Security analysis of PoW/PoS hybrids with low PoW reward

[Jabulon]

Wow great job rat4 on finding this... while others tried to turn a blind eye to the subject to protect the image of their dear coin, you pointed out the flaws so that they could hopefully fix them.

Great dev!!

Hear hear! This is a true act of community-service, a contribution of enormous value to the evolution of safe and legitimate cryptocurrency. It speaks for itself, from far above the maddening crowd, and partisan mudslinging based on ignorance and greed.

[PhilippeStevens]

I expect some apologies from people in here calling fud when he was trying to help other coins..

[tacotime]

Told OP it was a bad idea, was ignored by OP in the Blackcoin thread. If you don't understand the code you're modifying, don't muck with it.

https://bitcointalk.org/index.php?topic=509928.msg5651789#msg5651789
https://bitcointalk.org/index.php?topic=469640.msg5651892#msg5651892

There is another issue with using stake modifiers derived only from PoS blocks as well.

[mgburks77]

I expect some apologies from people in here calling fud when he was trying to help other coins..

looks like the fud is still happening, I wouldn't hold your breath

[brokedummy]

Wow great job rat4 on finding this... while others tried to turn a blind eye to the subject to protect the image of their dear coin, you pointed out the flaws so that they could hopefully fix them.

Great dev!!

Hear hear! This is a true act of community-service, a contribution of enormous value to the evolution of safe and legitimate cryptocurrency. It speaks for itself, from far above the maddening crowd, and partisan mudslinging based on ignorance and greed.

This should NOT have been publicly exposed. If rat4 was truly a good guy he would have communicated this privately with the mintcointeam so that they could work on a fix before all was revealed. Not cool.

[rat4]

Told OP it was a bad idea, was ignored by OP in the Blackcoin thread. If you don't understand the code you're modifying, don't muck with it.

These attacks are not applicable to BlackCoin. Guess why.

[maarx]

Wow great job rat4 on finding this... while others tried to turn a blind eye to the subject to protect the image of their dear coin, you pointed out the flaws so that they could hopefully fix them.

Great dev!!

Hear hear! This is a true act of community-service, a contribution of enormous value to the evolution of safe and legitimate cryptocurrency. It speaks for itself, from far above the maddening crowd, and partisan mudslinging based on ignorance and greed.

This should NOT have been publicly exposed. If rat4 was truly a good guy he would have communicated this privately with the mintcointeam so that they could work on a fix before all was revealed. Not cool.

That was done. This was posted 18 hours after notifying the mintcoin dev's.

[mgburks77]

Wow great job rat4 on finding this... while others tried to turn a blind eye to the subject to protect the image of their dear coin, you pointed out the flaws so that they could hopefully fix them.

Great dev!!

Hear hear! This is a true act of community-service, a contribution of enormous value to the evolution of safe and legitimate cryptocurrency. It speaks for itself, from far above the maddening crowd, and partisan mudslinging based on ignorance and greed.

This should NOT have been publicly exposed. If rat4 was truly a good guy he would have communicated this privately with the mintcointeam so that they could work on a fix before all was revealed. Not cool.

That is what someone who is honest would have done, but he went and got a bunch of people from the BC thread to come to this thread and the mintcoin thread to spread FUD

We don't know even if there was actually a successful attack or not yet, that hasn't been confirmed. I certainly didn't notice any attack.

[tacotime]

Told OP it was a bad idea, was ignored by OP in the Blackcoin thread. If you don't understand the code you're modifying, don't muck with it.

These attacks are not applicable to BlackCoin. Guess why.

My guess is that you modified the trust weighting for PoS blocks (to lessen weighting for any individual block based on coinage) or that you manipulated timestamping variability, neither of which are great solutions in the distributed system you're playing with.

It looks like you tried to fix the stake modifier with a hardfork and then broke it in the process, too:
https://github.com/rat4/blackcoin/commit/47d2eec662b738b39cdb45f3ef6f72a13b929268#diff-25d902c24283ab8cfbac54dfa101ad31
https://github.com/rat4/blackcoin/commit/9dea231970c5c73dd6b7e3d0d20210233574a179#diff-25d902c24283ab8cfbac54dfa101ad31

Others vulnerabilities exist and you still refuse to address them (the "nothing at stake" fork, stake modifier manipulation).

[mgburks77]

Perhaps now is the time for additional helpful security testing of blackcoin?

[Soepkip]

Perhaps now is the time for additional security testing of blackcoin?

We welcome you to, really.

We are talking about systems that keeps track of people's money. People invest in coins with their hard earned money or do it via mining with their expensive equipment. If the coin's system is at risk this is a risk for everyone involved.

If you are successfull, have the same decency as us and report it to the devs. We did for MintCoin and you do not want to read their response. That is the sole reason it has been posted here. We too have money invested in other crypto's and would like them to be as secure as possible, that's why we checkout other coins security and report security risks immediatly.

[mgburks77]

Perhaps now is the time for additional security testing of blackcoin?

We welcome you to, really.

We are talking about systems that keeps track of people's money. People invest in coins with their hard earned money or do it via mining with their expensive equipment. If the coin's system is at risk this is a risk for everyone involved.

If you are successfull, have the same decency as us and report it to the devs. We did for MintCoin and you do not want to read their response. That is the sole reason it has been posted here. We too have money invested in other crypto's and would like them to be as secure as possible, that's why we checkout other coins security and report security risks immediatly.

You mean same decency and also helpfully inform all mintholders to go to BC thread and spread FUD?

No, I won't be doing that.

[XbladeX]

Perhaps now is the time for additional security testing of blackcoin?

We welcome you to, really.

We are talking about systems that keeps track of people's money. People invest in coins with their hard earned money or do it via mining with their expensive equipment. If the coin's system is at risk this is a risk for everyone involved.

If you are successfull, have the same decency as us and report it to the devs. We did for MintCoin and you do not want to read their response. That is the sole reason it has been posted here. We too have money invested in other crypto's and would like them to be as secure as possible, that's why we checkout other coins security and report security risks immediatly.

You mean same decency and also helpfully inform all mintholders to go to BC thread and spread FUD?

No, I won't be doing that.

Sry mgburks77 but Soepkip just answered because some people accuse BC developers Soepkip is one of them...
He is not just random hater, flamer or FUDer...I just believe him he proved his trustworthy and transparency so far.

[rat4]

Told OP it was a bad idea, was ignored by OP in the Blackcoin thread. If you don't understand the code you're modifying, don't muck with it.

These attacks are not applicable to BlackCoin. Guess why.

My guess is that you modified the trust weighting for PoS blocks so that PoW block or that you manipulated timestamping variability, neither of which are great solutions in the distributed system you're playing with.

It looks like you tried to fix the stake modifier with a hardfork and then broke it in the process, too:
https://github.com/rat4/blackcoin/commit/47d2eec662b738b39cdb45f3ef6f72a13b929268#diff-25d902c24283ab8cfbac54dfa101ad31
https://github.com/rat4/blackcoin/commit/9dea231970c5c73dd6b7e3d0d20210233574a179#diff-25d902c24283ab8cfbac54dfa101ad31

Others vulnerabilities exist and you still refuse to address them (the "nothing at stake" fork, stake modifier manipulation).

Zero difficulty PoW is open door and cannot be trusted. One of possible fixes is to disable PoW.

[mgburks77]

I just believe him he proved his trustworthy and transparency so far.

he's one of the one's so helpfully spreading FUD

so no, that is not the type of attention he is attracting

Zero difficulty PoW is open door and cannot be trusted. One of possible fixes is to disable PoW.

Thank you. I wondered if that was a possibility or not.

[tacotime]

Zero difficulty PoW is open door and cannot be trusted. One of possible fixes is to disable PoW.

Or you can have PoW with a reasonable subsidy and use it to secure the network, but then you just have PeerCoin.  Unsurprisingly, Peercoin works because of this and not in spite of this.  Now you've simply opened yourself to all the catastrophic bugs in PeerCoin's PoS system that you refuse to acknowledge.

There are easy applied fixes for hybrid PoW/PoS with low subsidy that involve adjusting the trust of the timestamping of PoW blocks and content of PoW blocks in general -- but again, there are the same PoS bugs which already exist in PeerCoin, which are non-trivial.

[tacotime]

tacotime can you please link some info about peercoin pos weaknesses?

ok
https://github.com/ethereum/wiki/wiki/Problems (See 5. Create an incentive-compatible proof-of-stake currency) and also here: http://blog.ethereum.org/2014/01/15/slasher-a-punitive-proof-of-stake-algorithm/

https://bitcointalk.org/index.php?topic=131940.0 (addressed by the creation of kernel.h and kernel.cpp which compute the stake modifier, which has its own problems)

[mgburks77]

So basically the claim is that because of this vulnerability it is possible to complete a 51% attack.

Is that or is that not also a possibility with pure PoS coins?

I'm not seeing how the security status of blackcoin is any different than the security status of mintcoin, as both are supposedly vulnerable to this attack. Which from what i gather is quite expensive to launch successfully and therefore highly unlikely in the first place.

[tacotime]

So basically the claim is that because of this vulnerability it is possible to complete a 51% attack.

Is that or is that not also a possibility with pure PoS coins?

I'm not seeing how the security status of blackcoin is any different than the security status of mintcoin, as both are supposedly vulnerable to this attack. Which from what i gather is quite expensive to launch successfully and therefore highly unlikely in the first place.

In the event of a fork, whether the fork is accidental or a malicious attempt to rewrite history and reverse a transaction, the optimal strategy for any miner is to mine on every chain, so that the miner gets their reward no matter which fork wins. Thus, assuming a large number of economically interested miners, an attacker may be able to send a transaction in exchange for some digital good (usually another cryptocurrency), receive the good, then start a fork of the blockchain from one block behind the transaction and send the money to themselves instead, and even with 1% of the total stake the attacker's fork would win because everyone else is mining on both.

[noerc]

tacotime can you please link some info about peercoin pos weaknesses?

ok
https://github.com/ethereum/wiki/wiki/Problems (See 5. Create an incentive-compatible proof-of-stake currency) and also here: http://blog.ethereum.org/2014/01/15/slasher-a-punitive-proof-of-stake-algorithm/

https://bitcointalk.org/index.php?topic=131940.0 (addressed by the creation of kernel.h and kernel.cpp which compute the stake modifier, which has its own problems)

Thanks a lot, this is very interesting. To problem #1: What exactly is meant with consensus failure and how does it affect network security? So if I have a faked time stamp that is t seconds in the future, how much less coins do I need to perform a 51% attack?