Bitcoin Forum
September 16, 2021, 07:30:14 PM *
News: Latest Bitcoin Core release: 22.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: « 1 ... 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 [110] 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 »
  Print  
Author Topic: [ANN] [PPC] PPCoin Released! - First Long-Term Energy-Efficient Crypto-Currency  (Read 681595 times)
d5000
Legendary
*
Offline Offline

Activity: 2940
Merit: 2654


Decentralization Maximalist


View Profile
November 26, 2017, 01:50:29 PM
 #2181

I don's understand what you mean when you talk about 'faking chainweight'.  If you have a heavier chainweight, your chain is the 'real' chain by definition.  What is your definition of a 'fake chain'?

With "faking chainweight" I mean the chain-weight of a chain that includes an alternative transaction as a consequence of a double spend (long-range attack).

The mechanism in detail:
1) the attacker buys, mines and/or lends a large number of coins - he must calculate the approximate number of coins that are staking, and buy more than 50% of them (e.g. 15%+ of the total supply if 30% are continuously "staking")
2) He deposits the coins on a wallet (or various wallets), still without trying to "stake".
3) After some blocks he sells the coins again (this procedure can take as long as he wants if there is no reorg limit).
4) At the same block height he transferred the coins to the exchange, he (secretly) issues a double spend to a wallet he owns and disconnects his client from the network.
5) He then secretly mints an attack chain that contains this double spend (without publishing it). This attack chain would have more chain-weight than the "normal best chain": From the point of view of his wallet/client he still owns the coins and so he can use them to stake, and as in his attack chain he owns more coins than the rest of the stakers, the weight of the chain is higher.
6) When he has sold all coins (step 3 accomplished) then he publishes the attack chain - it would have more chain-weight than the "true" chain but as we have seen the weight is "faked" using the double spend.

If what you said in the previous post is true and all nodes - including the checkpoint node - always follow the chain with most weight, step 6 would lead to a re-organization on all nodes that obey the protocol and eventually all of them would follow the attack chain. The attack would have succeeded. If the attacker specifically tries to connect to the checkpoint node, then his attack would probably succeed even faster.

I know this attack is very expensive, but the attacker can design it in a way he can profit from it (e.g. if he manages to drive the price higher before he sells). And if he is very likely to succeed, then the incentive is high for a rich individual or group to try it.

1631820614
Hero Member
*
Offline Offline

Posts: 1631820614

View Profile Personal Message (Offline)

Ignore
1631820614
Reply with quote  #2

1631820614
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1631820614
Hero Member
*
Offline Offline

Posts: 1631820614

View Profile Personal Message (Offline)

Ignore
1631820614
Reply with quote  #2

1631820614
Report to moderator
1631820614
Hero Member
*
Offline Offline

Posts: 1631820614

View Profile Personal Message (Offline)

Ignore
1631820614
Reply with quote  #2

1631820614
Report to moderator
1631820614
Hero Member
*
Offline Offline

Posts: 1631820614

View Profile Personal Message (Offline)

Ignore
1631820614
Reply with quote  #2

1631820614
Report to moderator
Nagalim
Newbie
*
Offline Offline

Activity: 33
Merit: 0


View Profile
November 26, 2017, 06:59:45 PM
 #2182

So you are talking about a 50% attack, which is also executable on the Bitcoin chain and basically any crypto.  It at first appears more tempting for Peercoin because it doesn't require investment in hardware like it does on Bitcoin.  However, you do invest in the digital coins, hoping to sell them before you unleash your attack chain.  This is similar to selling your Bitcoin hardware after attacking the chain, in that you can recover some of your investment and still carry out the attack.  So on its face, 50% attacking Peercoin is similar to 50% attacking any crypto, in that it requires overcoming whatever network effect the coin has generated.

For the specific long-range nature of the attack you describe, it is important to realize that clients will not reorg beyond a certain depth (Peercoin has two types of checkpoints: 'synchronized', which is what we've been talking about, and 'hard', which is what I'm talking about now and something that Bitcoin also has).  So what you describe will cause a fork between fresh chain downloads and old nodes.  As the checkpoint server is an old node, it will not follow the attack chain and new users can follow the checkpoints to get on the old chain.  Then there can be an emergency client update that specifically bans that fork, or something similar.

A 50% attack is indeed no joke.
d5000
Legendary
*
Offline Offline

Activity: 2940
Merit: 2654


Decentralization Maximalist


View Profile
November 27, 2017, 03:36:31 AM
 #2183

So you are talking about a 50% attack, which is also executable on the Bitcoin chain and basically any crypto.  It at first appears more tempting for Peercoin because it doesn't require investment in hardware like it does on Bitcoin.  However, you do invest in the digital coins, hoping to sell them before you unleash your attack chain.  This is similar to selling your Bitcoin hardware after attacking the chain, in that you can recover some of your investment and still carry out the attack.  So on its face, 50% attacking Peercoin is similar to 50% attacking any crypto, in that it requires overcoming whatever network effect the coin has generated.

The difference between a PoW 50% attack and the long-range attack I described is that in the 50% PoW attack the attacker could not mine his "longer chain" in secret - he must point all his hashpower to the chain, publicly. That's why it would be easier to "defend" against this attack - "honest" miners could instantly try to out-power the attacker few blocks after the 50% attack. And they could blacklist all coins that he earned via block rewards and try to detect the double spend before it can do harm (e.g. he is able to sell the coins at the exchange). If his attack is successful, the money he uses to buy hashrate is burnt, because if the coin is destroyed (or loses lots of value) after the attack, his hardware would not be worth much.

A PoS long-range attack is more dangerous, because the attacker can sell the coins undetected before he releases the "attack chain". But it is also probably more expensive than a 50% PoW attack, and there are certainly possibilities to design a 50% PoW attack in such a way that it may be profitable (For example, I calculated that attacking Bitcoin via a 50% attack would cost about 2% of it's supply - it may be possible to arrange a short sell of this amount).

Quote
For the specific long-range nature of the attack you describe, it is important to realize that clients will not reorg beyond a certain depth (Peercoin has two types of checkpoints: 'synchronized', which is what we've been talking about, and 'hard', which is what I'm talking about now and something that Bitcoin also has).

I know the "hard checkpoints", but aren't these only published when a new Peercoin version is released? Because the distance between two releases (several months) is enough for a long-range attack.

Obviously, if Peercoin already has a "reorg limit" of a fixed numbers of blocks (for example, NXT has 1440 blocks, roughly 24 hours because they have a 60 second block interval), then it's already protected pretty well against this type of attack. I thought it had not, but I may be wrong. Nxt's reorg limit for me seems a little bit short, I would be more happy with approximately a week.

PS: I'm not a PoS skeptic like those "critics" that think that "PoS does not work" - only I am skeptic regarding the sense of the synchronized checkpoints and would like to see them replaced with rolling checkpoints or Vitalik's "soft checkpoints".

Nagalim
Newbie
*
Offline Offline

Activity: 33
Merit: 0


View Profile
November 27, 2017, 06:10:40 AM
 #2184

The only thing that stops a miner from crafting a chain in private is the cost associated with running the mining equipment and not claiming the block rewards.  If they have >50% hash power, then they have a near 100% chance of having the longer chain and making back the block rewards as well as their double spend.  It is very possible that a government or some large entity could mine a longer chain in private and release it to disrupt the network.  I'm not sure why you think this is not possible with PoW.  The other stuff you say about blacklisting and so on is correct, and applicable to both PoS and PoW.

When selling coins before the double spend, you sap the network of its value by tanking the price right before you try to extort it for value.  You can argue about the economics of this, but I do think you are missing my point about selling the hardware after attacking a PoW coin.  In either model you can recover some of the liquidity used to attack the chain.

As for the hard checkpoints, you're right that those are done by the devs.  I'll get back to you on whether or not there's a reorg depth limit.
d5000
Legendary
*
Offline Offline

Activity: 2940
Merit: 2654


Decentralization Maximalist


View Profile
November 27, 2017, 04:18:26 PM
 #2185

The only thing that stops a miner from crafting a chain in private is the cost associated with running the mining equipment and not claiming the block rewards.  If they have >50% hash power, then they have a near 100% chance of having the longer chain and making back the block rewards as well as their double spend.  It is very possible that a government or some large entity could mine a longer chain in private and release it to disrupt the network.  I'm not sure why you think this is not possible with PoW.  

You are probably right, my last post was not correct in this aspect - in PoW the "private mining" of an attack chain for a long time to be released later is also possible and probably the best option for a profitable 50% attack.

But there are other aspects why PoS long-range attacks are regarded as very dangerous: If the attacker manages to get (via a double spend/50% attack) more than 50% of the total coin supply (or at least a large part, e.g. 30%, so that he always will be the biggest "staker" because 100% never stake) then he can control the network. Only a hard fork can save the coin then. With PoW, the attacker would have to conserve his 50% and continue to pay electricity costs, so disrupting the coin heavily would be more complicated.

I'm not sure which attack is more expensive, but that's also why I'm interested in Peercoin and PoS - a PoS attack may be, if you add all costs, more expensive than a PoW 50% attack. But it could also be easier to make it profitable (see next paragraph).

Quote
When selling coins before the double spend, you sap the network of its value by tanking the price right before you try to extort it for value.
In my scenario, the double spend is recorded at the miner's attack chain at a block height before the sale of the coins - but is "released to the public" afterwards. So the price would tank even more after Evil Attacker sold the coins and the double spend becomes known - and so he can probably even try to lend more coins while he sells and short sell them. An "extortion" (e.g. for political reasons, or for a ransom) is not necessarily part of this attack.

Quote
You can argue about the economics of this, but I do think you are missing my point about selling the hardware after attacking a PoW coin.  In either model you can recover some of the liquidity used to attack the chain.

Probably yes, but what you cannot recover is the electricity costs, and you will not recover a big part of the attack costs. The only way to profit from a 51% attack in a PoW currency is, in my opinion, a complex (and expensive) strategy involving market manipulation, a really big double spend, and short selling just before the attack is publicly known.

In a PoS currency, the attacker can try the attack again and again once he has had his coins on his wallet (if he's caught he can mix the coins and repeat) because he isn't forced to use large amounts of electricity.

That is, I think, the second reason why PoS has so many detractors: because once you get the important part of the attack done (possess a large stash of coins) then you can attack many times - until the next hard checkpoint. With reorg depth limit or soft checkpointing, you have only a short timeframe.

Quote
I'll get back to you on whether or not there's a reorg depth limit.
That would be cool, thanks!

Nagalim
Newbie
*
Offline Offline

Activity: 33
Merit: 0


View Profile
November 27, 2017, 11:07:46 PM
 #2186

As mentioned, the economics are hard to parse.  But think of this: there can be multiple people with >50% of the current Bitcoin hashpower, but there can only be one person with >50% of the coins.  While you are correct that there is far from 100% minting, I do think this highlights an interesting perspective, which is that hash power is limitless while coin ownership is intrinsically limited.  One can have 500% of the current PoW hashpower, for example.  The point I'm trying to make here is that purchasing enough hardware to control Bitcoin likely will not drive hardware prices through the roof, while purchasing a large percentage of the Peercoins on the open market (remember that a large % will likely never sell, or are lost) will surely drive the price per coin to insane levels.

As for the max reorg depth, I don't think it's explicit in Peercoin, but I have reason to believe the way the dynamic stake modifier is chosen implies a max reorg depth.  I'm having trouble getting devs to comment on it, but I'll keep researching.  For reference we adopted the dynamic stake modifier from Neucoin in Peercoin v0.5, and I'm almost certain Neucoin has a max reorg depth.
m4nki
Hero Member
*****
Offline Offline

Activity: 1027
Merit: 506



View Profile
November 27, 2017, 11:18:02 PM
 #2187

As mentioned, the economics are hard to parse.  But think of this: there can be multiple people with >50% of the current Bitcoin hashpower, but there can only be one person with >50% of the coins.  While you are correct that there is far from 100% minting, I do think this highlights an interesting perspective, which is that hash power is limitless while coin ownership is intrinsically limited.  One can have 500% of the current PoW hashpower, for example.  The point I'm trying to make here is that purchasing enough hardware to control Bitcoin likely will not drive hardware prices through the roof, while purchasing a large percentage of the Peercoins on the open market (remember that a large % will likely never sell, or are lost) will surely drive the price per coin to insane levels.

These are certainly interesting arguments. I never thought of it in such way before but it makes sense to me.

goutevery
Newbie
*
Offline Offline

Activity: 50
Merit: 0


View Profile
November 28, 2017, 05:51:38 PM
 #2188

Really promissing. Keep my eye on
AshCoins
Full Member
***
Offline Offline

Activity: 336
Merit: 102


View Profile
November 29, 2017, 05:21:44 AM
 #2189

Peercoin is mooning.  I’m hearing there’s some sort of fork?
tooh
Member
**
Offline Offline

Activity: 156
Merit: 10


View Profile
November 29, 2017, 05:36:38 AM
 #2190

1PPC= 3.55$ Grin
Sentinelrv
Sr. Member
****
Offline Offline

Activity: 608
Merit: 304



View Profile
November 29, 2017, 07:44:10 AM
 #2191

Peercoin is mooning.  I’m hearing there’s some sort of fork?

Yes, you can read about it here...

https://medium.com/@PeercoinPulse/peercoin-v0-6-release-2831fb4394ad
Sentinelrv
Sr. Member
****
Offline Offline

Activity: 608
Merit: 304



View Profile
November 29, 2017, 08:19:28 AM
 #2192

I need to ask for feedback from the community here. I had previously created a separate Peercoin thread on Bitcointalk here. The purpose of it was so that I could control the content of the first post by adding in important links and info about Peercoin. It would also let me edit the title every time there was news, which would draw new people into the thread.

While people did use the new thread and post in it, it was still competing with this original release thread by Sunny, even though the current team was no longer posting in it. Eventually I gave up on the new thread and came back to this one several months ago.

Since then I have come to an arrangement with Sunny King. He agreed to share access with me to his Bitcointalk account. This would let us retain the history of this thread, yet it would allow me to edit the original post like we needed to. Everything was great until I tried logging into his profile. I got the following error message...

Quote from: Bitcointalk
“Sorry Guest, you are banned from using this forum! Your account is locked because it sat inactive for years after the password hashes were leaked in 2015, and was therefore at high risk of being hacked. Email react-vdnp8@theymos.e4ward.com to get it unlocked.”

Apparently Sunny had not logged into his account for quite a while and it had gotten locked because he never changed his password after Bitcointalk got hacked. So I asked Sunny to email the address listed and request that they unlock the account. He received no reply. So I contacted a moderator here asking what to do and they told me to PM Theymos, so I did.

That was three weeks ago. I have sent a PM every week to Theymos asking for him to get into contact with Sunny so we can get his account unlocked and I haven’t had a single reply back from him. Sunny has emailed that address twice and has also received no reply. I tried contacting the previous moderator I talked to and he said there wasn’t much he could do.

I realize maybe the guy is just really busy, but his account is online all the time. I’m starting to feel as if he’s ignoring me on purpose and trying to hurt a competitor by keeping its founder locked out of his account.

Regardless of the real reasons, what are our options here? I really would like to keep using this thread because of its history, helpful content and links that have been posted over the years, but if the administrator of Bitcointalk refuses to help us regain control of the thread, what are we to do? I’d love to hear your thoughts in case anyone had any ideas that could remedy the situation.
tooh
Member
**
Offline Offline

Activity: 156
Merit: 10


View Profile
November 29, 2017, 11:38:43 AM
 #2193

forgot XPM HuhHuhHuh Undecided
d5000
Legendary
*
Offline Offline

Activity: 2940
Merit: 2654


Decentralization Maximalist


View Profile
November 29, 2017, 01:25:24 PM
 #2194

@Sentinelrv: Only my 50 cents: I would use the new thread for all current announcements and link to the old thread in the OP. That's not only because of the problem you've had with Sunny's account, but also because in very big threads it becomes very difficult to search information.

@Nagalim: There's something I could comment on your answer regarding the long range attack but for now I stop my "rants". I think Peercoin is reasonably secure - it's only that it could be so even more ...

However, it would be cool if you got more information with respect to a reorg limit. As I'm not a coder (I know a little bit of scripting, mainly in Python, but am not familiar enough with C/C++ to understand a cryptocurrency) it would be difficult for me to investigate the dynamic stake modifier commit ...

waqasniaz007
Full Member
***
Offline Offline

Activity: 406
Merit: 121



View Profile
November 29, 2017, 06:05:51 PM
 #2195

Wow good news for peercoin holder. Soft fork is coming up. 5 years old project too much undervalued. I hope we will see big move in price..
Sentinelrv
Sr. Member
****
Offline Offline

Activity: 608
Merit: 304



View Profile
November 29, 2017, 06:10:25 PM
 #2196

Coming soon from the Peercoin Team...

soviettiget2
Newbie
*
Offline Offline

Activity: 36
Merit: 0


View Profile
November 30, 2017, 04:48:14 AM
 #2197

Coming soon from the Peercoin Team...

https://i.imgur.com/oLIyDKo.png

Peercoin Foundation.  Does that translate to "funding?"
Sentinelrv
Sr. Member
****
Offline Offline

Activity: 608
Merit: 304



View Profile
November 30, 2017, 11:33:58 AM
 #2198


Peercoin Foundation.  Does that translate to "funding?"


It creates an opening for it, yes.
Sentinelrv
Sr. Member
****
Offline Offline

Activity: 608
Merit: 304



View Profile
November 30, 2017, 11:37:48 AM
 #2199



WARNING: ppc-wallet.com is a known SCAM site pretending to be a #Peercoin web wallet. They will STEAL your coins. Whenever increased attention is on them, they start forwarding to the official peercoin.net site, but they always switch back to their scam site later.

Retweet this to help inform others...

https://twitter.com/peercoinppc/status/936190351756414977

REPORT THEM so we can shut them down...

https://talk.peercoin.net/t/scam-alert-peercoin-web-wallet-ppc-wallet-com-lets-shut-them-down-report-it-today/1671
The46Doctor
Newbie
*
Offline Offline

Activity: 8
Merit: 0


View Profile
November 30, 2017, 12:11:14 PM
 #2200

https://i.imgur.com/jriuckU.png

WARNING: ppc-wallet.com is a known SCAM site pretending to be a #Peercoin web wallet. They will STEAL your coins. Whenever increased attention is on them, they start forwarding to the official peercoin.net site, but they always switch back to their scam site later.


ppc-wallet.com redirect to https://peercoin.net/
Pages: « 1 ... 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 [110] 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 »
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!