delete

[BorisTheSpider]

If you mine a block and publish it, let's say 2 hour 10 minute to the future; other nodes just considers it as non-valid block and they can continue mining with the earlier block. They won't even relay it to other nodes. If they find a block before your block becomes valid, your block will never survive. If others does not find a block, the moment your block is in the 2-hour window it can be accepted (but you must 'publish it again') and others restart mining it as a new head.

No, I think you missed the point - I mean, I mine blocks and publish them with timestamps just _less_ than 2 hours in the future.

A block outside of the 2 hour window will not make any DoS, it won't even be relayed throught your neighbor nodes.
And the moment it is accepted and relayed, everyone can start mining subsequent blocks equallly.

Yes, but 2 blocks _within_ the 2 hour window (but towards the end of of it) will deny mining to everyone else until those blocks pass.

Your question did make me realise I got something wrong though - he needs pairs of blocks to continue the attack.

An example might help illustrate what I mean, we start at 00:00 UTC.

The honest nodes mine blocks at 00:01 00:02 00:03 etc. with the network achieving it's nominal 1 minute blocktime.

At 00:10 our attacker with 10% of nethash manages to mine his first block. He publishes it with a timestamp of 02:09. At this point, the last 3 blocks timestamps are 00:08 00:09 and 02:09 so the median is 00:09 - it's 00:10 so everyone can mine.

Now he has a 10% chance to mine the next block. He's successful at 00:10:50 and publishes that block with a timestamp of 02:10. The timestamps of the most recent 3 blocks are now 00:09 02:09 and 02:10 - the median timestamp is 02:09 and it is 00:11 - no-one can mine, they try to publish blocks with timestamps like 00:12, 00:13 etc. and they are rejected.

Our attacker prepares 2 blocks with  timestamps of 04:08 and 04:09 and at 02:09 exactly, releases them - everyone else has only just started having a chance to mine a block with a valid timestamp again, on average it will take them a minute to get one, but at 02:09:01 our attacker has already published his blocks. The most recent 3 timestamps are now 02:10 04:08 04:09 - mining is again impossible for nodes trying to publish blocks with current timestamps (it's 02:09:xx) while the attacker can continue mining.

Not only has he mined his 2 blocks though with the timestamps 04:08 and 04:09, he's also mined some for 06:08/06:09, 08:08/08:09 and so forth. As many as he wants, while everyone else has been mining fruitlessly. What he can't do, is release his whole chain in one go (because lots of it will be more than 2 hours in the future), but he can release it piece by piece like this.

Note that his chain here has the most work in it - even though he's getting 2 hours to mine 2 blocks (so doesn't need a lot of hashrate - with a 1 minute blockrate for the network, he needs 1/60th of nethash to average a block per hour on his own) he is managing to do some work, but the rest of the network is doing none at all.

He can publish more too - the above is highly simplified - what about this:

As before:

The honest nodes mine blocks at 00:01 00:02 00:03 etc. with the network achieving it's nominal 1 minute blocktime.

At 00:10 our attacker with 10% of nethash manages to mine his first block. He publishes it with a timestamp of 02:09. At this point, the last 3 blocks timestamps are 00:08 00:09 and 02:09 so the median is 00:09 - it's 00:10 so everyone can mine.

Now he has a 10% chance to mine the next block. He's successful at 00:10:50 and publishes that block with a timestamp of 02:10. The timestamps of the most recent 3 blocks are now 00:09 02:09 and 02:10 - the median timestamp is 02:09 and it is 00:11 - no-one can mine, they try to publish blocks with timestamps like 00:12, 00:13 etc. and they are rejected.

Now out attacker publishes blocks with timestamps just under 2 hours in the future continually. He takes about 10 minutes to get a block remember (he has 10% of nethash).

At 00:21 he publishes a block with a timestamp of 02:20 (last 3 02:09, 02:10, 02:20 median 02:10)
At 00:31 he publishes a block with a timestamp of 02:30 (last 3 02:10, 02:20, 02:30 median 02:20)
At 00:41 he publishes a block with a timestamp of 02:40 (last 3 02:20, 02:30, 02:40 median 02:30)
etc.
etc.

All the while everyone else keeps trying to mine blocks with accurate timestamps, only the attacker can extend the chain.

The 11 block median means our attacker needs 6 blocks out of 11 to start the attack - so with 10% of nethash, he gets block 1 (we consider this a done deal), he now has 10% chance to get the next one, then if he gets that, 10% chance for the next etc. so his problem compounds - he needs to "get lucky" 5 times, rather than just once more, to start the attack.

Also, with 10 minute blocktimes, and a 2 hour window for future timestamps, his blocktime is now 100 minutes (with 10% of nethash) but he needs to mine 6 more blocks (within 2 hours) to continue the attack.

The 2 hour window is way too big for chains with short blocktimes. That problem is compounded if you reduce the number of blocks you consider the median of, since it then takes less blocks to continue the attack.

[1369]

I nominate BCX as troll of the month for his most excellent work on this thread.
twitch.tv/trollcoin

[Nite69]

If you mine a block and publish it, let's say 2 hour 10 minute to the future; other nodes just considers it as non-valid block and they can continue mining with the earlier block. They won't even relay it to other nodes. If they find a block before your block becomes valid, your block will never survive. If others does not find a block, the moment your block is in the 2-hour window it can be accepted (but you must 'publish it again') and others restart mining it as a new head.

No, I think you missed the point - I mean, I mine blocks and publish them with timestamps just _less_ than 2 hours in the future.

But that's just like every normal block; after it is published, everyone can start mining with timestamp which is one second after your block.

A block outside of the 2 hour window will not make any DoS, it won't even be relayed throught your neighbor nodes.
And the moment it is accepted and relayed, everyone can start mining subsequent blocks equallly.

Yes, but 2 blocks _within_ the 2 hour window (but towards the end of of it) will deny mining to everyone else until those blocks pass.

Your question did make me realise I got something wrong though - he needs pairs of blocks to continue the attack.

An example might help illustrate what I mean, we start at 00:00 UTC.

The honest nodes mine blocks at 00:01 00:02 00:03 etc. with the network achieving it's nominal 1 minute blocktime.

At 00:10 our attacker with 10% of nethash manages to mine his first block. He publishes it with a timestamp of 02:09. At this point, the last 3 blocks timestamps are 00:08 00:09 and 02:09 so the median is 00:09 - it's 00:10 so everyone can mine.

Now he has a 10% chance to mine the next block. He's successful at 00:10:50 and publishes that block with a timestamp of 02:10. The timestamps of the most recent 3 blocks are now 00:09 02:09 and 02:10 - the median timestamp is 02:09 and it is 00:11 - no-one can mine, they try to publish blocks with timestamps like 00:12, 00:13 etc. and they are rejected.

Every node can start mining with timestamp 02:10, it is in the 2 hour window. Why they would not mine with that timestamp?

Our attacker prepares 2 blocks with  timestamps of 04:08 and 04:09 and at 02:09 exactly, releases them - everyone else has only just started having a chance to mine a block with a valid timestamp again, on average it will take them a minute to get one, but at 02:09:01 our attacker has already published his blocks. The most recent 3 timestamps are now 02:10 04:08 04:09 - mining is again impossible for nodes trying to publish blocks with current timestamps (it's 02:09:xx) while the attacker can continue mining.

At any given moment, every node can mine and has a change to find a block proportional to it's hashing power. If you mine outside of the 2 hour window or otherwise just hold blocks you have already found, you just risk losing your profit.

Not only has he mined his 2 blocks though with the timestamps 04:08 and 04:09, he's also mined some for 06:08/06:09, 08:08/08:09 and so forth. As many as he wants, while everyone else has been mining fruitlessly. What he can't do, is release his whole chain in one go (because lots of it will be more than 2 hours in the future), but he can release it piece by piece like this.

Note that his chain here has the most work in it - even though he's getting 2 hours to mine 2 blocks (so doesn't need a lot of hashrate - with a 1 minute blockrate for the network, he needs 1/60th of nethash to average a block per hour on his own) he is managing to do some work, but the rest of the network is doing none at all.

He can publish more too - the above is highly simplified - what about this:

As before:

The honest nodes mine blocks at 00:01 00:02 00:03 etc. with the network achieving it's nominal 1 minute blocktime.

At 00:10 our attacker with 10% of nethash manages to mine his first block. He publishes it with a timestamp of 02:09. At this point, the last 3 blocks timestamps are 00:08 00:09 and 02:09 so the median is 00:09 - it's 00:10 so everyone can mine.

Now he has a 10% chance to mine the next block. He's successful at 00:10:50 and publishes that block with a timestamp of 02:10. The timestamps of the most recent 3 blocks are now 00:09 02:09 and 02:10 - the median timestamp is 02:09 and it is 00:11 - no-one can mine, they try to publish blocks with timestamps like 00:12, 00:13 etc. and they are rejected.

Now out attacker publishes blocks with timestamps just under 2 hours in the future continually. He takes about 10 minutes to get a block remember (he has 10% of nethash).

At 00:21 he publishes a block with a timestamp of 02:20 (last 3 02:09, 02:10, 02:20 median 02:10)
At 00:31 he publishes a block with a timestamp of 02:30 (last 3 02:10, 02:20, 02:30 median 02:20)
At 00:41 he publishes a block with a timestamp of 02:40 (last 3 02:20, 02:30, 02:40 median 02:30)
etc.
etc.

All the while everyone else keeps trying to mine blocks with accurate timestamps, only the attacker can extend the chain.

The 11 block median means our attacker needs 6 blocks out of 11 to start the attack - so with 10% of nethash, he gets block 1 (we consider this a done deal), he now has 10% chance to get the next one, then if he gets that, 10% chance for the next etc. so his problem compounds - he needs to "get lucky" 5 times, rather than just once more, to start the attack.

Also, with 10 minute blocktimes, and a 2 hour window for future timestamps, his blocktime is now 100 minutes (with 10% of nethash) but he needs to mine 6 more blocks (within 2 hours) to continue the attack.

The 2 hour window is way too big for chains with short blocktimes. That problem is compounded if you reduce the number of blocks you consider the median of, since it then takes less blocks to continue the attack.

[BorisTheSpider]

Every node can start mining with timestamp 02:10, it is in the 2 hour window. Why they would not mine with that timestamp?

Why would they timestamp their block 2 hours late? They will timestamp it with their adjusted time, unless they are using modified code.

[Nite69]

Every node can start mining with timestamp 02:10, it is in the 2 hour window. Why they would not mine with that timestamp?

Why would they timestamp their block 2 hours late? They will timestamp it with their adjusted time, unless they are using modified code.

They just follows the same rules, this is unmodified code:

Code:

pblock->nTime = max(pindexPrev->GetMedianTimePast()+1, GetAdjustedTime());

And good reasons are: 1) not to leave a vulnerablity 2) to mine efficiently

[BorisTheSpider]

Every node can start mining with timestamp 02:10, it is in the 2 hour window. Why they would not mine with that timestamp?

Why would they timestamp their block 2 hours late? They will timestamp it with their adjusted time, unless they are using modified code.

They just follows the same rules, this is unmodified code:

Code:

pblock->nTime = max(pindexPrev->GetMedianTimePast()+1, GetAdjustedTime());

And good reasons are: 1) not to leave a vulnerablity 2) to mine efficiently

Ah - thankyou! I had no idea about this. Here I am conjouring up vulnerabilities that aren't there...

[Nite69]

Every node can start mining with timestamp 02:10, it is in the 2 hour window. Why they would not mine with that timestamp?

Why would they timestamp their block 2 hours late? They will timestamp it with their adjusted time, unless they are using modified code.

They just follows the same rules, this is unmodified code:

Code:

pblock->nTime = max(pindexPrev->GetMedianTimePast()+1, GetAdjustedTime());

And good reasons are: 1) not to leave a vulnerablity 2) to mine efficiently

Ah - thankyou! I had no idea about this. Here I am conjouring up vulnerabilities that aren't there...

np, it's allways better to discuss ideas and possible vulnerabilities than to leave them unknown, whether they are real or not.

[colinistheman]

As some of you know one of my interest is in testing the security of cryptocoins. Over the past 4 years I have "tested" so many I have lost count but one thing remains true. No matter what the so called improvement is, it always has an exploit.

Kimoto Gravity Well is one such improvement that solves a problem that AUR is having at the moment and that is moving at the speed of death as well purportedly protects against 51%. While KGW does protect somewhat against a 51% attack, it opens up a huge hole in the time warp exploit via the diff adjust first deployed against Geist Geld back in mid 2011 and a modded versions used last year on a few Scrypt coins and SHA coins with great success.

Long story short, KGW opens up a flank where a newly modded Time Warp Exploit can be deployed. I have sandbox tested it on AUR and it seems to do the trick in grand fashion but that is with a small amount of nethash in the sandbox. I need a live chain to test it on. So considering the vast amount of request I have received to take out this 50% premine scam, I thought it would be a good candidate to test on.

Why am I giving notice? Simply because in the past when I use alt coin chains as test subjects, people tend to lose coins. In particular, my ol' buddy Kelsey lost a ton last year in GME LOL. Block 5400 or when ever KGW kicks in will be the starting point. This will give all of you enough time to either cold store your AUR or dump them until the chain is fixed, if it can be after the test.

~BCX~

I think this is a great idea because the entire thing is being announced publicly.

I am surprised anyone would speak out against this. If a flaw can be found in a coin, it should be found and stomped on hard so it can be fixed. You do realize that if BitcoinEXpress could find it, then technically anyone could, and they most likely would NOT be out in the open about it.

It's like a public science experiment. If it takes down AuroraCoin, then how many other coins does that save in the future? A lot.

BitcoinEXpress is doing a service to the cryptocoin community because he is being open about everything.

You have to find the flaws before you can correct them. And I sure would want the coins I invest in to be flawless and unhackable for the utmost confidence in it.

Thanks, BitcoinEXpress. I look forward to your findings.

[colinistheman]

I am surprised anyone would speak out against this. If a flaw can be found in a coin, it should be found and stomped on hard so it can be fixed. You do realize that if BitcoinEXpress could find it, then technically anyone could, and they most likely would NOT be out in the open about it.

Those people are the early bagholders who are only concerned with the profits they will make at a theoretical second peak. They bought in early and the coin's life and future means nothing to them.

~BCX~

Ohh, that makes more sense now. I couldn't even figure out why they wouldn't want you to do this! Lol, of course-- their own money is at stake. Makes perfect sense now.

It's true: You definitely have to have the greatest good (meaning not greed) in mind for coins to support your efforts. Which I do.

It's not like anyone can stop you anyway. So do well and let us know the results of your experiment!

[s1gs3gv]

I am surprised anyone would speak out against this. If a flaw can be found in a coin, it should be found and stomped on hard so it can be fixed. You do realize that if BitcoinEXpress could find it, then technically anyone could, and they most likely would NOT be out in the open about it.

Those people are the early bagholders who are only concerned with the profits they will make at a theoretical second peak. They bought in early and the coin's life and future means nothing to them.

~BCX~

You can use this exact same argument to justify all sorts of malfeasance. Its the old worn out 'The End Justifies The Means' argument.
If you accept this argument, then you presumably accept that it is ok to hack into exchanges and steal other people's coins so that exchanges will be more secure in the future.

The basic problem with this argument is that you need to be able to accurately predict 'The End' and assert that it is better than the alternatives.
Unfortunately, people aren't born with crystal balls and have a hard time predicting what is going to happen in 5 minutes, let alone in the distant future.

~~XCB~~

[colinistheman]

I am surprised anyone would speak out against this. If a flaw can be found in a coin, it should be found and stomped on hard so it can be fixed. You do realize that if BitcoinEXpress could find it, then technically anyone could, and they most likely would NOT be out in the open about it.

Those people are the early bagholders who are only concerned with the profits they will make at a theoretical second peak. They bought in early and the coin's life and future means nothing to them.

~BCX~

You can use this exact same argument to justify all sorts of malfeasance. Its the old worn out 'The End Justifies The Means' argument.
If you accept this argument, then you presumably accept that it is ok to hack into exchanges and steal other people's coins so that exchanges will be more secure in the future.

The basic problem with this argument is that you need to be able to accurately predict 'The End' and assert that it is better than the alternatives.
Unfortunately, people aren't born with crystal balls and have a hard time predicting what is going to happen in 5 minutes, let alone in the distant future.

~~XCB~~

I don't think your argument makes sense. I completely understand that you don't want him to do anything unjust. But honestly, if he doesn't exploit a loophole, then someone else will-- Someone else who is not as open about it.

It's like choosing to live with a blindfold on if you don't want him to continue.

[s1gs3gv]

Really, you guys are just a bunch of drama queenies

~~XCB~~

[colinistheman]

Really, you guys are just a bunch of drama queenies

~~XCB~~

You post with insults and emotion in every post. Shame on you. How much do you have invested in AUR? Probably a lot!

BitcoinEXpress is offering a tremendous service to the community as a whole. As an analogy, he is finding the next "bitcoin malleability" issue in advance, and posting his findings publicly. What an asset to the community!

[s1gs3gv]

But honestly, if he doesn't exploit a loophole, then someone else wil

You could use this argument to justify any action.

I'm not against testing, I am against testing on live blockchains when the testing could result in losses to AUR owners.
And no, I'm not a bagholder.

[s1gs3gv]

Really, you guys are just a bunch of drama queenies

~~XCB~~

You post with insults and emotion in every post. Shame on you. How much do you have invested in AUR? Probably a lot!

BitcoinEXpress is offering a tremendous service to the community as a whole. As an analogy, he is finding the next "bitcoin malleability" issue in advance, and posting his findings publicly. What an asset to the community!

BCX is a moralist in the anglo-saxon tradition.
You are just confused.

[colinistheman]

But honestly, if he doesn't exploit a loophole, then someone else wil

You could use this argument to justify any action.

I'm not against testing, I am against testing on live blockchains when the testing could result in losses to AUR owners.
And no, I'm not a bagholder.

So what's the beef? He can test on the livenet, but the real network is the true test because it has the actual network hashrate.

[colinistheman]

BCX is a moralist in the anglo-saxon tradition.
You are just confused.

Cryptocurrency is in the land of the ungoverned. It is a lawless society based on computer mathematics. Your morals sound good, but your logic does not.

This is my last post in this thread for today. Good luck BitcoinEXpress.

[s1gs3gv]

BCX is a moralist in the anglo-saxon tradition.
You are just confused.

Cryptocurrency is in the land of the ungoverned. It is a lawless society based on computer mathematics. Your morals sound good, but your logic does not.

In your dreams Bubba !

~~XCX~~

[kalus]

I think this is a great idea because the entire thing is being announced publicly.

I am surprised anyone would speak out against this. If a flaw can be found in a coin, it should be found and stomped on hard so it can be fixed. You do realize that if BitcoinEXpress could find it, then technically anyone could, and they most likely would NOT be out in the open about it.

people fail to understand security through obscurity is no security at all.

many of the aur boosters itt are so afraid their coin will fail they aim to quash ANY discussion that might put their currency of the week in a bad light, rather than fixing the problems and addressing the fundamental flaws in their currency strategy.  

[colinistheman]

I think this is a great idea because the entire thing is being announced publicly.

I am surprised anyone would speak out against this. If a flaw can be found in a coin, it should be found and stomped on hard so it can be fixed. You do realize that if BitcoinEXpress could find it, then technically anyone could, and they most likely would NOT be out in the open about it.

people fail to understand security through obscurity is no security at all.

many of the aur boosters itt are so afraid their coin will fail they aim to quash ANY discussion that might put their currency of the week in a bad light, rather than fixing the problems and addressing the fundamental flaws in their currency strategy.  

Totally! I am glad there are some sane heads around.

Also, just to prove the point that what BitcoinEXpress is doing is a good thing, I took this quote directly off auroracoin.org: "The premined coins will be distributed to the entire population of Iceland, commencing on midnight 25th of March 2014."

Now-- here is a multiple choice question for s1gs3gv and all who oppose what BitcoinEXpress is doing. It's a simple test with only two choices, A or B.

Is it for the greater good to:

A.) Fully test the potential currency of an entire country BEFORE releasing it broadly to all of Iceland's population?
B.) or AFTER it has been broadly distributed to an entire population?





Choosing B is actually criminal.