Security analysis of PoW/PoS hybrids with low PoW reward

[stormia]

That is YOUR reply I quoted.

You must have read the answer at one point, because YOU commented that your question was answered, but I will summarize it again here just to be perfectly clear.

• Blackcoin use POS 0.3.0 protocol which has no known vulnerabilities at this time
• The "attack" suggested is impossible because coins do not stake on age alone, therefore making deposits at small intervals in no way guarantees you will generate POS blocks at those intervals.  In fact splitting coins to generate these intervals will make the chance of staking at each interval even less

Right, it uses "POS 0.3.0 protocol which has no known vulnerabilities at this time" in the context of a PoS/PoW hybrid, right? It has never been tested in the context of pure PoS, right?

I will restate: If i said said anything further about it on the blackcoin thread, I would have been ran out of there and labeled as a FUDer.
Similar to how what I am saying now, not on the blackcoin thread, is drawing so much heat.

I'm not giving you heat, i'm only answering your question.. again.

Saying Sunny King's fix only applies to POS/POW hybrids is incorrect, it fixed the POS protocol. Period.  

The timebomb attack is not feasible because coins do not stake on age alone, there are other factors.   Even if you could guarantee that all your coins ages were spaced at a minimum interval there is no guarantee they will all stake at their intervals. Also POS blocks have a target time interval, so coins that were eligible to stake too soon would not generate blocks any faster than the target interval, there is no way that one person could force their coins to be the ones to generate stake for many consecutive intervals.  This attack is pure nonsense.  

But Sunny King fixed PoS in the context of PoS/PoW hybrid, not pure PoS. Right?

Since there have not been any other pure POS coins yes the fix was originally applied to a POS/POW hybrid.  Nevertheless the fix is for the POS protocol and did nothing to POW. The fix ensured that POS was a secure way to generate blocks to secure a blockchain.  If you know of any vulnerabilities in POS please make them known so they can be addressed.

I don't know the specific vulnerabilities, I'm not saying that there necessarily are any. My argument is purely from a logic standpoint. If the security of PoS was in any way dependent upon PoW in the PoS/PoW hybrid system, then just because the PoS security flaws were fixed in that context doesn't mean they will be fixed when PoS is standing alone, or that new security flaws wouldn't be introduced when PoS stands alone. So the question is, did Sunny build/fix PoS to be completely secure standing alone or was it in anyway dependent on PoW? I guess this is ultimately what I am trying to figure out.

Sunny built them to be dependent on each other. POW is a proven system. POW/POS is a proven system. POS is not and may be vulnerable to attack.

OP's point is that a POW/POS system with very small rewards creates a weak POW system that someone could exploit and it would essentially be the same as a standalone POS system which may be vulnerable.

You clearly did not understand the OP. That is not the OP's point at all.  The OP's point is that POW/POS hybrid is vulnerable to a double spend attack by a POS block negating/orphaing a POW chain with enough blocks to have confirmed transactions.

I expect you have never looked at the source code of a POW/POW hybrid, because it it very clear POS and POW are not dependent on each other in any way.  They are completely separate methods.  It is true that POS only has never been tried before, but the POS system is secure in itself and has no known vulnerabilities.   POW is a proven system with a known vulnerability called 51% attack which is why POS was added.  POS/POW may be vulnerable by the method explained in the OP.   POS alone, again has no known vulnerabilities besides a 51% attack which would require owning 51% of the coins which would mean you already basically control the money supply and would devalue your own coins.

looking at your posts and the OP
"double spend attack requires 1 PoS block and low hashing power."

So wouldn't this method of attack require that you control/know precisely when you are going to receive a PoS block, so that you can orphan your transactions that you confirmed on the PoW chain you control (otherwise somebody else will have a greater chance of getting the next PoS block, unless you control 51%)?
You made it sound earlier like it is not possible to control when a PoS block will be generated:
"The "attack" suggested is impossible because coins do not stake on age alone, therefore making deposits at small intervals in no way guarantees you will generate POS blocks at those intervals.  In fact splitting coins to generate these intervals will make the chance of staking at each interval even less"
So, are there ways to control/know the timing of PoS block generation even though coinage is not the sole determining factor?
If so, wouldn't that mean pure PoS is vulnerable too?

[1714003546]

1714003546

[1714003546]

1714003546

[1714003546]

1714003546

[1714003546]

1714003546

[1714003546]

1714003546

[1714003546]

1714003546

[markm]

POW has been proved

POW POS Hybrid have been proved, Sunny made a really nice software

POS only have never been proved,  have less programers dedicated to.

Thats the true.

I have still not seen any good proofs around Sunny's PoS methods.

Someone pointed out a gaping hole once upon a time, he claimed to fix it but refused to explain, and since then everyone seems to have run along in blissful ignorance blindly spawning clones of the mysterious unexplained but according to its author fixed system.

Which might even by why no one has bothered to actually implement either of the methods of PoS that discussions in the development and technical section had eventually managed to come up with that seemed as if they might actually be able to work.

(Sunny was proud not to have even read any of the research, claiming he simply came up with an idea out of the blue himself and flew with it. Then on having it pointed out that it was utterly broken/flawed/vulnerable, claimed to have come up with a fix out of the blue himself, that he refused to explain.)

-MarkM-

[wasamata]

I would say this to OP
People who live in glass houses shouldn't throw stones.

[mgburks77]

There's only one way to find out and that is to pick a target, attack, and see what happens.

[rat4]

That is YOUR reply I quoted.

You must have read the answer at one point, because YOU commented that your question was answered, but I will summarize it again here just to be perfectly clear.

• Blackcoin use POS 0.3.0 protocol which has no known vulnerabilities at this time
• The "attack" suggested is impossible because coins do not stake on age alone, therefore making deposits at small intervals in no way guarantees you will generate POS blocks at those intervals.  In fact splitting coins to generate these intervals will make the chance of staking at each interval even less

Right, it uses "POS 0.3.0 protocol which has no known vulnerabilities at this time" in the context of a PoS/PoW hybrid, right? It has never been tested in the context of pure PoS, right?

I will restate: If i said said anything further about it on the blackcoin thread, I would have been ran out of there and labeled as a FUDer.
Similar to how what I am saying now, not on the blackcoin thread, is drawing so much heat.

I'm not giving you heat, i'm only answering your question.. again.

Saying Sunny King's fix only applies to POS/POW hybrids is incorrect, it fixed the POS protocol. Period.  

The timebomb attack is not feasible because coins do not stake on age alone, there are other factors.   Even if you could guarantee that all your coins ages were spaced at a minimum interval there is no guarantee they will all stake at their intervals. Also POS blocks have a target time interval, so coins that were eligible to stake too soon would not generate blocks any faster than the target interval, there is no way that one person could force their coins to be the ones to generate stake for many consecutive intervals.  This attack is pure nonsense.  

But Sunny King fixed PoS in the context of PoS/PoW hybrid, not pure PoS. Right?

Since there have not been any other pure POS coins yes the fix was originally applied to a POS/POW hybrid.  Nevertheless the fix is for the POS protocol and did nothing to POW. The fix ensured that POS was a secure way to generate blocks to secure a blockchain.  If you know of any vulnerabilities in POS please make them known so they can be addressed.

I don't know the specific vulnerabilities, I'm not saying that there necessarily are any. My argument is purely from a logic standpoint. If the security of PoS was in any way dependent upon PoW in the PoS/PoW hybrid system, then just because the PoS security flaws were fixed in that context doesn't mean they will be fixed when PoS is standing alone, or that new security flaws wouldn't be introduced when PoS stands alone. So the question is, did Sunny build/fix PoS to be completely secure standing alone or was it in anyway dependent on PoW? I guess this is ultimately what I am trying to figure out.

Sunny built them to be dependent on each other. POW is a proven system. POW/POS is a proven system. POS is not and may be vulnerable to attack.

OP's point is that a POW/POS system with very small rewards creates a weak POW system that someone could exploit and it would essentially be the same as a standalone POS system which may be vulnerable.

You clearly did not understand the OP. That is not the OP's point at all.  The OP's point is that POW/POS hybrid is vulnerable to a double spend attack by a POS block negating/orphaing a POW chain with enough blocks to have confirmed transactions.

I expect you have never looked at the source code of a POW/POW hybrid, because it it very clear POS and POW are not dependent on each other in any way.  They are completely separate methods.  It is true that POS only has never been tried before, but the POS system is secure in itself and has no known vulnerabilities.   POW is a proven system with a known vulnerability called 51% attack which is why POS was added.  POS/POW may be vulnerable by the method explained in the OP.   POS alone, again has no known vulnerabilities besides a 51% attack which would require owning 51% of the coins which would mean you already basically control the money supply and would devalue your own coins.

looking at your posts and the OP
"double spend attack requires 1 PoS block and low hashing power."

So wouldn't this method of attack require that you control/know precisely when you are going to receive a PoS block, so that you can orphan your transactions that you confirmed on the PoW chain you control (otherwise somebody else will have a greater chance of getting the next PoS block, unless you control 51%)?
You made it sound earlier like it is not possible to control when a PoS block will be generated:
"The "attack" suggested is impossible because coins do not stake on age alone, therefore making deposits at small intervals in no way guarantees you will generate POS blocks at those intervals.  In fact splitting coins to generate these intervals will make the chance of staking at each interval even less"
So, are there ways to control/know the timing of PoS block generation even though coinage is not the sole determining factor?
If so, wouldn't that mean pure PoS is vulnerable too?

Attacker should wait for 1 PoS block and delay announcing this block.

[mgburks77]

Maybe dev should build test coin and use 51% premine for attack to see what happens that way no damage to existing coins

[markm]

OP's point is that a POW/POS system with very small rewards creates a weak POW system that someone could exploit and it would essentially be the same as a standalone POS system which may be vulnerable.

It would not be the same as a standalone PoS system; rather, what it is is a PoS system plus a pathetically weak work PoW system which completely sidesteps aka does an end run around the PoS, so that the PoW attacker can attack without the PoS system getting in the way of the attack. Basically the PoS part is almost irrelevant given that the PoW attacker can do their attack and run with the loot before PoS even notices or acts?

Possibly the PoS might even lock into place the success of the attack, by building on a chain that already has the attack in place as having happened, over and done with, fait accompli ?

-MarkM-

[mgburks77]

thats pure speculation

[markm]

POS and POW are completely separate and different systems.  They do not depend on each other at all.  They work separately and can compliment each other as 2 different methods to secure a block chain or they can each stand alone.  

Also though by the sound of it they can separately and independently conduct their attacks?

If so then maybe for example a PoW attack can be accomplished and over and done with then a PoS block or series of blocks come along taking the success of the attack as valid accomplished fact and building upon it?

And maybe vice-versa also?

So that although they are two independent separate means of securing a chain they are also two separate and independent vulnerabilities whereby attacks can be performed?

-MarkM-

[stormia]

That is YOUR reply I quoted.

You must have read the answer at one point, because YOU commented that your question was answered, but I will summarize it again here just to be perfectly clear.

• Blackcoin use POS 0.3.0 protocol which has no known vulnerabilities at this time
• The "attack" suggested is impossible because coins do not stake on age alone, therefore making deposits at small intervals in no way guarantees you will generate POS blocks at those intervals.  In fact splitting coins to generate these intervals will make the chance of staking at each interval even less

Right, it uses "POS 0.3.0 protocol which has no known vulnerabilities at this time" in the context of a PoS/PoW hybrid, right? It has never been tested in the context of pure PoS, right?

I will restate: If i said said anything further about it on the blackcoin thread, I would have been ran out of there and labeled as a FUDer.
Similar to how what I am saying now, not on the blackcoin thread, is drawing so much heat.

I'm not giving you heat, i'm only answering your question.. again.

Saying Sunny King's fix only applies to POS/POW hybrids is incorrect, it fixed the POS protocol. Period.  

The timebomb attack is not feasible because coins do not stake on age alone, there are other factors.   Even if you could guarantee that all your coins ages were spaced at a minimum interval there is no guarantee they will all stake at their intervals. Also POS blocks have a target time interval, so coins that were eligible to stake too soon would not generate blocks any faster than the target interval, there is no way that one person could force their coins to be the ones to generate stake for many consecutive intervals.  This attack is pure nonsense.  

But Sunny King fixed PoS in the context of PoS/PoW hybrid, not pure PoS. Right?

Since there have not been any other pure POS coins yes the fix was originally applied to a POS/POW hybrid.  Nevertheless the fix is for the POS protocol and did nothing to POW. The fix ensured that POS was a secure way to generate blocks to secure a blockchain.  If you know of any vulnerabilities in POS please make them known so they can be addressed.

I don't know the specific vulnerabilities, I'm not saying that there necessarily are any. My argument is purely from a logic standpoint. If the security of PoS was in any way dependent upon PoW in the PoS/PoW hybrid system, then just because the PoS security flaws were fixed in that context doesn't mean they will be fixed when PoS is standing alone, or that new security flaws wouldn't be introduced when PoS stands alone. So the question is, did Sunny build/fix PoS to be completely secure standing alone or was it in anyway dependent on PoW? I guess this is ultimately what I am trying to figure out.

Sunny built them to be dependent on each other. POW is a proven system. POW/POS is a proven system. POS is not and may be vulnerable to attack.

OP's point is that a POW/POS system with very small rewards creates a weak POW system that someone could exploit and it would essentially be the same as a standalone POS system which may be vulnerable.

You clearly did not understand the OP. That is not the OP's point at all.  The OP's point is that POW/POS hybrid is vulnerable to a double spend attack by a POS block negating/orphaing a POW chain with enough blocks to have confirmed transactions.

I expect you have never looked at the source code of a POW/POW hybrid, because it it very clear POS and POW are not dependent on each other in any way.  They are completely separate methods.  It is true that POS only has never been tried before, but the POS system is secure in itself and has no known vulnerabilities.   POW is a proven system with a known vulnerability called 51% attack which is why POS was added.  POS/POW may be vulnerable by the method explained in the OP.   POS alone, again has no known vulnerabilities besides a 51% attack which would require owning 51% of the coins which would mean you already basically control the money supply and would devalue your own coins.

looking at your posts and the OP
"double spend attack requires 1 PoS block and low hashing power."

So wouldn't this method of attack require that you control/know precisely when you are going to receive a PoS block, so that you can orphan your transactions that you confirmed on the PoW chain you control (otherwise somebody else will have a greater chance of getting the next PoS block, unless you control 51%)?
You made it sound earlier like it is not possible to control when a PoS block will be generated:
"The "attack" suggested is impossible because coins do not stake on age alone, therefore making deposits at small intervals in no way guarantees you will generate POS blocks at those intervals.  In fact splitting coins to generate these intervals will make the chance of staking at each interval even less"
So, are there ways to control/know the timing of PoS block generation even though coinage is not the sole determining factor?
If so, wouldn't that mean pure PoS is vulnerable too?

Attacker should wait for 1 PoS block and delay announcing this block.

So, in that case, what is preventing an attacker from waiting for multiple PoS blocks and delaying announcing the multiple PoS blocks to form a string of PoS blocks similar to a TX attack chain like the one anonymousg64 was talking about? If it is not possible to wait/delay more than one block per wallet, then one could easy use multiple wallets. If the timing of generating/announcing a single PoS block can be controlled, what is preventing reiteration of the process to control a series of single blocks?
Also, what would prevent another block from being announced at that same time or right before you? Say you control when you can announce your PoS block, but does that mean you can control when other people generate/announce theirs?

im still on the fence


can someone explain how this stops someone from generating lots of PoS blocks 20 days in the future from a bunch of TX's with small interval, whether through one or multiple wallets

Code:

ss << nStakeModifier;
ss << nTimeBlockFrom << nTxPrevOffset << txPrev.nTime << prevout.n << nTimeTx;
hashProofOfStake = Hash(ss.begin(), ss.end());
if(CBigNum(hashProofOfStake) > bnCoinDayWeight * bnTargetPerCoinDay)
    return false;

im not well enough versed with the code to know what these variable names imply

[mgburks77]

Well unless there is some kind of actual effort to collect objective facts about the matter it's not worth paying any attention to a lot of talk.

Until there is that's pure FUD

[sidhujag]

Ya markm knows what hes talking about.. But rather then talk gibberish its better to simply try a demo coin like last poster said.. run fast hash on non mined pow with low rewards and see if you cam break it before pos catches on... Would be cool to know once and for all.. maybe a curious dev can do this to put an end to all the shitcoins with pos claiming its the greatest thing when sunny king hasnt even explained himself yet regarding his fix...

[rat4]

That is YOUR reply I quoted.

You must have read the answer at one point, because YOU commented that your question was answered, but I will summarize it again here just to be perfectly clear.

• Blackcoin use POS 0.3.0 protocol which has no known vulnerabilities at this time
• The "attack" suggested is impossible because coins do not stake on age alone, therefore making deposits at small intervals in no way guarantees you will generate POS blocks at those intervals.  In fact splitting coins to generate these intervals will make the chance of staking at each interval even less

Right, it uses "POS 0.3.0 protocol which has no known vulnerabilities at this time" in the context of a PoS/PoW hybrid, right? It has never been tested in the context of pure PoS, right?

I will restate: If i said said anything further about it on the blackcoin thread, I would have been ran out of there and labeled as a FUDer.
Similar to how what I am saying now, not on the blackcoin thread, is drawing so much heat.

I'm not giving you heat, i'm only answering your question.. again.

Saying Sunny King's fix only applies to POS/POW hybrids is incorrect, it fixed the POS protocol. Period.  

The timebomb attack is not feasible because coins do not stake on age alone, there are other factors.   Even if you could guarantee that all your coins ages were spaced at a minimum interval there is no guarantee they will all stake at their intervals. Also POS blocks have a target time interval, so coins that were eligible to stake too soon would not generate blocks any faster than the target interval, there is no way that one person could force their coins to be the ones to generate stake for many consecutive intervals.  This attack is pure nonsense.  

But Sunny King fixed PoS in the context of PoS/PoW hybrid, not pure PoS. Right?

Since there have not been any other pure POS coins yes the fix was originally applied to a POS/POW hybrid.  Nevertheless the fix is for the POS protocol and did nothing to POW. The fix ensured that POS was a secure way to generate blocks to secure a blockchain.  If you know of any vulnerabilities in POS please make them known so they can be addressed.

I don't know the specific vulnerabilities, I'm not saying that there necessarily are any. My argument is purely from a logic standpoint. If the security of PoS was in any way dependent upon PoW in the PoS/PoW hybrid system, then just because the PoS security flaws were fixed in that context doesn't mean they will be fixed when PoS is standing alone, or that new security flaws wouldn't be introduced when PoS stands alone. So the question is, did Sunny build/fix PoS to be completely secure standing alone or was it in anyway dependent on PoW? I guess this is ultimately what I am trying to figure out.

Sunny built them to be dependent on each other. POW is a proven system. POW/POS is a proven system. POS is not and may be vulnerable to attack.

OP's point is that a POW/POS system with very small rewards creates a weak POW system that someone could exploit and it would essentially be the same as a standalone POS system which may be vulnerable.

You clearly did not understand the OP. That is not the OP's point at all.  The OP's point is that POW/POS hybrid is vulnerable to a double spend attack by a POS block negating/orphaing a POW chain with enough blocks to have confirmed transactions.

I expect you have never looked at the source code of a POW/POW hybrid, because it it very clear POS and POW are not dependent on each other in any way.  They are completely separate methods.  It is true that POS only has never been tried before, but the POS system is secure in itself and has no known vulnerabilities.   POW is a proven system with a known vulnerability called 51% attack which is why POS was added.  POS/POW may be vulnerable by the method explained in the OP.   POS alone, again has no known vulnerabilities besides a 51% attack which would require owning 51% of the coins which would mean you already basically control the money supply and would devalue your own coins.

looking at your posts and the OP
"double spend attack requires 1 PoS block and low hashing power."

So wouldn't this method of attack require that you control/know precisely when you are going to receive a PoS block, so that you can orphan your transactions that you confirmed on the PoW chain you control (otherwise somebody else will have a greater chance of getting the next PoS block, unless you control 51%)?
You made it sound earlier like it is not possible to control when a PoS block will be generated:
"The "attack" suggested is impossible because coins do not stake on age alone, therefore making deposits at small intervals in no way guarantees you will generate POS blocks at those intervals.  In fact splitting coins to generate these intervals will make the chance of staking at each interval even less"
So, are there ways to control/know the timing of PoS block generation even though coinage is not the sole determining factor?
If so, wouldn't that mean pure PoS is vulnerable too?

Attacker should wait for 1 PoS block and delay announcing this block.

So, in that case, what is preventing an attacker from waiting for multiple PoS blocks and delaying announcing the multiple PoS blocks to form a string of PoS blocks similar to a TX attack chain like the one anonymousg64 was talking about? If it is not possible to wait/delay more than one block per wallet, then one could easy use multiple wallets.

Nothing prevents. Chance to find even 2 blocks in a row is low.
Long chain of PoS blocks is realistically only for exchanges with old coins in cold wallet.

[mgburks77]

Ya markm knows what hes talking about.. But rather then talk gibberish its better to simply try a demo coin like last poster said.. run fast hash on non mined pow with low rewards and see if you cam break it before pos catches on... Would be cool to know once and for all.. maybe a curious dev can do this to put an end to all the shitcoins with pos claiming its the greatest thing when sunny king hasnt even explained himself yet regarding his fix...

I'm sure he does. But he has stated his thinking and now it is time to test it. If not, well...

At this point we all need concrete facts.

[mercSuey]

That is YOUR reply I quoted.

You must have read the answer at one point, because YOU commented that your question was answered, but I will summarize it again here just to be perfectly clear.

• Blackcoin use POS 0.3.0 protocol which has no known vulnerabilities at this time
• The "attack" suggested is impossible because coins do not stake on age alone, therefore making deposits at small intervals in no way guarantees you will generate POS blocks at those intervals.  In fact splitting coins to generate these intervals will make the chance of staking at each interval even less

Right, it uses "POS 0.3.0 protocol which has no known vulnerabilities at this time" in the context of a PoS/PoW hybrid, right? It has never been tested in the context of pure PoS, right?

I will restate: If i said said anything further about it on the blackcoin thread, I would have been ran out of there and labeled as a FUDer.
Similar to how what I am saying now, not on the blackcoin thread, is drawing so much heat.

I'm not giving you heat, i'm only answering your question.. again.

Saying Sunny King's fix only applies to POS/POW hybrids is incorrect, it fixed the POS protocol. Period.  

The timebomb attack is not feasible because coins do not stake on age alone, there are other factors.   Even if you could guarantee that all your coins ages were spaced at a minimum interval there is no guarantee they will all stake at their intervals. Also POS blocks have a target time interval, so coins that were eligible to stake too soon would not generate blocks any faster than the target interval, there is no way that one person could force their coins to be the ones to generate stake for many consecutive intervals.  This attack is pure nonsense.  

But Sunny King fixed PoS in the context of PoS/PoW hybrid, not pure PoS. Right?

Since there have not been any other pure POS coins yes the fix was originally applied to a POS/POW hybrid.  Nevertheless the fix is for the POS protocol and did nothing to POW. The fix ensured that POS was a secure way to generate blocks to secure a blockchain.  If you know of any vulnerabilities in POS please make them known so they can be addressed.

I don't know the specific vulnerabilities, I'm not saying that there necessarily are any. My argument is purely from a logic standpoint. If the security of PoS was in any way dependent upon PoW in the PoS/PoW hybrid system, then just because the PoS security flaws were fixed in that context doesn't mean they will be fixed when PoS is standing alone, or that new security flaws wouldn't be introduced when PoS stands alone. So the question is, did Sunny build/fix PoS to be completely secure standing alone or was it in anyway dependent on PoW? I guess this is ultimately what I am trying to figure out.

Sunny built them to be dependent on each other. POW is a proven system. POW/POS is a proven system. POS is not and may be vulnerable to attack.

OP's point is that a POW/POS system with very small rewards creates a weak POW system that someone could exploit and it would essentially be the same as a standalone POS system which may be vulnerable.

You clearly did not understand the OP. That is not the OP's point at all.  The OP's point is that POW/POS hybrid is vulnerable to a double spend attack by a POS block negating/orphaing a POW chain with enough blocks to have confirmed transactions.

I expect you have never looked at the source code of a POW/POW hybrid, because it it very clear POS and POW are not dependent on each other in any way.  They are completely separate methods.  It is true that POS only has never been tried before, but the POS system is secure in itself and has no known vulnerabilities.   POW is a proven system with a known vulnerability called 51% attack which is why POS was added.  POS/POW may be vulnerable by the method explained in the OP.   POS alone, again has no known vulnerabilities besides a 51% attack which would require owning 51% of the coins which would mean you already basically control the money supply and would devalue your own coins.

looking at your posts and the OP
"double spend attack requires 1 PoS block and low hashing power."

So wouldn't this method of attack require that you control/know precisely when you are going to receive a PoS block, so that you can orphan your transactions that you confirmed on the PoW chain you control (otherwise somebody else will have a greater chance of getting the next PoS block, unless you control 51%)?
You made it sound earlier like it is not possible to control when a PoS block will be generated:
"The "attack" suggested is impossible because coins do not stake on age alone, therefore making deposits at small intervals in no way guarantees you will generate POS blocks at those intervals.  In fact splitting coins to generate these intervals will make the chance of staking at each interval even less"
So, are there ways to control/know the timing of PoS block generation even though coinage is not the sole determining factor?
If so, wouldn't that mean pure PoS is vulnerable too?

Attacker should wait for 1 PoS block and delay announcing this block.

PoS block is a stochastic process.  You say this like it's a given that it can be done...it's not.

[stormia]

That is YOUR reply I quoted.

You must have read the answer at one point, because YOU commented that your question was answered, but I will summarize it again here just to be perfectly clear.

• Blackcoin use POS 0.3.0 protocol which has no known vulnerabilities at this time
• The "attack" suggested is impossible because coins do not stake on age alone, therefore making deposits at small intervals in no way guarantees you will generate POS blocks at those intervals.  In fact splitting coins to generate these intervals will make the chance of staking at each interval even less

Right, it uses "POS 0.3.0 protocol which has no known vulnerabilities at this time" in the context of a PoS/PoW hybrid, right? It has never been tested in the context of pure PoS, right?

I will restate: If i said said anything further about it on the blackcoin thread, I would have been ran out of there and labeled as a FUDer.
Similar to how what I am saying now, not on the blackcoin thread, is drawing so much heat.

I'm not giving you heat, i'm only answering your question.. again.

Saying Sunny King's fix only applies to POS/POW hybrids is incorrect, it fixed the POS protocol. Period.  

The timebomb attack is not feasible because coins do not stake on age alone, there are other factors.   Even if you could guarantee that all your coins ages were spaced at a minimum interval there is no guarantee they will all stake at their intervals. Also POS blocks have a target time interval, so coins that were eligible to stake too soon would not generate blocks any faster than the target interval, there is no way that one person could force their coins to be the ones to generate stake for many consecutive intervals.  This attack is pure nonsense.  

But Sunny King fixed PoS in the context of PoS/PoW hybrid, not pure PoS. Right?

Since there have not been any other pure POS coins yes the fix was originally applied to a POS/POW hybrid.  Nevertheless the fix is for the POS protocol and did nothing to POW. The fix ensured that POS was a secure way to generate blocks to secure a blockchain.  If you know of any vulnerabilities in POS please make them known so they can be addressed.

I don't know the specific vulnerabilities, I'm not saying that there necessarily are any. My argument is purely from a logic standpoint. If the security of PoS was in any way dependent upon PoW in the PoS/PoW hybrid system, then just because the PoS security flaws were fixed in that context doesn't mean they will be fixed when PoS is standing alone, or that new security flaws wouldn't be introduced when PoS stands alone. So the question is, did Sunny build/fix PoS to be completely secure standing alone or was it in anyway dependent on PoW? I guess this is ultimately what I am trying to figure out.

Sunny built them to be dependent on each other. POW is a proven system. POW/POS is a proven system. POS is not and may be vulnerable to attack.

OP's point is that a POW/POS system with very small rewards creates a weak POW system that someone could exploit and it would essentially be the same as a standalone POS system which may be vulnerable.

You clearly did not understand the OP. That is not the OP's point at all.  The OP's point is that POW/POS hybrid is vulnerable to a double spend attack by a POS block negating/orphaing a POW chain with enough blocks to have confirmed transactions.

I expect you have never looked at the source code of a POW/POW hybrid, because it it very clear POS and POW are not dependent on each other in any way.  They are completely separate methods.  It is true that POS only has never been tried before, but the POS system is secure in itself and has no known vulnerabilities.   POW is a proven system with a known vulnerability called 51% attack which is why POS was added.  POS/POW may be vulnerable by the method explained in the OP.   POS alone, again has no known vulnerabilities besides a 51% attack which would require owning 51% of the coins which would mean you already basically control the money supply and would devalue your own coins.

looking at your posts and the OP
"double spend attack requires 1 PoS block and low hashing power."

So wouldn't this method of attack require that you control/know precisely when you are going to receive a PoS block, so that you can orphan your transactions that you confirmed on the PoW chain you control (otherwise somebody else will have a greater chance of getting the next PoS block, unless you control 51%)?
You made it sound earlier like it is not possible to control when a PoS block will be generated:
"The "attack" suggested is impossible because coins do not stake on age alone, therefore making deposits at small intervals in no way guarantees you will generate POS blocks at those intervals.  In fact splitting coins to generate these intervals will make the chance of staking at each interval even less"
So, are there ways to control/know the timing of PoS block generation even though coinage is not the sole determining factor?
If so, wouldn't that mean pure PoS is vulnerable too?

Attacker should wait for 1 PoS block and delay announcing this block.

So, in that case, what is preventing an attacker from waiting for multiple PoS blocks and delaying announcing the multiple PoS blocks to form a string of PoS blocks similar to a TX attack chain like the one anonymousg64 was talking about? If it is not possible to wait/delay more than one block per wallet, then one could easy use multiple wallets.

Nothing prevents. Chance to find even 2 blocks in a row is low.
Long chain of PoS blocks is realistically only for exchanges with old coins in cold wallet.

But like you said "Attacker should wait for 1 PoS block and delay announcing this block." Why couldn't this process be simply reiterated to form a string? You wouldn't need to "find" >2 blocks in a row, you would just need to announce them in a row. Or am I missing something?

My edit of what I said above, must have been editing while you responded:
"So, in that case, what is preventing an attacker from waiting for multiple PoS blocks and delaying announcing the multiple PoS blocks to form a string of PoS blocks similar to a TX attack chain like the one anonymousg64 was talking about? If it is not possible to wait/delay more than one block per wallet, then one could easy use multiple wallets. If the timing of generating/announcing a single PoS block can be controlled, what is preventing reiteration of the process to control a series of single blocks?
Also, what would prevent another block from being announced at that same time or right before you? Say you control when you can announce your PoS block, but does that mean you can control when other people generate/announce theirs?"

Similar to mercSuey's point that PoS is a stochastic process,

What would prevent another block from being announced at that same time or right before you? Assuming you can control when you can announce your PoS block, does that mean you can control when other people generate/announce theirs?

[Crestington]

Colossuscoin is 100% Proof of Stake through Pow/Pos. It it the oldest Proof of stake only coin and I started working with it about 4 months ago, right after it finished Pow and became POS only.

[rat4]

But like you said "Attacker should wait for 1 PoS block and delay announcing this block." Why couldn't this process be simply reiterated to form a string? You wouldn't need to "find" >2 blocks in a row, you would just need to announce them in a row. Or am I missing something?

My edit of what I said above, must have been editing while you responded:
"So, in that case, what is preventing an attacker from waiting for multiple PoS blocks and delaying announcing the multiple PoS blocks to form a string of PoS blocks similar to a TX attack chain like the one anonymousg64 was talking about? If it is not possible to wait/delay more than one block per wallet, then one could easy use multiple wallets. If the timing of generating/announcing a single PoS block can be controlled, what is preventing reiteration of the process to control a series of single blocks?

Attacker should build a chain longer than main. The more he waits the less chance to success.

Also, what would prevent another block from being announced at that same time or right before you? Say you control when you can announce your PoS block, but does that mean you can control when other people generate/announce theirs?"

Similar to mercSuey's point that PoS is a stochastic process,

What would prevent another block from being announced at that same time or right before you? Assuming you can control when you can announce your PoS block, does that mean you can control when other people generate/announce theirs?

Yes, this attack has not 100% chance to success. The point is that average block time is known.
One honest PoS block will not stop attack. Two will.

[stormia]

But like you said "Attacker should wait for 1 PoS block and delay announcing this block." Why couldn't this process be simply reiterated to form a string? You wouldn't need to "find" >2 blocks in a row, you would just need to announce them in a row. Or am I missing something?

My edit of what I said above, must have been editing while you responded:
"So, in that case, what is preventing an attacker from waiting for multiple PoS blocks and delaying announcing the multiple PoS blocks to form a string of PoS blocks similar to a TX attack chain like the one anonymousg64 was talking about? If it is not possible to wait/delay more than one block per wallet, then one could easy use multiple wallets. If the timing of generating/announcing a single PoS block can be controlled, what is preventing reiteration of the process to control a series of single blocks?

Attacker should build a chain longer than main. The more he waits the less chance to success.

Also, what would prevent another block from being announced at that same time or right before you? Say you control when you can announce your PoS block, but does that mean you can control when other people generate/announce theirs?"

Similar to mercSuey's point that PoS is a stochastic process,

What would prevent another block from being announced at that same time or right before you? Assuming you can control when you can announce your PoS block, does that mean you can control when other people generate/announce theirs?

Yes, this attack has not 100% chance to success. The point is that average block time is known.
One honest PoS block will not stop attack. Two will.

Going back to the OP,
"At such difficulty a sequential chain of PoW blocks can be mined in a flash."

And what artiface said,
"If the difficulty is very low due to low network hash rate then applying a substantially higher hashrate can cause many POW blocks to be generated quickly, much quicker than the target rate."

How exactly is this possible, particularly with difficulty re-targeting every block? Also, it is my understanding that not only would the difficulty of finding a PoW block go up, but the difficulty of finding a PoS would go down in response as well.


Additionally, no matter how fast you can manage to generate a string of PoW blocks there is no way to know with certainty that a PoS block wont be randomly generated within that time and interrupt the string? The best you could do is estimate based on the average block time, right? But this would be further complicated since the chance of finding a PoS block is increased by PoW blocks being found.

As you can see here, the PoW blocks have a different and independent difficulty algorithm than PoS blocks. If you start getting a lot of PoS blocks in a row, the chance of PoW block generation increases in order to achieve the PoW target; so after each PoS block is generated the likely-hood of generating a PoW block as the next block goes up, and after every PoW block, the chance of generating a PoS block goes up. They are both integrated with block targets and difficulties that are independent of one another; so one cannot perpetually overpower the other. This is why PoS/PoW hybrid is more secure vs just PoS only. And, it is also worth noting that over time, the Mintcoin networks actually will get more secure with age, whereas a PoW only coin has the potential to get less secure due to centralized mining processes. Mintcoin is protected from PoW overpowering, as well as PoS overpowering. You cannot know for certain the future of the Mintcion blockchain (at least very far). With Pure PoS, you know the future will always be a PoS block next, and with PoW you know that the future will always be PoW blocks next, but you cannot know the future with hybrid PoW/PoS like Mintcoin.

[dille71]

That is YOUR reply I quoted.

You must have read the answer at one point, because YOU commented that your question was answered, but I will summarize it again here just to be perfectly clear.

• Blackcoin use POS 0.3.0 protocol which has no known vulnerabilities at this time
• The "attack" suggested is impossible because coins do not stake on age alone, therefore making deposits at small intervals in no way guarantees you will generate POS blocks at those intervals.  In fact splitting coins to generate these intervals will make the chance of staking at each interval even less

Right, it uses "POS 0.3.0 protocol which has no known vulnerabilities at this time" in the context of a PoS/PoW hybrid, right? It has never been tested in the context of pure PoS, right?

I will restate: If i said said anything further about it on the blackcoin thread, I would have been ran out of there and labeled as a FUDer.
Similar to how what I am saying now, not on the blackcoin thread, is drawing so much heat.

I'm not giving you heat, i'm only answering your question.. again.

Saying Sunny King's fix only applies to POS/POW hybrids is incorrect, it fixed the POS protocol. Period.  

The timebomb attack is not feasible because coins do not stake on age alone, there are other factors.   Even if you could guarantee that all your coins ages were spaced at a minimum interval there is no guarantee they will all stake at their intervals. Also POS blocks have a target time interval, so coins that were eligible to stake too soon would not generate blocks any faster than the target interval, there is no way that one person could force their coins to be the ones to generate stake for many consecutive intervals.  This attack is pure nonsense.  

But Sunny King fixed PoS in the context of PoS/PoW hybrid, not pure PoS. Right?

Since there have not been any other pure POS coins yes the fix was originally applied to a POS/POW hybrid.  Nevertheless the fix is for the POS protocol and did nothing to POW. The fix ensured that POS was a secure way to generate blocks to secure a blockchain.  If you know of any vulnerabilities in POS please make them known so they can be addressed.

I don't know the specific vulnerabilities, I'm not saying that there necessarily are any. My argument is purely from a logic standpoint. If the security of PoS was in any way dependent upon PoW in the PoS/PoW hybrid system, then just because the PoS security flaws were fixed in that context doesn't mean they will be fixed when PoS is standing alone, or that new security flaws wouldn't be introduced when PoS stands alone. So the question is, did Sunny build/fix PoS to be completely secure standing alone or was it in anyway dependent on PoW? I guess this is ultimately what I am trying to figure out.

Sunny built them to be dependent on each other. POW is a proven system. POW/POS is a proven system. POS is not and may be vulnerable to attack.

OP's point is that a POW/POS system with very small rewards creates a weak POW system that someone could exploit and it would essentially be the same as a standalone POS system which may be vulnerable.

You clearly did not understand the OP. That is not the OP's point at all.  The OP's point is that POW/POS hybrid is vulnerable to a double spend attack by a POS block negating/orphaing a POW chain with enough blocks to have confirmed transactions.

I expect you have never looked at the source code of a POW/POW hybrid, because it it very clear POS and POW are not dependent on each other in any way.  They are completely separate methods.  It is true that POS only has never been tried before, but the POS system is secure in itself and has no known vulnerabilities.   POW is a proven system with a known vulnerability called 51% attack which is why POS was added.  POS/POW may be vulnerable by the method explained in the OP.   POS alone, again has no known vulnerabilities besides a 51% attack which would require owning 51% of the coins which would mean you already basically control the money supply and would devalue your own coins.

You dont need 51% of the coins, you need 51% of the coin age
So, with a pure pos coin that has no upper limit for coin age it might be enough to own 10% of the coins and let them age long enough......