Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Messages - jaekwon

Pages: [1]
1
General Discussion / Re: One possible attack to POS mining
« on: March 28, 2014, 06:15:21 pm »
Quote
In the long term the network is far more secure and the best fork can be unambiguously chosen.

This appears true to me, but I'm not aware of a formal proof. Is there one? The TaPoS paper appears to be out of date, mentioning CDD as an absolute measure on the chain rather than a measure per block.

Quote
1) Double Spend - requires someone with significant money to make an anonymous transaction to avoid getting caught.   Large anonymous transactions will likely require hours of confirmation.

Why must large anonymous transactions require hours of confirmation?

Quote
If a large share holder were to execute a double spend attack the value of their shares would likely fall by more than they could steal.   If the transaction were not anonymous then everyone would know who to avoid doing business with.

The fall would presumably be temporary, otherwise I can argue that a small investment of $15M may be sufficient to crash the value of the coin, even if BTS were to reach the market cap of BTC.

There may be externalities that incentivize a large share holder to intentionally lose value in exchange for a double spend.  There are many examples, but a few that comes to mind: the attacker may have short positions in external markets, e.g. in those of companies that utilize this coin.  Or, the attacker may have an incentive to promote another currency system.

2
General Discussion / Re: One possible attack to POS mining
« on: March 27, 2014, 04:22:32 pm »
Hi bytemaster, and BitShares crew. I was just at the CoinSummit conference & met Brian who suggested that I look into BitShares.

My primary concern is in determining whether the TaPoS would work as promised, and it looks like some answers are here.

Quote from: bytemaster on March 12, 2014, 04:43:05 pm
Suppose someone with 1 share, holds it for 1 year, and then creates a fork with 100,000 CDD.   In reality there is only 1 share worth of support for that fork.   The rest of the 99,999 CDD is voting for the global consensus on the first 99,999 blocks prior to the fork.

This significantly raises the bar for an attacker.   Worst case, everyone on average moves their funds once per year.  This means that the average votes cast per block is 40 BTS.  To produce a chain that is 12 blocks longer (1 hour) would require 480 BTS to tie the honest chain.

So I take it that there are about 4 million BTS in total. (~100K blocks in a year * 40 BTS per block).
It sounds like you determine the honest chain by some algorithm like this: Given that you are on an honest block, the next honest block is the block with the most votes.

Quote from: bytemaster on March 12, 2014, 04:43:05 pm
Now the attack isn't actually guaranteed even when an attacker has 2500 BTS.  Honest nodes would recognize an attempted fork when there was no perceived loss of network connectivity.   Someone with a lot at stake (say an exchange, a day trader, etc) would not want a fork under any circumstances if they could help it.   These players could secure the network (and their recent trades) by moving a 1000 BTS per block to themselves.   This would increase the cost of an attack significantly.

It sounds like the short term security of the chain (proof against double-spends) is determined by how many BTS are available for signing by internet connected hot-wallets that are ready to jump in when a malicious blockchain-fork is detected. Exchanges can't do this with their cold wallet private keys, but they could with hot wallet keys which would amount to maybe 2000 BTS per major exchange. Let's say that in the worst case, 10,000 BTS is available for reactive signing to secure the honest chain. Then, anyone with more than 10,000 BTS can launch an attack. If BTS equaled BTC in market cap, that is around $15M?

Furthermore, based on the first quoted line above, an attack can be continuous, so a larger sustained attack would require people to keep funds that would have been in cold storage on a hot wallet.


Pages: [1]

Page created in 0.027 seconds with 24 queries.