>> (p.1)
    Author Topic: Security analysis of PoW/PoS hybrids with low PoW reward  (Read 13313 times)

    • rat4 (OP)
    Full Member
    ***
    Offline Offline

    Activity: 332
    Merit: 198


    Two-way squared


    View Profile WWW
    March 31, 2014, 07:07:20 PM
    Last edit: April 02, 2014, 05:23:41 AM by rat4
     #1
    Security analysis of PoW/PoS hybrids with low PoW reward

    Low PoW reward doesn't attract miners. This leads to ridiculously low PoW difficulty.

    A pair of examples:
    Mintcoin scrypt diff 0.1 (vs Litecoin 5677)
    SHACoin sha256 diff 1427 (vs Bitcoin 5006860589)

    At such difficulty PoW blocks can be mined with speed of light.

    Attack I

    It is possible to build sequential chain of PoW blocks to confirm a transaction. Only 4 blocks for Mintcoin and 10 for SHACoin.

    Is it hard to orphan the chain of PoW blocks?
    One PoS block is enough. In both Mintcoin and SHACoin one PoS block may orphan a few millions of PoW blocks.
    If at the same time the main chain will get a competing stake, attacker's chain can be enlarged with PoW.
    This dramatically increases chance to success in comparison to pure PoW attack.

    Ability to confirm a transaction and then orphan confirmations is ability to double spend.

    Summary: double spend attack requires 1 PoS block and low hashing power.

    Visualization: https://i.imgur.com/Pyrw75q.png

    Attack II

    Current implementation of stake miner gives up if median time of last blocks is in future.
    This temporarily makes the whole network PoW-only and opens well known 51% PoW attack.

    Attacker needs only 6 of 11 last blocks.

    Successfully tested on Mintcoin: no PoS blocks from 203231 up to 203441, more than 1 hour of real time.
    Blacknet: PoS, zApp, ZeFi

  • sixteendigits
    Sr. Member
    ****
    Offline Offline

    Activity: 462
    Merit: 250


    View Profile
    March 31, 2014, 07:30:47 PM
     #2
    Where is Sunny King?  I will take this as nothing more than FUD until the godfather weighs in.

  • futile-resistance
    Hero Member
    *****
    Offline Offline

    Activity: 840
    Merit: 516



    View Profile
    March 31, 2014, 07:44:18 PM
     #3
    Quote from: rat4 on March 31, 2014, 07:07:20 PM
    Security analysis of PoW/PoS hybrids with low PoW reward

    Low PoW reward doesn't attract miners. This leads to ridiculously low PoW difficulty.

    A pair of examples:
    Mintcoin scrypt diff 0.1 (vs Litecoin 5677)
    SHACoin sha256 diff 1427 (vs Bitcoin 5006860589)

    At such difficulty a sequential chain of PoW blocks can be mined in a flash.
    Even long enough to confirm a transaction. Only 4 blocks for Mintcoin and 10 for SHACoin.

    Is it hard to orphan the chain of PoW blocks?
    One PoS block is enough. In both Mintcoin and SHACoin one PoS block may orphan a few millions of PoW blocks.
    If at the same time the main chain will get a competing stake, attacker's chain can be enlarged with PoW.
    This dramatically increases chance to success in comparison to pure PoW attack.

    Ability to confirm a transaction and then orphan confirmations is ability to double spend.

    Summary: double spend attack requires 1 PoS block and low hashing power.

    Visualization: https://i.imgur.com/Pyrw75q.png

    Can anyone test or confirm?

  • emelac
    Full Member
    ***
    Offline Offline

    Activity: 184
    Merit: 100



    View Profile
    March 31, 2014, 07:48:13 PM
     #4
    I was wondering if there have been any successful PoS attacks yet. PoS is new to me.

  • Zzzack
    Full Member
    ***
    Offline Offline

    Activity: 168
    Merit: 100


    View Profile
    March 31, 2014, 07:48:41 PM
     #5
    Quote from: futile-resistance on March 31, 2014, 07:44:18 PM
    Quote from: rat4 on March 31, 2014, 07:07:20 PM
    Security analysis of PoW/PoS hybrids with low PoW reward

    Low PoW reward doesn't attract miners. This leads to ridiculously low PoW difficulty.

    A pair of examples:
    Mintcoin scrypt diff 0.1 (vs Litecoin 5677)
    SHACoin sha256 diff 1427 (vs Bitcoin 5006860589)

    At such difficulty a sequential chain of PoW blocks can be mined in a flash.
    Even long enough to confirm a transaction. Only 4 blocks for Mintcoin and 10 for SHACoin.

    Is it hard to orphan the chain of PoW blocks?
    One PoS block is enough. In both Mintcoin and SHACoin one PoS block may orphan a few millions of PoW blocks.
    If at the same time the main chain will get a competing stake, attacker's chain can be enlarged with PoW.
    This dramatically increases chance to success in comparison to pure PoW attack.

    Ability to confirm a transaction and then orphan confirmations is ability to double spend.

    Summary: double spend attack requires 1 PoS block and low hashing power.

    Visualization: https://i.imgur.com/Pyrw75q.png

    Can anyone test or confirm?

    Very true. POW is necessary for these coins to secure the network...and when minted coins are low (with little value), miners have an incentive to mine a different coin and sell it for their coin of choice. Few miners = low network hash = poorly protected public ledger. And, after all, we are investing in systems that maintain the public ledger in different ways.

    I'm all in on cryptos, but the network strength of bitcoin is what gives it value right now over the cryptos.
    Producer

  • brokedummy
    Legendary
    *
    Offline Offline

    Activity: 994
    Merit: 1004


    View Profile
    March 31, 2014, 07:55:47 PM
     #6
    Not really a big deal, if it is an issue just fork it to not accept any more POW blocks.

  • Bit_Happy
    Legendary
    *
    Offline Offline

    Activity: 2156
    Merit: 1041


    A Great Time to Start Something!


    View Profile
    March 31, 2014, 11:22:46 PM
    Last edit: April 02, 2014, 07:24:34 AM by Bit_Happy
     #7
    PoW/PoS hybrids are supposed to be immune to attack. (at least CGB is/claims to be)
    CryptogenicBullion has a good explanation on their site.
    Homeless Token (HOME) You Can Make Good Honest Money By Helping People In Urgent Need. | +++ Positive Coin +++ Stay Tuned!

  • mgburks77
    Sr. Member
    ****
    Offline Offline

    Activity: 364
    Merit: 250


    View Profile
    March 31, 2014, 11:50:15 PM
     #8
    attack one and see what happens

  • gonzoucab
    Newbie
    *
    Offline Offline

    Activity: 42
    Merit: 0


    View Profile
    March 31, 2014, 11:58:41 PM
     #9
    POW has been proved

    POW POS Hybrid have been proved, Sunny made a really nice software

    POS only have never been proved,  have less programers dedicated to.

    Thats the true.

  • stormia
    Hero Member
    *****
    Offline Offline

    Activity: 868
    Merit: 1000


    View Profile
    April 01, 2014, 12:03:22 AM
     #10
    This is a joke. Nice try to spread FUD about other coins, rat4, to try and promote your pure PoS blackcoin. How is it that Blackcoin prevents attack forks as a pure PoS coin, again?

    You say "a sequential chain of PoW blocks can be mined in a flash."
    Which is not true. Sure, you could mine all of the PoW blocks that occur sequentially, but there will be many, many more PoS blocks that interrupt those far and few apart PoW blocks. In a PoS/PoW hybrid there is no way to predict or control whether or not the next block will be PoS or PoW and therefore you cannot guarantee you will be in control of a long stream of blocks unless you have 51% of the PoW and PoS power.

    Now, this brings up an issue with pure PoS coins such as your Blackcoin... That I have yet to be seen answered in any technical detail. How, when it is pure PoS and it IS known that every block in a row will be PoS, can you prevent an attack such as the one anonymousg64 brings up:

    Quote from: Anonymousg64 on March 29, 2014, 07:09:12 AM
    im still on the fence


    can someone explain how this stops someone from generating lots of PoS blocks 20 days in the future from a bunch of TX's with small interval, whether through one or multiple wallets

    Code:
    ss << nStakeModifier;
    ss << nTimeBlockFrom << nTxPrevOffset << txPrev.nTime << prevout.n << nTimeTx;
    hashProofOfStake = Hash(ss.begin(), ss.end());
    if(CBigNum(hashProofOfStake) > bnCoinDayWeight * bnTargetPerCoinDay)
        return false;


    im not well enough versed with the code to know what these variable names imply

    Without PoW blocks to interrupt such an attack, how is it prevented?

    This thread of yours is in really bad taste, rat4, you should find better ways of promoting your coin.

    I await your reply, and your explanation as to how PoS coins are safe from a TX/coinage attack.

  • greentea
    Legendary
    *
    Offline Offline

    Activity: 1420
    Merit: 1002



    View Profile
    April 01, 2014, 12:08:13 AM
     #11
    pretty obvious that a hybrid POW/POS is more secure than a pure POS ...

    to make an attack you have to control hash and coin age in a POW/POS hyrbid, while a pure POS coin like blackcoin
    only need to control coin age ... thus inferior

    so what happen here with blackcoin:
    http://www.blackcoin.co/wallet-2/official-statement-regarding-blockchain-problems-23rd-of-march/
    NEM   NanoWallet   SuperNodes   Apostille   Landstead   Catapult   Mijin
    ▃▃▃▅▅▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▅▅▅▃▃▃

  • Bit_Happy
    Legendary
    *
    Offline Offline

    Activity: 2156
    Merit: 1041


    A Great Time to Start Something!


    View Profile
    April 01, 2014, 12:12:03 AM
     #12
    Quote from: mgburks77 on March 31, 2014, 11:50:15 PM
    attack one and see what happens

    I'll trust this for now
    https://bt.irlbtc.com/view/551861.msg6010168#msg6010168
    Homeless Token (HOME) You Can Make Good Honest Money By Helping People In Urgent Need. | +++ Positive Coin +++ Stay Tuned!

  • Soepkip
    Sr. Member
    ****
    Offline Offline

    Activity: 476
    Merit: 250



    View Profile
    April 01, 2014, 12:17:00 AM
     #13
    Yes, this is purely a discussion for us. The connection to BlackCoin is purely rat4 being the dev of it.

    The earlier blockchain stuck we had for BlackCoin has nothing to do with this and is not adding to the discussion so far. We are talking hybrid PoW/PoS coins and their security.
    ████
    ██████████████████████
    █████████████████████████
    █████████████████████████
    █████████████████████████
    █████████████████████████
    █████████████████████████
    █████████████████████████
    		 ->  BLOCKTIX  ->  Ticketing platform with a dual blockchain on Ethereum for event hosting
    -> WEBSITE - SLACK - TWITTER - FORUM
    -> Join our community to learn about our upcoming ICO

  • stormia
    Hero Member
    *****
    Offline Offline

    Activity: 868
    Merit: 1000


    View Profile
    April 01, 2014, 12:18:24 AM
     #14
    Quote from: Soepkip on April 01, 2014, 12:17:00 AM
    Yes, this is purely a discussion for us. The connection to BlackCoin is purely rat4 being the dev of it.

    The earlier blockchain stuck we had for BlackCoin has nothing to do with this and is not adding to the discussion so far. We are talking hybrid PoW/PoS coins and their security.

    Well, now we are also talking pure PoS coins and their security- which is much less tested and founded. I still await a technical response as to how pure PoS prevents the type of transaction/coinage attacks that anonymousg64 has outlined before.

  • stormia
    Hero Member
    *****
    Offline Offline

    Activity: 868
    Merit: 1000


    View Profile
    April 01, 2014, 12:23:02 AM
     #15
    Quote from: maarx on April 01, 2014, 12:18:58 AM
    1. Mint is not a person.
    2. SHACoin is not a person.
    3. rat4 is not actively promoting PoS or blackcoin

    This thread is about a potential security issue with PoW/PoS hybrids. Maybe it's true, maybe not. I don't know the technicals.

    Same for PoS. I dont know how secure it is. I dont know the technicals.

    I have asked many times on the blackcoin thread, and so have others, as to how pure PoS is safe. No reply, other than directing me to Sunny's answers, which actually only pertain to PoS/PoW hybrids if I am not mistaken.

  • gonzoucab
    Newbie
    *
    Offline Offline

    Activity: 42
    Merit: 0


    View Profile
    April 01, 2014, 12:32:53 AM
     #16
    The Blackcoin DEV dont wanna answer..

    He throws the rock and hides the hand.

  • morfans
    Newbie
    *
    Offline Offline

    Activity: 6
    Merit: 0


    View Profile
    April 01, 2014, 12:35:14 AM
     #17
    Quote from: gonzoucab on April 01, 2014, 12:32:53 AM
    The Blackcoin DEV dont wanna answer..

    He throws the rock and hides the hand.

    maybe hes AFK?

  • gonzoucab
    Newbie
    *
    Offline Offline

    Activity: 42
    Merit: 0


    View Profile
    April 01, 2014, 12:41:50 AM
     #18
    Quote from: morfans on April 01, 2014, 12:35:14 AM
    Quote from: gonzoucab on April 01, 2014, 12:32:53 AM
    The Blackcoin DEV dont wanna answer..

    He throws the rock and hides the hand.

    maybe hes AFK?

    He started the Thread minutes ago!!!!!!!

  • Soepkip
    Sr. Member
    ****
    Offline Offline

    Activity: 476
    Merit: 250



    View Profile
    April 01, 2014, 12:45:19 AM
     #19
    Or he is sleeping.

    This is not an attack on either Mint or Shacoin, this is purely an observation on hybrid pow/pos systems. If you want to discuss PoS security i do invite you to join IRC ##blackcoin on freenode and seek out rat4 there when he is awake.

    Also, i'm not the dev of blackcoin
    ████
    ██████████████████████
    █████████████████████████
    █████████████████████████
    █████████████████████████
    █████████████████████████
    █████████████████████████
    █████████████████████████
    		 ->  BLOCKTIX  ->  Ticketing platform with a dual blockchain on Ethereum for event hosting
    -> WEBSITE - SLACK - TWITTER - FORUM
    -> Join our community to learn about our upcoming ICO

  • Jabulon
    Sr. Member
    ****
    Offline Offline

    Activity: 266
    Merit: 250


    View Profile WWW
    April 01, 2014, 12:46:02 AM
     #20
    Quote from: Soepkip on April 01, 2014, 12:45:19 AM
    Or he is sleeping.

    This is not an attack on either Mint or Shacoin, this is purely an observation on hybrid pow/pos systems. If you want to discuss PoS security i do invite you to join IRC ##blackcoin on freenode and seek out rat4 there when he is awake.

    Also, i'm not the dev of blackcoin

    Yeah, as a professional he has more important business than engaging in this peeing contest. Make what you will of his analysis, do your own due diligence and try to come to rational conclusions based on what you learn rather than your emotional ties to this or that coin.

    You guys are to be called out for the blatant and utter hypocrisy of Fudding the Blackcoin thread for days with inflammatory dirt, and then having hissy-fits when the Blackcoin dev weighs in with a technical statement, and you crying "fud, fud!"

    Shame on you all for your childishness and abysmal conduct, which only hinders the progress of cryptocurrency. Examine your motivations more thoroughly.
    Visit NightBark Music, home of the BlackCoin Music Video! https://www.youtube.com/user/nightbarkmusic
    Pages: [1] 2 3 4 5 6 7 8 »  All
      Print  
Page 1
Viewing Page: 1

IRLBTC™ © 2025 IRLBTC.com