have the ability to get more than 51% of the hashpower of Dogecoin.If you can pull it off, then it means that there is no real decentralized verification (which is the whole inner working of all crypto currencies) and it should be patched asap. No. The decentralized verification assumes that no attacker has more than 51% of the hashpower. There is no flaw, it's simply that this assumption is easy to break for certain altcoins. That's correct, it is the only flaw of the POW system. I assumed you didn't have that amount of power. As of yesterday, to perform a 51% attack on dogecoin you need: 24.33312 Ghash/s of successful Scrypt verifications. to do that you need 857 x 28.4MHs Scrypt Miners. (the most advanced commercial Scrypt ASIC in the market right now) each one of those are currently priced at $ 2,999.99 It is possible to do a 51% attack on dogecoin but your investment on equipment alone would be around $2 571 000.Sadly for your plan, Dogecoin is no little altcoin. sources: http://bitinfocharts.com/dogecoin/http://zoomhash.com/collections/asics/products/28-4mhs-scrypt-miner-300w-5-day-door-to-door-shippingHe only needs the power for a few hours (hour). Renting is way cheaper than buying. If 10000$ of doges are created per hour, than it should be possible to rent the network with xxx% over 10000$ Even if he doesn't do it directly, someone will have to. And someone willing to side with him on destroying dogecoin. I'm not saying it is impossible, I'm saying it can be done but it will take a really large investment. The investment can be mitigated by renting, yes, but then there is a huge amount of work only on contracting the miners. Even so, renting a few hours is not enough, he would need to have the control each time he wants a corrupted transaction to pass though without being filtered by the rest. It could have a great impact on the network , but it wont really kill it unless he holds that power until the rest of the network desists from trying and leave it. Also fun fact: You do realize that even combining all the already rented and available machines of both Betarigs and LeaseRig collectively are no where near to the 24GHash/s No, I am actually saying that he doesn't need anyone, but yes, co-working with a big mining farm would help him much. The reason being is, that if he offeres a very good rate lets say on betarigs, many miners will switch their rig from from mining the other stuff. If the deal is good, then most/all X11 miners would switch! (If I am not mistaken, that switch is trivial.) |
|
|
|
|
gogodr
|
|
August 01, 2014, 01:35:31 AM |
|
Even combining both contractors already rented and available X11 miners you have around 32 GHash/s on X11 which roughly translates to 12 to 16 Ghash/s in Scrypt. It is still not enough, and you realize that this is crazy and totally unheard of right? Someone renting absolutely all there is to rent, just to make a 51% on a coin that is not even the biggest one nor the second biggest one.
|
|
|
|
|
TwinWinNerD
Legendary
Offline
Activity: 1680
Merit: 1001
CEO Bitpanda.com
|
|
August 01, 2014, 01:38:34 AM |
|
Even combining both contractors already rented and available X11 miners you have around 32 GHash/s on X11 which roughly translates to 12 to 16 Ghash/s in Scrypt. It is still not enough, and you realize that this is crazy and totally unheard of right? Someone renting absolutely all there is to rent, just to make a 51% on a coin that is not even the biggest one nor the second biggest one.
Actually this is not crazy and it was even announced by a famous "trader". There is even news about it: http://www.dailydoge.org/2014/07/30/dogecoin-51-attack-imminent/with nicehash, betarigs, and leaserig and convincing X11 miners he can do it without anyones help  |
|
|
|
uBm
Member
Offline
Activity: 88
Merit: 10
|
|
August 01, 2014, 02:05:36 AM |
|
Wow, pretty weird
you want to scam all other miners mining doge ? (this post is actually a open call to rip money of honest miners).
and your even posting it here ?
pretty stupid if you ask me...
my tipp : get a real live...
|
|
|
|
|
Puberty
Member
Offline
Activity: 84
Merit: 10
|
|
August 01, 2014, 12:11:40 PM |
|
|
[̲̅$̲̅(̲̅2̲̅0̲̅0̲̅)̲̅$̲̅] ★★★★★ ★★★★★ ★★★★★ ★★★★★ ★★★★★ ★★★★★ ★★★★★ ★★★★★ ★★★★★ ★★★★★ [̲̅$̲̅(̲̅2̲̅0̲̅0̲̅)̲̅$̲̅] [̲̅$̲̅(̲̅2̲̅0̲̅0̲̅)̲̅$̲̅] ★★★★★ ★★★★★ ★★★★★ ★★★★★ ★★★★★ ★★★★★ ★★★★★ ★★★★★ ★★★★★ ★★★★★ [̲̅$̲̅(̲̅2̲̅0̲̅0̲̅)̲̅$̲̅] |
|
|
TwinWinNerD
Legendary
Offline
Activity: 1680
Merit: 1001
CEO Bitpanda.com
|
|
August 01, 2014, 03:32:41 PM |
|
Wow, pretty weird
you want to scam all other miners mining doge ? (this post is actually a open call to rip money of honest miners).
and your even posting it here ?
pretty stupid if you ask me...
my tipp : get a real live...
It is not about scaming, it is about sending a message. If white-hats don't prove that an attack is imminent, then someone not so white-hat will exploit it. And that could potentially bankrupt an exchange or even more of them. Don't cry because someone does it, but rather try to prevent it! |
|
|
|
|
