Cleanup: I'll attack some coins - I owned APEXcoin for 90 blocks

[Daedelus]

hey, there's no sendmany in nxt? If I want to split my nxt in 50 accounts then I have to pay 50 NXT in fees, right? that's a bummer....

I post here because I don't have my nxtforum password with me right now....

Yes, that's right. For each transaction you have to pay the transaction fee of 1 NXT (so multiply by 50, in your case).

[1715541721]

1715541721

[1715541721]

1715541721

[1715541721]

1715541721

[1715541721]

1715541721

[Daedelus]

For anyone wondering, CynicSOB is working on nxtforum.org to try and break the testnet. You can follow here:

https://nxtforum.org/testnet/nxt-security-audit-attack-simulations-on-testnet/

[Crestington]

For anyone wondering, CynicSOB is working on nxtforum.org to try and break the testnet. You can follow here:

https://nxtforum.org/testnet/nxt-security-audit-attack-simulations-on-testnet/

Thanks I'll follow along, interesting stuff.

[Daedelus]

Cool. The main problem I see that I spoke about earlier was how to get around Transparent Forging. Each forger/miner can predict who is due to forge the next block with high probability. You can see the predictions live from the real Nxt mainnet here:

http://188.138.33.10/
(red are accounts that missed their turn, blue are ones competing for Nxt block with a prediction for the time to next block)


If cynicSOB starts broadcasting blocks when it isn't his turn, the network with blacklist him/reject all his blocks. He will have to fool many nodes in the network to tell the remainder of the network that he is next for his blocks to be accepted. And it might only lead to a temporary fork, with the network reorging later on (upt to 720 blocks later) and orphaning all his blocks. Not a trivial problem to crack.

You can read more about the background to Transparent Forging here, if you are interested: https://bitcointalk.org/index.php?topic=364218

[patmast3r]

Cool. The main problem I see that I spoke about earlier was how to get around Transparent Forging. Each forger/miner can predict who is due to forge the next block with high probability. You can see the predictions live from the real Nxt mainnet here:

http://188.138.33.10/
(red are accounts that missed their turn, blue are ones competing for Nxt block with a prediction for the time to next block)


If cynicSOB starts broadcasting blocks when it isn't his turn, the network with blacklist him/reject all his blocks. He will have to fool many nodes in the network to tell the remainder of the network that he is next for his blocks to be accepted. And it might only lead to a temporary fork, with the network reorging later on (upt to 720 blocks later) and orphaning all his blocks. Not a trivial problem to crack.

You can read more about the background to Transparent Forging here, if you are interested: https://bitcointalk.org/index.php?topic=364218

Is TF already running and working on the testnet ?

[Daedelus]

The "ability to predict the next forger to a high prbability" part of Transparent Forging is already running on the mainnet.

Check the forging accounts of the next few blocks against the predictions here...

http://188.138.33.10

...to prove it.


The first stages of Transparent Forging were added to NRS v.0.4.8, if you check the change logs. That was block 30000 (1st Jan 2014). (It was planned for 32000 but there was a hiccup   ). The roll out of TF on the mainnet as been happening for over a year.

See: https://bitcointalk.org/index.php?topic=345619.msg4235982#msg4235982 for Jean-Luc's announcement.


There won't be a point where you can say "that is when TF began", the algos are tweaked to turn bits on and additions made over time.

[LiQio]

Is TF already running and working on the testnet ?

I think the better question is, what's the percentage of TF already implemented in the current version of NRS 1.4.10

@Daedelus, do you have a number?

[Daedelus]

More than 50%.


Only because CfB said that 50% was implemented about 6-9 months ago  


Edit: Tried to find the link but couldn't  

[LiQio]

More than 50%.


Only because CfB said that 50% was implemented about 6-9 months ago 

Thanks mate, ... although, thinking about it,... seems a bit rough your number 

[LiQio]

Looking at the constants we can see that 8 steps have been made so far:

Code:

public static final int TRANSPARENT_FORGING_BLOCK_2 = 47000;
public static final int TRANSPARENT_FORGING_BLOCK_3 = 51000;
public static final int TRANSPARENT_FORGING_BLOCK_4 = 64000;
public static final int TRANSPARENT_FORGING_BLOCK_5 = 67000;
public static final int TRANSPARENT_FORGING_BLOCK_6 = isTestnet ? 75000 : 130000;
public static final int TRANSPARENT_FORGING_BLOCK_7 = Integer.MAX_VALUE;
public static final int TRANSPARENT_FORGING_BLOCK_8 = isTestnet ? 78000 : 215000;

[cynicSOB]

transparent forging isn't a magic silver bullet. I think it doesn't solve much.

My understanding is that only the predicting part is implemented, but they don't do anything with that prediction... quoting this: https://bitcointalk.org/index.php?topic=364218

...but this can be counteracted by some mechanisms of advanced consensus (still not revealed)

I read "not revealed" as " not implemented". And even if implemented, I'm attacking with 2% of the stake: I don't need to skip blocks. The analysis on that post doesn't apply to my attack.

[Daedelus]

Hmm, still can't see how you can jump the forging queue if it calculated and known to all other forgers independently. They will all see you pushing in the queue when it isn't your turn  If you think you can, I'm interested to see what happens then  


(The 'not revealed' has now been revealed but you're right that it isn't implemented yet)

[Argon18]

Nxt Forum
_______________________________________________________________________________ ________
Quote from: cynicSOB on February 10, 2015, 08:51:02 pm

    updates:

    - I found no advantage in splitting the stake in various accounts.
    - NXT's POS using block generator signatures is robust, probably even better than PPC's stake modifiers. You should probably thank Cunicula for that: his discussions with cfb led to that design.
    - It's still POS, so 20% of the staking weight, which is at best 10% of the total supply, is enough to double spend once every 30hs. Here, double-spend is calculated for 10 confirmations. For 4 confirmations (like some exchanges use) half of that much is more than enough
    - I found a hole that allows me to (aprox) double my staking weight: I can make 1M NXT forge as often as 2M should. This would allow a 51% attack with 25% stake. This is still theory, I need to modify the client to generate the attack.

    So, I can't attack testnet with only 200K.. that thing was an underestimation... but I could with 2M. And I found a serious security problem, so please organize a bounty and set the goals to claim it. Come on, let's gather some 200K real NXT (not just testnet) I'm sure once the devs understand this they'll agree and fix it.
    Since I don't need to split the NXT in several accounts, if I wanted to try to double spend with 10% of the supply I could do it with leasing.
    Leasing is a good idea: I think it's the reason why the total network staking weight is high for NXT compared to others.
_______________________________________________________________________________ ____

Quote from: jones
I'm skeptical, as always

I'm not sure how 20% staking weight can double-spend a transaction every thirty hours if the person waits the normal 10 confs. A finney attack would be regular, the evil forger wouldn't include the block when it forged, and the person that accepted after one confirm would be double spent on, when we wait more than one confirm, the security increases with all the different forgers that pile blocks on top, with 10 confirms, the chance of a person with 20% staking power forging 10 consecutive blocks would be (0.2)^10 would take over a million blocks to happen. (0.2)^4 is much less, but since the largest staker has about 10% right now (0.1)^4 is small enough to only happen twice so far in nxt's existence.

Doubling the staking power is interesting, I'll do some more thinking and try to figure this out for myself, my bounty is 0 though

_______________________________________________________________________________ __


@cynicSOB

It looks like NXT devs are trying to welch on any bounty, bad form on their part.
You could just post their vulnerability for them acting that way.

[Come-from-Beyond]

@cynicSOB

It looks like NXT devs are trying to welch on any bounty, bad form on their part.
You could just post their vulnerability for them acting that way.

Or reach some whales and secretly hand over them the code for the attack...

[achimsmile]

@cynicSOB

It looks like NXT devs are trying to welch on any bounty, bad form on their part.
You could just post their vulnerability for them acting that way.

Many people on the nxtforum are in favor of a bounty. But you have to understand that some are sceptic and want to see evidence first.

cynicSOB said himself that his attack is only theoretic so far, and he has yet to modify the client and try. I'm 100% sure that he will get a bounty once he provides evidence.

Nxters have been quite fair with bounties so far.

Doctorevil recieved a bounty for doing a security audit.
Minusbalancer recieved a bounty for finding a bug.
There were 3 bounties paid for finding (purposely set) flaws

etc.

edit: He was already wrong once:

I'm attacking with 2% of the stake: I don't need to skip blocks. The analysis on that post doesn't apply to my attack.

his 2% stake requirement has now gone up to 10% stake

[Argon18]

@cynicSOB

It looks like NXT devs are trying to welch on any bounty, bad form on their part.
You could just post their vulnerability for them acting that way.

Many people on the nxtforum are in favor of a bounty. But you have to understand that some are sceptic and want to see evidence first.

cynicSOB said himself that his attack is only theoretic so far, and he has yet to modify the client and try. I'm 100% sure that he will get a bounty once he provides evidence.

If NXT really wanted to see evidence , they would have used the regular network and not testnet.
He found something and now they want all of the info without paying him.

Welching is Welching , no matter what kind of spin you put on it.
At least we know NXT is untrustworthy now plus a major security flaw in its code.

[Come-from-Beyond]

At least we know NXT is untrustworthy now plus a major security flaw in its code.

I know how to attack Bitcoin with a 30 GH/s mining rig but noone paid me bounty in advance.
Well, at least we know BTC is untrustworthy now plus a major security flaw in its code...

[Argon18]

At least we know NXT is untrustworthy now plus a major security flaw in its code.

I know how to attack Bitcoin with a 30 GH/s mining rig but noone paid me bounty in advance.
Well, at least we know BTC is untrustworthy now plus a major security flaw in its code...

If they had invited you to a forum and you spent a few days testing your theory which would benefit them by helping secure their network , they would owe you something for your efforts.
And I would call them welchers too.

[achimsmile]

If they had invited you to a forum and you spent a few days testing your theory which would benefit them by helping secure their network , they would owe you something for your efforts.
And I would call them welchers too.

With the evidence we have so far, CfB's 30GH/s attack on bitcoin is just as possible as cynicSOB's is on Nxt.

Do you see the problem?

I like what cynicSOB is doing and hope he finds something, and I'm glad to donate some Nxt if he found a flaw,
but you shouldn't trust just words from strangers on the internet.

[Come-from-Beyond]

And I would call them welchers too.

You seem to be from the future where time machine is an ordinary device and bets are paid before the evidence is provided. In our time we used to go the other way around.