Author [EN] [ZH] [ES] [PT] [IT] [DE] [FR] [NL] [TR] [SR] [AR] [RU] [EN] [ZH] [ES] [PT] [IT] [DE] [FR] [NL] [TR] [SR] [AR] [RU] [EN] [ZH] [ES] [PT] [IT] [DE] [FR] [NL] [TR] [SR] [AR] [RU] Topic: An attack on DevShares  (Read 3270 times)

0 Members and 1 Guest are viewing this topic.

Offline Come-from-Beyond

  • Full Member
  • ***
  • Posts: 113
    • View Profile
An attack on DevShares
« on: February 09, 2015, 07:12:41 PM »

Some people mentioned DevShares as a good way to test an attack on BitShares, I tend to follow the advice. Could anyone point me to an up-to-date documentation on DevShares (whitepaper and protocols)? Also, I'd like to get a permission from the community if it's possible to get.

sumantso

  • Guest
Re: An attack on DevShares
« Reply #1 on: February 09, 2015, 07:14:51 PM »
BM mentioned that attacks on DevShares is not only allowed, but any profit gained is the attacker's income and others can't lay claim to it. Anyone having DevShares understands that.

Offline biophil

  • Hero Member
  • *****
  • Posts: 780
  • Incentives run the world
    • View Profile
  • BTS: zebulon
Re: An attack on DevShares
« Reply #2 on: February 09, 2015, 07:21:13 PM »
I like this. Gonna go get some popcorn.

Sent from my SCH-S720C using Tapatalk 2


Offline Come-from-Beyond

  • Full Member
  • ***
  • Posts: 113
    • View Profile
Re: An attack on DevShares
« Reply #3 on: February 09, 2015, 07:30:45 PM »
Good news, now I need only the documentation that is confirmed to be up-to-date.

Offline Vizzini

Re: An attack on DevShares
« Reply #4 on: February 09, 2015, 07:36:24 PM »
CfB, I'll vote for you as a delegate. Bring some of those nice NXT folks over here, along with the ghost of BCNext, and you'll have enough power to get hired by the blockchain.

You won't miss the java. We have all you can drink.


Never go against a Sicilian when death is on the line.

Offline Ander

  • Hero Member
  • *****
  • Posts: 3507
    • View Profile
  • BTS: Ander
Re: An attack on DevShares
« Reply #5 on: February 09, 2015, 07:49:34 PM »
I support this 1000%!  This needs to happen.

If the attack is successful, it demonstrates a need to modify the structure of Bitshares to be secure against it.  This is important to know, and its much better for it to happen now while Bitshares is new and still small, than later on.

If the attack is unsuccessful, it increases confidence in the DPoS system.


There are several ways you could try to attack:
* Execute a successful double spend.
* Execute a nothing at stake attack: Buy devshares, use the stake to vote in delegates, sell the devshares, and then use the delegates to be malicious in some way.
* Install many paid delegates and then have them conspire to not be able to be removed from office, even if voters want them out.
* Install many paid delegates, produce no of value, but have them remain in office.  (Sybil attack). 


If the result of the attack is that the attacker loses a significant amount of money (relative to the cost of the shares bought to execute the attack), and the disruption to the network was not catastrophic, I would consider it an unsuccessful attack.   After all, in Proof of Work once could also rent tons of hashing power and use it to perform a 51% attack, but if this is costly and not sufficiently disruptive then its not a big weakness.  If the same thing occurs in DPoS then its not a real vulnerability, especially if the spend value ends up in the hands of shareholders/traders of BTS.



Note: I suspect that you might be able to execute an attack where you get many paid delegates elected and then sit there and do nothing and collect pay, MUCH more easily in devshares than in Bitshares.  Bitshares has actual value, and shareholders are fairly watchful, so any paid delegates come under scrutiny.  They already fired blackwavelabs after not seeing an update after 3 weeks. 

Devshares is very cheap and thus it is quite possible that no one would care.
« Last Edit: February 09, 2015, 07:53:43 PM by Ander »
https://metaexchange.info | Bitcoin<->Altcoin exchange | Instant | Safe | Low spreads

Offline jsidhu

  • Hero Member
  • *****
  • Posts: 1337
    • View Profile
Re: An attack on DevShares
« Reply #6 on: February 09, 2015, 07:55:23 PM »
CfB, I'll vote for you as a delegate. Bring some of those nice NXT folks over here, along with the ghost of BCNext, and you'll have enough power to get hired by the blockchain.

You won't miss the java. We have all you can drink.



I suspect if he cannot attack it he will switch over and bring in many of the NXT devs here with him...
Hired by blockchain | Developer
delegate: dev.sidhujag

Offline Come-from-Beyond

  • Full Member
  • ***
  • Posts: 113
    • View Profile
Re: An attack on DevShares
« Reply #7 on: February 09, 2015, 07:58:03 PM »
CfB, I'll vote for you as a delegate. Bring some of those nice NXT folks over here, along with the ghost of BCNext, and you'll have enough power to get hired by the blockchain.

You won't miss the java. We have all you can drink.



My agenda is slightly different than you may guess. I'm going to probe BitShares a little to figure out what elements of the whole BitShares mechanism could be implemented in hardware. Nxt and Ethereum are in the list too.

Offline cube

  • Hero Member
  • *****
  • Posts: 1404
  • Bit by bit, we will get there!
    • View Profile
  • BTS: bitcube
  • Witness: bitcube
Re: An attack on DevShares
« Reply #8 on: February 09, 2015, 07:58:44 PM »
You are helping us to find the weakness in the system so that we can secure it better.  All this is done in the safe environment of dvs chain.  You are spending time, effort and possibly monies in this test.  Thank you.  Looking forward to your first attempt.
ID: bitcube
bitcube is a dedicated witness and committe member. Please vote for bitcube.

Offline fluxer555

  • Hero Member
  • *****
  • Posts: 671
    • View Profile
Re: An attack on DevShares
« Reply #9 on: February 09, 2015, 08:01:46 PM »
I think the lack of real socio-economic incentives within DevShares will make this data not very useful. The will of shareholders is an essential piece to this puzzle; people just don't care enough about DevShares.

For this attack experiment to be useful, people have to start caring about the security of its network. There will be 'attackers', and 'defenders', each putting value into the shares for different reasons. The upper bound of the token value will then be defined kind of like an auction of the two sides; who is willing to pay more to control the network?

I think this should be a competition, with defined rules, and money put up by both sides. The pot is split up proportionately to the donations of the side that wins. This will double as a prediction market indicator of the success of the attack.

Are you an Attacker or a Defender of DevShares?
BTS: boolean-julien

Offline Come-from-Beyond

  • Full Member
  • ***
  • Posts: 113
    • View Profile
Re: An attack on DevShares
« Reply #10 on: February 09, 2015, 08:04:03 PM »
I think the lack of real socio-economic incentives within DevShares will make this data not very useful. The will of shareholders is an essential piece to this puzzle; people just don't care enough about DevShares.

For this attack experiment to be useful, people have to start caring about the security of its network. There will be 'attackers', and 'defenders', each putting value into the shares for different reasons. The upper bound of the token value will then be defined kind of like an auction of the two sides; who is willing to pay more to control the network?

I think this should be a competition, with defined rules, and money put up by both sides. The pot is split up proportionately to the donations of the side that wins. This will double as a prediction market indicator of the success of the attack.

Are you an Attacker or a Defender of DevShares?

Valid point about DevShares not being protected enough. Maybe I should begin with the hardest target - BitShares. I hope the community doesn't mind?

Offline clayop

Re: An attack on DevShares
« Reply #11 on: February 09, 2015, 08:05:58 PM »
BTW when will DVS has its price? Relative order updates are coming in two weeks but we can't test it until DvsUSD goes live.
Bitshares Korea - http://www.bitshares.kr
Vote for me and see Korean Bitshares community grows
delegate-clayop

Offline Ander

  • Hero Member
  • *****
  • Posts: 3507
    • View Profile
  • BTS: Ander
Re: An attack on DevShares
« Reply #12 on: February 09, 2015, 08:09:53 PM »
I think the lack of real socio-economic incentives within DevShares will make this data not very useful. The will of shareholders is an essential piece to this puzzle; people just don't care enough about DevShares.

There are some sorts of attacks that can definitely be tested in devshares.
There are others that might work well on devshares but be much harder to execute on bitshares, because the difficulty to execute them scales with the amount that the community cares about and values the coin.

Still, I think we can learn valuable things.  If it costs $X to acquire the devcoin used to attack, and in the end the attacker loses Y% of it, then possibly a similar result would hold for Bitshares.  If the attacker can attack devcoin with minimal loss in percentage terms, its worrying. 
https://metaexchange.info | Bitcoin<->Altcoin exchange | Instant | Safe | Low spreads

Offline cass

  • Hero Member
  • *****
  • Posts: 4328
  • /(┬.┬)\
    • View Profile
Re: An attack on DevShares
« Reply #13 on: February 09, 2015, 08:35:09 PM »
Good idea!
█║▌║║█  - - -  The quieter you become, the more you are able to hear  - - -  █║▌║║█

Offline fluxer555

  • Hero Member
  • *****
  • Posts: 671
    • View Profile
Re: An attack on DevShares
« Reply #14 on: February 09, 2015, 09:05:29 PM »
I think the lack of real socio-economic incentives within DevShares will make this data not very useful. The will of shareholders is an essential piece to this puzzle; people just don't care enough about DevShares.

There are some sorts of attacks that can definitely be tested in devshares.
There are others that might work well on devshares but be much harder to execute on bitshares, because the difficulty to execute them scales with the amount that the community cares about and values the coin.

Still, I think we can learn valuable things.  If it costs $X to acquire the devcoin used to attack, and in the end the attacker loses Y% of it, then possibly a similar result would hold for Bitshares.  If the attacker can attack devcoin with minimal loss in percentage terms, its worrying.

I just think the game theory is totally different, and non-comparable. Protocol-wise it may be the same, but BitShares has social factors baked-in. Critiquing a cake baked without baking soda doesn't give you much useful data about the quality of the original recipe.

It reminds me of playing free-roll online poker. There's nothing to lose, so people go all-in every hand. They don't care, and the strategies (or lack of strategies) players employ relates very little to the strategies they employ when money is on the line.
BTS: boolean-julien

 

Google+