Securing the blockchain - beyond ACP
-
Looking at the responses on the [url=http://forum.feathercoin.com/index.php/topic,6894.0.html]innovations thread[/url] one topic which might require special attention is ACP. @Wrapper0Feather, @Kevlar and @Tuck have put a lot of time in to thinking about it, talking about it and raising their objections on this forum in the past as well as proposing solutions.
In the design thread @Tuck has raised some good points:
[quote name=“Tuck Fheman” post=“52746” timestamp=“1389903514”]
ultimately what does it matter when the perception of ACP is more damaging to the coin than the the [i]possibility[/i] FTC is protecting itself from with ACP? Especially when it was introduced as a temporary last resort and we now have other alternatives.
[/quote]Regardless of any defence someone might give of ACP what @Tuck is saying is that perception really matters. The fact is we were attacked on forums before ACP even came on the scene, regardless it is likely we would have continued to be attacked and it may be that ACP just happens to be the nearest tool that they use. But why attack something if there is nothing there worth attacking? There must be something we’re getting right.
That aside though @Tuck is astute and this brings me on to his next observation:
[quote author=Tuck Fheman link=topic=6616.msg52746#msg52746 date=1389903514]
And as I understand it, ACP was temporary and was a last resort because a better solution could not be devised quickly enough. ACP was agreed upon (sort of) since it was a temporary solution and another solution was on the way and for no other reason as I saw it. Now we’ve had time to come up with another option and from what I’ve read we have other options, yet we still have ACP or we’re still sitting here having discussions where ACP is being defended like it’s still a necessity.
[/quote]So perhaps a helpful way to frame the discussion on this thread is to ask something like:
[b]What concrete measures can we take to protect the integrity of our blockchain beyond ACP?[/b]
That means putting aside any personal feelings or moralising about the need for decentralisation, as if centralised organisations are somehow an excuse for people behaving badly, and perhaps as Tuck says not relying on ACP as a crutch and not assuming like our attackers are going to be falling asleep at the wheel and come back to surprise us.
-
That’s your cue, wrapper! Your idea is the least disruptive of all of the ones I’ve heard, and therefore should be considered first before we discuss other more transformative options.
-
[quote name=“chrisj” post=“52755” timestamp=“1389905208”]
and @Tuck have put a lot of time in to thinking about it
[/quote]lulz. that was about 4 months of stored up energy I released today.
-
ACP is still a necessity, I would not imagine that we would still be on BTC-e if attackers were still rolling back our blockchain and they would still be attacking it. Right now the only attack seems to be “strip mining” as Warren put it and bringing all those coins to market. This suppresses our market cap and keeps us cheap which I have no objection with.
There seems to be some people out there that hate us and want to see us destroyed. I do not see other coins getting this kind of treatment though WDC recently suffered a 51% attack which might have coincided with rumours that it was going on to BTC-e.
To supersede ACP we need 51% protection that is distributed. That is the kind of protection that we and many others need.
-
[quote name=“chrisj” post=“52755” timestamp=“1389905208”]
[b]What concrete measures can we take to protect the integrity of our blockchain beyond ACP?[/b]
[/quote]That’s trivially easy: You can increase the suggested number of confirmations required, so people understand that the blockchain undergoes reorganizations in the short term as part of it’s normal and healthy operation, but it becomes increasingly expensive over the long term, and the entire point of requiring confirmations > 1 is for exactly that reason, and this is a feature of the solution which must be understood in order for the entire solution to have integrity.
[quote author=Bushstar link=topic=6956.msg52869#msg52869 date=1389949775]
ACP is still a necessity
[/quote]Your statement presumes facts that are simply not in evidence.
[quote]
I would not imagine that we would still be on BTC-e if attackers were still rolling back our blockchain and they would still be attacking it.
[/quote]And that’s not evidence, that’s just an appeal to consequences, and an appeal to ignorance.
Here’s the truth of this statement: BTC-e turned FTC on right after the attack had happened, and kept it on while ACP took forever to be developed. There’s no reason to think BTC-e would de-list it, in fact BTC-e was quite happy to continue to allow FTC to be deposited and traded after the attacks had happened, and before ACP. They simply increased the number of confirmations and went about their business. We could eliminate ACP, they could do this, and business would continue as normal.
[quote]
Right now the only attack seems to be “strip mining” as Warren put it and bringing all those coins to market. This suppresses our market cap and keeps us cheap which I have no objection with.
[/quote]Well a second ago you were worried about it being de-listed, now you’re saying keeping the price down is a good thing? Does not compute.
[quote]
There seems to be some people out there that hate us and want to see us destroyed. I do not see other coins getting this kind of treatment though WDC recently suffered a 51% attack which might have coincided with rumours that it was going on to BTC-e.
[/quote]Another appeal to consequence with no evidence to back it up.
[quote]
To supersede ACP we need 51% protection that is distributed. That is the kind of protection that we and many others need.
[/quote]And we have it. It’s called miners. You made the mistake of thinking 10 confirmations was sufficient, and rather than own up to that mistake, you’ve spent a lot of time and money on finding technological solutions to covering it up, and arguing that it wasn’t a mistake.
[i]I think it’s high time we just admit it was a mistake and address it head on.[/i]
How about an argument with some reasoning and evidence attached:
Argument: ACP isn’t a necessity, it’s the albatross around our neck that’s holding us back.
Technology evidence: 51% attacks aren’t possible (or are at least prohibitively expensive) if the correct number of confirmations are required given the average hash rate proportionate to the available hash power. All coins face this same dilemma, and the ones that succeed are the ones that increase their mining network in order to make 51% attacks unfeasible. Since ACP disincentives miners by eliminating majority consensus, this is a move in the opposite direction. Simply removing ACP and increasing the number of confirmations required moves the blockchain back to a majority consensus, introduces no real risk to exchanges and merchants, and incentives users to FIX THE PROBLEM instead of ignoring it, which is what we’ve been doing. This works GREAT for Bitcoin, and it works GREAT for Feathercoin too. A perfectly valid technology solution exists, and could be implemented very trivially: remove ACP.
Political evidence: A responsible coin would inform it’s users of a danger, and help them to eliminate the threat to them, and then innovate on a solution which doesn’t impinge on the fundamental tenants on which the coin was founded and accepted. A scam coin would start with the promise of decentralization, then switch mid-stream to a centralized authority after the coin has been adopted, suckering users into holding something which they thought was secure, but has since been crippled and made beholden to the wishes of a single authority who reports to no one. ChrisJ has said over and over to me, “I’m sick of apologizing for it.” and he should be, since there wasn’t ever a good reason to cripple the technology to begin with when it was working exactly as expected and promised. It would be a great show of honesty and humility to say:
“After much debate, we realized that the potential risk caused by centralization is significant when compared to the mere inconvenience of having longer confirmation times. Therefore, in the interest of our community, we have made the hard decision to eliminate the threat of centralization on what was promised and originally delivered as a completely decentralized coin. We’re sorry for the inconvenience that longer confirmation times may cause you, but we feel this is a much lesser price to pay than handicapping the fundamental technology, crippling miner’s ability to secure the network, and putting the entire user base at risk. We’re working on a solution to the problem of increased confirmation times, and we hope that by being honest we can repair any loss of trust you had in us while we work on a solution to help bring confirmation times down.”
Circumstantial evidence: You, Bushstar, were not able to implement ACP. Instead, you hired Sunny King at enormous cost to do it for you. Therefore, you are not qualified to be an authority on the technical merits of this subject, but Sunny King is. According to Sunny, ACP has already been eliminated in PPC, meaning it’s not a necessity.
[b]Our attackers aren’t falling asleep at the wheel, WE ARE[/b]. We’ve accepted convenience in exchange for freedom, and authority in exchange for self-governance, and as we see here, that authority continues to argue for it remaining the authority without providing a solid argument for why. I’m here making solid argument as to why we can walk away from that authority RIGHT NOW and go back to having security and integrity without centralization by paying a small cost in convenience. By eliminating ACP, we pay the price in convenience, we eliminate centralization, we increase the integrity of the blockchain, and we incentivize people to address the real issue.
-
Unfortunately Peter is right. I say, the earliest we can remove ACP is as soon as our hash rate is high enough (say minimum 10 G Hash/s - per Day) to prevent ‘problems’, especially with miners being ‘robbed’.
Again this is perception, like the Bitcoin 51% Pool case recently. It is the big pools that can effect us, it is not strictly an attack. I think Bitcoiners are in denial over this, which is the wrong attitude.
However, Feathercoin cannot guarantee those pools, we don’t run them. I have now investigated a few but am too ill to do the report. I could see a lot of negative possibilities.
I say, set up the test nets, ASIC friendly, ask for attacks and test solutions. I’d be better at doing a patch for my solution now.
As Feathercoin Staff, I advise we are currently on 6 G Hash/s approaching 7 GHash/s. the current pools will be ‘potentially problematic’ at 5.5 GHash/s. (See October 2013)
With the introduction of rented scrypt mining and 3 GHash of miners we will be safe, until Scrypt ASICs come in. If we do not make positive effort to distribute cheap small ASICs we will then be open to attack again.
Peter has done some very good sanity checks so far, so I will trust his judgement.
To take this further, I think we need to do enough to show Peter the coin is safe from attack, I know and can understand how responsibility changes your perspective.
See Chart.
[attachment deleted by admin]
-
Hey Kevlar,
I agree. The second test net attack test - should be with more confirms. We need to attack it at different % levels and get exact evidence of the effect all the systems on the attack. Compare to no ACP with ACP, with DDoS on ACP.
Great some real evidence at last, everything else is hearsay.
Can we have a TV channel that monitors the attacks with commentators? Like Robot wars?
-
I have stickied / pinned this subject as I think it needs keeping in mind, and is an important development ‘issue’.
Feel free to unsticky when less relevant.
-
[quote name=“wrapper0feather” post=“53209” timestamp=“1390058328”]
Unfortunately Peter is right.
[/quote][quote author=wrapper0feather link=topic=6956.msg53212#msg53212 date=1390059275]
Hey Kevlar,I agree.
[/quote]I sense we’re missing out on some inside information.
-
[quote name=“Kevlar” post=“53044” timestamp=“1389997064”]
According to Sunny, ACP has already been eliminated in PPC, meaning it’s not a necessity.
[/quote]Peercoin cannot remove the ACP currently unless they remove the PoW mining together. This has to do with their trust score calculation algorithm to resolve block chain forks. It’s much different to cumulative difficulty used by Bitcoin, Litecoin and many others. To make a long story short, one PoS block has enough weight to orphan any reasonable number of PoW blocks. The ACP limits this number to 5 or so.
Yacoin has no ACP and they have suffered recently when the attackers generated and injected PoS-only forks orphaning [b]hundreds[/b] of blocks. The summer attacks on Feathercoin are a joke compared to this. Novacoin has implemented a much better solution already which makes many kinds of attacks inefficient as a hybrid chain outweighs PoS- and PoW-only ones.
-
The question was what solutions there were to ensuring blockchain security regardless of ACP. So I was hoping to explore solutions in depth like Wrapper’s and Kevlar’s 0% PoS.
I understand that solution incentivises people to leave their wallets open? Is that good or bad? Can they be rewarded with payment fees? If so this could be economic incentive.
-
Terracoin Attack Analysis
[url=http://forum.feathercoin.com/index.php/topic,7024.msg53435.html#msg53435]http://forum.feathercoin.com/index.php/topic,7024.msg53435.html#msg53435[/url]
-
[quote name=“Bushstar” post=“52869” timestamp=“1389949775”]
ACP is still a necessity, I would not imagine that we would still be on BTC-e if attackers were still rolling back our blockchain and they would still be attacking it.
[/quote]I agree that ACP has helped us so far. Are there any other measures you think we can take to ensure the protection of the blockchain or do you think ACP is enough?
I suppose where I am coming from on this is that attackers will probably adapt and find other ways of attacking us, so my underlying assumption is that we can’t be caught off guard.
[b]ACP or no ACP, what’s important is the viability of our coin and the security of the blockchain. [/b]
Anyone disagree?
-
[quote name=“Bushstar” post=“52869” timestamp=“1389949775”]
There seems to be some people out there that hate us and want to see us destroyed. I do not see other coins getting this kind of treatment though WDC recently suffered a 51% attack which might have coincided with rumours that it was going on to BTC-e.
[/quote]As @Wrapper says also Terracoin, Dogecoin, various other online wallets and exchanges etc. We are not alone. I am glad we have the courage and the will to survive where perhaps others have not. The worst thing of all would be to accept defeat and that’s why we are still here.
-
[quote name=“chrisj” post=“53445” timestamp=“1390162625”]
[b]what’s important is the viability of our coin and the security of the blockchain. [/b]Anyone disagree?
[/quote]I agree.
But it’s obvious we among this forum have two very strong differing opinions when it comes to reaching an agreement on what “security” means and how we accomplish securing the blockchain.
As I see it …
One group feel that handing control of the blockchain over to one individual = [b]security[/b].
One group feel that the above completely defeats the purpose of cryptocurrency and therefore != [b]security[/b].And my personal view is … that’s pretty much where we’ve been for several months now, with no movement whatsoever towards an actual solution for [b]security[/b].
Hopefully this thread will solve this problem once and for all and we can move forward with an agreed upon solution.
-
[quote name=“Tuck Fheman” post=“53450” timestamp=“1390164698”]
[quote author=chrisj link=topic=6956.msg53445#msg53445 date=1390162625]
[b]what’s important is the viability of our coin and the security of the blockchain. [/b]Anyone disagree?
[/quote]I agree.
But it’s obvious we among this forum have two very strong differing opinions when it comes to reaching an agreement on what “security” means and how we accomplish securing the blockchain.
As I see it …
One group feel that handing control of the blockchain over to one individual = [b]security[/b].
One group feel that the above completely defeats the purpose of cryptocurrency and therefore != [b]security[/b].And my personal view is … that’s pretty much where we’ve been for several months now, with no movement whatsoever towards an actual solution for [b]security[/b].
Hopefully this thread will solve this problem once and for all and we can move forward with an agreed upon solution.
[/quote]Let me see if I can find Wrapper’s original proposed solution to this back in the summer. There were also some others. This thread is about solutions not problems.
-
My ideas are here:
[url=http://forum.feathercoin.com/index.php/topic,6861.msg53258.html#msg53258]http://forum.feathercoin.com/index.php/topic,6861.msg53258.html#msg53258[/url]
If it’s worth discussing…
-
[quote name=“Wellenreiter” post=“53454” timestamp=“1390165226”]
My ideas are here:[url=http://forum.feathercoin.com/index.php/topic,6861.msg53258.html#msg53258]http://forum.feathercoin.com/index.php/topic,6861.msg53258.html#msg53258[/url]
If it’s worth discussing…
[/quote]Noted, thanks very much. I will take some time to read it and come back with some comments.
-
Ok was this is @Wrapper?
[quote name=“wrapper0feather” post=“16932” timestamp=“1371896674”]
A novel method to stop attacks, distribute the confirmations logarithmically.I had an idea to make Feathercoin quicker / more secure. “Confirmation locality”. This would mean confirmations would decrease in value the distance (time) from the transaction with an exponential decay. This would mean the transaction is proportionally confirmed, but not fully confirmed till time > 80% network time. This means one person could not mount a 51% attack as the confirmations are distributed more widley through the network. Local confirmations have more value, the attacker cannot be local to everyone!
It would also have the added benefit local (small) payments are confirmed almost immediately with 99% validity.
[/quote] -
Re-reading Bush again:
[quote name=“Bushstar” post=“52869” timestamp=“1389949775”]
To supersede ACP we need 51% protection that is distributed. That is the kind of protection that we and many others need.
[/quote]Good. I liked that. One of the comments you made when we prepped for the Amsterdam Conference is that coins are too dependent on their hashrate for security. Which ironically is in itself a form of centralisation - HA!
So with this in mind, maybe a way of turning a bad situation in to a good one is to come up with multiple methods of protecting the coin as a whole, something other coins can learn from?
[quote author=Bushstar link=topic=6956.msg52869#msg52869 date=1389949775]
Right now the only attack seems to be “strip mining” as Warren put it and bringing all those coins to market. [b]This suppresses our market cap and keeps us cheap which I have no objection with[/b].
[/quote]That’s only true if you if the long term price is higher than it is now. The problem is that is a question of market confidence which is a result of outcomes from discussions like this.
The other problem is that people are starting to see a fall in the purchasing power of their Feathercoins which undermines our efforts to drive FeathercoinMarket.com and destroys hope in the future when people see 4.8m FTC sell walls on exchanges.
I propose a more helpful way of framing a response to the attacks:
[b]Think of these attacks as a test of our resilience and will to survive, imagine the story we will be able to tell after we have overcome them. In a way we should be thanking our adversaries.[/b]
