elective-stereophonic
elective-stereophonic
Bounty for successful nothing at stake attack? singapore
Please login or register.

Login with username, password and session length
Advanced search  

News:

Latest Stable Nxt Client: Nxt 1.12.1 Upgrade before block 2870000 is mandatory!

Pages: 1 [2] 3 4 5  All

Author Topic: Bounty for successful nothing at stake attack?  (Read 20318 times)

Daedelus

  • Hero Member
  • *****
  • Karma: +230/-12
  • Offline Offline
  • Posts: 3280
    • View Profile
Re: Bounty for successful nothing at stake attack?
« Reply #20 on: July 06, 2014, 01:55:34 am »

Could anyone pls send me the best detailed explanation of "Nothing-at-stake" attack at the moment? I've found only some totally unclear fantasies.

Come from beyond and Chuckone had a debate with high level bitcoin guys (deathandtaxes) on this, has links to BTT on there too

https://nxtforum.org/general-discussion/some-thoughts-on-arguments-of-pow-guys/
Logged
NXT: NXT-4CS7-S4N5-PTH5-A8R2Q

Come-from-Beyond

  • Hero Member
  • *****
  • Karma: +794/-671
  • Offline Offline
  • Posts: 4013
    • View Profile
Re: Bounty for successful nothing at stake attack?
« Reply #21 on: July 06, 2014, 07:27:42 am »

Could anyone pls send me the best detailed explanation of "Nothing-at-stake" attack at the moment? I've found only some totally unclear fantasies.

Come from beyond and Chuckone had a debate with high level bitcoin guys (deathandtaxes) on this, has links to BTT on there too

https://nxtforum.org/general-discussion/some-thoughts-on-arguments-of-pow-guys/

Kushti found good words for describing N@S - "some totally unclear fantasies"  :D
Logged

mczarnek

  • Hero Member
  • *****
  • Karma: +68/-4
  • Offline Offline
  • Posts: 898
    • View Profile
    • Nxt Place - Craigslist for Nxt
Re: Bounty for successful nothing at stake attack?
« Reply #22 on: July 06, 2014, 09:42:42 am »

I like the bounty idea.. how much of a BTC bounty do we need to make this meaningful? Anyone willing to donate some  BTC?
Logged
NXT Organization: Tech
Donations greatly appreciated: NXT-DWVJ-G89C-RHNL-6QW6Q

ChuckOne

  • Hero Member
  • *****
  • Karma: +293/-17
  • Offline Offline
  • Posts: 3450
  • ☕ NXT-4BTE-8Y4K-CDS2-6TB82
    • View Profile
Re: Bounty for successful nothing at stake attack?
« Reply #23 on: July 06, 2014, 10:43:44 am »

Kushti found good words for describing N@S - "some totally unclear fantasies"  :D

+1440
Logged

ChuckOne

  • Hero Member
  • *****
  • Karma: +293/-17
  • Offline Offline
  • Posts: 3450
  • ☕ NXT-4BTE-8Y4K-CDS2-6TB82
    • View Profile
Re: Bounty for successful nothing at stake attack?
« Reply #24 on: July 06, 2014, 10:44:19 am »

I like the bounty idea.. how much of a BTC bounty do we need to make this meaningful? Anyone willing to donate some  BTC?

Me, too. But I have no BTC. :/
Logged

benjyz

  • Hero Member
  • *****
  • Karma: +71/-4
  • Offline Offline
  • Posts: 508
    • View Profile
Re: Bounty for successful nothing at stake attack?
« Reply #25 on: July 06, 2014, 10:52:33 am »

To me, this defies logic. An "attack" is inherently linked to the profit of the bad guy. So if there is no incentive, it's not an attack. Also: there is no bounty needed because the live network is already proving every day that attack is not possible. So what information should such an "attack" exactly provide? If if where successful the network would die and we can all go home.
Logged

ChuckOne

  • Hero Member
  • *****
  • Karma: +293/-17
  • Offline Offline
  • Posts: 3450
  • ☕ NXT-4BTE-8Y4K-CDS2-6TB82
    • View Profile
Re: Bounty for successful nothing at stake attack?
« Reply #26 on: July 06, 2014, 10:55:59 am »

To me, this defies logic. An "attack" is inherently linked to the profit of the bad guy. So if there is no incentive, it's not an attack. Also: there is no bounty needed because the live network is already proving every day that attack is not possible. So what information should such an "attack" exactly provide? If if where successful the network would die and we can all go home.

Sure. However, if it has proven reliably, then why not incenting an futile attack? ;)
Logged

valarmg

  • Hero Member
  • *****
  • Karma: +178/-57
  • Offline Offline
  • Posts: 1766
    • View Profile
Re: Bounty for successful nothing at stake attack?
« Reply #27 on: July 06, 2014, 11:04:44 am »

To me, this defies logic. An "attack" is inherently linked to the profit of the bad guy. So if there is no incentive, it's not an attack. Also: there is no bounty needed because the live network is already proving every day that attack is not possible. So what information should such an "attack" exactly provide? If if where successful the network would die and we can all go home.

Disagree. A white hat attacker could discover a flaw in the network, reveal it to the developers and allow the developers a chance to fix it. The white hat programmer gets an incentive to look for holes in the network, and reward for finding them, and the Nxt network gets subjected to more scrutiny (early in its development), and a possibly a chance to fix fatal flaws.

And if there is no flaw, Nxt gains the advantage of being able to point to the large bounty whenever someone spreads nothing at stake FUD.
Logged
NXT-CSED-4PK5-AR4V-6UB5V

Come-from-Beyond

  • Hero Member
  • *****
  • Karma: +794/-671
  • Offline Offline
  • Posts: 4013
    • View Profile
Re: Bounty for successful nothing at stake attack?
« Reply #28 on: July 06, 2014, 11:08:06 am »

And if there is no flaw, Nxt gains the advantage of being able to point to the large bounty whenever someone spreads nothing at stake FUD.

I would wait until opponents provide a clear explanation why N@S is a flaw. Right now it looks more as an advantage of PoS. Anyway without such the explanation we can't say what the bounty is about.
Logged

benjyz

  • Hero Member
  • *****
  • Karma: +71/-4
  • Offline Offline
  • Posts: 508
    • View Profile
Re: Bounty for successful nothing at stake attack?
« Reply #29 on: July 06, 2014, 11:18:18 am »

To me, this defies logic. An "attack" is inherently linked to the profit of the bad guy. So if there is no incentive, it's not an attack. Also: there is no bounty needed because the live network is already proving every day that attack is not possible. So what information should such an "attack" exactly provide? If if where successful the network would die and we can all go home.

Disagree. A white hat attacker could discover a flaw in the network, reveal it to the developers and allow the developers a chance to fix it. The white hat programmer gets an incentive to look for holes in the network, and reward for finding them, and the Nxt network gets subjected to more scrutiny (early in its development), and a possibly a chance to fix fatal flaws.

And if there is no flaw, Nxt gains the advantage of being able to point to the large bounty whenever someone spreads nothing at stake FUD.

I think these are two issues:

1. "propaganda" by Bitcoin guys. But the same way PoS has an agenda against PoW. So this is a natural process, which will solve itself over time. If people spread mis-information, or don't take time to form an opinion based on facts, that is their problem. The market provides plenty of incentives for being right.

2. possible flaws in Nxt. If there are fatal (and N@S would be fatal if possible), then bounty does not matter at all. The network dies in any case. And some person saying "I have found no flaws" does not prove that no flaws exist. Counterfactuals are impossible to prove. Which is, by the way, one major trouble with the financial system we have today (risk-management based on statistics, see Taleb for details).

I have a couple of possible attacks in mind, which I thought about, especially with regards to TF. To describe them in detail and field test them is a lot of work - I don't understand Nxt well enough to do this work (yet). It's an error to think there are just "attacks" which have binary outcomes. For example the AE can be gamed by issuing time orders. That's not a fatal issue.
« Last Edit: July 06, 2014, 11:25:40 am by benjyz »
Logged

Brangdon

  • Hero Member
  • *****
  • Karma: +229/-25
  • Offline Offline
  • Posts: 1389
  • Quality is addictive.
    • View Profile
Re: Bounty for successful nothing at stake attack?
« Reply #30 on: July 06, 2014, 12:40:02 pm »

What I was told: N-a-S doesn't lead to double spending nor does it create funds or anything. At most it would make forks or so. Doesn't exactly scare me. No one is willing to follow up once you ask for details.
I think it does allow double-spending. As I understand it, you forge on a hidden fork. Because you are the only account forging on that fork, you get all the blocks. Eventually your fork somehow gets to be longer than the public chain, and then you publish it and the network accepts it as the new main fork.

You can double-spend by including different transactions in your private fork than in the public one. You also win all the transaction fees. You can do all the other tricks of a 51% attack, such as rejecting transactions that would help competitors, or including zero transactions so the network halts, or only accepting transactions that have high fees. You can't spend coins from other accounts or create new transactions for them (because you don't have their private keys), but by rewinding the existing transactions you can effectively deprive others of coins that belong to them.
Logged

Come-from-Beyond

  • Hero Member
  • *****
  • Karma: +794/-671
  • Offline Offline
  • Posts: 4013
    • View Profile
Re: Bounty for successful nothing at stake attack?
« Reply #31 on: July 06, 2014, 12:46:50 pm »

I think it does allow double-spending. As I understand it, you forge on a hidden fork. Because you are the only account forging on that fork, you get all the blocks. Eventually your fork somehow gets to be longer than the public chain, and then you publish it and the network accepts it as the new main fork.

You can double-spend by including different transactions in your private fork than in the public one. You also win all the transaction fees. You can do all the other tricks of a 51% attack, such as rejecting transactions that would help competitors, or including zero transactions so the network halts, or only accepting transactions that have high fees. You can't spend coins from other accounts or create new transactions for them (because you don't have their private keys), but by rewinding the existing transactions you can effectively deprive others of coins that belong to them.

I marked what won't work in Nxt.
Logged

Brangdon

  • Hero Member
  • *****
  • Karma: +229/-25
  • Offline Offline
  • Posts: 1389
  • Quality is addictive.
    • View Profile
Re: Bounty for successful nothing at stake attack?
« Reply #32 on: July 06, 2014, 01:11:08 pm »

I marked what won't work in Nxt.
OK  :) Obviously the first one is the biggy, but can we address the second one first? What stops me deciding which transactions to include in a block that I forge? Are you talking about a new planned feature, or is it a consequence of the draft white paper that I'm missing?

(I'm partly interested in this from the point of view of honest forging, especially with Transparent Forging enabled so I know in advance which block I'm likely to get to forge. Although I think with TF if I reject a transaction, the next forger will include it so a 60-second delay is all I achieve.)
Logged

Come-from-Beyond

  • Hero Member
  • *****
  • Karma: +794/-671
  • Offline Offline
  • Posts: 4013
    • View Profile
Re: Bounty for successful nothing at stake attack?
« Reply #33 on: July 06, 2014, 01:22:05 pm »

Obviously the first one is the biggy, but can we address the second one first?

https://nxtforum.org/news-and-announcements/economic-clustering/
Logged

Brangdon

  • Hero Member
  • *****
  • Karma: +229/-25
  • Offline Offline
  • Posts: 1389
  • Quality is addictive.
    • View Profile
Re: Bounty for successful nothing at stake attack?
« Reply #34 on: July 06, 2014, 02:38:58 pm »

https://nxtforum.org/news-and-announcements/economic-clustering/
So something not described in the draft white paper. Is it active now? My impression from that thread is that it won't be enabled until we have more robust, independent nodes. If we do this bounty thing, we need to be clear about which version of Nxt they are supposed to attack. There's no point asking them to attack something which doesn't exist yet.

As far as I can tell the key idea is that transactions reference a recent block. This does not mean the private fork couldn't exclude transactions. Quite the reverse: it must exclude all transactions that reference the public fork after it has branched from the attacker's fork. (Presumably the attacker will create a load of artificial transactions instead, so the fork looks plausible.) So we'd actually get loads of double-spends. Many transactions from the main fork would be undone, and have to be reissued, supposing that the sender wanted to.

I've posted some more in that thread. It seems to me that a lot depends on how recent "recent" is. If most transactions reference a block 10 blocks earlier, then the attacker can include them in the first 10 blocks of their private fork. So for short forks, it doesn't make much difference.
Logged

Mexxer

  • Hero Member
  • *****
  • Karma: +32/-20
  • Offline Offline
  • Posts: 653
    • View Profile
Re: Bounty for successful nothing at stake attack?
« Reply #35 on: July 06, 2014, 03:14:58 pm »

Ethereum just posted about PoS and Nothing-at-Stake

https://blog.ethereum.org/2014/07/05/stake/
Logged
▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬  ▄▀▀▀▀▀▀▀▀▄  ▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬
▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬●  nimirum  ●▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬
▬▬▬ ◖ENDING CENSORSHIP ONLINE◗  ◖ ICO OPEN NOW◗ ▬▬▬

joefox

  • Hero Member
  • *****
  • Karma: +62/-1
  • Offline Offline
  • Posts: 522
    • View Profile
    • The Nxt Wiki
Re: Bounty for successful nothing at stake attack?
« Reply #36 on: July 06, 2014, 03:37:57 pm »


Ethereum just posted about PoS and Nothing-at-Stake

https://blog.ethereum.org/2014/07/05/stake/

*facepalm*
Logged
GPG Key Id: 0x94A521DA613CAE76 | BitMessage BM-NBzUURL9jLagPALxCpxYDaMVe9E3965u
Nxt Wiki: http://wiki.nxtcrypto.org/
Tips: NXT-DBDW-STA8-ARBE-6JRPA

vbuterin

  • Newbie
  • *
  • Karma: +9/-0
  • Offline Offline
  • Posts: 4
    • View Profile
Re: Bounty for successful nothing at stake attack?
« Reply #37 on: July 06, 2014, 03:49:27 pm »

Here's what NaS means. Suppose that you have a chain C1, and then some attacker with P portion of network hashpower decides to start trying to fork your blockchain starting N blocks ago. Then, there are two competing chains, C1 and C2. Now, look at it from the point of view as an ordinary forger. You have four options:

1. Try to forge on neither chain.
2. Try to forge on C1 only.
3. Try to forge on C2 only.
4. Try to forge on C1 and C2 simultaneously.

Because there is no significant cost to forging that is external to the blockchain, like there is with PoW, (4) is an actually viable strategy (in Bitcoin, (4) would have cost you 2x as much mining power). (4) is clearly the best from a revenue standpoint, because it gives you a reward if either chain ultimately wins, whereas the "honest" strategy, (2), gives you only rewards if C1 wins. Hence, all purely self-interested forgers will forge on C1 and C2, altruists will forge on C1 only, and the attacker will forge on C2 only. Thus, in order for the attack to win, the attacker will need to overpower only the altruists, not 51% of the entire network.

You guys are secure now because everyone is using the default client, which I presume enforces the "forge on C1 only" rule. Later on, clients designed and downloaded by users motivated solely by financial interest may well switch to double-forging. An analog of this problem exists for every PoS system to date with the exception, as I described in my article, of permanent-genesis-nobility and TaPoS.
Logged

Daedelus

  • Hero Member
  • *****
  • Karma: +230/-12
  • Offline Offline
  • Posts: 3280
    • View Profile
Re: Bounty for successful nothing at stake attack?
« Reply #38 on: July 06, 2014, 03:57:25 pm »

Here's what NaS means. Suppose that you have a chain C1, and then some attacker with P portion of network hashpower decides to start trying to fork your blockchain starting N blocks ago. Then, there are two competing chains, C1 and C2. Now, look at it from the point of view as an ordinary forger. You have four options:

1. Try to forge on neither chain.
2. Try to forge on C1 only.
3. Try to forge on C2 only.
4. Try to forge on C1 and C2 simultaneously.

Because there is no significant cost to forging that is external to the blockchain, like there is with PoW, (4) is an actually viable strategy (in Bitcoin, (4) would have cost you 2x as much mining power). (4) is clearly the best from a revenue standpoint, because it gives you a reward if either chain ultimately wins, whereas the "honest" strategy, (2), gives you only rewards if C1 wins. Hence, all purely self-interested forgers will forge on C1 and C2, altruists will forge on C1 only, and the attacker will forge on C2 only. Thus, in order for the attack to win, the attacker will need to overpower only the altruists, not 51% of the entire network.

You guys are secure now because everyone is using the default client, which I presume enforces the "forge on C1 only" rule. Later on, clients designed and downloaded by users motivated solely by financial interest may well switch to double-forging. An analog of this problem exists for every PoS system to date with the exception, as I described in my article, of permanent-genesis-nobility and TaPoS.

Before we go any further, any chance of a pgp sig?  ;D
Logged
NXT: NXT-4CS7-S4N5-PTH5-A8R2Q

Mexxer

  • Hero Member
  • *****
  • Karma: +32/-20
  • Offline Offline
  • Posts: 653
    • View Profile
Re: Bounty for successful nothing at stake attack?
« Reply #39 on: July 06, 2014, 04:01:26 pm »

Here's what NaS means. Suppose that you have a chain C1, and then some attacker with P portion of network hashpower decides to start trying to fork your blockchain starting N blocks ago. Then, there are two competing chains, C1 and C2. Now, look at it from the point of view as an ordinary forger. You have four options:

1. Try to forge on neither chain.
2. Try to forge on C1 only.
3. Try to forge on C2 only.
4. Try to forge on C1 and C2 simultaneously.

Because there is no significant cost to forging that is external to the blockchain, like there is with PoW, (4) is an actually viable strategy (in Bitcoin, (4) would have cost you 2x as much mining power). (4) is clearly the best from a revenue standpoint, because it gives you a reward if either chain ultimately wins, whereas the "honest" strategy, (2), gives you only rewards if C1 wins. Hence, all purely self-interested forgers will forge on C1 and C2, altruists will forge on C1 only, and the attacker will forge on C2 only. Thus, in order for the attack to win, the attacker will need to overpower only the altruists, not 51% of the entire network.

You guys are secure now because everyone is using the default client, which I presume enforces the "forge on C1 only" rule. Later on, clients designed and downloaded by users motivated solely by financial interest may well switch to double-forging. An analog of this problem exists for every PoS system to date with the exception, as I described in my article, of permanent-genesis-nobility and TaPoS.

Before we go any further, any chance of a pgp sig?  ;D

Well he was asked on reddit to come here:
http://www.reddit.com/r/Bitcoin/comments/29yyjm/proofofstake_and_distributed_consensus_are/

So it's probably him.

Would be awesome to get a nice discussion going!
Logged
▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬  ▄▀▀▀▀▀▀▀▀▄  ▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬
▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬●  nimirum  ●▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬
▬▬▬ ◖ENDING CENSORSHIP ONLINE◗  ◖ ICO OPEN NOW◗ ▬▬▬
Pages: 1 [2] 3 4 5  All
 

elective-stereophonic
elective-stereophonic
assembly
assembly