Bitcoin Forum
December 12, 2024, 12:52:22 AM *
News: Latest Bitcoin Core release: 28.0 [Torrent]
 
   Home   Help Search Login Register More  
Warning: One or more bitcointalk.org users have reported that they believe that the creator of this topic displays some red flags which make them high-risk. (Login to see the detailed trust ratings.) While the bitcointalk.org administration does not verify such claims, you should proceed with extreme caution.
Pages: [1] 2 3 »  All
  Print  
Author Topic: [HOWTO] kill any 100% PoS coins owning less than 1% of all coins.  (Read 13470 times)
dE_logics (OP)
Hero Member
*****
Offline Offline

Activity: 686
Merit: 500



View Profile WWW
May 11, 2014, 02:28:43 PM
Last edit: August 13, 2014, 03:15:30 PM by dE_logics
 #1

Since I'm not a developer nor a hacker I cant modify wallets to do such an attack, but here's the concept, which may not be right, but crackers may try.


We're going to exploit low PoS difficulty and prominently it's low for even 100% PoS coins. Like for mintcoin it's 0.243, even for popular and old coins like PPC, the difficulty is 10.

First let me explain the significance of difficult in PoS which's very much similar to difficulty in PoW. But don't assume low PoS difficulty means higher rate of returns. Each block gives the miner variable rewards depending on the current difficulty which predicts the probability of the coins to mint a PoS block. A low difficulty means the coins will easily be able to mint PoS blocks, since the number of PoS blocks generated by coins are frequent, the block reward will drop cause the interest rate is capped. In other words, when difficulty is low, the coins will have to wait less to generate a block reward, i.e. the coin will have less age so the block reward will be low. Similarly if the difficulty is high the block reward will increase cause the probability of the coins to make a PoS block will be less, so PoS blocks generated by the coins will be less but the interest rate has to be maintained at 20%; so to compensate for the lower block rate, the block reward will increase.

In PoS, when a node receives a number of coins all in 1 transaction (call this transaction X and the no. of coins in the transaction as A), all of these coins will be used to mine a block. The more the no. of coins in X, the higher the chance of hitting a block. The older transaction X goes the higher the chance of hitting a block. For coins which were received in another transaction (apart from X, call this transaction Z) but to the same address will try to mine a block separately from Z; the wallet will use Y along with X independently to mine blocks.

Suppose the probably of mining a block for X is within x days, after mining, the coin age renews to 0, making it ineligible to mine a block till it's old enough to mine blocks again.

We're going to compare the set of coins X which were received with in a single transaction to a no. of transactions the size of each being 1 coin, but the no. of transactions is such that it results in A no. of coins (i.e. A no. of transactions). This mean for each of these coins, the wallet will try to generate a block using them separately. Let's call this set of coins Y.

The probability of one coin to generate a block is x/A (since X has A no. of coins); for all of  A no. of coins used together, the probability to generate a block is (x/A)*A = x. So Y has the same probability to generate a block as compared to X. Once a block has been mined, the age of the single coin used to mine a block becomes 0 and it comes ineligible for mining, but all other coins are still eligible for mining. Now the probability of Y to generate another block is (x/A)*(A-1) which is almost x (call this changing value y, i.e. y is the current mining power of Y after a no. of coins's age has been reduce to 0). Depending on the size of A, the this value of y will almost be the same as x for (x/A)*(A-1), (x/A)*(A-2), (x/A)*(A-3)... (x/A)*(A-100). The larger the value of A, the closer is the mining power to x as a single coin will be less significant for a large value of A.

So Y has lot more power to generate blocks as compared to X with the same no. of coins. The attacker with possession of Y can wait for an attack till the coins become older which yields better probability of blocks. (update) In fact, the probability of generating a single block by splitting stakes (Y) is more effective than the regular X method. The reason being, as the no. of coins increases, the probability of hitting a block does not increase linearly (see this); it's increment rate decreases. So the network difficulty is lower. But if you've split your stake (as with Y), the probability of staking a block will increase linearly, cause each coin has it's own staking instance. It's stake is calculated separately.

In a 51% attack block mining power is exactly what you need. You try to fork the block chain and try to make the forked chain longer than the main chain and once that happens all valid transactions in those chains will be lost (double spending). So when it comes to hashing power, PoS is more vulnerable to PoW.

It's a fallacy that you need most of the coins in a PoS coin to attack it; it all depends on the difficulty. You can do an attack even if you have less than 1% of the coins. It's all on the difficulty.

If you do a mindless criticism (criticizing me without any reason or calling the whole text gibberish without stating a reason), realize that it's clear that you own a huge stake in a 100% PoS crypto and are planning to dump it at a pump which this article may reduce the probability of (if it is true).

If you don't believe me, very well. I got no issues, but I'm always open for constructive discussion. As of attackers, they may try this and succeed while you believe this's a lie.

▄▄▄█████████▄▄▄
▄▄█████████████████████▄▄
▄██████████▄▄▄    ▀▀▀███████▄
▄██████████████████▄▄▄   ▀▀█████▄
████████████████████████▌  ▄███████
██████████████▀▀    ▀▀██▀ ▄███▀ ▀████
███████████▀▀  ▄▄ ▄▄     ▄█████▄  ▀████
███████████  ▄▄ ▀█████▄ ▄█▀  █████  ▀████
▄██████████   ▀████▀  ▀███     █████  ▀███▄
██████████▌  ▄████▄  ▄█▀▀██▄   ▐█████  ████
██████████   ▀▀ ▀████▀    ██    ██████ ████
██████████▌      ▄███▄  ▄██▄   ▐██████H████
▀██████████▄   ▄█▀  ▀████▀▀▀   ███████████▀
██████████▀ ▄█▀    ██▀▀██   ▄████████████
███████▀ ▄███▄           ▄█████████████
█████▄▄█████████▄▄▄▄▄████████████████
▀█████████████████████████████████▀
▀█████████████████████████████▀
▀▀███████████████████████▀▀
▀▀███████████████▀▀
▀▀▀▀▀▀▀▀▀
.






  

             ▄████▄▄   ▄
█▄          ██████████▀▄
███        ███████████▀
▐████▄     ██████████▌
▄▄██████▄▄▄▄█████████▌
▀████████████████████
  ▀█████████████████
  ▄▄███████████████
   ▀█████████████▀
    ▄▄█████████▀
▀▀██████████▀
    ▀▀▀▀▀
  

                   ▄▄████
              ▄▄████████▌
         ▄▄█████████▀███
    ▄▄██████████▀▀ ▄███▌
▄████████████▀▀  ▄█████
▀▀▀███████▀   ▄███████▌
      ██    ▄█████████
       █  ▄██████████▌
       █  ███████████
       █ ██▀ ▀██████▌
       ██▀     ▀████
                 ▀█▌
  

             █▀▀▀▄▄▄██▄
             █     ▀██▀
            █
         ▄▄▄█▄▄▄
 ████▄▄███████████▄▄████
▐██████▀▀███████▀▀██████▌
 ▀████    █████    ████▀
  ████▄  ▄█████▄  ▄████
  ▀███████████████████▀
   ▀████▄▀█████▀▄████▀
     ▀▀███▄▄▄▄▄███▀▀
         ▀▀▀▀▀▀▀


          ▄████████
          █████████
          █████
          █████
      █████████████
      █████████████
          █████
          █████
          █████
          █████
          █████


█▄▄              █▄▄
█████▄▄         ██████▄▄
████████       ████████ █
████████ ██   ████████ ██
████████ ███ ████████ ███
████████ ████ ██████ ████
████████ █████ ████ █████
████████ ▀█████ ██ ██████
████████    ▀▀██  ███████
▀███████         ▀███████
   ▀▀███            ▀▀███
       ▀                ▀
primer10
Sr. Member
****
Offline Offline

Activity: 249
Merit: 250


View Profile
May 11, 2014, 02:55:36 PM
 #2

Curious, I have a few qns:

1) coin-age is no. of coins * number of days (age)? I am not sure how it is implemented but there are 2 points:
    a) age is limited depending on the coin's implementation
    b) max coin-age depends on the amount of coin you have at max age?

2) 51% attack assumes you can carry it out continuously? that is, more > 1 confirmations?
dE_logics (OP)
Hero Member
*****
Offline Offline

Activity: 686
Merit: 500



View Profile WWW
May 11, 2014, 03:18:45 PM
Last edit: May 11, 2014, 03:29:07 PM by dE_logics
 #3

Curious, I have a few qns:

1) coin-age is no. of coins * number of days (age)? I am not sure how it is implemented but there are 2 points:
    a) age is limited depending on the coin's implementation
    b) max coin-age depends on the amount of coin you have at max age?

2) 51% attack assumes you can carry it out continuously? that is, more > 1 confirmations?

Yes, that's the coin age as per my understanding. But in this article, when I talk about age, I talk about the actual age -- the amount of time the wallet has held the coin.

a) If you believe this calculator, as the coin becomes older (age is not the right term here) the probability of hitting a block increases and yes there is such a limit of 90 days. Also rate of interest per year (not per block) is limited. If you've not hit a block for a long time (the coin is very old -- older than 90 days), the rewards will be higher to maintain the ROI. This factor does not have any limit of the age. But this will not limit the attack vectors in any way.

b) This question is not clear considering the above discussion.

2) Yes, absolutely. For each block mined, only 1 coin's age is consumed. We have plenty of other coins in set Y. The bigger the size of A the longer you can attack.

▄▄▄█████████▄▄▄
▄▄█████████████████████▄▄
▄██████████▄▄▄    ▀▀▀███████▄
▄██████████████████▄▄▄   ▀▀█████▄
████████████████████████▌  ▄███████
██████████████▀▀    ▀▀██▀ ▄███▀ ▀████
███████████▀▀  ▄▄ ▄▄     ▄█████▄  ▀████
███████████  ▄▄ ▀█████▄ ▄█▀  █████  ▀████
▄██████████   ▀████▀  ▀███     █████  ▀███▄
██████████▌  ▄████▄  ▄█▀▀██▄   ▐█████  ████
██████████   ▀▀ ▀████▀    ██    ██████ ████
██████████▌      ▄███▄  ▄██▄   ▐██████H████
▀██████████▄   ▄█▀  ▀████▀▀▀   ███████████▀
██████████▀ ▄█▀    ██▀▀██   ▄████████████
███████▀ ▄███▄           ▄█████████████
█████▄▄█████████▄▄▄▄▄████████████████
▀█████████████████████████████████▀
▀█████████████████████████████▀
▀▀███████████████████████▀▀
▀▀███████████████▀▀
▀▀▀▀▀▀▀▀▀
.






  

             ▄████▄▄   ▄
█▄          ██████████▀▄
███        ███████████▀
▐████▄     ██████████▌
▄▄██████▄▄▄▄█████████▌
▀████████████████████
  ▀█████████████████
  ▄▄███████████████
   ▀█████████████▀
    ▄▄█████████▀
▀▀██████████▀
    ▀▀▀▀▀
  

                   ▄▄████
              ▄▄████████▌
         ▄▄█████████▀███
    ▄▄██████████▀▀ ▄███▌
▄████████████▀▀  ▄█████
▀▀▀███████▀   ▄███████▌
      ██    ▄█████████
       █  ▄██████████▌
       █  ███████████
       █ ██▀ ▀██████▌
       ██▀     ▀████
                 ▀█▌
  

             █▀▀▀▄▄▄██▄
             █     ▀██▀
            █
         ▄▄▄█▄▄▄
 ████▄▄███████████▄▄████
▐██████▀▀███████▀▀██████▌
 ▀████    █████    ████▀
  ████▄  ▄█████▄  ▄████
  ▀███████████████████▀
   ▀████▄▀█████▀▄████▀
     ▀▀███▄▄▄▄▄███▀▀
         ▀▀▀▀▀▀▀


          ▄████████
          █████████
          █████
          █████
      █████████████
      █████████████
          █████
          █████
          █████
          █████
          █████


█▄▄              █▄▄
█████▄▄         ██████▄▄
████████       ████████ █
████████ ██   ████████ ██
████████ ███ ████████ ███
████████ ████ ██████ ████
████████ █████ ████ █████
████████ ▀█████ ██ ██████
████████    ▀▀██  ███████
▀███████         ▀███████
   ▀▀███            ▀▀███
       ▀                ▀
primer10
Sr. Member
****
Offline Offline

Activity: 249
Merit: 250


View Profile
May 11, 2014, 03:29:51 PM
 #4


Yes, that's the coin age as per my understanding. But in this article, when I talk about age, I talk about the actual age -- the amount of time the wallet has held the coin.

a) If you believe this calculator, as the coin becomes older (age is not the right term here) the probability of hitting a block increases. It has no limits. What is limited is the rate of interest per year (not per block) vs the age of the coin (the amount of time the wallet has held the coin). If you've not hit a block for a long time (the coin is old), the rewards will be higher to maintain the ROI.

From: http://www.peercoin.net/minting: "The maximum age a coin can have is 90 days, after this the coin does not age further."

In other words, you are saying the implementation is not as described?

Quote
b) This question is not clear considering this

if there is a age limit, at max age, coin-age depends on num of coin

Quote
2) Yes, absolutely. For each block mined, only 1 coin's age is consumed. We have plenty of other coins in set Y. The bigger the size of A the longer you can attack.

yes, assuming no age limit, we can have 1 coin per transaction and for each coin of great age, it is possible for multiple block finding.
dE_logics (OP)
Hero Member
*****
Offline Offline

Activity: 686
Merit: 500



View Profile WWW
May 11, 2014, 03:59:38 PM
 #5


Yes, that's the coin age as per my understanding. But in this article, when I talk about age, I talk about the actual age -- the amount of time the wallet has held the coin.

a) If you believe this calculator, as the coin becomes older (age is not the right term here) the probability of hitting a block increases. It has no limits. What is limited is the rate of interest per year (not per block) vs the age of the coin (the amount of time the wallet has held the coin). If you've not hit a block for a long time (the coin is old), the rewards will be higher to maintain the ROI.

From: http://www.peercoin.net/minting: "The maximum age a coin can have is 90 days, after this the coin does not age further."

In other words, you are saying the implementation is not as described?

Quote
b) This question is not clear considering this

if there is a age limit, at max age, coin-age depends on num of coin

Quote
2) Yes, absolutely. For each block mined, only 1 coin's age is consumed. We have plenty of other coins in set Y. The bigger the size of A the longer you can attack.

yes, assuming no age limit, we can have 1 coin per transaction and for each coin of great age, it is possible for multiple block finding.

Sorry about that, I modified the above post before you read it.

As per the calculator and the link you provided, the coin age literally mean the coins age, not no. of coins * days the coins has been held.

Quote from: primer10
coin-age depends on num of coin

If you see that calculator, if you increase the no. of coins, the probability of hitting a block always increases regardless of the amount.

Quote
yes, assuming no age limit, we can have 1 coin per transaction and for each coin of great age, it is possible for multiple block finding.

No, it's not assuming that. I've specified this --

Quote
Once a block has been mined, the age of the single coin used to mine a block becomes 0 and it comes ineligible for mining, but all other coins are still eligible for mining.

Edit -- I've not considered TX fee which's something PPC specific. PPC is not 100% PoS.

I'll think about TX fee also.

▄▄▄█████████▄▄▄
▄▄█████████████████████▄▄
▄██████████▄▄▄    ▀▀▀███████▄
▄██████████████████▄▄▄   ▀▀█████▄
████████████████████████▌  ▄███████
██████████████▀▀    ▀▀██▀ ▄███▀ ▀████
███████████▀▀  ▄▄ ▄▄     ▄█████▄  ▀████
███████████  ▄▄ ▀█████▄ ▄█▀  █████  ▀████
▄██████████   ▀████▀  ▀███     █████  ▀███▄
██████████▌  ▄████▄  ▄█▀▀██▄   ▐█████  ████
██████████   ▀▀ ▀████▀    ██    ██████ ████
██████████▌      ▄███▄  ▄██▄   ▐██████H████
▀██████████▄   ▄█▀  ▀████▀▀▀   ███████████▀
██████████▀ ▄█▀    ██▀▀██   ▄████████████
███████▀ ▄███▄           ▄█████████████
█████▄▄█████████▄▄▄▄▄████████████████
▀█████████████████████████████████▀
▀█████████████████████████████▀
▀▀███████████████████████▀▀
▀▀███████████████▀▀
▀▀▀▀▀▀▀▀▀
.






  

             ▄████▄▄   ▄
█▄          ██████████▀▄
███        ███████████▀
▐████▄     ██████████▌
▄▄██████▄▄▄▄█████████▌
▀████████████████████
  ▀█████████████████
  ▄▄███████████████
   ▀█████████████▀
    ▄▄█████████▀
▀▀██████████▀
    ▀▀▀▀▀
  

                   ▄▄████
              ▄▄████████▌
         ▄▄█████████▀███
    ▄▄██████████▀▀ ▄███▌
▄████████████▀▀  ▄█████
▀▀▀███████▀   ▄███████▌
      ██    ▄█████████
       █  ▄██████████▌
       █  ███████████
       █ ██▀ ▀██████▌
       ██▀     ▀████
                 ▀█▌
  

             █▀▀▀▄▄▄██▄
             █     ▀██▀
            █
         ▄▄▄█▄▄▄
 ████▄▄███████████▄▄████
▐██████▀▀███████▀▀██████▌
 ▀████    █████    ████▀
  ████▄  ▄█████▄  ▄████
  ▀███████████████████▀
   ▀████▄▀█████▀▄████▀
     ▀▀███▄▄▄▄▄███▀▀
         ▀▀▀▀▀▀▀


          ▄████████
          █████████
          █████
          █████
      █████████████
      █████████████
          █████
          █████
          █████
          █████
          █████


█▄▄              █▄▄
█████▄▄         ██████▄▄
████████       ████████ █
████████ ██   ████████ ██
████████ ███ ████████ ███
████████ ████ ██████ ████
████████ █████ ████ █████
████████ ▀█████ ██ ██████
████████    ▀▀██  ███████
▀███████         ▀███████
   ▀▀███            ▀▀███
       ▀                ▀
dE_logics (OP)
Hero Member
*****
Offline Offline

Activity: 686
Merit: 500



View Profile WWW
May 13, 2014, 03:47:06 PM
 #6

For 0.01 TX fee, the attack will be made just 1% more expensive.

So it doesn't matter.

▄▄▄█████████▄▄▄
▄▄█████████████████████▄▄
▄██████████▄▄▄    ▀▀▀███████▄
▄██████████████████▄▄▄   ▀▀█████▄
████████████████████████▌  ▄███████
██████████████▀▀    ▀▀██▀ ▄███▀ ▀████
███████████▀▀  ▄▄ ▄▄     ▄█████▄  ▀████
███████████  ▄▄ ▀█████▄ ▄█▀  █████  ▀████
▄██████████   ▀████▀  ▀███     █████  ▀███▄
██████████▌  ▄████▄  ▄█▀▀██▄   ▐█████  ████
██████████   ▀▀ ▀████▀    ██    ██████ ████
██████████▌      ▄███▄  ▄██▄   ▐██████H████
▀██████████▄   ▄█▀  ▀████▀▀▀   ███████████▀
██████████▀ ▄█▀    ██▀▀██   ▄████████████
███████▀ ▄███▄           ▄█████████████
█████▄▄█████████▄▄▄▄▄████████████████
▀█████████████████████████████████▀
▀█████████████████████████████▀
▀▀███████████████████████▀▀
▀▀███████████████▀▀
▀▀▀▀▀▀▀▀▀
.






  

             ▄████▄▄   ▄
█▄          ██████████▀▄
███        ███████████▀
▐████▄     ██████████▌
▄▄██████▄▄▄▄█████████▌
▀████████████████████
  ▀█████████████████
  ▄▄███████████████
   ▀█████████████▀
    ▄▄█████████▀
▀▀██████████▀
    ▀▀▀▀▀
  

                   ▄▄████
              ▄▄████████▌
         ▄▄█████████▀███
    ▄▄██████████▀▀ ▄███▌
▄████████████▀▀  ▄█████
▀▀▀███████▀   ▄███████▌
      ██    ▄█████████
       █  ▄██████████▌
       █  ███████████
       █ ██▀ ▀██████▌
       ██▀     ▀████
                 ▀█▌
  

             █▀▀▀▄▄▄██▄
             █     ▀██▀
            █
         ▄▄▄█▄▄▄
 ████▄▄███████████▄▄████
▐██████▀▀███████▀▀██████▌
 ▀████    █████    ████▀
  ████▄  ▄█████▄  ▄████
  ▀███████████████████▀
   ▀████▄▀█████▀▄████▀
     ▀▀███▄▄▄▄▄███▀▀
         ▀▀▀▀▀▀▀


          ▄████████
          █████████
          █████
          █████
      █████████████
      █████████████
          █████
          █████
          █████
          █████
          █████


█▄▄              █▄▄
█████▄▄         ██████▄▄
████████       ████████ █
████████ ██   ████████ ██
████████ ███ ████████ ███
████████ ████ ██████ ████
████████ █████ ████ █████
████████ ▀█████ ██ ██████
████████    ▀▀██  ███████
▀███████         ▀███████
   ▀▀███            ▀▀███
       ▀                ▀
reRaise
Hero Member
*****
Offline Offline

Activity: 868
Merit: 1000


View Profile
May 23, 2014, 06:58:35 PM
 #7

Interesting, can others more experienced confirm? Will this also apply to hybrid PoS/PoW?
Zzzack
Full Member
***
Offline Offline

Activity: 168
Merit: 100


View Profile
May 24, 2014, 06:20:24 PM
 #8

Interesting, can others more experienced confirm? Will this also apply to hybrid PoS/PoW?

Agreed this needs more discussion.

I don't think anyone knows how secure 100% POS is based on all the peercointalk forum posts i've read

Producer
primer10
Sr. Member
****
Offline Offline

Activity: 249
Merit: 250


View Profile
May 24, 2014, 06:49:07 PM
 #9

Interesting, can others more experienced confirm? Will this also apply to hybrid PoS/PoW?

Agreed this needs more discussion.

I don't think anyone knows how secure 100% POS is based on all the peercointalk forum posts i've read

Perhaps can check with Jutarul?

Ref: https://bitcointalk.org/index.php?topic=131901.0
dE_logics (OP)
Hero Member
*****
Offline Offline

Activity: 686
Merit: 500



View Profile WWW
May 25, 2014, 04:39:54 AM
 #10

Interesting, can others more experienced confirm? Will this also apply to hybrid PoS/PoW?

Agreed this needs more discussion.

I don't think anyone knows how secure 100% POS is based on all the peercointalk forum posts i've read

Perhaps can check with Jutarul?

Ref: https://bitcointalk.org/index.php?topic=131901.0

Looks like this vulnerability is known since December.

▄▄▄█████████▄▄▄
▄▄█████████████████████▄▄
▄██████████▄▄▄    ▀▀▀███████▄
▄██████████████████▄▄▄   ▀▀█████▄
████████████████████████▌  ▄███████
██████████████▀▀    ▀▀██▀ ▄███▀ ▀████
███████████▀▀  ▄▄ ▄▄     ▄█████▄  ▀████
███████████  ▄▄ ▀█████▄ ▄█▀  █████  ▀████
▄██████████   ▀████▀  ▀███     █████  ▀███▄
██████████▌  ▄████▄  ▄█▀▀██▄   ▐█████  ████
██████████   ▀▀ ▀████▀    ██    ██████ ████
██████████▌      ▄███▄  ▄██▄   ▐██████H████
▀██████████▄   ▄█▀  ▀████▀▀▀   ███████████▀
██████████▀ ▄█▀    ██▀▀██   ▄████████████
███████▀ ▄███▄           ▄█████████████
█████▄▄█████████▄▄▄▄▄████████████████
▀█████████████████████████████████▀
▀█████████████████████████████▀
▀▀███████████████████████▀▀
▀▀███████████████▀▀
▀▀▀▀▀▀▀▀▀
.






  

             ▄████▄▄   ▄
█▄          ██████████▀▄
███        ███████████▀
▐████▄     ██████████▌
▄▄██████▄▄▄▄█████████▌
▀████████████████████
  ▀█████████████████
  ▄▄███████████████
   ▀█████████████▀
    ▄▄█████████▀
▀▀██████████▀
    ▀▀▀▀▀
  

                   ▄▄████
              ▄▄████████▌
         ▄▄█████████▀███
    ▄▄██████████▀▀ ▄███▌
▄████████████▀▀  ▄█████
▀▀▀███████▀   ▄███████▌
      ██    ▄█████████
       █  ▄██████████▌
       █  ███████████
       █ ██▀ ▀██████▌
       ██▀     ▀████
                 ▀█▌
  

             █▀▀▀▄▄▄██▄
             █     ▀██▀
            █
         ▄▄▄█▄▄▄
 ████▄▄███████████▄▄████
▐██████▀▀███████▀▀██████▌
 ▀████    █████    ████▀
  ████▄  ▄█████▄  ▄████
  ▀███████████████████▀
   ▀████▄▀█████▀▄████▀
     ▀▀███▄▄▄▄▄███▀▀
         ▀▀▀▀▀▀▀


          ▄████████
          █████████
          █████
          █████
      █████████████
      █████████████
          █████
          █████
          █████
          █████
          █████


█▄▄              █▄▄
█████▄▄         ██████▄▄
████████       ████████ █
████████ ██   ████████ ██
████████ ███ ████████ ███
████████ ████ ██████ ████
████████ █████ ████ █████
████████ ▀█████ ██ ██████
████████    ▀▀██  ███████
▀███████         ▀███████
   ▀▀███            ▀▀███
       ▀                ▀
dE_logics (OP)
Hero Member
*****
Offline Offline

Activity: 686
Merit: 500



View Profile WWW
May 27, 2014, 03:30:16 AM
 #11

Interesting, can others more experienced confirm? Will this also apply to hybrid PoS/PoW?

Agreed this needs more discussion.

I don't think anyone knows how secure 100% POS is based on all the peercointalk forum posts i've read

Perhaps can check with Jutarul?

Ref: https://bitcointalk.org/index.php?topic=131901.0

Looks like this vulnerability is known since December.

Humm... I think this attack is different. The vulnerability in this thread cannot be fixed like this. The design of the coin has to be changed for it to be fixed.

The link just increases the no. of trials the wallet does to generate a valid block, were as this increases the probability of a block by splitting the stake.

▄▄▄█████████▄▄▄
▄▄█████████████████████▄▄
▄██████████▄▄▄    ▀▀▀███████▄
▄██████████████████▄▄▄   ▀▀█████▄
████████████████████████▌  ▄███████
██████████████▀▀    ▀▀██▀ ▄███▀ ▀████
███████████▀▀  ▄▄ ▄▄     ▄█████▄  ▀████
███████████  ▄▄ ▀█████▄ ▄█▀  █████  ▀████
▄██████████   ▀████▀  ▀███     █████  ▀███▄
██████████▌  ▄████▄  ▄█▀▀██▄   ▐█████  ████
██████████   ▀▀ ▀████▀    ██    ██████ ████
██████████▌      ▄███▄  ▄██▄   ▐██████H████
▀██████████▄   ▄█▀  ▀████▀▀▀   ███████████▀
██████████▀ ▄█▀    ██▀▀██   ▄████████████
███████▀ ▄███▄           ▄█████████████
█████▄▄█████████▄▄▄▄▄████████████████
▀█████████████████████████████████▀
▀█████████████████████████████▀
▀▀███████████████████████▀▀
▀▀███████████████▀▀
▀▀▀▀▀▀▀▀▀
.






  

             ▄████▄▄   ▄
█▄          ██████████▀▄
███        ███████████▀
▐████▄     ██████████▌
▄▄██████▄▄▄▄█████████▌
▀████████████████████
  ▀█████████████████
  ▄▄███████████████
   ▀█████████████▀
    ▄▄█████████▀
▀▀██████████▀
    ▀▀▀▀▀
  

                   ▄▄████
              ▄▄████████▌
         ▄▄█████████▀███
    ▄▄██████████▀▀ ▄███▌
▄████████████▀▀  ▄█████
▀▀▀███████▀   ▄███████▌
      ██    ▄█████████
       █  ▄██████████▌
       █  ███████████
       █ ██▀ ▀██████▌
       ██▀     ▀████
                 ▀█▌
  

             █▀▀▀▄▄▄██▄
             █     ▀██▀
            █
         ▄▄▄█▄▄▄
 ████▄▄███████████▄▄████
▐██████▀▀███████▀▀██████▌
 ▀████    █████    ████▀
  ████▄  ▄█████▄  ▄████
  ▀███████████████████▀
   ▀████▄▀█████▀▄████▀
     ▀▀███▄▄▄▄▄███▀▀
         ▀▀▀▀▀▀▀


          ▄████████
          █████████
          █████
          █████
      █████████████
      █████████████
          █████
          █████
          █████
          █████
          █████


█▄▄              █▄▄
█████▄▄         ██████▄▄
████████       ████████ █
████████ ██   ████████ ██
████████ ███ ████████ ███
████████ ████ ██████ ████
████████ █████ ████ █████
████████ ▀█████ ██ ██████
████████    ▀▀██  ███████
▀███████         ▀███████
   ▀▀███            ▀▀███
       ▀                ▀
m-s-v
Full Member
***
Offline Offline

Activity: 145
Merit: 100


View Profile
May 28, 2014, 12:41:18 PM
 #12

As far as I can see, this does not apply to Nxt, since there is no "aging" of coins after they forge a block.
digitalindustry
Hero Member
*****
Offline Offline

Activity: 798
Merit: 1000


‘Try to be nice’


View Profile WWW
May 28, 2014, 02:07:12 PM
 #13

Interesting just because i know no one outside of hard core Crypto is going to understand any of that - can i just state it in plain language and you tell me if i far or close to the mark?


PoS  means Proof of ownership like owning a Bond. + interest.

When you hold units of crpyto they age like bonds and mature giving back an "interest" stake -  

DE_logics is basically saying  or theorizing that under certain conditions  if you had:


10 Bonds (ten pieces of interest bearing paper) each worth 1 unit + 1 unit of interest.

you would earn more net interest verses:

One single 10 unit Bond + its interest.

* even if the interest is meant to be equal - i.e the 10 bonds should equal the exact same net return as the single Bond because they are the same units net worth and the interest rate is "fixed" by whole the system.

and in this way, this could be a flaw in PoS  because someone could split up their bonds (something you can do with crypto)  and generate enough interest to control the whole game.



how did i do ?

if its on or close to the mark i will post it back on the other thread as it is relevant -

- Twitter @Kolin_Quark
TheCoinFinder
Legendary
*
Offline Offline

Activity: 938
Merit: 1001



View Profile WWW
May 28, 2014, 02:34:43 PM
 #14

Interesting just because i know no one outside of hard core Crypto is going to understand any of that - can i just state it in plain language and you tell me if i far or close to the mark?


PoS  means Proof of ownership like owning a Bond. + interest.

When you hold units of crpyto they age like bonds and mature giving back an "interest" stake -  

DE_logics is basically saying  or theorizing that under certain conditions  if you had:


10 Bonds (ten pieces of interest bearing paper) each worth 1 unit + 1 unit of interest.

you would earn more net interest verses:

One single 10 unit Bond + its interest.

* even if the interest is meant to be equal - i.e the 10 bonds should equal the exact same net return as the single Bond because they are the same units net worth and the interest rate is "fixed" by whole the system.

and in this way, this could be a flaw in PoS  because someone could split up their bonds (something you can do with crypto)  and generate enough interest to control the whole game.



how did i do ?

if its on or close to the mark i will post it back on the other thread as it is relevant -


From reading it, it seems similar.

Basically, when you find a block - the coins in the transaction that were used to mine the block are all reset to 0.

If there is less coins in the transaction, there are less coins reset.

However, doesn't the luck increase exponentially rather than evenly, such that a transaction with 4 coins in, is far more probable than 4 single 1 coin transactions to mint a block?


.Deviant.io.                ▄▄▄▄███▄▄▄▄
             ▄█▀▀░░░░░░░░░▀▀█▄
           ██▀░░░░░░░░░░░░░░░░██
         ▄█▀░░░░░░░░░░░░░░░░░░░▐█▄
        ▐█░░░▄████████████████▄░░
        █▌░░███▀▀▀████████▀▀▀██▌▐█
        █▌░░█████▌  ▐▄▄   ██████░▐█
        ██░░▀██████████████████░▒██
        ▄██▄▄███▀▓▓▓▓▓▓▓▀███▄░▄███▄
     ▄██▓▓▓██▓▓███▀▀▒▒▒▀▀███▓▓██▓▓▓▓██
    ▐█▓▓▓▓█▓██▀▒▒▒▒▒▒▒▒▒▒▒▌▒▀████▓█▓▓▓
    ▀███████▒▒▒▒▒▒▒▒▒▒▒█▀█▒▒▒████████▀
      ▀████▒▒▒▒▒▒▒▒▒▒▄█▀▒▒█▒██▀▒████▀
      ▐█▓█▌▒▒▒▒▒▒▒▒██▒▓▓▓▒▀▒▒▒▒▓██▓█▌
      ██▓█▌▒▒▒▒▒▒██▓████▓▒▒▒▓▓▒███▓█▌
      ▐█▓██▒▒▒▒███▀▒▒▒█▌▓▓▓██▀▒██▓█▌
       ██▒█▌▒▀▒▒▒▒▒▒▒▒█▌▓██▀▒▒▒▒█▒██
        ██▒██▒▒▒▒▒▒▒▒▒█▀▒▒▒▒▒▒██▒██
         ▀█▓▓██▄▒▒▒▒▒▒▒▒▒▒▒▄██▓▓█▀
           ▀██▒▀█████▄█████▀▓██▀
         ▄▄▓▓▓█████▄▄▓▄▄█████▓▓▄▄

























      ▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▄
     ▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▌
     ▓▓▓▓▓▓▓▓▓▓▓▓     ▓▀▓▓▓▌
     ▓▓▓   ▓▓▓▓▓        ▐▓▓▌
     ▓▓▓               ▐▓▓▓▌
    ▐▓▓▓               ▓▓▓▓▌
    ▐▓▓▓▓             ▓▓▓▓▓▌
    ▐▓▓▓▓▓▄▄         ▓▓▓▓▓▓▌
    ▐▓▓▓▓         ▄▓▓▓▓▓▓▓▓▌
    ▐▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▌
     ▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓

    ▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▌
    ▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▀▀▀▀▓▓▓▌
    ▓▓▓▓▓▓▓▓▓▓▓▓▓▀      ▓▓▓▌
    ▓▓▓▓▓▓▓▓▓▓▓▓▌    ▓▓▓▓▓▓▌
    ▓▓▓▓▓▓▓▓▓▓▓▓▌   ▐▓▓▓▓▓▓▌
    ▓▓▓▓▓▓▓▓▓▌          ▓▓▓▌
    ▓▓▓▓▓▓▓▓▓▌         ▐▓▓▓▌
    ▓▓▓▓▓▓▓▓▓▓▓▓▌   ▐▓▓▓▓▓▓▌
    ▓▓▓▓▓▓▓▓▓▓▓▓▌   ▐▓▓▓▓▓▓▌
    ▓▓▓▓▓▓▓▓▓▓▓▓▌   ▐▓▓▓▓▓▓▌
    ▓▓▓▓▓▓▓▓▓▓▓▓▌   ▐▓▓▓▓▓▓▌

    ░▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓
    ░▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓
    ░▓▓▓▓▓▓▓░░▓▓▓▓░░▓▓▓▓▓▓▓▓
    ░▓▓▓▓▓²         ` ║▓▓▓▓▓
    ░▓▓▓▓              ╢▓▓▓▓
    ░▓▓▓Γ    ▓╥  ╓▓┐    ▓▓▓▓
    ░▓▓▓     ╙`   ╙     ▓▓▓▓
    ░▓▓▓╥   ─,,  ,,─   ╓▓▓▓▓
    ░▓▓▓▓▓▓░░▓▓▓▓▓▓░░░▓▓▓▓▓▓
    ░▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓
    ░▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓

    ▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓
    ▓▓▓▓▀▀▀▓▓▓▓▓    ▀▀▀▀▓▓▓▓
    ▓▓▓▓   `▓▓▓▀        ▓▓▓▓
    ▓▓▓▓▌            ▄▓▓▓▓▓▓
    ▓▓       ,▄▄▓▓   ▐▓▓▓▓▓▓
    ▓▓▄,▄▄   ▐▓▓▓▓▓   ▀▀ '▀▓
    ▓▓▓▓▓▓▓   ▀▓▀▀▀       ▄▓
    ▓▓▓▓▓▓▓             ▓▓▓▓
    ▓▓▓▓▀       ▄▄▓▓▌   ▓▓▓▓
    ▓▓▓▓▓▄▄▄▄   ▓▓▓▓▓▄,▄▓▓▓▓
    ▓▓▓▓▓▓▓▓▓▄  ▐▓▓▓▓▓▓▓▓▓▓▓
reRaise
Hero Member
*****
Offline Offline

Activity: 868
Merit: 1000


View Profile
May 28, 2014, 02:53:39 PM
 #15

Someone should do this practically? It would be a huge turn off to PoS, this is pretty big and should be fixed?

dE_logics (OP)
Hero Member
*****
Offline Offline

Activity: 686
Merit: 500



View Profile WWW
May 28, 2014, 05:41:16 PM
 #16

Interesting just because i know no one outside of hard core Crypto is going to understand any of that - can i just state it in plain language and you tell me if i far or close to the mark?


PoS  means Proof of ownership like owning a Bond. + interest.

When you hold units of crpyto they age like bonds and mature giving back an "interest" stake -  

DE_logics is basically saying  or theorizing that under certain conditions  if you had:


10 Bonds (ten pieces of interest bearing paper) each worth 1 unit + 1 unit of interest.

you would earn more net interest verses:

One single 10 unit Bond + its interest.

* even if the interest is meant to be equal - i.e the 10 bonds should equal the exact same net return as the single Bond because they are the same units net worth and the interest rate is "fixed" by whole the system.

and in this way, this could be a flaw in PoS  because someone could split up their bonds (something you can do with crypto)  and generate enough interest to control the whole game.



how did i do ?

if its on or close to the mark i will post it back on the other thread as it is relevant -

No no, that's not the vulnerability. That issue got taken care off in the first release of PPC. That's why I tried to explain here --

Quote
Each block gives the miner variable rewards depending on the current difficulty which predicts the probability of the coins to mint a PoS block. A low difficulty means the coins will easily be able to mint PoS blocks, since the number of PoS blocks generated by coins are frequent, the block reward will drop cause the interest rate is capped. In other words, when difficulty is low, the coins will have to wait less to generate a block reward, i.e. the coin will have less age so the block reward will be low. Similarly if the difficulty is high the block reward will increase cause the probability of the coins to make a PoS block will be less, so PoS blocks generated by the coins will be less but the interest rate has to be maintained at 20%; so to compensate for the lower block rate, the block reward will increase.

In the illustrated attack the interest generated will be the same, but the rate of generating blocks will increase dramatically.

▄▄▄█████████▄▄▄
▄▄█████████████████████▄▄
▄██████████▄▄▄    ▀▀▀███████▄
▄██████████████████▄▄▄   ▀▀█████▄
████████████████████████▌  ▄███████
██████████████▀▀    ▀▀██▀ ▄███▀ ▀████
███████████▀▀  ▄▄ ▄▄     ▄█████▄  ▀████
███████████  ▄▄ ▀█████▄ ▄█▀  █████  ▀████
▄██████████   ▀████▀  ▀███     █████  ▀███▄
██████████▌  ▄████▄  ▄█▀▀██▄   ▐█████  ████
██████████   ▀▀ ▀████▀    ██    ██████ ████
██████████▌      ▄███▄  ▄██▄   ▐██████H████
▀██████████▄   ▄█▀  ▀████▀▀▀   ███████████▀
██████████▀ ▄█▀    ██▀▀██   ▄████████████
███████▀ ▄███▄           ▄█████████████
█████▄▄█████████▄▄▄▄▄████████████████
▀█████████████████████████████████▀
▀█████████████████████████████▀
▀▀███████████████████████▀▀
▀▀███████████████▀▀
▀▀▀▀▀▀▀▀▀
.






  

             ▄████▄▄   ▄
█▄          ██████████▀▄
███        ███████████▀
▐████▄     ██████████▌
▄▄██████▄▄▄▄█████████▌
▀████████████████████
  ▀█████████████████
  ▄▄███████████████
   ▀█████████████▀
    ▄▄█████████▀
▀▀██████████▀
    ▀▀▀▀▀
  

                   ▄▄████
              ▄▄████████▌
         ▄▄█████████▀███
    ▄▄██████████▀▀ ▄███▌
▄████████████▀▀  ▄█████
▀▀▀███████▀   ▄███████▌
      ██    ▄█████████
       █  ▄██████████▌
       █  ███████████
       █ ██▀ ▀██████▌
       ██▀     ▀████
                 ▀█▌
  

             █▀▀▀▄▄▄██▄
             █     ▀██▀
            █
         ▄▄▄█▄▄▄
 ████▄▄███████████▄▄████
▐██████▀▀███████▀▀██████▌
 ▀████    █████    ████▀
  ████▄  ▄█████▄  ▄████
  ▀███████████████████▀
   ▀████▄▀█████▀▄████▀
     ▀▀███▄▄▄▄▄███▀▀
         ▀▀▀▀▀▀▀


          ▄████████
          █████████
          █████
          █████
      █████████████
      █████████████
          █████
          █████
          █████
          █████
          █████


█▄▄              █▄▄
█████▄▄         ██████▄▄
████████       ████████ █
████████ ██   ████████ ██
████████ ███ ████████ ███
████████ ████ ██████ ████
████████ █████ ████ █████
████████ ▀█████ ██ ██████
████████    ▀▀██  ███████
▀███████         ▀███████
   ▀▀███            ▀▀███
       ▀                ▀
zackclark70
Legendary
*
Offline Offline

Activity: 868
Merit: 1000

ADT developer


View Profile
May 28, 2014, 05:47:26 PM
 #17

i can confirm that the OP is on the right track and it is possible to fork a coin with only a few stake blocks but there are far more reliable and effective ways of making a coin fork

I have been running a POW/POS coin for while now and i have seen a lot of ways people try and attack coins i cant go into how its done but a lot of the coins are no way near as secure as people want you to think 

dE_logics (OP)
Hero Member
*****
Offline Offline

Activity: 686
Merit: 500



View Profile WWW
May 28, 2014, 05:47:33 PM
 #18

However, doesn't the luck increase exponentially rather than evenly, such that a transaction with 4 coins in, is far more probable than 4 single 1 coin transactions to mint a block?

Yes -- this's close to what I'm trying to do. The luck remains the same with 4 single 1 coin transactions, but after a block has been mined, one of the coin's age will be consumed and it'll not be available for mining -- the rest 3 are still available for mining.

So that increases the effective hashing power exponentially and for a long amount of time.

Of course 4 coins is just an e.g. I've already said --

Quote
The larger the value of A, the closer is the mining power to x as a single coin will be less significant for a large value of A.

In this e.g. A = 4 single 1 coin transactions

And x = approx. time to mine a block when A is received as a single full transaction.

▄▄▄█████████▄▄▄
▄▄█████████████████████▄▄
▄██████████▄▄▄    ▀▀▀███████▄
▄██████████████████▄▄▄   ▀▀█████▄
████████████████████████▌  ▄███████
██████████████▀▀    ▀▀██▀ ▄███▀ ▀████
███████████▀▀  ▄▄ ▄▄     ▄█████▄  ▀████
███████████  ▄▄ ▀█████▄ ▄█▀  █████  ▀████
▄██████████   ▀████▀  ▀███     █████  ▀███▄
██████████▌  ▄████▄  ▄█▀▀██▄   ▐█████  ████
██████████   ▀▀ ▀████▀    ██    ██████ ████
██████████▌      ▄███▄  ▄██▄   ▐██████H████
▀██████████▄   ▄█▀  ▀████▀▀▀   ███████████▀
██████████▀ ▄█▀    ██▀▀██   ▄████████████
███████▀ ▄███▄           ▄█████████████
█████▄▄█████████▄▄▄▄▄████████████████
▀█████████████████████████████████▀
▀█████████████████████████████▀
▀▀███████████████████████▀▀
▀▀███████████████▀▀
▀▀▀▀▀▀▀▀▀
.






  

             ▄████▄▄   ▄
█▄          ██████████▀▄
███        ███████████▀
▐████▄     ██████████▌
▄▄██████▄▄▄▄█████████▌
▀████████████████████
  ▀█████████████████
  ▄▄███████████████
   ▀█████████████▀
    ▄▄█████████▀
▀▀██████████▀
    ▀▀▀▀▀
  

                   ▄▄████
              ▄▄████████▌
         ▄▄█████████▀███
    ▄▄██████████▀▀ ▄███▌
▄████████████▀▀  ▄█████
▀▀▀███████▀   ▄███████▌
      ██    ▄█████████
       █  ▄██████████▌
       █  ███████████
       █ ██▀ ▀██████▌
       ██▀     ▀████
                 ▀█▌
  

             █▀▀▀▄▄▄██▄
             █     ▀██▀
            █
         ▄▄▄█▄▄▄
 ████▄▄███████████▄▄████
▐██████▀▀███████▀▀██████▌
 ▀████    █████    ████▀
  ████▄  ▄█████▄  ▄████
  ▀███████████████████▀
   ▀████▄▀█████▀▄████▀
     ▀▀███▄▄▄▄▄███▀▀
         ▀▀▀▀▀▀▀


          ▄████████
          █████████
          █████
          █████
      █████████████
      █████████████
          █████
          █████
          █████
          █████
          █████


█▄▄              █▄▄
█████▄▄         ██████▄▄
████████       ████████ █
████████ ██   ████████ ██
████████ ███ ████████ ███
████████ ████ ██████ ████
████████ █████ ████ █████
████████ ▀█████ ██ ██████
████████    ▀▀██  ███████
▀███████         ▀███████
   ▀▀███            ▀▀███
       ▀                ▀
Liquid71
Hero Member
*****
Offline Offline

Activity: 835
Merit: 1000


There is NO Freedom without Privacy


View Profile
May 28, 2014, 10:37:12 PM
 #19

Interesting just because i know no one outside of hard core Crypto is going to understand any of that - can i just state it in plain language and you tell me if i far or close to the mark?


PoS  means Proof of ownershipPiece of shit like owning a piece of shit.

When you hold units of crpyto they age like bonds and mature giving back an "interest" stake -  

DE_logics is basically saying  or theorizing that under certain conditions  if you had:


10 Bonds (ten pieces of interest bearing paper) each worth 1 unit + 1 unit of interest.

you would earn more net interest verses:

One single 10 unit Bond + its interest.

* even if the interest is meant to be equal - i.e the 10 bonds should equal the exact same net return as the single Bond because they are the same units net worth and the interest rate is "fixed" by whole the system.

and in this way, this could be a flaw in PoS  because someone could split up their bonds (something you can do with crypto)  and generate enough interest to control the whole game.



how did i do ?

if its on or close to the mark i will post it back on the other thread as it is relevant -
fixed

hicaribou
Hero Member
*****
Offline Offline

Activity: 815
Merit: 502


View Profile
May 28, 2014, 10:55:31 PM
Last edit: May 28, 2014, 11:20:39 PM by hicaribou
 #20

For 0.01 TX fee, the attack will be made just 1% more expensive.

So it doesn't matter.

It does matter. The 0.01 PPC tx fee will dramatically limit your attack power. You have to pay 0.01PPC tx fee for each smaller unit of PPC when you divide each PPC into smaller unit of PPC, so you can't divide one PPC into unlimited smaller unit of PPC.
Pages: [1] 2 3 »  All
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!