It's about time to turn off PoW mining

[achimsmile]

POS is based on the premise that majority of all people will not lend or borrow money to the same guy. This is its fundamental flaw.

Only 10% is needed.
With crypto currency how would you know you are lending to a million people or 1 person?

Bitcoin is based on the premise that that majority of all miners will not lend their mining power to the same mining pool.
Which flaw is more fundamental?

It is effortless to switch pools and history has proven that pools will fall out of favor quickly if an attack seems eminent or occurs. The power is still in control of the people with the actual hardware and burning the electricity ultimately. With PoW the power isn't even held as a monopoly with the ASIC manufacturers as another company could out compete the existing companies with better efficiency or innovative products at any moment.

Only 10% is needed? Please describe the attack.
The guy attacked a dead coin where only 10% of the stake was active...

With mining pools, how would you know that you lend your forging power to 1 person or 10?

It is effortless to switch pools and history has proven that pools will fall out of favor quickly if an attack seems eminent or occurs.

This kind of security is not enough for me, sorry.

edit: sorry, quoting is hard on a smartphone

[achimsmile]

How would you know that these attacks haven't already been committed multiple times?

How would you know they were?
Have we come so far that "guilty until proven innocent"?

[inBitweTrust]

Only 10% is needed? Please describe the attack.
The guy attacked a dead coin where only 10% of the stake was active...

It was already described by ArticMine. He isn't discussing a 51% attack on the PoS coin if you are conflating the attacks.

With mining pools, how would you know that you lend your forging power to 1 person or 10?
This kind of security is not enough for me, sorry.

Agreed, when people are so focused on a limited scope of attacks they don't see all the other attacks that are possible from bugs in the code, to economic attacks , to social attacks and how each of these currencies have their own unique set of problems.

I.E... The fact that Bitshares had such a small ecosystem and developer pool one developer was able to strong arm the community by presenting a conflict of interest to attack the currency and remove one of the incentives many of the community bragged about (no inflation) to create a massive inflationary attack which has weakened their currency tremendously even compared to BTC.

This is why I am suggesting Bitcoin should be strengthened and not merely replace one set of weaknesses for another.

How would you know they were?
Have we come so far that "guilty until proven innocent"?

Of course. We should all study, prepare for and protect against hypothetical attacks before they happen.

[achimsmile]

Only 10% is needed? Please describe the attack.
The guy attacked a dead coin where only 10% of the stake was active...

It was already described by ArticMine. He isn't discussing a 51% attack on the PoS coin if you are conflating the attacks.

With mining pools, how would you know that you lend your forging power to 1 person or 10?
This kind of security is not enough for me, sorry.

Agreed, when people are so focused on a limited scope of attacks they don't see all the other attacks that are possible from bugs in the code, to economic attacks , to social attacks and how each of these currencies have their own unique set of problems.

I.E... The fact that Bitshares had such a small ecosystem and developer pool one developer was able to strong arm the community by presenting a conflict of interest to attack the currency and remove one of the incentives many of the community bragged about (no inflation) to create a massive inflationary attack which has weakened their currency tremendously even compared to BTC which has its own set of problems.

This is why I am suggesting Bitcoin should be strengthened and not merely replace one set of weaknesses for another.

How would you know they were?
Have we come so far that "guilty until proven innocent"?

Of course. We should all study, prepare for and protect against hypothetical attacks before they happen.

Agree on everything.
Except the attack ArcticMine described.

Indeed, lending out your own money is never a good idea, be it PoW or PoS.
I still don't see what the attacker would do with 10% of the marketcap of a good PoS system besides running away with the money...

[ArticMine]

Only 10% is needed? Please describe the attack.
The guy attacked a dead coin where only 10% of the stake was active...

It was already described by ArticMine. He isn't discussing a 51% attack on the PoS coin if you are conflating the attacks.

With mining pools, how would you know that you lend your forging power to 1 person or 10?
This kind of security is not enough for me, sorry.

Agreed, when people are so focused on a limited scope of attacks they don't see all the other attacks that are possible from bugs in the code, to economic attacks , to social attacks and how each of these currencies have their own unique set of problems.

I.E... The fact that Bitshares had such a small ecosystem and developer pool one developer was able to strong arm the community by presenting a conflict of interest to attack the currency and remove one of the incentives many of the community bragged about (no inflation) to create a massive inflationary attack which has weakened their currency tremendously even compared to BTC which has its own set of problems.

This is why I am suggesting Bitcoin should be strengthened and not merely replace one set of weaknesses for another.

How would you know they were?
Have we come so far that "guilty until proven innocent"?

Of course. We should all study, prepare for and protect against hypothetical attacks before they happen.

Agree on everything.
Except the attack ArcticMine described.

Indeed, lending out your own money is never a good idea, be it PoW or PoS.
I still don't see what the attacker would do with 10% of the marketcap of a good PoS system besides running away with the money...

5% to sell short and induce a "bear raid" https://en.wikipedia.org/wiki/Bear_raid 5% to wreck havoc  on the network by voting the stake against the interests of the coin. To use the 1 billion USD example. The attacker borrows 2 billion USD. The attacker has 2 billion USD and a 2 billion USD debt. The attacker sells 1 billion USD for 870 million EUR.The attacker now has 870 million EUR, 1 billion USD and 2 billion USD in debt. The attacker now uses the 1 billion USD to cause the value of the USD to go to zero. The attacker is now left with 870 million EUR, 0 USD (the 1 billion USD was spent in order to crash the price) and a debt of 2 billion USD now worth 0 for a net profit of 870 million EUR.

[drkman]

Only 10% is needed? Please describe the attack.
The guy attacked a dead coin where only 10% of the stake was active...

It was already described by ArticMine. He isn't discussing a 51% attack on the PoS coin if you are conflating the attacks.

With mining pools, how would you know that you lend your forging power to 1 person or 10?
This kind of security is not enough for me, sorry.

Agreed, when people are so focused on a limited scope of attacks they don't see all the other attacks that are possible from bugs in the code, to economic attacks , to social attacks and how each of these currencies have their own unique set of problems.

I.E... The fact that Bitshares had such a small ecosystem and developer pool one developer was able to strong arm the community by presenting a conflict of interest to attack the currency and remove one of the incentives many of the community bragged about (no inflation) to create a massive inflationary attack which has weakened their currency tremendously even compared to BTC which has its own set of problems.

This is why I am suggesting Bitcoin should be strengthened and not merely replace one set of weaknesses for another.

How would you know they were?
Have we come so far that "guilty until proven innocent"?

Of course. We should all study, prepare for and protect against hypothetical attacks before they happen.

Agree on everything.
Except the attack ArcticMine described.

Indeed, lending out your own money is never a good idea, be it PoW or PoS.
I still don't see what the attacker would do with 10% of the marketcap of a good PoS system besides running away with the money...

5% to sell short and induce a "bear raid" https://en.wikipedia.org/wiki/Bear_raid 5% to wreck havoc  on the network by voting the stake against the interests of the coin. To use the 1 billion USD example. The attacker borrows 2 billion USD. The attacker has 2 billion USD and a 2 billion USD debt. The attacker sells 1 billion USD for 870 million EUR.The attacker now has 870 million EUR, 1 billion USD and 2 billion USD in debt. The attacker now uses the 1 billion USD to cause the value of the USD to go to zero. The attacker is now left with 870 million EUR, 0 USD (the 1 billion USD was spent in order to crash the price) and a debt of 2 billion USD now worth 0 for a net profit of 870 million EUR.

...and if the attacker is unsuccessful crashing the price with his 1 billion due to to others buying the dollar then he is BK'd.  What you are describing can be applied to any asset or stock including BTC. 

[inBitweTrust]

5% to sell short and induce a "bear raid" https://en.wikipedia.org/wiki/Bear_raid 5% to wreck havoc  on the network by voting the stake against the interests of the coin. To use the 1 billion USD example. The attacker borrows 2 billion USD. The attacker has 2 billion USD and a 2 billion USD debt. The attacker sells 1 billion USD for 870 million EUR.The attacker now has 870 million EUR, 1 billion USD and 2 billion USD in debt. The attacker now uses the 1 billion USD to cause the value of the USD to go to zero. The attacker is now left with 870 million EUR, 0 USD (the 1 billion USD was spent in order to crash the price) and a debt of 2 billion USD now worth 0 for a net profit of 870 million EUR.

To clarify, you are suggesting the bear raid attack (which PoW coins are equally susceptible towards) is used to leverage a N@S attack on a PoS coin?

I.E... Someone with 1% PoS stake borrows 9% stake with many different profiles as not to arouse suspicion. They than proceed to sell 5% stake for BTC (most likely over time as not to bring suspicion and to get the most BTC), they than perform a bear raid attack with the remaining 5% and marketing FUD on the exchanges with low liquidity causing the currency to crash to almost 0 , repaying the debts on the 9% borrowed from the BTC which are now insignificant and than buying back the PoS for very cheap(from many accounts/profiles to not arouse suspicion) increasing ones stake from 10% to 30% or higher , and this manipulation can occur several times till the attacker can perform a N@S attack at will.

In reality with Nxt this attack could easily be performed by one of the original whales even more easily than above. Between 4-15 Nxt users control over 51% of the coins thus any individual whale has between a 13% to 4% stake right from the get go.

With PoW this attack is not possible because hashing power/Electricity is needed to launch an attack instead of existing stake. With PoS the attacker could actually profit off of destroying the currency. With PoW attackers need to subtract the profits generated from the bear raid from the expenses from a 51% Attack and thus the attacker is incentivized to only play market manipulation games for profit rather than attacking the currency itself.

[ArticMine]

...
...and if the attacker is unsuccessful crashing the price with his 1 billion due to to others buying the dollar then he is BK'd.  What you are describing can be applied to any asset or stock including BTC.  

Yes this would be a classic bear raid. Pirateat40 tried that with Bitcoin and failed. The crucial difference with POS is that in addition the attacker has the option of voting the borrowed stake against the interests of the coin in order to induce panic and further cause a price drop. It literally turns POS on its head since you have a major "stakeholder" with a vested interest in the coin's collapse.  

What I am suggesting is the combination of a bear raid attack using leverage with a 51% type attack on the POS network using the borrowed stake. In this scenario both attacks will feed on each other creating a positive feedback for the attack. The key is that the attacker has the actual POS coins but also has a much larger short position. The bear raid side is what pirateat40 tried with Bitcoin and failed.


Edit:

5% to sell short and induce a "bear raid" https://en.wikipedia.org/wiki/Bear_raid 5% to wreck havoc  on the network by voting the stake against the interests of the coin. To use the 1 billion USD example. The attacker borrows 2 billion USD. The attacker has 2 billion USD and a 2 billion USD debt. The attacker sells 1 billion USD for 870 million EUR.The attacker now has 870 million EUR, 1 billion USD and 2 billion USD in debt. The attacker now uses the 1 billion USD to cause the value of the USD to go to zero. The attacker is now left with 870 million EUR, 0 USD (the 1 billion USD was spent in order to crash the price) and a debt of 2 billion USD now worth 0 for a net profit of 870 million EUR.

To clarify, you are suggesting the bear raid attack (which PoW coins are equally susceptible towards) is used to leverage a N@S attack on a PoS coin?

I.E... Someone with 1% PoS stake borrows 9% stake with many different profiles as not to arouse suspicion. They than proceed to sell 5% stake for BTC (most likely over time as not to bring suspicion and to get the most BTC), they than perform a bear raid attack with the remaining 5% and marketing FUD on the exchanges with low liquidity causing the currency to crash to almost 0 , repaying the debts on the 9% borrowed from the BTC which are now insignificant and than buying back the PoS for very cheap(from many accounts/profiles to not arouse suspicion) increasing ones stake from 10% to 30% or higher , and this manipulation can occur several times till the attacker can perform a N@S attack at will.

In reality with Nxt this attack could easily be performed by one of the original whales even more easily than above. Between 4-15 Nxt users control over 51% of the coins thus any individual whale has between a 13% to 4% stake right from the get go.

With PoW this attack is not possible because hashing power/Electricity is needed to launch an attack instead of existing stake. With PoS the attacker could actually profit off of destroying the currency. With PoW attackers need to subtract the profits generated from the bear raid from the expenses from a 51% Attack and thus the attacker is incentivized to only play market manipulation games for profit rather than attacking the currency itself.

Yes this is the kind of attack I am suggesting. Create a positive feedback between the N@S attack and the bear raid.

[achimsmile]

ah now we're talking. so it's a n@s attack with borrowed stake after all.

Have you guys read kushtis paper that debunks n@s providing actual math?

here's the tl:dr
not possible at the moment. As always: I'm interested to be proven wrong.

[inBitweTrust]

ah now we're talking. so it's a n@s attack with borrowed stake after all.

The attack can come from both borrowed stake or existing stake. In the case of NxT there are a few early stakeholders who could start the attack immediately without borrowing anything.

Have you guys read kushtis paper that debunks n@s providing actual math?

here's the tl:dr
not possible at the moment. As always: I'm interested to be proven wrong.

kushtis himself disagrees with you:

- we have formally defined nothing-at-stake attack(again, using Buterin's informal definition) and made initial simulations. We haven't included their results in paper as they are seems to be too raw, but I can reveal them here: N@S attack could happens only in short-range, e.g. for within 20 blocks for 10% stake, so with 30 confirmations we haven't observed the successful attack. Also please note the attack has pretty unpredictable nature for attacker, so he can hardly enforce it, even in theory(in practice it's even harder to get it done properly). The correlation with stake size is still the open question, but it's nearly impossible to attack a proof-of-stake currency with "1% stake even" as stated by Buterin

Additionally, please don't generalize all PoS coins as kushtis paper only applies to certain forms of PoS.

Here is the paper I think you were trying to link to:

https://github.com/ConsensusResearch/articles-papers/blob/master/multistrategy/multistrategy.pdf

[achimsmile]

3. Nothing-at-stake attack - not possible at the moment! Will be possible when a lot of forgers will use multiple-branch forging  to increase profits. Then attacker can contribute to all the chains(some of them e.g. containing a transaction) then start to contribute to one chain only behind the best(containing no transaction) making it winner.  Previous statements on N@S attack made with assumption it costs nothing to contribute to an each fork possible and that makes N@S attack a disaster. In fact, it's not possible at all to contribute to each fork possible, as number of forks growing exponentially with time. So the only strategy for a multibranch forger is to contribute to N best forks. In such scenario attack is possible only within short-range e.g. with 25 confirmations needed 10% attacker can't make an attack. And attack is pretty random in nature, it's impossible to predict whether 2 forks will be within N best forks(from exponentially growing set) for k confirmations. So from our point of view the importance of the attack is pretty overblown.

A newer statement of him.

I should have said which PoS implementation I'm talking about, you got me and I apologize.
Although I suspect kushtis statement above could be true for varios PoS systems

[inBitweTrust]

3. Nothing-at-stake attack - not possible at the moment! Will be possible when a lot of forgers will use multiple-branch forging  to increase profits. Then attacker can contribute to all the chains(some of them e.g. containing a transaction) then start to contribute to one chain only behind the best(containing no transaction) making it winner.  Previous statements on N@S attack made with assumption it costs nothing to contribute to an each fork possible and that makes N@S attack a disaster. In fact, it's not possible at all to contribute to each fork possible, as number of forks growing exponentially with time. So the only strategy for a multibranch forger is to contribute to N best forks. In such scenario attack is possible only within short-range e.g. with 25 confirmations needed 10% attacker can't make an attack. And attack is pretty random in nature, it's impossible to predict whether 2 forks will be within N best forks(from exponentially growing set) for k confirmations. So from our point of view the importance of the attack is pretty overblown.

Can you see how he contradicts himself within the same paragraph?

Additionally, profits made from market manipulation and shorting would exceed the cost for attacking therefore the net result is no net costs needed to perform this attack.

With PoW such a 51% attack would be difficult and dangerous to accomplish and is likely to fail with large losses in profits for any attempt. For PoS such an attack would be much more likely.

[achimsmile]

well he says it's not possible with 10% and 25 confirmations.

Keep in mind that Nxt transactions need just as much time as bitcoin transactions to be "securely confirmed". The 6 blocks in bitcoin are about 30 blocks in Nxt.

[achimsmile]

Additionally, profits made from market manipulation and shorting would exceed the cost for attacking therefore the net result is no net costs needed to perform this attack.

how do you know? Are you arguing that stakeholders would lend 10% of the marketcap to the attacker?

[inBitweTrust]

Why haven't N@S attacks been more common?

- Large stakeholders are unlikely to attack their own coin especially at this stage in the game when their is still hope that their investment may pay off with growing market share. This may change in the future with disagreements , infighting , and discouraged individuals wanting to profit from a dying coin.

- The relatively obscure nature of these currencies means that most larger exchanges and markets that offer shorting don't allow these options with obscure alts as of yet, when these coins mature than we will see shorting becoming more prevalent.

- Most of the focus and money right now is on bitcoin thus the scammers will focus their efforts on that coin for now...

- Scammers will tend to gravitate towards easier ways of stealing funds, rather than more difficult ones. Right now creating an alt ICO , stealing funds from centralized exchanges and processors, and cloud mining ponzi's are quicker and easier way of stealing funds than a N@S attack.

[inBitweTrust]

Additionally, profits made from market manipulation and shorting would exceed the cost for attacking therefore the net result is no net costs needed to perform this attack.

how do you know? Are you arguing that stakeholders would lend 10% of the marketcap to the attacker?

It has already been stated multiple times. With NxT there are scenarios where an existing purse holder can attack
without borrowing anything. Additionally, there have already been incidents where exchanges/banks have held over 10% of market cap of alts. This isn't hypothetical, it already is quite common. Additionally, I have stated that there is no way for you to know whether you are lending to one person or a million with crypto currencies with any degree of anonymity.

well he says it's not possible with 10% and 25 confirmations.

Keep in mind that Nxt transactions need just as much time as bitcoin transactions to be "securely confirmed". The 6 blocks in bitcoin are about 30 blocks in Nxt.

He is contradicting himself. I would like to read the revised Paper with evidence and proofs.

[achimsmile]

Why haven't N@S attacks been more common?

- Large stakeholders are unlikely to attack their own coin especially at this stage in the game when their is still hope that their investment may pay off with growing market share. This may change in the future with disagreements , infighting , and discouraged individuals wanting to profit from a dying coin.

- The relatively obscure nature of these currencies means that most larger exchanges and markets that offer shorting don't allow these options with obscure alts as of yet, when these coins mature than we will see shorting becoming more prevalent.

- Most of the focus and money right now is on bitcoin thus the scammers will focus their efforts on that coin for now...

- Scammers will tend to gravitate towards easier ways of stealing funds, rather than more difficult ones. Right now creating an alt ICO , stealing funds from centralized exchanges and processors, and cloud mining ponzi's are quicker and easier way of stealing funds than a N@S attack.

all valid points.
Except Nxt (sorry to be specific again) is out in the open since over a year, and has a few million dollars incentive for a succesfull attack.

This doesn't mean an attack is not theoretically possible ofc.

[Flashman]

In general if you hold 1 billion US Dollars, it's not in your best financial interests to cause an action to plummet the price of the US Dollar.  Same for POS coins.  Also, please provide an actual example of a large short staking a POS coin by being short to successfully attack a POS coin.

Actually, if you're an exporter, there's huge profit in the dollar declining, if you're in importer, not so much.

[inBitweTrust]

all valid points.
Except Nxt (sorry to be specific again) is out in the open since over a year, and has a few million dollars incentive for a succesfull attack.

This doesn't mean an attack is not theoretically possible ofc.

Agreed, The longer NxT is out and the larger the market cap the more evidence there is to prove its resiliency to attacks. It is slipping in market cap so may die from obscurity before anyone is interested in attacking it with a N@S attack, but who knows, if it drops further one of the early investors may try and attack the coin in some fashion as an exit strategy.

It has had a slight reversal in the last month compared to BTC, but has suffered heavily over the last year.

[ArticMine]

ah now we're talking. so it's a n@s attack with borrowed stake after all.

Have you guys read kushtis paper that debunks n@s providing actual math?

here's the tl:dr
not possible at the moment. As always: I'm interested to be proven wrong.

It can be n@s but it does not have to.

The critical part is to acquire stake while at the same time maintaining a net short exposure to the coin. This is accomplished by a combination of borrowing the coin and then selling short a part of the borrowed coin. This sold coin becomes the profit to the attacker. The remainder of the borrowed coin is held and staked. At this point the market sees a conventional bear raid and the network sees nothing out of the ordinary. When the attacker has accumulated enough coin for the attack the exit strategy out of the bear raid is unleashed by launching the attack. This causes the coin value to plunge to 0, allowing the bear raid short to be covered at no cost to the attacker.