Author Topic: An attack on DevShares  (Read 22493 times)

0 Members and 1 Guest are viewing this topic.

Offline jsidhu

  • Hero Member
  • *****
  • Posts: 1335
    • View Profile
 I hope this isnt one of those omg i found an attack vector and u better pray i dont use it but then nothing happens price crashes and he gets cheap coins... Like monero except like i predicted they got left holding the bag they "thought" that they bought cheap.. We all know this type of attack doesnt end up well for attacker or investors in short term based on what we saw last few times


If true then im pretty sure it only is win win.. He she should just buy at market because any negative attention will not affect price from this persons
« Last Edit: February 09, 2015, 10:38:57 pm by jsidhu »
Hired by blockchain | Developer
delegate: dev.sidhujag

Offline Ander

  • Hero Member
  • *****
  • Posts: 3506
    • View Profile
  • BitShares: Ander
Other possibilities are that you end up burning many BTS permanently in order to create paid delegates.

I'll start from a cheap attack. A successful disrupting of networking should lead to price decline and allow me to buy cheap coins, by selling them after the price returns to the old levels I'll get free money for more sophisticated attacks.

* If you can successfully make a significant network disruption for cheap then your attack is successful and you would have shown a vulnerability in BTS.  No need for a phase 2 more expensive attack in that case.

* A network disruption would probably have to be very significant and lasting in order to have an impact on the price.  Several versions ago the devs introduced a bug which caused many forks.  A lot of delegates were on various forks over the next 24 hours, but the price didnt react.  Given that BTS is relatively new and is under constant development, I think the market expects bugs and disruptions occasionally, and would only respond to a very serious disruption. 

If BTS were a lot more mature, then maybe a short term disruption would have more impact.  By that point however, we wont be seeing new versions of bitshares nearly as often.
https://metaexchange.info | Bitcoin<->Altcoin exchange | Instant | Safe | Low spreads

Offline Come-from-Beyond

  • Full Member
  • ***
  • Posts: 113
    • View Profile
Other possibilities are that you end up burning many BTS permanently in order to create paid delegates.

I'll start from a cheap attack. A successful disrupting of networking should lead to price decline and allow me to buy cheap coins, by selling them after the price returns to the old levels I'll get free money for more sophisticated attacks.

Offline Ander

  • Hero Member
  • *****
  • Posts: 3506
    • View Profile
  • BitShares: Ander
Valid point about DevShares not being protected enough. Maybe I should begin with the hardest target - BitShares. I hope the community doesn't mind?

I prefer attacking Devshares.  If successful, Bitshares can modify itself to be more resilient.

Still, I support you trying to attack Bitshares.   Given that step 1 of the process is  probably going to require buying bitshares, I would take advantage of the resulting price rise by selling some, and then rebuy lower when you get to the part of the plan where you dump.  :)

Other possibilities are that you end up burning many BTS permanently in order to create paid delegates.  If you fail to get them elected or if you keep them elected for less than 2 weeks, the net result is a reduction in BTS supply.

Failed attacks against Bitshares probably end up making it stronger!
https://metaexchange.info | Bitcoin<->Altcoin exchange | Instant | Safe | Low spreads

Offline Ander

  • Hero Member
  • *****
  • Posts: 3506
    • View Profile
  • BitShares: Ander

I think this should be a competition, with defined rules, and money put up by both sides. The pot is split up proportionately to the donations of the side that wins. This will double as a prediction market indicator of the success of the attack.

But in normal conditions, there is not an extra bet riding on the outcome of whether the attack is successful.  I think this would modify the incentives of the situation and thus possibly change the results.

I think that we should investigate "Is Bitshares vulnerable to attack in normal situaitons" not "Is Bitshares vulnerable to attack in situations where Bitshares holders have agreed to a bet where they will pay money to the attacker if he wins". 

I definitely believe that, if you are willing to lose enough money, you can cause some amount of damage to the Bitshares network.  (Same as in Bitcoin).  It would be foolish for Bitshares to subsidizethe attacker.  The main goal of Bitshares defense is that the attacker cannot attack without losing money, and the money goes to Bitshares holders, compensating them for the temporary disruption of the network.
https://metaexchange.info | Bitcoin<->Altcoin exchange | Instant | Safe | Low spreads

Offline fluxer555

  • Hero Member
  • *****
  • Posts: 749
    • View Profile
I think the lack of real socio-economic incentives within DevShares will make this data not very useful. The will of shareholders is an essential piece to this puzzle; people just don't care enough about DevShares.

There are some sorts of attacks that can definitely be tested in devshares.
There are others that might work well on devshares but be much harder to execute on bitshares, because the difficulty to execute them scales with the amount that the community cares about and values the coin.

Still, I think we can learn valuable things.  If it costs $X to acquire the devcoin used to attack, and in the end the attacker loses Y% of it, then possibly a similar result would hold for Bitshares.  If the attacker can attack devcoin with minimal loss in percentage terms, its worrying.

I just think the game theory is totally different, and non-comparable. Protocol-wise it may be the same, but BitShares has social factors baked-in. Critiquing a cake baked without baking soda doesn't give you much useful data about the quality of the original recipe.

It reminds me of playing free-roll online poker. There's nothing to lose, so people go all-in every hand. They don't care, and the strategies (or lack of strategies) players employ relates very little to the strategies they employ when money is on the line.

Offline cass

  • Hero Member
  • *****
  • Posts: 4311
  • /(┬.┬)\
    • View Profile
█║▌║║█  - - -  The quieter you become, the more you are able to hear  - - -  █║▌║║█

Offline Ander

  • Hero Member
  • *****
  • Posts: 3506
    • View Profile
  • BitShares: Ander
I think the lack of real socio-economic incentives within DevShares will make this data not very useful. The will of shareholders is an essential piece to this puzzle; people just don't care enough about DevShares.

There are some sorts of attacks that can definitely be tested in devshares.
There are others that might work well on devshares but be much harder to execute on bitshares, because the difficulty to execute them scales with the amount that the community cares about and values the coin.

Still, I think we can learn valuable things.  If it costs $X to acquire the devcoin used to attack, and in the end the attacker loses Y% of it, then possibly a similar result would hold for Bitshares.  If the attacker can attack devcoin with minimal loss in percentage terms, its worrying. 
https://metaexchange.info | Bitcoin<->Altcoin exchange | Instant | Safe | Low spreads

Offline clayop

  • Hero Member
  • *****
  • Posts: 2033
    • View Profile
    • Bitshares Korea
  • BitShares: clayop
BTW when will DVS has its price? Relative order updates are coming in two weeks but we can't test it until DvsUSD goes live.
Bitshares Korea - http://www.bitshares.kr
Vote for me and see Korean Bitshares community grows
delegate-clayop

Offline Come-from-Beyond

  • Full Member
  • ***
  • Posts: 113
    • View Profile
I think the lack of real socio-economic incentives within DevShares will make this data not very useful. The will of shareholders is an essential piece to this puzzle; people just don't care enough about DevShares.

For this attack experiment to be useful, people have to start caring about the security of its network. There will be 'attackers', and 'defenders', each putting value into the shares for different reasons. The upper bound of the token value will then be defined kind of like an auction of the two sides; who is willing to pay more to control the network?

I think this should be a competition, with defined rules, and money put up by both sides. The pot is split up proportionately to the donations of the side that wins. This will double as a prediction market indicator of the success of the attack.

Are you an Attacker or a Defender of DevShares?

Valid point about DevShares not being protected enough. Maybe I should begin with the hardest target - BitShares. I hope the community doesn't mind?

Offline fluxer555

  • Hero Member
  • *****
  • Posts: 749
    • View Profile
I think the lack of real socio-economic incentives within DevShares will make this data not very useful. The will of shareholders is an essential piece to this puzzle; people just don't care enough about DevShares.

For this attack experiment to be useful, people have to start caring about the security of its network. There will be 'attackers', and 'defenders', each putting value into the shares for different reasons. The upper bound of the token value will then be defined kind of like an auction of the two sides; who is willing to pay more to control the network?

I think this should be a competition, with defined rules, and money put up by both sides. The pot is split up proportionately to the donations of the side that wins. This will double as a prediction market indicator of the success of the attack.

Are you an Attacker or a Defender of DevShares?

Offline cube

  • Hero Member
  • *****
  • Posts: 1404
  • Bit by bit, we will get there!
    • View Profile
  • BitShares: bitcube
You are helping us to find the weakness in the system so that we can secure it better.  All this is done in the safe environment of dvs chain.  You are spending time, effort and possibly monies in this test.  Thank you.  Looking forward to your first attempt.
ID: bitcube
bitcube is a dedicated witness and committe member. Please vote for bitcube.

Offline Come-from-Beyond

  • Full Member
  • ***
  • Posts: 113
    • View Profile
CfB, I'll vote for you as a delegate. Bring some of those nice NXT folks over here, along with the ghost of BCNext, and you'll have enough power to get hired by the blockchain.

You won't miss the java. We have all you can drink.



My agenda is slightly different than you may guess. I'm going to probe BitShares a little to figure out what elements of the whole BitShares mechanism could be implemented in hardware. Nxt and Ethereum are in the list too.

Offline jsidhu

  • Hero Member
  • *****
  • Posts: 1335
    • View Profile
CfB, I'll vote for you as a delegate. Bring some of those nice NXT folks over here, along with the ghost of BCNext, and you'll have enough power to get hired by the blockchain.

You won't miss the java. We have all you can drink.



I suspect if he cannot attack it he will switch over and bring in many of the NXT devs here with him...
Hired by blockchain | Developer
delegate: dev.sidhujag

Offline Ander

  • Hero Member
  • *****
  • Posts: 3506
    • View Profile
  • BitShares: Ander
I support this 1000%!  This needs to happen.

If the attack is successful, it demonstrates a need to modify the structure of Bitshares to be secure against it.  This is important to know, and its much better for it to happen now while Bitshares is new and still small, than later on.

If the attack is unsuccessful, it increases confidence in the DPoS system.


There are several ways you could try to attack:
* Execute a successful double spend.
* Execute a nothing at stake attack: Buy devshares, use the stake to vote in delegates, sell the devshares, and then use the delegates to be malicious in some way.
* Install many paid delegates and then have them conspire to not be able to be removed from office, even if voters want them out.
* Install many paid delegates, produce no of value, but have them remain in office.  (Sybil attack). 


If the result of the attack is that the attacker loses a significant amount of money (relative to the cost of the shares bought to execute the attack), and the disruption to the network was not catastrophic, I would consider it an unsuccessful attack.   After all, in Proof of Work once could also rent tons of hashing power and use it to perform a 51% attack, but if this is costly and not sufficiently disruptive then its not a big weakness.  If the same thing occurs in DPoS then its not a real vulnerability, especially if the spend value ends up in the hands of shareholders/traders of BTS.



Note: I suspect that you might be able to execute an attack where you get many paid delegates elected and then sit there and do nothing and collect pay, MUCH more easily in devshares than in Bitshares.  Bitshares has actual value, and shareholders are fairly watchful, so any paid delegates come under scrutiny.  They already fired blackwavelabs after not seeing an update after 3 weeks. 

Devshares is very cheap and thus it is quite possible that no one would care.
« Last Edit: February 09, 2015, 07:53:43 pm by Ander »
https://metaexchange.info | Bitcoin<->Altcoin exchange | Instant | Safe | Low spreads