Author Topic: What if I have 11% of BTS and I am malicious?  (Read 4406 times)

0 Members and 1 Guest are viewing this topic.

Offline bytemaster

First of all an attacker attempting to steal 100% of the dilution and produce nothing would have to first pay 2 weeks worth of pay * 101 slots.   That would cost about $100,000 or more.  As long as the network could vote them out in less than 2 weeks that isn't a problem.

Only an attacker that takes over and then stops including transactions would require a "hard fork".   I suspect that it would be trivial for any of the previously elected delegates to black list transactions that vote for the attacker.  They could then easily hard fork out the transactions that voted in the attacking delegates and block any future transactions that would vote for them. 
For the latest updates checkout my blog: http://bytemaster.bitshares.org
Anything said on these forums does not constitute an intent to create a legal obligation or contract between myself and anyone else.   These are merely my opinions and I reserve the right to change them at any time.

Offline fluxer555

  • Hero Member
  • *****
  • Posts: 749
    • View Profile
An immediate and effective solution to this issue is actually very simple. Malicious delegates will likely be delegates that don't produce blocks or produce blocks and steal 100% of the inflation. Both scenarios are by themselves quite unlikely and not actually that hurtful to BitShares, but most importantly they are easy to detect and it's possible to see what accounts control the stake that voted for them. To ensure the malicious stake doesn't continue ruining things a hard fork can be manually circulated among the community that permanently destroys all the stake that voted for the malicious delegates. BitShares would be back up and running normally quite quickly, and the only person who would really be hurt would be the attacker.
Stealing is not objective. What about a dev that doesn't really work (effectively)?

Or, what about an account squatter who receives funds from others when they are careless?

Offline santaclause102

  • Hero Member
  • *****
  • Posts: 2486
    • View Profile
An immediate and effective solution to this issue is actually very simple. Malicious delegates will likely be delegates that don't produce blocks or produce blocks and steal 100% of the inflation. Both scenarios are by themselves quite unlikely and not actually that hurtful to BitShares, but most importantly they are easy to detect and it's possible to see what accounts control the stake that voted for them. To ensure the malicious stake doesn't continue ruining things a hard fork can be manually circulated among the community that permanently destroys all the stake that voted for the malicious delegates. BitShares would be back up and running normally quite quickly, and the only person who would really be hurt would be the attacker.
Stealing is not objective. What about a dev that doesn't really work (effectively)?


Offline xeroc

  • Board Moderator
  • Hero Member
  • *****
  • Posts: 12922
  • ChainSquad GmbH
    • View Profile
    • ChainSquad GmbH
  • BitShares: xeroc
  • GitHub: xeroc
I'm not sure how "vote as delegates recommend" works.

From:
http://wiki.bitshares.org/index.php/DPOS/ApprovalVoting

Quote
Vote as Delegates Recommended
    Some users publish a set of delegates (a slate) they recommend. Theses delegates fulfill certain criteria that are defined by the particular users. As an example: A user only recommends delegates whose real-world identities are known and verified. Another user recommends delegates that are trusted members of the bitsharestalk.org forum. And so on. If that user is a delegate and you vote for him with a wallet_transfer, you can also vote for all of his recommended delegates by choosing
    Vote as Delegates Recommended


Offline clayop

  • Hero Member
  • *****
  • Posts: 2033
    • View Profile
    • Bitshares Korea
  • BitShares: clayop
An immediate and effective solution to this issue is actually very simple. Malicious delegates will likely be delegates that don't produce blocks or produce blocks and steal 100% of the inflation. Both scenarios are by themselves quite unlikely and not actually that hurtful to BitShares, but most importantly they are easy to detect and it's possible to see what accounts control the stake that voted for them. To ensure the malicious stake doesn't continue ruining things a hard fork can be manually circulated among the community that permanently destroys all the stake that voted for the malicious delegates. BitShares would be back up and running normally quite quickly, and the only person who would really be hurt would be the attacker.

Thanks. This is clear answer for me.
Bitshares Korea - http://www.bitshares.kr
Vote for me and see Korean Bitshares community grows
delegate-clayop

Offline biophil

  • Hero Member
  • *****
  • Posts: 880
  • Professor of Computer Science
    • View Profile
    • My Academic Website
  • BitShares: biophil
An immediate and effective solution to this issue is actually very simple. Malicious delegates will likely be delegates that don't produce blocks or produce blocks and steal 100% of the inflation. Both scenarios are by themselves quite unlikely and not actually that hurtful to BitShares, but most importantly they are easy to detect and it's possible to see what accounts control the stake that voted for them. To ensure the malicious stake doesn't continue ruining things a hard fork can be manually circulated among the community that permanently destroys all the stake that voted for the malicious delegates. BitShares would be back up and running normally quite quickly, and the only person who would really be hurt would be the attacker.

Destroying all the stake is less than ideal. I don't think there is a way how to discriminate between votes really intended for the malicious delegate and votes selected with "vote random subset" and "vote as delegates recommend".

I know it would be probably just a small portion of votes, but in principle it wouldn't be right.

"vote random subset" means "vote for a random few of the delegates that I've approved in my wallet." So even when you have that option checked (as you generally should for the sake of your privacy), you're never voting for delegates that you haven't already specifically approved.

I'm not sure how "vote as delegates recommend" works.
Support our research efforts to improve BitAsset price-pegging! Vote for worker 1.14.204 "201907-uccs-research-project."

Offline hrossik

  • Jr. Member
  • **
  • Posts: 38
    • View Profile
An immediate and effective solution to this issue is actually very simple. Malicious delegates will likely be delegates that don't produce blocks or produce blocks and steal 100% of the inflation. Both scenarios are by themselves quite unlikely and not actually that hurtful to BitShares, but most importantly they are easy to detect and it's possible to see what accounts control the stake that voted for them. To ensure the malicious stake doesn't continue ruining things a hard fork can be manually circulated among the community that permanently destroys all the stake that voted for the malicious delegates. BitShares would be back up and running normally quite quickly, and the only person who would really be hurt would be the attacker.

Destroying all the stake is less than ideal. I don't think there is a way how to discriminate between votes really intended for the malicious delegate and votes selected with "vote random subset" and "vote as delegates recommend".

I know it would be probably just a small portion of votes, but in principle it wouldn't be right.
« Last Edit: January 21, 2015, 02:21:18 pm by hrossik »
BTS: hr0550

Offline bytemaster

By the time we are the size of bitcoin the cost of the attack will be 300 m usd.   I don't see it happening.  Certainly more expensive than buying all of the btc hash power for a year. 
For the latest updates checkout my blog: http://bytemaster.bitshares.org
Anything said on these forums does not constitute an intent to create a legal obligation or contract between myself and anyone else.   These are merely my opinions and I reserve the right to change them at any time.

Offline monsterer

a hard fork can be manually circulated among the community that permanently destroys all the stake that voted for the malicious delegates. BitShares would be back up and running normally quite quickly, and the only person who would really be hurt would be the attacker.

That's a viable solution now, but not when bitshares is at the scale of bitcoin. Can you imagine asking all the businesses running bitcoin clients to all update simultaneously whenever something like this occurs?
My opinions do not represent those of metaexchange unless explicitly stated.
https://metaexchange.info | Bitcoin<->Altcoin exchange | Instant | Safe | Low spreads

Offline CLains

  • Hero Member
  • *****
  • Posts: 2606
    • View Profile
  • BitShares: clains
Yup, couple of days downtime max, attacker would've spent 3 million dollars for a temporary disruption, and we would have made a strong point to any literal-minded person that the social zeitgeist will prevail.

Offline Rune

  • Hero Member
  • *****
  • Posts: 1120
    • View Profile
An immediate and effective solution to this issue is actually very simple. Malicious delegates will likely be delegates that don't produce blocks or produce blocks and steal 100% of the inflation. Both scenarios are by themselves quite unlikely and not actually that hurtful to BitShares, but most importantly they are easy to detect and it's possible to see what accounts control the stake that voted for them. To ensure the malicious stake doesn't continue ruining things a hard fork can be manually circulated among the community that permanently destroys all the stake that voted for the malicious delegates. BitShares would be back up and running normally quite quickly, and the only person who would really be hurt would be the attacker.

Offline davidpbrown

我想,你先有11%的股份再说吧。你拥有11%的股份,还希望垮掉,我觉得你的心态有问题、

That's true but then it's peanuts to those existing third parties who might be threatened by BitShares. I don't expect in reality any are so corrupt or feel so threatened that they would launch an attack before it became too expensive for even them but it's worth limiting risks wherever they are.
฿://1CBxm54Ah5hiYxiUtD7JGYRXykT5Z6ZuMc

Offline muse-umum

  • Hero Member
  • *****
  • Posts: 717
  • BitShares everything
    • View Profile
in fact, techically speaking at this moment you don't need 51% of stake to attack BTS, 16% are enough. if you have that much stake you can vote all of your 101 delegates in, which means you take full control of the whole dpos network since right now the delegate which gains most votes is only supported by less than 16% stake. when you do so, you can have all of your delegates disabled block production.

or with a 10% stake you can control over the half of delegates and sign on a alternative "main" chain (?)

yes, I think so. with 10% stake you can control 57 delegates at this moment, then reject all the blocks signed by the rest 44 delegates and also exclude the transactions which don't vote for you. but we are only talking about this technically.

Offline Empirical1.1

  • Hero Member
  • *****
  • Posts: 886
    • View Profile
The main thing is making cold storage voting safe and easy I think.


Other possible ideas to increase voting..

1. To claim your yield you need to vote.
2. A BTS lottery that requires voting to enter. A lottery can at times get very large which will incentivise people to vote when it does.

Offline wuyanren

  • Hero Member
  • *****
  • Posts: 589
    • View Profile
我想,你先有11%的股份再说吧。你拥有11%的股份,还希望垮掉,我觉得你的心态有问题、