Bitcoin Forum
June 25, 2017, 10:43:58 PM *
News: Latest stable version of Bitcoin Core: 0.14.2  [Torrent].
 
   Home   Help Search Donate Login Register  
Pages: [1] 2 3 4 5 6 7 8 »  All
  Print  
Author Topic: Security analysis of PoW/PoS hybrids with low PoW reward  (Read 12531 times)
rat4
Full Member
***
Offline Offline

Activity: 180


View Profile
March 31, 2014, 07:07:20 PM
 #1

Security analysis of PoW/PoS hybrids with low PoW reward

Low PoW reward doesn't attract miners. This leads to ridiculously low PoW difficulty.

A pair of examples:
Mintcoin scrypt diff 0.1 (vs Litecoin 5677)
SHACoin sha256 diff 1427 (vs Bitcoin 5006860589)

At such difficulty PoW blocks can be mined with speed of light.

Attack I

It is possible to build sequential chain of PoW blocks to confirm a transaction. Only 4 blocks for Mintcoin and 10 for SHACoin.

Is it hard to orphan the chain of PoW blocks?
One PoS block is enough. In both Mintcoin and SHACoin one PoS block may orphan a few millions of PoW blocks.
If at the same time the main chain will get a competing stake, attacker's chain can be enlarged with PoW.
This dramatically increases chance to success in comparison to pure PoW attack.

Ability to confirm a transaction and then orphan confirmations is ability to double spend.

Summary: double spend attack requires 1 PoS block and low hashing power.

Visualization: http://i.imgur.com/Pyrw75q.png

Attack II

Current implementation of stake miner gives up if median time of last blocks is in future.
This temporarily makes the whole network PoW-only and opens well known 51% PoW attack.

Attacker needs only 6 of 11 last blocks.

Successfully tested on Mintcoin: no PoS blocks from 203231 up to 203441, more than 1 hour of real time.
1498430638
Hero Member
*
Offline Offline

Posts: 1498430638

View Profile Personal Message (Offline)

Ignore
1498430638
Reply with quote  #2

1498430638
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1498430638
Hero Member
*
Offline Offline

Posts: 1498430638

View Profile Personal Message (Offline)

Ignore
1498430638
Reply with quote  #2

1498430638
Report to moderator
1498430638
Hero Member
*
Offline Offline

Posts: 1498430638

View Profile Personal Message (Offline)

Ignore
1498430638
Reply with quote  #2

1498430638
Report to moderator
1498430638
Hero Member
*
Offline Offline

Posts: 1498430638

View Profile Personal Message (Offline)

Ignore
1498430638
Reply with quote  #2

1498430638
Report to moderator
sixteendigits
Sr. Member
****
Offline Offline

Activity: 448


View Profile
March 31, 2014, 07:30:47 PM
 #2

Where is Sunny King?  I will take this as nothing more than FUD until the godfather weighs in.
futile-resistance
Sr. Member
****
Offline Offline

Activity: 321


View Profile
March 31, 2014, 07:44:18 PM
 #3

Security analysis of PoW/PoS hybrids with low PoW reward

Low PoW reward doesn't attract miners. This leads to ridiculously low PoW difficulty.

A pair of examples:
Mintcoin scrypt diff 0.1 (vs Litecoin 5677)
SHACoin sha256 diff 1427 (vs Bitcoin 5006860589)

At such difficulty a sequential chain of PoW blocks can be mined in a flash.
Even long enough to confirm a transaction. Only 4 blocks for Mintcoin and 10 for SHACoin.

Is it hard to orphan the chain of PoW blocks?
One PoS block is enough. In both Mintcoin and SHACoin one PoS block may orphan a few millions of PoW blocks.
If at the same time the main chain will get a competing stake, attacker's chain can be enlarged with PoW.
This dramatically increases chance to success in comparison to pure PoW attack.

Ability to confirm a transaction and then orphan confirmations is ability to double spend.

Summary: double spend attack requires 1 PoS block and low hashing power.

Visualization: http://i.imgur.com/Pyrw75q.png

Can anyone test or confirm?
emelac
Full Member
***
Offline Offline

Activity: 184



View Profile
March 31, 2014, 07:48:13 PM
 #4

I was wondering if there have been any successful PoS attacks yet. PoS is new to me.
Zzzack
Full Member
***
Offline Offline

Activity: 168


View Profile
March 31, 2014, 07:48:41 PM
 #5

Security analysis of PoW/PoS hybrids with low PoW reward

Low PoW reward doesn't attract miners. This leads to ridiculously low PoW difficulty.

A pair of examples:
Mintcoin scrypt diff 0.1 (vs Litecoin 5677)
SHACoin sha256 diff 1427 (vs Bitcoin 5006860589)

At such difficulty a sequential chain of PoW blocks can be mined in a flash.
Even long enough to confirm a transaction. Only 4 blocks for Mintcoin and 10 for SHACoin.

Is it hard to orphan the chain of PoW blocks?
One PoS block is enough. In both Mintcoin and SHACoin one PoS block may orphan a few millions of PoW blocks.
If at the same time the main chain will get a competing stake, attacker's chain can be enlarged with PoW.
This dramatically increases chance to success in comparison to pure PoW attack.

Ability to confirm a transaction and then orphan confirmations is ability to double spend.

Summary: double spend attack requires 1 PoS block and low hashing power.

Visualization: http://i.imgur.com/Pyrw75q.png

Can anyone test or confirm?

Very true. POW is necessary for these coins to secure the network...and when minted coins are low (with little value), miners have an incentive to mine a different coin and sell it for their coin of choice. Few miners = low network hash = poorly protected public ledger. And, after all, we are investing in systems that maintain the public ledger in different ways.

I'm all in on cryptos, but the network strength of bitcoin is what gives it value right now over the cryptos.

Producer
brokedummy
Hero Member
*****
Offline Offline

Activity: 658


View Profile
March 31, 2014, 07:55:47 PM
 #6

Not really a big deal, if it is an issue just fork it to not accept any more POW blocks.

KNC - KingNcoin - rare, fair, pos only https://yobit.net/en/trade/KNC/BTC
Bit_Happy
Legendary
*
Offline Offline

Activity: 1582


A Great Time to Start Something!


View Profile
March 31, 2014, 11:22:46 PM
 #7

PoW/PoS hybrids are supposed to be immune to attack. (at least CGB is/claims to be)
CryptogenicBullion has a good explanation on their site.

mgburks77
Sr. Member
****
Offline Offline

Activity: 364


View Profile
March 31, 2014, 11:50:15 PM
 #8

attack one and see what happens
gonzoucab
Jr. Member
*
Offline Offline

Activity: 42


View Profile
March 31, 2014, 11:58:41 PM
 #9

POW has been proved

POW POS Hybrid have been proved, Sunny made a really nice software

POS only have never been proved,  have less programers dedicated to.

Thats the true.
stormia
Hero Member
*****
Offline Offline

Activity: 770


View Profile
April 01, 2014, 12:03:22 AM
 #10

This is a joke. Nice try to spread FUD about other coins, rat4, to try and promote your pure PoS blackcoin. How is it that Blackcoin prevents attack forks as a pure PoS coin, again?

You say "a sequential chain of PoW blocks can be mined in a flash."
Which is not true. Sure, you could mine all of the PoW blocks that occur sequentially, but there will be many, many more PoS blocks that interrupt those far and few apart PoW blocks. In a PoS/PoW hybrid there is no way to predict or control whether or not the next block will be PoS or PoW and therefore you cannot guarantee you will be in control of a long stream of blocks unless you have 51% of the PoW and PoS power.

Now, this brings up an issue with pure PoS coins such as your Blackcoin... That I have yet to be seen answered in any technical detail. How, when it is pure PoS and it IS known that every block in a row will be PoS, can you prevent an attack such as the one anonymousg64 brings up:

im still on the fence


can someone explain how this stops someone from generating lots of PoS blocks 20 days in the future from a bunch of TX's with small interval, whether through one or multiple wallets

Code:
ss << nStakeModifier;
ss << nTimeBlockFrom << nTxPrevOffset << txPrev.nTime << prevout.n << nTimeTx;
hashProofOfStake = Hash(ss.begin(), ss.end());
if(CBigNum(hashProofOfStake) > bnCoinDayWeight * bnTargetPerCoinDay)
    return false;


im not well enough versed with the code to know what these variable names imply

Without PoW blocks to interrupt such an attack, how is it prevented?

This thread of yours is in really bad taste, rat4, you should find better ways of promoting your coin.

I await your reply, and your explanation as to how PoS coins are safe from a TX/coinage attack.
greentea
Legendary
*
Offline Offline

Activity: 1134


IOTA: No Blockchain, Scalable & Zero Fee Network!


View Profile
April 01, 2014, 12:08:13 AM
 #11

pretty obvious that a hybrid POW/POS is more secure than a pure POS ...

to make an attack you have to control hash and coin age in a POW/POS hyrbid, while a pure POS coin like blackcoin
only need to control coin age ... thus inferior

so what happen here with blackcoin:
http://www.blackcoin.co/wallet-2/official-statement-regarding-blockchain-problems-23rd-of-march/

NEM   NanoWallet   SuperNodes   Apostille   Landstead   Catapult   Mijin
▃▃▃▅▅▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▅▅▅▃▃▃
Bit_Happy
Legendary
*
Offline Offline

Activity: 1582


A Great Time to Start Something!


View Profile
April 01, 2014, 12:12:03 AM
 #12

attack one and see what happens

I'll trust this for now
https://bitcointalk.org/index.php?topic=551861.msg6010168#msg6010168

Soepkip
Sr. Member
****
Offline Offline

Activity: 462



View Profile
April 01, 2014, 12:17:00 AM
 #13

Yes, this is purely a discussion for us. The connection to BlackCoin is purely rat4 being the dev of it.

The earlier blockchain stuck we had for BlackCoin has nothing to do with this and is not adding to the discussion so far. We are talking hybrid PoW/PoS coins and their security.

████
██████████████████████
█████████████████████████
█████████████████████████
█████████████████████████
█████████████████████████
█████████████████████████
█████████████████████████

->  BLOCKTIX  ->  Ticketing platform with a dual blockchain on Ethereum and WAVES for event hosting
-> WEBSITE - SLACK - TWITTER - FORUM
-> Join our community to learn about our upcoming ICO
stormia
Hero Member
*****
Offline Offline

Activity: 770


View Profile
April 01, 2014, 12:18:24 AM
 #14

Yes, this is purely a discussion for us. The connection to BlackCoin is purely rat4 being the dev of it.

The earlier blockchain stuck we had for BlackCoin has nothing to do with this and is not adding to the discussion so far. We are talking hybrid PoW/PoS coins and their security.

Well, now we are also talking pure PoS coins and their security- which is much less tested and founded. I still await a technical response as to how pure PoS prevents the type of transaction/coinage attacks that anonymousg64 has outlined before.
stormia
Hero Member
*****
Offline Offline

Activity: 770


View Profile
April 01, 2014, 12:23:02 AM
 #15

1. Mint is not a person.
2. SHACoin is not a person.
3. rat4 is not actively promoting PoS or blackcoin

This thread is about a potential security issue with PoW/PoS hybrids. Maybe it's true, maybe not. I don't know the technicals.

Same for PoS. I dont know how secure it is. I dont know the technicals.

I have asked many times on the blackcoin thread, and so have others, as to how pure PoS is safe. No reply, other than directing me to Sunny's answers, which actually only pertain to PoS/PoW hybrids if I am not mistaken.
gonzoucab
Jr. Member
*
Offline Offline

Activity: 42


View Profile
April 01, 2014, 12:32:53 AM
 #16

The Blackcoin DEV dont wanna answer..

He throws the rock and hides the hand.
morfans
Newbie
*
Offline Offline

Activity: 6


View Profile
April 01, 2014, 12:35:14 AM
 #17

The Blackcoin DEV dont wanna answer..

He throws the rock and hides the hand.

maybe hes AFK?
gonzoucab
Jr. Member
*
Offline Offline

Activity: 42


View Profile
April 01, 2014, 12:41:50 AM
 #18

The Blackcoin DEV dont wanna answer..

He throws the rock and hides the hand.

maybe hes AFK?

He started the Thread minutes ago!!!!!!!
Soepkip
Sr. Member
****
Offline Offline

Activity: 462



View Profile
April 01, 2014, 12:45:19 AM
 #19

Or he is sleeping.

This is not an attack on either Mint or Shacoin, this is purely an observation on hybrid pow/pos systems. If you want to discuss PoS security i do invite you to join IRC ##blackcoin on freenode and seek out rat4 there when he is awake.

Also, i'm not the dev of blackcoin

████
██████████████████████
█████████████████████████
█████████████████████████
█████████████████████████
█████████████████████████
█████████████████████████
█████████████████████████

->  BLOCKTIX  ->  Ticketing platform with a dual blockchain on Ethereum and WAVES for event hosting
-> WEBSITE - SLACK - TWITTER - FORUM
-> Join our community to learn about our upcoming ICO
Jabulon
Sr. Member
****
Offline Offline

Activity: 266


View Profile WWW
April 01, 2014, 12:46:02 AM
 #20

Or he is sleeping.

This is not an attack on either Mint or Shacoin, this is purely an observation on hybrid pow/pos systems. If you want to discuss PoS security i do invite you to join IRC ##blackcoin on freenode and seek out rat4 there when he is awake.

Also, i'm not the dev of blackcoin

Yeah, as a professional he has more important business than engaging in this peeing contest. Make what you will of his analysis, do your own due diligence and try to come to rational conclusions based on what you learn rather than your emotional ties to this or that coin.

You guys are to be called out for the blatant and utter hypocrisy of Fudding the Blackcoin thread for days with inflammatory dirt, and then having hissy-fits when the Blackcoin dev weighs in with a technical statement, and you crying "fud, fud!"

Shame on you all for your childishness and abysmal conduct, which only hinders the progress of cryptocurrency. Examine your motivations more thoroughly.

Visit NightBark Music, home of the BlackCoin Music Video! https://www.youtube.com/user/nightbarkmusic
Pages: [1] 2 3 4 5 6 7 8 »  All
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!