Bitcoin Forum
November 03, 2024, 11:07:10 PM *
News: Latest Bitcoin Core release: 28.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: [1] 2 »  All
  Print  
Author Topic: Probing for Community Interest  (Read 2196 times)
c4n10 (OP)
Sr. Member
****
Offline Offline

Activity: 294
Merit: 250



View Profile
November 21, 2012, 02:33:06 AM
 #1

I am thinking about setting up an exchange specifically for alt-coins which currently lack an exchange for one reason or another.

For example, Terracoin, Solidcoin, Liquidcoin, I0Coin, etc...

I would most likely use the open-source software from either Intersango or Bitcoin-Central but I am also open to suggestions from the community.
foggyb
Legendary
*
Offline Offline

Activity: 1736
Merit: 1006


View Profile
November 21, 2012, 02:35:31 AM
 #2

I want to see this project go forward. Need a place to trade my alt alt coin.  Smiley

Hey everyone! 🎉 Dive into the excitement with the Gamble Games Eggdrop game! Not only is it a fun and easy-to-play mobile experience, you can now stake your winnings and accumulate $WinG token, which has a finite supply of 200 million tokens. Sign up now using this exclusive referral link! Start staking, playing, and winning today! 🎲🐣
doublec
Legendary
*
Offline Offline

Activity: 1078
Merit: 1005


View Profile
November 21, 2012, 02:58:35 AM
 #3

I am thinking about setting up an exchange specifically for alt-coins which currently lack an exchange for one reason or another.
How do you plan to protect against double spend attacks on low hash rate alt-coins?
c4n10 (OP)
Sr. Member
****
Offline Offline

Activity: 294
Merit: 250



View Profile
November 21, 2012, 04:00:14 AM
 #4

I am thinking about setting up an exchange specifically for alt-coins which currently lack an exchange for one reason or another.
How do you plan to protect against double spend attacks on low hash rate alt-coins?

I plan to heavily test the site before opening it to the public. People will just have to wait a few hours for an appropriate number of confirmations for each type of coin to be determined in beta testing. I sometimes have to wait a few hours for my coins to confirm at some of the exchanges, it doesn't bother me and those exchanges seem to be doing just fine.
c4n10 (OP)
Sr. Member
****
Offline Offline

Activity: 294
Merit: 250



View Profile
November 21, 2012, 04:00:48 AM
 #5

I want to see this project go forward. Need a place to trade my alt alt coin.  Smiley

LOL, I think a LOT of us do...
doublec
Legendary
*
Offline Offline

Activity: 1078
Merit: 1005


View Profile
November 21, 2012, 07:38:14 AM
 #6

I plan to heavily test the site before opening it to the public. People will just have to wait a few hours for an appropriate number of confirmations for each type of coin to be determined in beta testing.
That doesn't help though. If someone has greater than 50% you can wait as many hours as you want but they can still double spend. I'm not trying to trash your idea, I'm just giving you a heads up on the risk from someone who had an i0coin exchange double spent in this manner for about 200 btc. It was an expensive lesson.
c4n10 (OP)
Sr. Member
****
Offline Offline

Activity: 294
Merit: 250



View Profile
November 21, 2012, 08:15:50 AM
 #7

I plan to heavily test the site before opening it to the public. People will just have to wait a few hours for an appropriate number of confirmations for each type of coin to be determined in beta testing.
That doesn't help though. If someone has greater than 50% you can wait as many hours as you want but they can still double spend. I'm not trying to trash your idea, I'm just giving you a heads up on the risk from someone who had an i0coin exchange double spent in this manner for about 200 btc. It was an expensive lesson.

From the wiki on the subject of 51% attack: "The risk lessens of this with each confirmation as the computational advantage the attacker needs grows to a mathematically improbable level and six confirmations is widely accepted as being the amount where the transaction is secure from this attack."
cunicula
Legendary
*
Offline Offline

Activity: 1050
Merit: 1003


View Profile
November 21, 2012, 08:35:34 AM
 #8

I plan to heavily test the site before opening it to the public. People will just have to wait a few hours for an appropriate number of confirmations for each type of coin to be determined in beta testing.
That doesn't help though. If someone has greater than 50% you can wait as many hours as you want but they can still double spend. I'm not trying to trash your idea, I'm just giving you a heads up on the risk from someone who had an i0coin exchange double spent in this manner for about 200 btc. It was an expensive lesson.

From the wiki on the subject of 51% attack: "The risk lessens of this with each confirmation as the computational advantage the attacker needs grows to a mathematically improbable level and six confirmations is widely accepted as being the amount where the transaction is secure from this attack."

This holds if they have less than 51%. If they have 51%, your coins are their coins.
c4n10 (OP)
Sr. Member
****
Offline Offline

Activity: 294
Merit: 250



View Profile
November 21, 2012, 09:19:11 AM
 #9

I plan to heavily test the site before opening it to the public. People will just have to wait a few hours for an appropriate number of confirmations for each type of coin to be determined in beta testing.
That doesn't help though. If someone has greater than 50% you can wait as many hours as you want but they can still double spend. I'm not trying to trash your idea, I'm just giving you a heads up on the risk from someone who had an i0coin exchange double spent in this manner for about 200 btc. It was an expensive lesson.

From the wiki on the subject of 51% attack: "The risk lessens of this with each confirmation as the computational advantage the attacker needs grows to a mathematically improbable level and six confirmations is widely accepted as being the amount where the transaction is secure from this attack."

This holds if they have less than 51%. If they have 51%, your coins are their coins.


Not according to the wiki:

Code:
51% attack
A miner or cartel who controls more than fifty percent of the hashing capacity of the bitcoin mining network has the potential to fraudulently double-spend recent transactions. With majority of hashing power the attacker has the technical ability to mine blocks which do not include a previous spend transactions from the miner but instead include a double spend of the coin. With majority control the potential exists for this double spend even if the transaction had already seen confirmations as those blocks could be overtaken in the attack.
The risk lessens of this with each confirmation as the computational advantage the attacker needs grows to a mathematically improbable level and six confirmations is widely accepted as being the amount where the transaction is secure from this attack.

While this is from the Bitcoin wiki, the principles should still be pretty much the same seeing as how all the alt-coins are basically using Bitcoin's code for their underlying infrastructure just with variations on block rewards, re-target times, hashing algorithm, etc...

Unless there is something that I am simply not understanding which is entirely possible being that I've only known about Bitcoin and it's alt-coins for a little over 2 months now...
cunicula
Legendary
*
Offline Offline

Activity: 1050
Merit: 1003


View Profile
November 21, 2012, 09:28:55 AM
 #10

I plan to heavily test the site before opening it to the public. People will just have to wait a few hours for an appropriate number of confirmations for each type of coin to be determined in beta testing.
That doesn't help though. If someone has greater than 50% you can wait as many hours as you want but they can still double spend. I'm not trying to trash your idea, I'm just giving you a heads up on the risk from someone who had an i0coin exchange double spent in this manner for about 200 btc. It was an expensive lesson.

From the wiki on the subject of 51% attack: "The risk lessens of this with each confirmation as the computational advantage the attacker needs grows to a mathematically improbable level and six confirmations is widely accepted as being the amount where the transaction is secure from this attack."

This holds if they have less than 51%. If they have 51%, your coins are their coins.


Not according to the wiki:

Code:
51% attack
A miner or cartel who controls more than fifty percent of the hashing capacity of the bitcoin mining network has the potential to fraudulently double-spend recent transactions. With majority of hashing power the attacker has the technical ability to mine blocks which do not include a previous spend transactions from the miner but instead include a double spend of the coin. With majority control the potential exists for this double spend even if the transaction had already seen confirmations as those blocks could be overtaken in the attack.
The risk lessens of this with each confirmation as the computational advantage the attacker needs grows to a mathematically improbable level and six confirmations is widely accepted as being the amount where the transaction is secure from this attack.

While this is from the Bitcoin wiki, the principles should still be pretty much the same seeing as how all the alt-coins are basically using Bitcoin's code for their underlying infrastructure just with variations on block rewards, re-target times, hashing algorithm, etc...

Unless there is something that I am simply not understanding which is entirely possible being that I've only known about Bitcoin and it's alt-coins for a little over 2 months now...

That is true, but keep the following in mind.

1) If they owned the coins at some point in the past, then they can reclaim them from you without your permission.
2) If you ever want to send the coins, you need their permission to do so. This permission could be quite costly to obtain.

Point (2) is kind of functionally equivalent to them stealing the coins directly. Your only recourse is to not give into blackmail and destroy the coins.
doublec
Legendary
*
Offline Offline

Activity: 1078
Merit: 1005


View Profile
November 21, 2012, 09:39:15 AM
 #11

Unless there is something that I am simply not understanding which is entirely possible being that I've only known about Bitcoin and it's alt-coins for a little over 2 months now...
Here is how an attacker with 51% or more of the hash rate can bankrupt your exchange. For this example I use i0coin:

1) Attacker starts mining a new blockchain fork, starting from the existing block.
2) Attacker deposits i0coin in your exchange.
3) Attackers fork of the chain in (1) does not include this deposit transaction.
4) Attacker sends the same coins as (2) to another address they own and this transaction is included in the blockchain fork in (1).
5) After the required number of confirmations attacker trades for bitcoins and withdraws the bitcoins.
6) When (1) is longer than the existing main chain attacker publishes their fork.
7) repeat from (1)

The result of (6) is that the exchange loses the i0coins due to the transaction no longer being valid. The transaction in (4) has replaced it. The exchange can't reverse the bitcoin withdrawal as the coins are already gone.

The exchange can't detect this offline mining. There's no way to know someone is building the blockchain fork in advance. The exchange can only notice the chain reorg after the fact. By that time all the coins are gone.

It doesn't matter how many confirmations you wait to confirm the deposit in (2). If the attacker has greater than 51% then eventually they will have a longer chain and can force a reorg. It doesn't matter if you process withdrawals manually. The attacker just waits until you've confirmed the btc withdraw and then publishes their fork.

The attacker can even re-use the i0coins they used in the attack to repeat the process since they still own them.

If the alt coin is able to be merge mined then there is no cost to the attacker. They essentially perform the attack for free since they are mining bitcoins at the same time. If it is not a merge mineable coin then the attacker has the opportunity cost of them not mining bitcoins. The amount taken from the exchange can compensate for this however.

In this attack note the attacker started mining the fork before they initiated the fraudulent deposit. This makes it much easier to reverse since they don't need to go back X blocks and mine from there - as the wiki entry you quote notes this could be computationally difficult. Although with >51% they'll eventually get there.
cunicula
Legendary
*
Offline Offline

Activity: 1050
Merit: 1003


View Profile
November 21, 2012, 09:46:32 AM
 #12

Here is how an attacker with 51% or more of the hash rate can bankrupt your exchange. For this example I use i0coin:

1) Attacker starts mining a new blockchain fork, starting from the existing block.
2) Attacker deposits i0coin in your exchange.
3) Attackers fork of the chain in (1) does not include this deposit transaction.
4) Attacker sends the same coins as (2) to another address they own and this transaction is included in the blockchain fork in (1).
5) After the required number of confirmations attacker trades for bitcoins and withdraws the bitcoins.
6) When (1) is longer than the existing main chain attacker publishes their fork.
7) repeat from (1)

The result of (6) is that the exchange loses the i0coins due to the transaction no longer being valid. The transaction in (4) has replaced it. The exchange can't reverse the bitcoin withdrawal as the coins are already gone.

The exchange can't detect this offline mining. There's no way to know someone is building the blockchain fork in advance. The exchange can only notice the chain reorg after the fact. By that time all the coins are gone.

It doesn't matter how many confirmations you wait to confirm the deposit in (2). If the attacker has greater than 51% then eventually they will have a longer chain and can force a reorg. It doesn't matter if you process withdrawals manually. The attacker just waits until you've confirmed the btc withdraw and then publishes their fork.

The attacker can even re-use the i0coins they used in the attack to repeat the process since they still own them.

If the alt coin is able to be merge mined then there is no cost to the attacker. They essentially perform the attack for free since they are mining bitcoins at the same time. If it is not a merge mineable coin then the attacker has the opportunity cost of them not mining bitcoins. The amount taken from the exchange can compensate for this however.

Very nice summary. I particularly liked the part where you threw in opportunity cost, pointing out a vulnerability associated with merged mining.
Nolo
Hero Member
*****
Offline Offline

Activity: 686
Merit: 500


Whoa, there are a lot of cats in this wall.


View Profile
November 21, 2012, 05:33:47 PM
 #13

In theory, the threat of a 51% attack is always present.  At what hash rate would you guys consider the risk pretty well mitigated?  I know it depends on the coin, as they're slightly different.  But just looking for a ballpark number. 

Charlie Kelly: I'm pleading the 5th.  The Attorney: I would advise you do that.  Charlie Kelly: I'll take that advice under cooperation, alright? Now, let's say you and I go toe-to-toe on bird law and see who comes out the victor?  The Attorney: You know, I don't think I'm going to do anything close to that and I can clearly see you know nothing about the law.
19GpqFsNGP8jS941YYZZjmCSrHwvX3QjiC
markm
Legendary
*
Offline Offline

Activity: 2996
Merit: 1121



View Profile WWW
November 21, 2012, 06:38:01 PM
Last edit: November 21, 2012, 06:48:59 PM by markm
 #14

If there are quite a few nodes running, and they are running updated code that includes a checkpoint that happened since you got your coins, then possibly your coins might be reasonably safe as long as an attacker does not publish a different copy of the node code that contains a different set of checkpoints that feature their fork of the chain instead of the version of the chain in which you got your coins.

Consider for example an Open Transactions server that obtained a bunch of coins many many months ago, and several new versions of the client have come out since then, each one adding another checkpoint which favours the chain in which those coins were obtained.

To reverse those coins would involve going massively far back in time and would be refuted by the last several checkpoints that are already hard-coded into the current batch of nodes that are currently running.

Possibly in that circumstance the tokens the Open Transactions server is backing with those ancient well established coins can be considered to be fairly securely backed by actual coins. Such tokens could even in some ways be considered more secure than any recently mined actual coins.

Still though if a time ever came when there was no more demand/need for the tokens, so that it was time to liquidate, deleting the tokens and sending out the actual coins they represent, an attacker would at that point have an opportunity to try to mess up the actual transfer on the blockchain of those coins. So the liquidation could take a while, involving sending out the coins then waiting a few hardcoded checkpoints before regarding them as having been reasonably securely sent to their new owners.

This is basically why I try to release new versions of node software from time to time with new checkpoints coded in. I hope that over time doing so will eventually make it reasonable to consider the coins backing my tokens as actually fairly secure in their cold wallets so that the tokens are somewhat securely backed by actual coins.

-MarkM-


Browser-launched Crossfire client now online (select CrossCiv server for Galactic  Milieu)
Free website hosting with PHP, MySQL etc: http://hosting.knotwork.com/
c4n10 (OP)
Sr. Member
****
Offline Offline

Activity: 294
Merit: 250



View Profile
November 21, 2012, 06:46:14 PM
 #15

Unless there is something that I am simply not understanding which is entirely possible being that I've only known about Bitcoin and it's alt-coins for a little over 2 months now...
Here is how an attacker with 51% or more of the hash rate can bankrupt your exchange. For this example I use i0coin:

1) Attacker starts mining a new blockchain fork, starting from the existing block.
2) Attacker deposits i0coin in your exchange.
3) Attackers fork of the chain in (1) does not include this deposit transaction.
4) Attacker sends the same coins as (2) to another address they own and this transaction is included in the blockchain fork in (1).
5) After the required number of confirmations attacker trades for bitcoins and withdraws the bitcoins.
6) When (1) is longer than the existing main chain attacker publishes their fork.
7) repeat from (1)

The result of (6) is that the exchange loses the i0coins due to the transaction no longer being valid. The transaction in (4) has replaced it. The exchange can't reverse the bitcoin withdrawal as the coins are already gone.

The exchange can't detect this offline mining. There's no way to know someone is building the blockchain fork in advance. The exchange can only notice the chain reorg after the fact. By that time all the coins are gone.

It doesn't matter how many confirmations you wait to confirm the deposit in (2). If the attacker has greater than 51% then eventually they will have a longer chain and can force a reorg. It doesn't matter if you process withdrawals manually. The attacker just waits until you've confirmed the btc withdraw and then publishes their fork.

The attacker can even re-use the i0coins they used in the attack to repeat the process since they still own them.

If the alt coin is able to be merge mined then there is no cost to the attacker. They essentially perform the attack for free since they are mining bitcoins at the same time. If it is not a merge mineable coin then the attacker has the opportunity cost of them not mining bitcoins. The amount taken from the exchange can compensate for this however.

In this attack note the attacker started mining the fork before they initiated the fraudulent deposit. This makes it much easier to reverse since they don't need to go back X blocks and mine from there - as the wiki entry you quote notes this could be computationally difficult. Although with >51% they'll eventually get there.

I see, that makes a lot of sense... I will have to put some thought into this, but I am confident that I can figure something out.

c4n10 (OP)
Sr. Member
****
Offline Offline

Activity: 294
Merit: 250



View Profile
November 21, 2012, 06:55:56 PM
 #16

If there are quite a few nodes running, and they are running updated code that includes a checkpoint that happened since you got your coins, then possibly your coins might be reasonably safe as long as an attacker does not publish a different copy of the node code that contains a different set of checkpoints that feature their fork of the chain instead of the version of the chain in which you got your coins.

Consider for example an Open Transactions server that obtained a bunch of coins many many months ago, and several new versions of the client have come out since then, each one adding another checkpoint which favours the chain in which those coins were obtained.

To reverse those coins would involve going massively far back in time and would be refuted by the last several checkpoints that are already hard-coded into the current batch of nodes that are currently running.

Possibly in that circumstance the tokens the Open Transactions server is backing with those ancient well established coins can be considered to be fairly securely backed by actual coins. Such token could even in some ways be considered more secure thn any recently mined actual coins.

Still though if a time ever came when there was no more demand/need for the tokens, so that it was time to liquidate, deleting the tokens and sending out the actual coins they represent, an attacker would at that point have an opportunity to try to mess up the actaul transfer on the blockchain of those coins. So the liquidation could take a while, involving sending out the coins then waiting a few hardcoded checkpoints before regarding them as having been reasonably securely sent to their new owners.

This is basically why i try to release new versions of node software from time to time with new checkpoints coded in. I hope that over time doing so will eventually make it reasonable to consider the coins backing my tokens are actually fairly secure in their cold wallets so that the tokens are somewhat securely backed by actual coins.

-MarkM-

Hmmm, interesting but doesn't sound practical for the time-frames an exchange would need to work within. I think my strongest defense would be implementing IPSec, .htaccess and a few other tricks to prevent access from proxies and spoofed ip's so that I know exactly who is on my exchange at all times.

I may even manually review all registration forms and block dynamic ip's unless I can find a way to block dynamic ip's via software/hardware configuration.

It will detract from the spirit of anonymity in buying, selling and trading crypto-coins but the people trading there will be able to trust for the most part that if someone DOES "rob" the exchange they will be found, prosecuted and have their assets returned.
CoinHoarder
Legendary
*
Offline Offline

Activity: 1484
Merit: 1026

In Cryptocoins I Trust


View Profile
November 21, 2012, 07:13:43 PM
 #17

I, like others, am very interested in such a thing should you be able to work out the kinks!

Good luck... it sounds quite complicated.
c4n10 (OP)
Sr. Member
****
Offline Offline

Activity: 294
Merit: 250



View Profile
November 21, 2012, 08:02:58 PM
 #18

I, like others, am very interested in such a thing should you be able to work out the kinks!

Good luck... it sounds quite complicated.

I appreciate the support!

I'm sure it will be complicated and I definitely won't be able to do it alone. I will definitely be looking for programmers and security experts if there becomes real enough interest in this concept that people are willing to contribute to bounties for the things we will need.

I would want to set the bounty purse(s) up with a trusted escrow and keep the whole operation completely transparent and if we can do so without compromising the site's security I would like to make it an open-source project as well.
cunicula
Legendary
*
Offline Offline

Activity: 1050
Merit: 1003


View Profile
November 22, 2012, 04:26:33 AM
 #19

In theory, the threat of a 51% attack is always present.  At what hash rate would you guys consider the risk pretty well mitigated?  I know it depends on the coin, as they're slightly different.  But just looking for a ballpark number.  

At proof-of-stake. I wouldn't accept any plausible hash rate as adequately safe. Wait a few years and bitcoin will start getting ravaged too.
Nolo
Hero Member
*****
Offline Offline

Activity: 686
Merit: 500


Whoa, there are a lot of cats in this wall.


View Profile
November 22, 2012, 04:42:34 AM
 #20

In theory, the threat of a 51% attack is always present.  At what hash rate would you guys consider the risk pretty well mitigated?  I know it depends on the coin, as they're slightly different.  But just looking for a ballpark number.  

At proof-of-stake. I wouldn't accept any plausible hash rate as adequately safe. Wait a few years and bitcoin will start getting ravaged too.

So what's the answer to the problem? 

Charlie Kelly: I'm pleading the 5th.  The Attorney: I would advise you do that.  Charlie Kelly: I'll take that advice under cooperation, alright? Now, let's say you and I go toe-to-toe on bird law and see who comes out the victor?  The Attorney: You know, I don't think I'm going to do anything close to that and I can clearly see you know nothing about the law.
19GpqFsNGP8jS941YYZZjmCSrHwvX3QjiC
Pages: [1] 2 »  All
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!