[BOUNTY] VNL - Vanillacoin - ZeroTime double-spend reward

[nextgencoin]

I think as someone who has invested in vanilla coin then I think John Conner is obliged to answer his critics on this specific issue. I can't see why he wouldn't if he has dealt with it?

[nextgencoin]

The problem is that virtual synchrony, which is the mechanism used to synchronise the mempools is not designed for Byzantine failures:

https://en.wikipedia.org/wiki/Virtual_synchrony

None of the three models can handle more complex failures, such as machines that are taken over by a virus, or a network that sometimes modifies the messages transmitted. The so-called Byzantine agreement model goes beyond the data replication schemes discussed here by also solving such issues, but does so at a price: Byzantine replication protocols typically require larger numbers of servers, and can be much slower.

So, if you can pretend to be multiple clients (of which the cost is zero), you can influence replication and therefore affect a double spend. This is essentially a sybil attack.

Thank you for saving me some time.

You don't seem that busy since you can do various comments...

You are here at my desk?

What is a "slot" in regards to ZT? It will be funny to see your answer.

Just answer the challenge to show some proof of your algorithm's capability for Byzantine fault tolerance, and stop playing "obfuscation by naming semantics" shell games.

Why not answer the question about slots?

[stoat]

This coin is running on the Zero proof of proof algorithm.

Instead of this lame bounty why not pay for a security audit of the code cheapskate.

[spartacusrex]

I think as someone who has invested in vanilla coin then I think John Conner is obliged to answer his critics on this specific issue. I can't see why he wouldn't if he has dealt with it?

Because there IS NO SOLUTION to it.. and ergo, he hasn't dealt with it.

[YAdaminer]

The bounty is set, rules are known, just take our money if you can.
If you can't than please stop shitting around cause that basicaly speaks all about you.

[traumschiff]

The bounty is set, rules are known, just take our money if you can.
If you can't than please stop shitting arround cause that basicaly speaks all about you.

They are too busy to take a bounty of 2300 USD for something they could identify in 5 minutes

Also they are unable to understand that the testnet is real, whitepaper isn't.

[spartacusrex]

Some possible threats to a reputations based system.

( From : ENISA Position Paper No. 2 Reputation-based Systems: a security analysis by Elisabetta Carrara and Giles Hogben )

Let's begin..

Threat Rep. 1 – Whitewashing attack: the attacker resets a poor reputation by rejoining the system with a new identity. Systems that allow for easy change of identity and easy use of new pseudonyms are vulnerable to this attack.

Threat Rep. 2 – Sybil attack (i.e. pseudospoofing): the attacker creates multiple identities (sybils) and exploits them in order to manipulate a reputation score.

Threat Rep. 3 – Impersonation and reputation theft: one entity acquires the identity of another entity (masquerades) and consequently steals her reputation.

Threat Rep. 4 – Bootstrap issues and related threats: the initial reputation value given to a newcomer may lay it open to attacks such as sybils and whitewashing.

Threat Rep. 5 – Extortion: co-ordinated campaigns aimed at blackmail by damaging reputation for malicious motives.

Threat Rep. 6 – Denial-of-reputation: attack designed to damage an entity’s reputation (e.g. in combination with a sybil attack or impersonation) and create an opportunity for blackmail in order to have the reputation cleaned.

Threat Rep. 7 – Ballot stuffing and bad mouthing: reporting of a false reputation score; the attackers (distinct or sybils) collude to give positive/negative feedback, to increase or lower a reputation.

Threat Rep. 8 – Collusion: multiple users conspire (collude) to influence a given reputation.

Threat Rep. 9 – Repudiation of data and repudiation of transaction: an entity can deny that a transaction happened, or the existence of data for which he was responsible.

Threat Rep. 10 – Recommender dishonesty: the voter is not trustworthy in his scoring.

Threat Rep. 11 – Privacy threats for voters and reputation owners: for example, anonymity improves the accuracy of votes.

Threat Rep. 12 – Social threats: Discriminatory behaviour is possible when, for example, in a second-order reputation system, an entity can choose to co-operate only with peers who have a high reputation, so that their recommendations weigh more heavily. Other possible social threats include the risk of herd behaviour and the penalisation of innovative, controversial opinions, and vocal minority effect.

Threat Rep. 13 – Threats to the underlying networks: the reputation system can be attacked by targeting the underlying infrastructure; for example, the reputation information can be manipulated/replayed/disclosed both when stored and when transported, or may be made unavailable by a denial of service attack.

Threat Rep. 14 – Trust topology threats: an attack targets certain links to have maximum effect, for example those entities with the highest reputation.

Threat Rep. 15 – Threats to ratings: there is a whole range of threats to reputation ratings which exploit features of metrics used by the system to calculate the aggregate reputation rating from the single scores.

..

As TPTB_need_war has stated - if it was easy/even possible to create a distributed reputation based system for blockchain consensus, then why was Satoshi's POW break-through even needed at all !? This stuff's been around for decades..

I'll stop 'shitting around' now. getting boring.

'..tara, ya shitter.'

[YAdaminer]

So it's easy then, right?
Why don't you just take our money kitty rex?

[spartacusrex]

So it's easy then, right?
Why don't you just take our money kitty rex?

haha.. kitty.. made me laugh. Cheers.

[YAdaminer]

So it's easy then, right?
Why don't you just take our money kitty rex?

haha.. kitty.. made me laugh. Cheers.

Come on, would you even try to take our money?
It's easy, like walk in the park.

[spartacusrex]

YADaminer - I like your enthusiasm.

Now - just because 1 twat with a computer can't hack your network, does not mean your network is secure.

What if the Hack costs more than $2000 to perform ?

I need a 100 computer network at my disposal, which I don't have.

If VNL was actually worth anything, I can assure you many MANY hackers with armies of zombie computers would tear into it. But knowing that this is the case, the network will never be worth enough for them to bother. Catch 22.

How about just answering the questions posed in this thread ? There are 15 points in my previous post but let's start with the BIG one..

How is a sybil attack prevented ?

Is John Connor from the future where he saves us from SkyNet ?

Are you his pet terminator ?

[traumschiff]

YADaminer - I like your enthusiasm.

Now - just because 1 twat with a computer can't hack your network, does not mean your network is secure.

What if the Hack costs more than $2000 to perform ?

I need a 100 computer network at my disposal, which I don't have.

If VNL was actually worth anything, I can assure you many MANY hackers with armies of zombie computers would tear into it. But knowing that this is the case, the network will never be worth enough for them to bother. Catch 22.

How about just answering the questions posed in this thread ? There are 15 points in my previous post but let's start with the BIG one..

How is a sybil attack prevented ?

Is John Connor from the future where he saves us from SkyNet ?

Are you his pet terminator ?

Doubt you need 100 computers vs the TestNet of like what, 10-20 nodes currently? Surely 2.3k USD should be worth the try.

Your argument is invalid.

[YAdaminer]

YADaminer - I like your enthusiasm.

blablabla...

Are you his pet terminator ?

Kitty, I'm just a little mouse

[CryptoClub]

I like results, if someone has the skills and isn't working on something else, they should make a couple thousand bucks and prove they can do it.

I recall Monero was going to be hacked and all sorts of drama, but it was all cheap talk and nothing ever came of it, just endless BS and then XMR had a much higher marketcap. I have no reason to trust randoms on Bitcointalk that say they have skills, maybe they do and maybe they don't, but testing and proof, that I can believe in.

[traumschiff]

I like results, if someone has the skills and isn't working on something else, they should make a couple thousand bucks and prove they can do it.

I recall Monero was going to be hacked and all sorts of drama, but it was all cheap talk and nothing ever came of it, just endless BS and then XMR had a much higher marketcap. I have no reason to trust randoms on Bitcointalk that say they have skills, maybe they do and maybe they don't, but testing and proof, that I can believe in.

Well said.

[YAdaminer]

Mission Impossible 6: VNL ZeroTime double spend - the only real MI  

[r0ach]

Oh lord, another fundamentals of PoS argument.  People go off into all kinds of crazy side issues with these without just stating the core problem.  The problem is that you need an external finite resource for the blockchain to work.  There are so many different ways to implement reputation, you can't really make a blanket statement on it all.  All you can really do is try to define if reputation is actually a finite resource or not.  I would stay it's a pseudo finite resource, for lack of a better term.

Can it secure a blockchain?  The answer is obviously yes.  The issue is that PoS + reputation systems both have larger points of critical failure than "vanilla" PoW, and you're combining both of those in this system.  Then you end up with a system of...it works until it randomly doesn't.

I'm still undecided if proof of stake officially died on July 14, 2014 or not already:

http://www.coindesk.com/bitcoin-protected-vericoin-stolen-mintpal-wallet-breach/

[BadAss.Sx]

Damn, out of popcorn

[x0rcist]

Oh lord, another fundamentals of PoS argument.  People go off into all kinds of crazy side issues with these without just stating the core problem.  The problem is that you need an external finite resource for the blockchain to work.  There are so many different ways to implement reputation, you can't really make a blanket statement on it all.  All you can really do is try to define if reputation is actually a finite resource or not.  I would stay it's a pseudo finite resource, for lack of a better term.

Can it secure a blockchain?  The answer is obviously yes.  The issue is that PoS + reputation systems both have larger points of critical failure than "vanilla" PoW, and you're combining both of those in this system.  Then you end up with a system of...it works until it randomly doesn't.

I'm still undecided if proof of stake officially died on July 14, 2014 or not already:

http://www.coindesk.com/bitcoin-protected-vericoin-stolen-mintpal-wallet-breach/

from the article:

The attack took place at roughly 7 am BST, and utilized a SQL injection to initialize the wallet withdrawal. Six hours later, the MintPal development team made contact with the vericoin team, after which time a solution - ultimately a hard fork - was sought and reached.

You are absolutly right it was related to PoS. Bravo sir.

!tip r0ach 1 beer

[john-connor]

Based on their responses they have ZeroClue on how to even perform a basic double-spend, instead they talk about unrelated things such as PoS and Sybil Attacks and [insert BS here].
 
Anyone can double-spend Bitcoin at will as we've recently witnessed and I was the person that informed the developers that it would occur due to their faulty signature validation code. The Bitcoin devs demonized me but in the end they realize my findings were accurate and the network split losing people hundreds of thousands of USD and forced zero confirmation transactions to be disabled on a wide scale. When I told them a hard-fork was required to fix this bug safely they said "we have more than hard forks at our disposal". This is the typical crypto-currency ego and if it continues the double-spend attacks will increase due to easier but more sophisticated attack vectors.

It is impossible to have safe zero confirmation transactions on any crypto-currency without it being part of the core protocol. This is what I have done and it resolves the problem for all crypto-currencies using a backwards compatible approach without the need to hard-fork.

I asked Nick Szabo aka Satoshi Nakamoto what he thought of my invention but he has failed to respond after many attempts.

I will not waste my time responding to nonsense. You have be given an opportunity, take it or leave it.

Thank you for your support.