elective-stereophonic
elective-stereophonic
Bounty for successful nothing at stake attack? singapore
Please login or register.

Login with username, password and session length
Advanced search  

News:

Latest Stable Nxt Client: Nxt 1.12.2

Pages: 1 2 3 [4] 5  All

Author Topic: Bounty for successful nothing at stake attack?  (Read 23088 times)

anon136

  • Hero Member
  • *****
  • Karma: +86/-19
  • Offline Offline
  • Posts: 1015
    • View Profile
Re: Bounty for successful nothing at stake attack?
« Reply #60 on: July 06, 2014, 06:12:32 pm »

You dont have to be altruistic inorder to want to insure the integrity of a network that you own a stake in :D

+1

 the attacker will need to overpower the altruists and self-interested forgers. The self-interested forgers will forge on C1 as well.

The problem is that each individual forger will have a small portion of funds, so their impact on the network either way is insignificant so they have close to zero incentive to "ensure the integrity of the network". It's a classic tragedy of the commons.

I wrote a long response and it all got trashed by something wrong with my internet connection.

Anyway, thats not tragedy of the commons its a more general market failure.

So that argument would work if we were dealing with a binary sort of thing where A = unpredictable successful attack B = unsuccessful attack. In such a situation the selfish actor could benefit from selfish behavior all the way up until the point where he had the marginal contribution. He of course wouldnt push it that far, but at that point a truely malicious actor could step in to add the marginal contribution at relatively little cost. The conclusion is good, the premises are bad.

The market doesn’t have to wait for a successful double-spend in order to violently and suddenly price in the whole problem all at once. Any amount of selfish behaviour makes all confirmations marginally less secure in a measurable way. In that way the market can price in the behaviour of even a single bad actor by measuring the orphan rate and length of each orphan chain.
« Last Edit: July 06, 2014, 06:17:00 pm by anon136 »
Logged

vbuterin

  • Newbie
  • *
  • Karma: +9/-0
  • Offline Offline
  • Posts: 4
    • View Profile
Re: Bounty for successful nothing at stake attack?
« Reply #61 on: July 06, 2014, 06:18:56 pm »

Quote
Pareto seems to have another opinion...

True, but if the concentration is that high then we run into the other problem which is that I would not call the system highly decentralized.

That's the idea behind Slasher. It's good against short-range attacks, but not long-range ones (see my article).

Good news. Against long-range attacks we r protected by the extra consensus rule that forces to stick to a branch with the highest rate of transactions belonging to the same economic cluster.

So basically you use transactions-as-proof-of-stake. That sounds reasonable; it's as good as I can think of at this point, although it has the moderately-serious-but-not-fatal flaws that I described in my On Stake article. I eagerly await a full whitepaper description and open source code of your complete protocol so both myself and more formal academics can properly whack at the specifics.
Logged

Brangdon

  • Hero Member
  • *****
  • Karma: +229/-25
  • Offline Offline
  • Posts: 1389
  • Quality is addictive.
    • View Profile
Re: Bounty for successful nothing at stake attack?
« Reply #62 on: July 06, 2014, 06:23:38 pm »

https://nxtforum.org/news-and-announcements/economic-clustering/
As far as I can tell the key idea is that transactions reference a recent block.
If I detect a fork, is there any reason I shouldn't broadcast two versions of my transaction, one for each fork? That way, whichever fork eventually wins, my transaction goes through. And obviously betting on both forks undermines the benefits of EC as a consensus mechanism in the same way that forging on both forks does.

So something not described in the draft white paper.
This is intentional, BECAUSE it is not active now.  The whitepaper is based on the implementation of Nxt v1.2.2.

My rationale is simple: if we keep delaying the whitepaper because Nxt keeps evolving, we will never finish a whitepaper :)
I 100% agree. I wasn't criticising the whitepaper. Quite the reverse.

However, until this economic clustering idea is described in detail by some future whitepaper, it's hard to tell whether it does actually solve anything.
Logged

Come-from-Beyond

  • Hero Member
  • *****
  • Karma: +794/-671
  • Offline Offline
  • Posts: 4013
    • View Profile
Re: Bounty for successful nothing at stake attack?
« Reply #63 on: July 06, 2014, 06:31:44 pm »

If I detect a fork, is there any reason I shouldn't broadcast two versions of my transaction, one for each fork? That way, whichever fork eventually wins, my transaction goes through. And obviously betting on both forks undermines the benefits of EC as a consensus mechanism in the same way that forging on both forks does.

U can broadcast as many versions of the same transaction as u wish. An attacker that is building a hidden branch won't be able to include them anyway, coz u don't know hashes of his blocks.
Logged

CryptoScalper

  • Full Member
  • ***
  • Karma: +10/-24
  • Offline Offline
  • Posts: 192
  • Banned!
  • I DO NOT CONSENT
    • View Profile
Re: Bounty for successful nothing at stake attack?
« Reply #64 on: July 06, 2014, 06:34:39 pm »

That sounds reasonable; it's as good as I can think of at this point...

SOLD   ;D
Logged
"A world with the money can not be perfect." - BCNext

benjyz

  • Hero Member
  • *****
  • Karma: +71/-4
  • Offline Offline
  • Posts: 508
    • View Profile
Re: Bounty for successful nothing at stake attack?
« Reply #65 on: July 06, 2014, 06:39:39 pm »

Quote
Pareto seems to have another opinion...

True, but if the concentration is that high then we run into the other problem which is that I would not call the system highly decentralized.

the de-word is being misused by those in favor of PoW. there are many possible solutions, which don't require proving something with a hashing algorithm. The role of proof-of-work in Bitcoin is misunderstood, as so many other aspects. How "de-central" is a system with a few mining pools. I don't get it..

That's the idea behind Slasher. It's good against short-range attacks, but not long-range ones (see my article).

Good news. Against long-range attacks we r protected by the extra consensus rule that forces to stick to a branch with the highest rate of transactions belonging to the same economic cluster.

So basically you use transactions-as-proof-of-stake. That sounds reasonable; it's as good as I can think of at this point, although it has the moderately-serious-but-not-fatal flaws that I described in my On Stake article. I eagerly await a full whitepaper description and open source code of your complete protocol so both myself and more formal academics can properly whack at the specifics.

TPoS uses "coin-days". Nxt is designed from the ground up and is much more related to DPoS (or the other way round possibly).

http://the-iland.net/static/downloads/TransactionsAsProofOfStake.pdf
http://bitshares.org/delegated-proof-of-stake/
Logged

valarmg

  • Hero Member
  • *****
  • Karma: +178/-57
  • Offline Offline
  • Posts: 1766
    • View Profile
Re: Bounty for successful nothing at stake attack?
« Reply #66 on: July 06, 2014, 06:58:03 pm »

Quote
Pareto seems to have another opinion...

True, but if the concentration is that high then we run into the other problem which is that I would not call the system highly decentralized.

So if there (hypothetically) are 10 million stakeholders, but 80% of the stake is held by the top 2million stakeholders, then the system isn't sufficiently decentralized?
Logged
NXT-CSED-4PK5-AR4V-6UB5V

ChuckOne

  • Hero Member
  • *****
  • Karma: +293/-17
  • Offline Offline
  • Posts: 3450
  • ☕ NXT-4BTE-8Y4K-CDS2-6TB82
    • View Profile
Re: Bounty for successful nothing at stake attack?
« Reply #67 on: July 06, 2014, 07:03:04 pm »

So if there (hypothetically) are 10 million stakeholders, but 80% of the stake is held by the top 2million stakeholders, then the system isn't sufficiently decentralized?

Well, I think the problem here lies in the perception and differences of "fairness" (of which I have no definition) and of "stability/security".

The latter is better maintained/generated by hierarchical systems aka lesser entities.
Logged

Brangdon

  • Hero Member
  • *****
  • Karma: +229/-25
  • Offline Offline
  • Posts: 1389
  • Quality is addictive.
    • View Profile
Re: Bounty for successful nothing at stake attack?
« Reply #68 on: July 06, 2014, 08:21:12 pm »

If I detect a fork, is there any reason I shouldn't broadcast two versions of my transaction, one for each fork? That way, whichever fork eventually wins, my transaction goes through. And obviously betting on both forks undermines the benefits of EC as a consensus mechanism in the same way that forging on both forks does.

U can broadcast as many versions of the same transaction as u wish. An attacker that is building a hidden branch won't be able to include them anyway, coz u don't know hashes of his blocks.
I'm not necessarily talking of hidden branches. Just normal forks that can happen from network delays.
Logged

ChuckOne

  • Hero Member
  • *****
  • Karma: +293/-17
  • Offline Offline
  • Posts: 3450
  • ☕ NXT-4BTE-8Y4K-CDS2-6TB82
    • View Profile
Re: Bounty for successful nothing at stake attack?
« Reply #69 on: July 06, 2014, 08:31:52 pm »

Here's what NaS means. Suppose that you have a chain C1, and then some attacker with P portion of network hashpower decides to start trying to fork your blockchain starting N blocks ago. Then, there are two competing chains, C1 and C2. Now, look at it from the point of view as an ordinary forger. You have four options:

1. Try to forge on neither chain.
2. Try to forge on C1 only.
3. Try to forge on C2 only.
4. Try to forge on C1 and C2 simultaneously.

Because there is no significant cost to forging that is external to the blockchain, like there is with PoW, (4) is an actually viable strategy (in Bitcoin, (4) would have cost you 2x as much mining power). (4) is clearly the best from a revenue standpoint, because it gives you a reward if either chain ultimately wins, whereas the "honest" strategy, (2), gives you only rewards if C1 wins. Hence, all purely self-interested forgers will forge on C1 and C2, altruists will forge on C1 only, and the attacker will forge on C2 only. Thus, in order for the attack to win, the attacker will need to overpower only the altruists, not 51% of the entire network.

You guys are secure now because everyone is using the default client, which I presume enforces the "forge on C1 only" rule. Later on, clients designed and downloaded by users motivated solely by financial interest may well switch to double-forging. An analog of this problem exists for every PoS system to date with the exception, as I described in my article, of permanent-genesis-nobility and TaPoS.

Nice article, Vitalik: https://blog.ethereum.org/2014/07/05/stake/
Logged

Come-from-Beyond

  • Hero Member
  • *****
  • Karma: +794/-671
  • Offline Offline
  • Posts: 4013
    • View Profile
Re: Bounty for successful nothing at stake attack?
« Reply #70 on: July 06, 2014, 08:36:54 pm »

I'm not necessarily talking of hidden branches. Just normal forks that can happen from network delays.

U can't influence which branch will survive, so it's a good idea to duplicate transactions for every branch u see.
Logged

nexern

  • Sr. Member
  • ****
  • Karma: +83/-11
  • Offline Offline
  • Posts: 496
    • View Profile
Re: Bounty for successful nothing at stake attack?
« Reply #71 on: July 06, 2014, 09:48:07 pm »

the ongoing, natural and selforganized distribution prevents this attack without violating decentralisation.
islands of accumulations within nxt-token-sphere are a succesfull proof of operation because it is congruent
with nature based systems. the only remaining path, buying stakes to attack doesn't work either.
probability for this attack vector tends asymptotically to zero in a real world scenario.
Logged

valarmg

  • Hero Member
  • *****
  • Karma: +178/-57
  • Offline Offline
  • Posts: 1766
    • View Profile
Re: Bounty for successful nothing at stake attack?
« Reply #72 on: July 06, 2014, 10:56:24 pm »

This part of Vitalik's assertion wasn't addressed:
"I said that every pure PoS system, except a PoS system with trusted chain download sources, can always and forever be taken over by a 51% collusion of the genesis block allocation."

Is this possible? In the unlikely event that a large group of initial holders got together, sold their stake and then used their addresses to create a fork starting shortly after the creation of Nxt, would that fork be a threat, or would economic clustering deal with that too. Seems to me that it would.
Logged
NXT-CSED-4PK5-AR4V-6UB5V

2Kool4Skewl

  • Hero Member
  • *****
  • Karma: +396/-246
  • Offline Offline
  • Posts: 1897
  • Banned!
  • Because I'm a Genius
    • View Profile
Re: Bounty for successful nothing at stake attack?
« Reply #73 on: July 07, 2014, 01:55:16 am »

This part of Vitalik's assertion wasn't addressed:
"I said that every pure PoS system, except a PoS system with trusted chain download sources, can always and forever be taken over by a 51% collusion of the genesis block allocation."

Is this possible? In the unlikely event that a large group of initial holders got together, sold their stake and then used their addresses to create a fork starting shortly after the creation of Nxt, would that fork be a threat, or would economic clustering deal with that too. Seems to me that it would.

Economic clustering is designed to deal with that threat.
Logged
We are the descendants of Bitcoin.  We are the continuation of the cause it started, but that perished with its centralization.
An economic system is a manifestation of an ideology.  What was lost, we shall reclaim.
"The Times 03/Jan/2009 Chancellor on brink of second bailout for banks"

qqNxt

  • Full Member
  • ***
  • Karma: +18/-1
  • Offline Offline
  • Posts: 174
    • View Profile
    • http://www.myfreenxt.com/
Re: Bounty for successful nothing at stake attack?
« Reply #74 on: July 07, 2014, 03:06:24 am »



WOW. first of all, welcome to our forum!
It's great to see you here.

Reading through above posts, i would say it would have to be the best there is in all of crypto posts.

i see all your arguments as great positive feedback to our community.
thank you for providing your opinions and i hope you may learn some from us as well.
Logged
http://www.myfreenxt.com/
NXT-8PGJ-JWZM-BRN9-59Y3L

mczarnek

  • Hero Member
  • *****
  • Karma: +68/-4
  • Offline Offline
  • Posts: 898
    • View Profile
    • Nxt Place - Craigslist for Nxt
Re: Bounty for successful nothing at stake attack?
« Reply #75 on: July 07, 2014, 06:30:59 am »

Regarding using transactions to peg the fork, what prevents an attacker from making a whole bunch of transactions between his own accounts that are pegged to his fake fork?  Can we use something along the lines of Bitcoin's coin priority.. I think it's Coin-days or something like that.

Something along the lines of this: http://gavintech.blogspot.com/2012/05/neutralizing-51-attack.html
Logged
NXT Organization: Tech
Donations greatly appreciated: NXT-DWVJ-G89C-RHNL-6QW6Q

Come-from-Beyond

  • Hero Member
  • *****
  • Karma: +794/-671
  • Offline Offline
  • Posts: 4013
    • View Profile
Re: Bounty for successful nothing at stake attack?
« Reply #76 on: July 07, 2014, 06:52:39 am »

Regarding using transactions to peg the fork, what prevents an attacker from making a whole bunch of transactions between his own accounts that are pegged to his fake fork?  Can we use something along the lines of Bitcoin's coin priority.. I think it's Coin-days or something like that.

Something along the lines of this: http://gavintech.blogspot.com/2012/05/neutralizing-51-attack.html

These transactions won't have high ratio of EC transactions.
Logged

benjyz

  • Hero Member
  • *****
  • Karma: +71/-4
  • Offline Offline
  • Posts: 508
    • View Profile
Re: Bounty for successful nothing at stake attack?
« Reply #77 on: July 07, 2014, 07:48:28 am »

This part of Vitalik's assertion wasn't addressed:
"I said that every pure PoS system, except a PoS system with trusted chain download sources, can always and forever be taken over by a 51% collusion of the genesis block allocation."

Is this possible? In the unlikely event that a large group of initial holders got together, sold their stake and then used their addresses to create a fork starting shortly after the creation of Nxt, would that fork be a threat, or would economic clustering deal with that too. Seems to me that it would.

and what blockchain would that be? since Nxt genesis 300'000 transactions have taken place. of course nodes know about more recent history - it's distributed around the world. so the assumptions that the history is not known is absurd (what then is the blockchain, if we don't assume it's distributed?). and if most stakeholders lose their balances, that will be known very quickly. the attackers would be known as well, so a repair is easy. the source code of Nxt is sealed with separate keys be developers. they could create forks by decree. how likely is this to happen anyway? it assumes that the initial stakeholders know each other and have some shared interest against Nxt.
Logged

Brangdon

  • Hero Member
  • *****
  • Karma: +229/-25
  • Offline Offline
  • Posts: 1389
  • Quality is addictive.
    • View Profile
Re: Bounty for successful nothing at stake attack?
« Reply #78 on: July 13, 2014, 10:31:32 am »

Here's what NaS means. Suppose that you have a chain C1, and then some attacker with P portion of network hashpower decides to start trying to fork your blockchain starting N blocks ago. Then, there are two competing chains, C1 and C2. Now, look at it from the point of view as an ordinary forger. You have four options:

1. Try to forge on neither chain.
2. Try to forge on C1 only.
3. Try to forge on C2 only.
4. Try to forge on C1 and C2 simultaneously.
Thanks for that qualitative analysis. Could someone who understands the statistical history of the block-chain give a more quantitative analysis?
 
Quote
You guys are secure now because everyone is using the default client, which I presume enforces the "forge on C1 only" rule. Later on, clients designed and downloaded by users motivated solely by financial interest may well switch to double-forging.
Specifically, how much more money would a Nxt peer make by switching to such a modified client?

For example, if I control 0.1% of the forging power (1m NXT if everyone is forging; half that if half are, etc), then I can normally expect to get 0.1% of the total transaction fees in a year. What proportion of the time am I presented with two chains that I could forge on? And what percentage of the time do I lose out through only forging on one chain, and picking the wrong one? (My intuition is that this is rare, if my client is up to date, but I could be wrong.)

My feeling is that Nothing at Stake is important when the reward for forging a block is high. In Bitcoin, for example, you get 25 BTC in addition to fees, which means around $2m a day is up for grabs. It would be worth going to extreme lengths to get a bigger slice of that pie. In Nxt, however, there is no block reward. Fees currently average around 5,000 NXT/day, or $250. With 0.1% of the forging power, I can expect less than $100 a year. Even if I could double that by forging on both chains, that's not much incentive. The disincentive is that it weakens the network. If I own 1m NXT, then it's surely more rational for me to try to preserve my stake by forging honestly then to try to make a few more coins and risk devaluing the lot?

So I would argue that Nothing at Stake is a theoretical problem, but not a practical one. Our current security will likely not be temporary. It's true someone in future could produce a modified client that double-forges, but the personal gain from switching to it would be small, and the people with most to gain are also the ones with most to lose. It only feels like it might be a real threat if you are looking with Bitcoin eyes, used to huge block rewards and miners who have no real stake in the currency.

Can we collect statistics on how common forks are and how often peers are fooled by them?
Logged

TeamWealth

  • Full Member
  • ***
  • Karma: +11/-1
  • Offline Offline
  • Posts: 217
    • View Profile
Re: Bounty for successful nothing at stake attack?
« Reply #79 on: July 15, 2014, 09:18:48 am »

A thought, but would it be possible to also get other PoS coins under attack for the same thing to also put in some funds in order to get a larger bounty?
Logged
NXT: NXT-V93N-SYX2-2CNW-5TF9Y
Pages: 1 2 3 [4] 5  All
 

elective-stereophonic
elective-stereophonic
assembly
assembly