Author Topic: BitFury White Paper: "Proof of Stake versus Proof of Work"  (Read 1723 times)

0 Members and 1 Guest are viewing this topic.

Offline bitmarley

  • Full Member
  • ***
  • Posts: 135
    • View Profile
Re: BitFury White Paper: "Proof of Stake versus Proof of Work"
« Reply #15 on: October 22, 2015, 03:36:38 pm »
I noticed this table on page 16:

Table 2: Vulnerability of proof of work and proof of stake consensus mechanisms to attack vectors

Attack type                                               PoW              PoS               Delegated PoS
Short range attack (e.g., bribe)                       −                  +                            −
Long range attack                                         −                  +                            + 3*
Coin age accumulation attack                        −                  −                             −
Precomputing attack                                     −                  +                             −
Denial of service                                          +                   +                            +
Sybil attack                                                 +                   +                            +
− −
Selfish mining                                          maybe               −                            −


So I think this means BitShares has vulnerabilities for Long range attack, Denial of service & Sybil attack only according to BitFury. And the point 3* says Long range attack can be prevented by using social-driven security in addition to protocol rules. 

3.8.3 Long Range Attack
Short range attacks described earlier in this section are made expensive in the case of delegated proof
of stake, so we need to consider the cost of long range attacks as well. For proof of work systems, the
cost of a long range attack is prohibitively high. For example, an attack on Bitcoin lasting for 1,000
blocks would require $4 million at very least (and, unlike a short range attack, it would be highly
visible as observed network hash rate would drop in half for an extended time).
In earlier versions of proof of stake, the cost of a long range attack would be much lower; as we
showed in the previous section, a one day long attack may cost about $5,000 in a system where a valid
blockchain is determined based on total destroyed coin age. In delegated PoS, an attack typically re-
quires collusion by 2/3 of delegates; its cost is difficult to assess, as delegated PoS protocols use differing methods to select, reward and punish delegates.

5 Conclusion
....

A recent development in proof of stake are delegated systems. While these systems solve several
major problems with the straightforward PoS implementations, they are not yet widespread, making
it difficult to evaluate their security. Nevertheless, delegated PoS solves the “nothing at stake” problem
and prevents short range attacks on the system.
« Last Edit: October 22, 2015, 03:44:10 pm by bitmarley »

Offline bytemaster

Re: BitFury White Paper: "Proof of Stake versus Proof of Work"
« Reply #16 on: October 22, 2015, 03:48:47 pm »
So are any of the attacks listed in the document applicable to BitShares?
No point digging our heads in the sand. Here is the list of attacks:

3.1 NothingatStakeProblem
3.2 InitialDistributionProblem
3.3 LongRangeAttack
3.4 BribeAttack
3.5 CoinAgeAccumulationAttack
3.6 PrecomputingAttack

Can anyone provide analysis or links relevant to these and BitShares?

Depending upon definitions:

1. Initial Distribution is never a problem except for the POW religious.
2. Nothing At Stake implies you can produce on two forks simultaneously and have Nothing to Lose.   Technically witnesses can produce on two forks at once.  This is not a problem unless there is 66% collusion in which case the last irreversible block becomes ambiguous.  If there is less than 66% collusion then the double signing would not impact consensus and would cause the witness to lose their job.  The cost of losing your job is the net present value of future income which is non-0 and thus SOMETHING is at stake.
3. Long Range Attack implies that the initial witnesses could produce an alternative chain that is longer than the real chain and thereby "undo" everything that happened on the real chain.   TAPOS (Transactions as Proof of Stake) protects the network against this particular attack because the attacker would be unable to migrate selective transactions from the real chain to the attack chain.   
4. Bribe Attack  all networks are subject to bribes.    The cost to bribe someone is proportional to the profit they are making by being honest plus the amount they will lose by being dishonest.   In my blog post I show that we can make being a witness extremely profitable (high margins) and thereby more expensive to bribe than a mining pool or miner which will have their margins pushed toward 0 by free market competition.   In other words, BTS can buy loyalty while BTC cannot.

http://bytemaster.github.io/update/2015/09/29/Bitcoin-is-100x-less-secure-than-commonly-believed/

5. Coin Age attack is only relevant to Peercoin style POS
6. The pre-computation attack does not effect DPOS because witnesses go in rounds and the block one witness produces does not allow them to influence the next block.

For the latest updates checkout my blog: http://bytemaster.bitshares.org
Anything said on these forums does not constitute an intent to create a legal obligation or contract between myself and anyone else.   These are merely my opinions and I reserve the right to change them at any time.

Offline libaisan

  • Full Member
  • ***
  • Posts: 67
    • View Profile
antchina 蚂蚁基金,专门为新人开钱包,需要btsx注册ID的朋友请找我们要:QQ群318011493

Offline bitmarley

  • Full Member
  • ***
  • Posts: 135
    • View Profile
Re: BitFury White Paper: "Proof of Stake versus Proof of Work"
« Reply #18 on: October 22, 2015, 04:13:18 pm »
Thanks a lot for the responses. Seems like BitFury already admits that BitShares is not vulnerable to most of the attacks they listed. So the BitFury report is very positive for the BitShares community from my perspective.

They say this about the Long Range Attack.
"In delegated PoS, an attack typically re-quires collusion by 2/3 of delegates"

Is this a risk for BitShares when 2/3 of witnesses collude then?
Can you provide more detail about TAPOS and how it prevents collusion? 

Any comments/links relevant to the DOS and Sybil attacks?

« Last Edit: October 22, 2015, 04:18:42 pm by bitmarley »