Security analysis of PoW/PoS hybrids with low PoW reward

[rat4]

How exactly is this possible, particularly with difficulty re-targeting every block?

Blocks may have timestamp different from real time. This allows keeping low difficulty. Time window is limited but enough for this attack.

Also, it is my understanding that not only would the difficulty of finding a PoW block go up, but the difficulty of finding a PoS would go down in response as well.

No.

Additionally, no matter how fast you can manage to generate a string of PoW blocks there is no way to know with certainty that a PoS block wont be randomly generated within that time and interrupt the string?

Again, one PoS block will not stop attack. Two will.

[1714974210]

1714974210

[1714974210]

1714974210

[1714974210]

1714974210

[1714974210]

1714974210

[Crestington]

What do you want to know about a POW/POS coin after its fully Proof of Stake?  How wallets interact? Pitfalls? Colossuscoin is the longest running POS only coin from POW 4 months ago. I'm looking to create a Proof of Stake only,  fee sharing system, Do any of you understand how multi-signiture transactions could work on the blockchain?

Also, could it be possible to have fees from transactions go to a particular address built into the blockchain where fees get distributed 75% to a central fund,  and 25% to an address that gets mined with your POS coins. POS mining is 7-15 days Max weight and POS interest is 15-30 days Max weight. I was also thinking that you could reduce blockchain size by having a large float but lower minimum such as 500,000,000,000.01  How would that affect size at a faster block time?

What would you recommend in terms of POS only for security, could TX fees be added to POS generation? If you used POW, could it be an added function for security and pays out based on POS? If you had fees being split and some that go into a central fund, it would mean that one address would have a full record of the blockchain, could that be loaded on a central server?

[oinquer]

POW has been proved

POW POS Hybrid have been proved, Sunny made a really nice software

POS only have never been proved,  have less programers dedicated to.

Thats the true.

But the fact is that all POW/POW+POS/POS coins have the possiblities to get attacked.
Blackcoin has its problem just a week ago.

[stormia]

POW has been proved

POW POS Hybrid have been proved, Sunny made a really nice software

POS only have never been proved,  have less programers dedicated to.

Thats the true.

But the fact is that all POW/POW+POS/POS coins have the possiblities to get attacked.
Blackcoin has its problem just a week ago.

Yeah and does anybody else find it interesting how timing of the "timebomb attack" described here:
http://www.blackcoin.co/wallet-2/official-statement-regarding-blockchain-problems-23rd-of-march/

"To solve the issue, by making a check for such cases and making sure the right value is always returned we had to hard fork the BlackCoin blockchain at block 38424."

Corresponds to the problems that occurred at cryptorush:

Getting scary out there...  The roundness of those orders suggests it's just a few people holding up the price....

Yep, its being manipulated to dump - they get you to pump it up by panic buying more only to dump on you - probably the coins that were stolen.

Are the 22 million coins that went out of the CR wallet simply on the bad fork? or can they be used by the new client?

Total loss reported about 1.5 million coins, 22 million number is their total processed coins as far as I understand. The coins were withdrawn by normal CR users seeing larger balance than they should have, not a single entity/hacker. The coins were distributed across many people, no single large dumper was born. The coins are useable.

How did they end up with a total negative balance in their wallet? I mean, the daemon will not send coins it doesn't have. They must have HAD that many coins -- but they're claiming they didn't. They say they only had 68k coins or something, and ended up with a massive negative balance. The client doesn't -- or obviously shouldn't -- allow that to happen. The only way it might happen that I can see would be if the coins were on a bad fork. Right? Forget about logs, all the coins coming out of that wallet should be traceable and invalidated if they were in fact sent due to a bug in the client.

[mgburks77]

I had suspected as much as well. But apparently the BC devteam was on the ball and it was really just a blip. I have been observing BC as well as other coins along the course of those events across several different threads such "operation shitcoin" the BTCX attack progress thread, the BC thread +more and pretty much got to watch the whole thing transpire from that vantage point.

Very interesting and dramatic forum experience btw lol. I've been participating in internet forums for over 10 years and Bitcointalk is among the best, that's for sure.

I guess it's the money that's at stake that makes it so piquant 

[stormia]

How exactly is this possible, particularly with difficulty re-targeting every block?

Blocks may have timestamp different from real time. This allows keeping low difficulty. Time window is limited but enough for this attack.

Also, it is my understanding that not only would the difficulty of finding a PoW block go up, but the difficulty of finding a PoS would go down in response as well.

No.

Additionally, no matter how fast you can manage to generate a string of PoW blocks there is no way to know with certainty that a PoS block wont be randomly generated within that time and interrupt the string?

Again, one PoS block will not stop attack. Two will.

Additionally, no matter how fast you can manage to generate a string of PoW blocks there is no way to know with certainty that a PoS block wont be randomly generated within that time and interrupt the string?

Again, one PoS block will not stop attack. Two will.

This I don't understand because of my own ignorance, like most of the things I don't understand, how is it possible that you only need to control one PoS block to orphan your PoW chain and carry out this attack but there would need to be two legitimate PoS blocks to stop the attack from occurring?

Blocks may have timestamp different from real time.

So this is attack is dependent upon an unknown? Is there a way to confirm one way or another?

Also, it is my understanding that not only would the difficulty of finding a PoW block go up, but the difficulty of finding a PoS would go down in response as well.

No.

Can you be a little more detailed? I have been told in the past that the two difficulties adjust to one another.

[Soepkip]

POW has been proved

POW POS Hybrid have been proved, Sunny made a really nice software

POS only have never been proved,  have less programers dedicated to.

Thats the true.

But the fact is that all POW/POW+POS/POS coins have the possiblities to get attacked.
Blackcoin has its problem just a week ago.

Yeah and does anybody else find it interesting how timing of the "timebomb attack" described here:
http://www.blackcoin.co/wallet-2/official-statement-regarding-blockchain-problems-23rd-of-march/

"To solve the issue, by making a check for such cases and making sure the right value is always returned we had to hard fork the BlackCoin blockchain at block 38424."

Corresponds to the problems that occurred at cryptorush:

CryptoRush's problems with BlackCoin were due to their usage of the getbalance accounts function, which no other exchange out there uses for good reason:
https://en.bitcoin.it/wiki/Accounts_explained#Account_Weaknesses

In fact, the fork itself has nothing to do with the losses that CryptoRush had due to the usage of the accounts feature. If CryptoRush had checked the new version of BlackCoin before implementing it in their live exchange there would've been no losses since they would have found the issue with the accounts feature immediatly and asked us to fix it.  

But again we are discussing BlackCoin vs Mintcoin while we are talking security vunerabilities of PoW/PoS hybrid based systems.

[stormia]

POW has been proved

POW POS Hybrid have been proved, Sunny made a really nice software

POS only have never been proved,  have less programers dedicated to.

Thats the true.

But the fact is that all POW/POW+POS/POS coins have the possiblities to get attacked.
Blackcoin has its problem just a week ago.

Yeah and does anybody else find it interesting how timing of the "timebomb attack" described here:
http://www.blackcoin.co/wallet-2/official-statement-regarding-blockchain-problems-23rd-of-march/

"To solve the issue, by making a check for such cases and making sure the right value is always returned we had to hard fork the BlackCoin blockchain at block 38424."

Corresponds to the problems that occurred at cryptorush:

CryptoRush's problems with BlackCoin were due to their usage of the getbalance accounts function, which no other exchange out there uses for good reason:
https://en.bitcoin.it/wiki/Accounts_explained#Account_Weaknesses

In fact, the fork itself has nothing to do with the losses that CryptoRush had due to the usage of the accounts feature. If CryptoRush had checked the new version of BlackCoin before implementing it in their live exchange there would've been no losses since they would have found the issue with the accounts feature immediatly and asked us to fix it.  

But again we are discussing BlackCoin vs Mintcoin while we are talking security vunerabilities of PoW/PoS hybrid based systems.

Thanks for clarifying. I made no mention of Mintcoin vs Blackcoin. Just talking security, of both PoW/PoS hybrid systems and pure PoS.

[valley365]

This seems weird to me. The blackcoin gets hacked and killed cryptorush and now it blames the algorithm. Is MINT hacked? If it is so easy as one PoS block why not try to hack MINT and prove your "theory"? You'll quickly find your "theory" is flawed.

[mgburks77]

Time for real facts, not speculation.

[neilh]

This seems weird to me. The blackcoin gets hacked and killed cryptorush and now it blames the algorithm. Is MINT hacked? If it is so easy as one PoS block why try to hack MINT and prove your "theory"? You'll quickly find your "theory" is flawed.

Try reading this...

https://bitcointalk.org/index.php?topic=529779.0

Maybe then you will realise cryptorush committed suicide.

[draco71]

From what I read and understand, I suspect that forks are coming soon on POS/POW and POS only coins. But, this is perfectly fine.

We are talking about software, it can not be flawless. My personal experience, working for more than 15 years on a sw giant that controls more than 50% of the global market in a mainstream technology, proves it. There are hundreds of people here, working only on sw fault fixing, by patching the code all the time and deliver these patches to the customers around the globe.

So, please take it easy and relax. The possible faults will be discovered and fixed.

And have something else in mind: The real developers respect and support each other and they do not do "dogfights" as the coins investors/zealots/holders (you name it) do. And from what I saw so far, at least BC and MINT both have real developers.

[mgburks77]

My personal experience, working for more than 15 years on a sw giant that controls more than 50% of the global market in a mainstream technology

SAP?

[stormia]

From what I read and understand, I suspect that forks are coming soon on POS/POW and POS only coins. But, this is perfectly fine.

We are talking about software, it can not be flawless. My personal experience, working for more than 15 years on a sw giant that controls more than 50% of the global market in a mainstream technology, proves it. There are hundreds of people here, working only on sw fault fixing, by patching the code all the time and deliver these patches to the customers around the globe.

So, please take it easy and relax. The possible faults will be discovered and fixed.

And have something else in mind: The real developers respect and support each other and they do not do "dogfights" as the coins investors/zealots/holders (you name it) do. And from what I saw so far, at least BC and MINT both have real developers.

Agreed. These things need to be discussed. A lot of good can come out of it. Although, perhaps this would be better discussed not on a public thread such as this, where if any true and effective attack mechanism were described it would then be readily available for people to recognize and exploit. I think that, if somebody actually had good intentions for pointing out what they theorize as and believe is a possible security hole then they should have contacted the devs of the vulnerable coins directly and not stated the possible exploit on a public thread (IMHO; I also expressed this opinion to anonymousg64 when he started talking about the theoretical TX bug). FYI I have contacted both the mintcoin dev and the eccoin dev and neither of them are concerned about this "security issue"... whether that means it is not an issue at or, or that it is one that can be easily solved I am not entirely sure (they both made it sound like it was likely the former, though).

[rat4]

First post has been updated with second attack, actually tested on Mintcoin.

[Crestington]

From what I read and understand, I suspect that forks are coming soon on POS/POW and POS only coins. But, this is perfectly fine.

We are talking about software, it can not be flawless. My personal experience, working for more than 15 years on a sw giant that controls more than 50% of the global market in a mainstream technology, proves it. There are hundreds of people here, working only on sw fault fixing, by patching the code all the time and deliver these patches to the customers around the globe.

So, please take it easy and relax. The possible faults will be discovered and fixed.

And have something else in mind: The real developers respect and support each other and they do not do "dogfights" as the coins investors/zealots/holders (you name it) do. And from what I saw so far, at least BC and MINT both have real developers.

Agreed. These things need to be discussed. A lot of good can come out of it. Although, perhaps this would be better discussed not on a public thread such as this, where if any true and effective attack mechanism were described it would then be readily available for people to recognize and exploit. I think that, if somebody actually had good intentions for pointing out what they theorize as and believe is a possible security hole then they should have contacted the devs of the vulnerable coins directly and not stated the possible exploit on a public thread (IMHO; I also expressed this opinion to anonymousg64 when he started talking about the theoretical TX bug). FYI I have contacted both the mintcoin dev and the eccoin dev and neither of them are concerned about this "security issue"... whether that means it is not an issue at or, or that it is one that can be easily solved I am not entirely sure (they both made it sound like it was likely the former, though).

I wouldn't be afraid of operation shitcoin too much, they are more concerned community members than destructive hackers. I much prefer their "I don't give a fuck" attitude than people too afraid what others think but I guess I just like the renegade style.

[XbladeX]

First post has been updated with second attack, actually tested on Mintcoin.

rat4 i am impressed.

To be honest i am not programmer but i see that you know what you are are doing.
I have checked those blocks and i can confirm that your test attack is successful.

just use:
mintcoin-explorer.info
"no PoS blocks from 203231 up to 203441, more than 1 hour of real time"
and check those POW only blocks.
And it looks like that is no longer true, for now:

As you can see here, the PoW blocks have a different and independent difficulty algorithm than PoS blocks. If you start getting a lot of PoS blocks in a row, the chance of PoW block generation increases in order to achieve the PoW target; so after each PoS block is generated the likely-hood of generating a PoW block as the next block goes up, and after every PoW block, the chance of generating a PoS block goes up. They are both integrated with block targets and difficulties that are independent of one another; ]so one cannot perpetually overpower the other.This is why PoS/PoW hybrid is more secure vs just PoS only. And, it is also worth noting that over time, the Mintcoin networks actually will get more secure with age, whereas a PoW only coin has the potential to get less secure due to centralized mining processes. Mintcoin is protected from PoW overpowering, as well as PoS overpowering. You cannot know for certain the future of the Mintcion blockchain (at least very far). With Pure PoS, you know the future will always be a PoS block next, and with PoW you know that the future will always be PoW blocks next, but you cannot know the future with hybrid PoW/PoS like Mintcoin.

And Mintcoin is open for double spend attack according to Wiki...
https://en.bitcoin.it/wiki/Double-spending

[XbladeX]

This is a joke. Nice try to spread FUD about other coins, rat4, to try and promote your pure PoS blackcoin. How is it that Blackcoin prevents attack forks as a pure PoS coin, again?

You say "a sequential chain of PoW blocks can be mined in a flash."
Which is not true. Sure, you could mine all of the PoW blocks that occur sequentially, but there will be many, many more PoS blocks that interrupt those far and few apart PoW blocks.
....

I think you should apologize now rat4, thank him and pay him BIG bounty for helping Mintcoin and others for founding bugs...
And even bigger bounty for solving issue...

PS:He just mined 1h in POW Mintcoin you want more evidence... ? Do you want double spend ?

[MuffinMaster]

This is a joke. Nice try to spread FUD about other coins, rat4, to try and promote your pure PoS blackcoin. How is it that Blackcoin prevents attack forks as a pure PoS coin, again?

You say "a sequential chain of PoW blocks can be mined in a flash."
Which is not true. Sure, you could mine all of the PoW blocks that occur sequentially, but there will be many, many more PoS blocks that interrupt those far and few apart PoW blocks.
....

I think you should apologize now rat4, thank him and pay him BIG bounty for helping Mintcoin and others for founding bugs...
And even bigger bounty for solving issue...

PS:He just mined 1h in POW Mintcoin you want more evidence... ? Do you want double spend ?

serious props to rat4. better to find out now then have it escalate.

[mellomike]

Wow great job rat4 on finding this... while others tried to turn a blind eye to the subject to protect the image of their dear coin, you pointed out the flaws so that they could hopefully fix them.

Great dev!!