[...]
The attacker can start forking the chain from the current block minus 2 (forking from the 3rd latest block). By the time 3 other blocks are generated (and the attacker's transaction is confirmed), the probability of the attaker's chain overtaking the genuine chain increases. Once the forked chain is long enough, other miners will now mine on the attacker's forked chain.
[...]
I don't know how that's handled at other implementations, but at Peercoin the difficulty of the PoW and the PoS process are automatically adjusted to let the network create 1 block each 10 minutes - allow me to ignore the PoW blocks in this scenario.
For security the PoS process is relevant, because the trust of PoW blocks is one (which is negligible compared to the PoS block trust of billions at the current difficulty).
The "attacking chain" lets the network adjust the difficulty in "his/her fork" by having less success in minting (due to less coin age in use than the "regular" chain; the scenario is based on an attack with only 1% of coins).
The difficulty gets adjusted and the outcome is 1 block each 10 minutes with less trust than in the "regular" chain (because the trust depends on the difficulty).
The decision which chain to choose in case of forking is based on the chain trust and not by the length of the chain.
Result: that forked chain will not be chosen by standard clients.
And this is only a technical evaluation. Evaluating that attack economically is another thing that might question the "success" of such an attack - assuming it is done for economical reasons. It can for sure be considered that some entity simply wants to "kill" a coin.
But let me try the economical evaluation. Say you have 1% of all Peercoins (random example of PoS secured coin
).
You manage to successfully double spend. How many of those Peercoins have you double spent? Half of it?
Say you could successfully double spend half of your 1% Peercoins. Some (only a few) have been used for the attack.
You need to sell 0.5% of all ever created Peercoins in a short period of time (before the attack gets recognized and some kind of panic sell might occur). 0.5% of all Peercoins is a little more than 100,000 PPC. If you have a look at the market depth at even popular markets like btc-e, you see that it'll be a problem to sell those PPC in a short time without a big loss.
You might have double spent a lot of PPC, but you have lost most of the value of the 0.5% you try to sell.
The math would be better if you could double spend more than just the half of the coins. But in that case the attack becomes significantly less likely (and I still doubt you can exactly and deliberately pull off that double spend with only a small share of coins at a chosen point of time - the double spending requires the control over the point of time, though...).
In the end it is neither technically nor economically inviting to try such an attack.
You need to spend coins.
You need to successfully make a fork of the block chain the chosen one at exactly that point of time (like explained above not only not likely but rather impossible (remember the chain trust!) under the given circumstances).
You need to spend the coins again.
You need to sell the remaining coins in a short period of time.
One thing that could be considered: depending on the value of the transaction one might want to wait more than only 6 confirmations before the transaction is considered successful.
You're talking about the difficulty retarget algo.
If a crypto has fast difficulty re-targets, it's difficulty to do a 51% attack, cause in the forked chain the difficulty will increase rapidly and will soon reach the target block times, the block time of the main chain will be the same, making a 51% attack impossible.
If the main chain's difficulty was high cause of the attacker's majority hashing power, it'll drop to sustain a block interval equal to the attacker's fork chain.
So difficulty adjustment every block may not be good enough.
Unfortunately PPcoin's difficulty retarget algo has not be susceptible to multipools and sudden spikes in difficulty, as a result it's not as refined as compared to PoW coins where we have a lot of innovation going on like DGW, KGW, digishield etc... etc... etc... so the possibility of an attack is always lurking cause the difficulty retarget is not swift enough.
As a good e.g. you can see Entropycoin who's pastblockmass in KGW is 2 -- which makes it 51% resistant.
Also '1%' is just in the subject to explain in short "a small amount". The attacker can wait till 90 days before an attack to get maximum coin age.
One can buy a lot of coins to kill PPcoin clones like Mintcoin, blackcoin etc... but PPC is too expensive to just do a mindless attack. There has to be benefits.
But let me try the economical evaluation. Say you have 1% of all Peercoins (random example of PoS secured coin Wink ).
You manage to successfully double spend. How many of those Peercoins have you double spent? Half of it?
Say you could successfully double spend half of your 1% Peercoins. Some (only a few) have been used for the attack.
You need to sell 0.5% of all ever created Peercoins in a short period of time (before the attack gets recognized and some kind of panic sell might occur). 0.5% of all Peercoins is a little more than 100,000 PPC. If you have a look at the market depth at even popular markets like btc-e, you see that it'll be a problem to sell those PPC in a short time without a big loss.
You might have double spent a lot of PPC, but you have lost most of the value of the 0.5% you try to sell.
The math would be better if you could double spend more than just the half of the coins. But in that case the attack becomes significantly less likely (and I still doubt you can exactly and deliberately pull off that double spend with only a small share of coins at a chosen point of time - the double spending requires the control over the point of time, though...).
Selling coins in an exchange is based on buy orders. Why do you think it'll take time? Sending coins across multiple exchanges hardly takes any time (except confirmations). Also an exchange may not always be used to sell. It can be done in private, all in an exact timing.
If he sold the first genuine batch of PPC at 100% price, he'll atleast get 60% on the second sell. The attack may be timed -- when big buy orders are in place to increase profit.
The attacker may buy PPC at low prices again based on timing (5 or 6 months ago for e.g.), and sell when the prices are high to further increase profit above 200%.
Again 1% is just an e.g. 100,000 PPC is quite a lot for the record (390 BTC).
One thing that could be considered: depending on the value of the transaction one might want to wait more than only 6 confirmations before the transaction is considered successful.
PPC takes an hour to confirm a transaction; that's too much time. No one has that much patience, especially exchanges which require swift action in volatile markets.
So confirmation times maybe taken as a block, but never more than an hour. As of large transactions, I've never seen an exchange which increases the no. of confirmations based on the amount received.
For a forked chain, it'll need a high hashing power for a longer amount of time to overcome the main chain, on top of that, the difficulty re-target algorithm will increase the difficulty making it yet more difficult to overcome the main chain.
Since the amount of confirmation blocks depends on the receiver, this factor does not have any affect on the ratings.
