delete

[Math]

Damn I really want this FUD to keep going on to scoop up the cheap coins. But your uselessness is way too evident. And it's wasting everyone's time to pay you any attention

1. There was no fork due to 51% attack. Fork at 5400 was planned since weeks
2. Time warp attack was solved as it was there in the Litecoin as well. That fix is incorporated in Auroracoin source too

Here's the diff for that https://github.com/litecoin-project/litecoin/commit/b1be77210970a6ceb3680412cc3d2f0dd4ca8fb9

This is as low as I will go to name calling. But you all (the one's claiming attacks) are clearly losers.

The patch that you link to does nothing to solve the exploit in the KGW.  It does solve, however, a flaw in the linear difficulty re-targeting algorithms that were of common use prior to these past few months.  Bitcoin and Litecoin adjust difficulty in that manner.  For an understanding of what that patch fixes, read through the posts of the individual that wrote that patch.  ArtForz details the possible attack in the following thread: https://bitcointalk.org/index.php?topic=43692.msg521772#msg521772

I urge you to read through this (https://bitcointalk.org/index.php?topic=505243.0)(https://bitcointalk.org/index.php?topic=504103.msg5573196#msg5573196) thread and pay specific attention to the posts belonging to Nite69.  Although BCX never comfirms that Nite69 is on the right track in uncovering the KGW flaw, he is.  If after reading through the two linked threads you still do not understand the flaw, I would be more than happy to try and explain it in greater detail.  

Edit: Although the original link provides some information, the meat of the discussion is in the new link I provide.

Any coin that implements the KGW is vulnerable to a time warp attack, and the only thing that can stop such an attack would be to have significantly more power than the attacker.  Then again, there is no way of knowing how much, if any, power would be needed until such an attack is attempted.  Furthermore, miners that do not have multiple pool or solo mining backups are doing the users of the coin a disservice.  Pools can be brought down, thus reducing the amount of power an attacker needs to fork a chain.  

This exploit is real, and it is only a matter of time before someone takes advantage of everyone's false sense of security.  People can hate on BCX or MarkM all they want, but I would urge those people to understand what they are truly trying to say.  MarkM consistently harps on the idea of hashing power, and for good reason.  If a PoW, blockchain based coin is to be taken seriously and used daily by people around the world, the chain needs to be secure.  The chain can only be secured with hashing.  If a chain is not secure, a malicious individual will attack it.  That is the reality of this world.  Honestly, each and every developer and user of a coin that implements the KGW should be thanking BCX for bringing to light the time warp flaw.  

[1714047459]

1714047459

[1714047459]

1714047459

[1714047459]

1714047459

[stormia]

It will need some time for you evangelists to learn that bitcoin is digital gold and not digital money.

Fyrstikken (cryptorush) would call it a commodity: http://www.youtube.com/watch?v=8q9DvydzAsY

Quote: "Bitcoin worshipers will never go to heaven " LOL

Price trending to the cost of mining it.

Use of malicious negative feedback to suppress free speech brings shame on the bitcoin community.

Frystikken is an idiot.

But that doesnt disprove my point. Its simply plain logic, that a hard cap coin can not be a currency. It IS a ponzi and risky investment.
Money works totally different from Bitcoins. As said, it is not wrong to invest in bitcoins, but what's wrong is to confuse gold and money.

So gold is a ponzi scheme? I'm confused. I'm also confused about what happened here. Auroracoin is dead now? Was it actually a scam or did somebody just destroy it for kicks and giggles or for their own personal motives? Also, how was it so easy to kill the coin? Doesn't this mean every other low hashrate scrypt coin is vulnerable? What about scrypt-N and PoS coins? Thanks in advance for helpful replies, I'm just looking for information and trying to understand how things are shaping up in this dark world of cryptocurrencies.

Since when was there a hard cap on gold?

LOL. Are you an alchemist from the 17th century? You do realize gold cannot be created from your urine, right? The only feasible way to make gold, and therefore exceed the natural "hard cap" on it, is through nuclear bombardment and beta-decay of other precious metals. This process would be insanely more expensive than what you would get out of it, and most of the gold you would get out of it would be radioactive   This is hilarious... So you think because more gold can still be minded it doesn't have a hard cap? So since bitcoin can still be minded it doesn't have a hard cap? Gold was formed during the earliest stages of the earth, and the majority of it and other precious metals sunk into the core. The current available supply of gold exists because of meteorites bombarding earth a long, long time ago- this "flung" gold out of the core of the earth and into accessible regions of the mantle. So, in theory there is another way to increase the accessible "hard cap"- just have to wait until the earth is completely screwed by a bunch of meteorites again... lol.

tl;dr there is no way to increase the amount of available gold i.e. it has a hard cap. once all the accessible gold is mined, there will be no other source- just like bitcoin...

[markm]

and yet your explanation of how to do it cointains lot's of "maybe"s, "if"s and "whatever"s and finally a "if any of them work".

For the purported "security without work", yeah.

Simply making something innovative enough that merged mining pools will support it though will at least give you a predictable low tide mark for mining power thus let you set a starting difficulty high enough to minimise the chance of any "instamining" happening and if you convince the right pools your concept is good probably also enough to secure it against most "lets trash the newbie coin" attacks.

I0Coin and GRouPcoin are only on mmpool I think, yet even just mmpool gives them quite a hash rate compared to most non merged SHA256 coins.

Regarding specifically the modified time warp BCX mentions, (s)he admitted at least some, maybe most, of the merged mined SHA256 coins have enough hashing power to make them too powerful for hir to pull off the attack. I would expect that the exceptions include at least CoiLedCoin and GeistGeld, which are not on any public merged mining pools. Whether I0Coin and GRouPcoin, which are only on mmpool as far as I know, have enough hashing power did not seem totally clear to me. But in comparing their difficulties thus mining power bear in mind GRoupcoin's difficulty has to last 10 minutes on average between blocks whereas I0Coin's only has to target 1.5 minutes between blocks. I expect both CoiLedCoin and GeistGeld are trivially easy targets until they get on at least one public merged mining pool, as private merged miners are coasting along mining these at very very low difficulties thus evidently are not pouring much hashing power into them.

mmpool seems to be quite a low power pool though, as it goes hundreds of hours between findings of bitcoin blocks. Likely if there is any doubt whether just being on mmpool would suffice, I suspect there are far more powerful public merged mining pools that could instead or as well be approached.

I have noticed a lot of people creating hybrid PoS or pure PoS coins, have those been tested enough yet to determine whether they are actually secure? Especially the ones that do not rely upon a solidcoin system whereby one or more privileged nodes get to dictate checkpoints to the others? I do not know hence my personal lack of certainty so far as to which if any of the methods of securing a coin without relying upon proof of work actually are in fact secure.

Does anyone actually know or is everyone just blindly spamming out PPCoin clones / variants?

For something like Aurora, merged mining could be particularly suitable as giving 50% of the coins to miners might not be necessary; DeVCoin for example only gives 10% of the minted coins each block to the miners yet has quite high hashing power.

-MarkM-

[Lloydie]

May BCX and MARKM never find peace. May they have many ugly WAGs.

[Starlightbreaker]

May BCX and MARKM never find peace. May they have many ugly WAGs.

you sound like a bagholder.

[YarkoL]

  The chain can only be secured with hashing.  If a chain is not secure, a malicious individual will attack it.  That is the reality of this world. 

I'd be interested in hearing your thoughts about Hiro's proposed fix i.e. automated checkpoints.

[markm]

By what consensus process is the choice of (automated) checkpoints decided?

Or is it nice and simple like each client writes itself a checkpoint each ten or six or whatever blocks?

(Too simple likely; just yelling at the operator if any fork becomes longer than X number of blocks might work just as well as such a simple approach.)

For "distressed nations relief" maybe just a DeVCoin clone would work for however many nations are "distressed", simply adding nations to the "receivers file" when they become "distressed" and removing them once their distress has been alleviated?

(The much vaunted "socioeconomic factors" touted as how national distress alleviation coins are to gain mucho value hopefully making such a clone far more valuable per coin than DeVCoin since DeVCoin is merely a free open source stuff funding coin not a massive international "nations in distress relief fund"...)

-MarkM-

[eddy937]

Einstein said keep things as simple as possible but no simpler.

[micryon]

By what consensus process is the choice of (automated) checkpoints decided?

Read code (and description) right here: https://github.com/HiroSatou/Hirocoin/commit/dd5b8bec94b0694b365a4dabe5eeb9b78d025b6d

Actually developed by Sunny King.

[YarkoL]

So it's actually Peercoin centralized checkpointing?... I thought automatic would mean pretty much what markm said, written automatically after N blocks. Is that kind of system flawed?

[micryon]

This exploit is real, and it is only a matter of time before someone takes advantage of everyone's false sense of security. 

There is certainly a vulnerability.. however it's not as easy to execute as some people here believe.  There's a window and a "catch the running train" situation that must be overcome.  

I'd be interested in the proof of actually pull off a successful execution.  (not being sarcastic.. i really do want to see it done, and data/proof published so we can all have a look)

[micryon]

So it's actually Peercoin centralized checkpointing?... I thought automatic would mean pretty much what markm said, written automatically after N blocks. Is that kind of system flawed?

It's a decentralized system.. nothing can both be automated and secure without some kind of peer agreement. 

[Tomatocage]

WTT your 2 AUR 4 AUR coins for every 1 of my I0Coins.

[_noname_]

@Math

Thanks for trying to explain the problem. I quickly read through the links (I will revisit them). But don't you think an attack is only possible at the moment of fork and that too when attacker is extremely lucky. I noticed a huge jump in hashrate after the fork. To me it seems like an attack was attempted but it failed. Your thoughts?

[YarkoL]

But don't you think an attack is only possible at the moment of fork

The attacker causes a fork, having built a longer chain in isolation and then broadcasting blocks.

[_noname_]

@YarkoL

We are going in circles. Caption of this thread is that Auroracoin is forked. As if, it was done by the attacker. But it was a planned fork (announced since weeks). So that fork isn't caused by the attack. Then instead of accepting the mistake BCX talks about timewarp and everyone is circlejerking, ignoring that

1. His initial claim is false
2. Timewarp as well is only possible at the time of fork

[FredOm]

A technological AND socio-economical thought experiment  

After 20 these highly educating pages filled with division, separation, accusation, misunderstanding, and mutual celebration of intellectual high points ... I dare to ask a question to the "two sides" of this fruitful thread:

Could you describe in which aspect "the other side" is right, and could convince you?

Easier: Where do you see common ground now?

[YarkoL]

_noname_
The fork we've just seen is benign and intended, done by the dev team. But they have now installed an algorithm (KGW) that allows someone to build "a private" blockchain that has fake timestamps and manipulated difficulty. Next, attacker will release his own chain into "official" Auroracoin network, where it will cause another fork to happen, this time a fork that Auroracoin users will not like.

That's the theory, but possibly the devs have some aces in their sleeve.

ps. and the name of this thread is misleading, it should be, game's afoot!

[kalus]

ps. and the name of this thread is misleading, it should be, game's afoot!

in a poker game, the losers don't know they're drawing dead until all the cards are shown.  for them, the game is also afoot.

it doesn't mean they're any less dead, though.  

[Math]

  The chain can only be secured with hashing.  If a chain is not secure, a malicious individual will attack it.  That is the reality of this world. 

I'd be interested in hearing your thoughts about Hiro's proposed fix i.e. automated checkpoints.

It appears the automated checkpoint system comes directly from Peercoins automated checkpoints.  Of that I am no expert, but I will give you my thoughts.  Automated checkpoints do provide an extra layer of security, but at the same time, implementing such a system requires some give and take.  The entire idea behind Bitcoin was to provide decentralization through a peer consensus, but automated checkpoints, in this sense, require centralization.  In order to take the benefit of additional security that automated checkpoints provide, I must give up some decentralization. 

As I said earlier, I am no expert, but it seems to me that centralized, automated checkpoints have a central point of failure - the master checkpoint node.  What were to happen if the master node is down?  In the instance of an attack, it could go down by means of a sustained DoS.  While the checkpoint node is down, an attacker can begin to focus on the chain.  One other thing to note is that automated checkpoints are opt-in/opt-out.  If a portion of the network refuses to partake in the automatic checkpoints, that portion relies on a herd immunity of sorts to stay with the rest of the network.

I like to think of it like this: Locking the doors and windows to my house may keep a majority of criminals out, but the determined and skilled criminal will just need more time.

@Math

Thanks for trying to explain the problem. I quickly read through the links (I will revisit them). But don't you think an attack is only possible at the moment of fork and that too when attacker is extremely lucky. I noticed a huge jump in hashrate after the fork. To me it seems like an attack was attempted but it failed. Your thoughts?

Try not to get yourself confused over the difference between a hard fork and a fork in the chain, or what you may call a soft fork.  A hard fork occurs by means of a protocol update.  Essentially, the old version will not be compatible with the new version.  This is what happened with Auroracoin at block 5400.  The old client still functions, but it will not be able to sync with the version of the chain the developer and community deem valid. 

When people like BCX talk about a fork in the chain, they are not referring to a hard fork.  I think this (https://en.bitcoin.it/wiki/Block_chain) provides a simple explanation of what a blockchain is.  If you direct your attention to the picture, you'll notice that the blockchain looks like a tree of sorts.  If we think of the current chain as the trunk of a tree, BCX has threatened to create multiple branches from that trunk.  Some clients may choose to follow one branch while other clients choose to follow a separate branch.  When competing chains exist in the wild, it is up to the developer to decide which chain is valid.  The chain may be rolled back and a checkpoint instituted. 

Forks occur every day in most blockchains, and typically this is a none issue.  This is what causes an orphaned block.  Even Bitcoin forks daily.  The issue, however, is that an attacker can release multiple chains into the wild and nobody knows which is the valid chain.  A chain can can be forked from either the last hard fork or the last checkpoint.  Without enough hash power to secure the chain, it is free reign from that point forward.