Securing the blockchain - beyond ACP

Bushstar

ACP is still a necessity, I would not imagine that we would still be on BTC-e if attackers were still rolling back our blockchain and they would still be attacking it. Right now the only attack seems to be “strip mining” as Warren put it and bringing all those coins to market. This suppresses our market cap and keeps us cheap which I have no objection with.

There seems to be some people out there that hate us and want to see us destroyed. I do not see other coins getting this kind of treatment though WDC recently suffered a 51% attack which might have coincided with rumours that it was going on to BTC-e.

To supersede ACP we need 51% protection that is distributed. That is the kind of protection that we and many others need.

Kevlar

[quote name=“chrisj” post=“52755” timestamp=“1389905208”]
[b]What concrete measures can we take to protect the integrity of our blockchain beyond ACP?[/b]
[/quote]

That’s trivially easy: You can increase the suggested number of confirmations required, so people understand that the blockchain undergoes reorganizations in the short term as part of it’s normal and healthy operation, but it becomes increasingly expensive over the long term, and the entire point of requiring confirmations > 1 is for exactly that reason, and this is a feature of the solution which must be understood in order for the entire solution to have integrity.

[quote author=Bushstar link=topic=6956.msg52869#msg52869 date=1389949775]
ACP is still a necessity
[/quote]

Your statement presumes facts that are simply not in evidence.

[quote]
I would not imagine that we would still be on BTC-e if attackers were still rolling back our blockchain and they would still be attacking it.
[/quote]

And that’s not evidence, that’s just an appeal to consequences, and an appeal to ignorance.

Here’s the truth of this statement: BTC-e turned FTC on right after the attack had happened, and kept it on while ACP took forever to be developed. There’s no reason to think BTC-e would de-list it, in fact BTC-e was quite happy to continue to allow FTC to be deposited and traded after the attacks had happened, and before ACP. They simply increased the number of confirmations and went about their business. We could eliminate ACP, they could do this, and business would continue as normal.

[quote]
Right now the only attack seems to be “strip mining” as Warren put it and bringing all those coins to market. This suppresses our market cap and keeps us cheap which I have no objection with.
[/quote]

Well a second ago you were worried about it being de-listed, now you’re saying keeping the price down is a good thing? Does not compute.

[quote]
There seems to be some people out there that hate us and want to see us destroyed. I do not see other coins getting this kind of treatment though WDC recently suffered a 51% attack which might have coincided with rumours that it was going on to BTC-e.
[/quote]

Another appeal to consequence with no evidence to back it up.

[quote]
To supersede ACP we need 51% protection that is distributed. That is the kind of protection that we and many others need.
[/quote]

And we have it. It’s called miners. You made the mistake of thinking 10 confirmations was sufficient, and rather than own up to that mistake, you’ve spent a lot of time and money on finding technological solutions to covering it up, and arguing that it wasn’t a mistake.

[i]I think it’s high time we just admit it was a mistake and address it head on.[/i]

How about an argument with some reasoning and evidence attached:

Argument: ACP isn’t a necessity, it’s the albatross around our neck that’s holding us back.

Technology evidence: 51% attacks aren’t possible (or are at least prohibitively expensive) if the correct number of confirmations are required given the average hash rate proportionate to the available hash power. All coins face this same dilemma, and the ones that succeed are the ones that increase their mining network in order to make 51% attacks unfeasible. Since ACP disincentives miners by eliminating majority consensus, this is a move in the opposite direction. Simply removing ACP and increasing the number of confirmations required moves the blockchain back to a majority consensus, introduces no real risk to exchanges and merchants, and incentives users to FIX THE PROBLEM instead of ignoring it, which is what we’ve been doing. This works GREAT for Bitcoin, and it works GREAT for Feathercoin too. A perfectly valid technology solution exists, and could be implemented very trivially: remove ACP.

Political evidence: A responsible coin would inform it’s users of a danger, and help them to eliminate the threat to them, and then innovate on a solution which doesn’t impinge on the fundamental tenants on which the coin was founded and accepted. A scam coin would start with the promise of decentralization, then switch mid-stream to a centralized authority after the coin has been adopted, suckering users into holding something which they thought was secure, but has since been crippled and made beholden to the wishes of a single authority who reports to no one. ChrisJ has said over and over to me, “I’m sick of apologizing for it.” and he should be, since there wasn’t ever a good reason to cripple the technology to begin with when it was working exactly as expected and promised. It would be a great show of honesty and humility to say:

“After much debate, we realized that the potential risk caused by centralization is significant when compared to the mere inconvenience of having longer confirmation times. Therefore, in the interest of our community, we have made the hard decision to eliminate the threat of centralization on what was promised and originally delivered as a completely decentralized coin. We’re sorry for the inconvenience that longer confirmation times may cause you, but we feel this is a much lesser price to pay than handicapping the fundamental technology, crippling miner’s ability to secure the network, and putting the entire user base at risk. We’re working on a solution to the problem of increased confirmation times, and we hope that by being honest we can repair any loss of trust you had in us while we work on a solution to help bring confirmation times down.”

Circumstantial evidence: You, Bushstar, were not able to implement ACP. Instead, you hired Sunny King at enormous cost to do it for you. Therefore, you are not qualified to be an authority on the technical merits of this subject, but Sunny King is. According to Sunny, ACP has already been eliminated in PPC, meaning it’s not a necessity.

[b]Our attackers aren’t falling asleep at the wheel, WE ARE[/b]. We’ve accepted convenience in exchange for freedom, and authority in exchange for self-governance, and as we see here, that authority continues to argue for it remaining the authority without providing a solid argument for why. I’m here making solid argument as to why we can walk away from that authority RIGHT NOW and go back to having security and integrity without centralization by paying a small cost in convenience. By eliminating ACP, we pay the price in convenience, we eliminate centralization, we increase the integrity of the blockchain, and we incentivize people to address the real issue.

wrapper

Unfortunately Peter is right. I say, the earliest we can remove ACP is as soon as our hash rate is high enough (say minimum 10 G Hash/s - per Day) to prevent ‘problems’, especially with miners being ‘robbed’.

Again this is perception, like the Bitcoin 51% Pool case recently. It is the big pools that can effect us, it is not strictly an attack. I think Bitcoiners are in denial over this, which is the wrong attitude.

However, Feathercoin cannot guarantee those pools, we don’t run them. I have now investigated a few but am too ill to do the report. I could see a lot of negative possibilities.

I say, set up the test nets, ASIC friendly, ask for attacks and test solutions. I’d be better at doing a patch for my solution now.

As Feathercoin Staff, I advise we are currently on 6 G Hash/s approaching 7 GHash/s. the current pools will be ‘potentially problematic’ at 5.5 GHash/s. (See October 2013)

With the introduction of rented scrypt mining and 3 GHash of miners we will be safe, until Scrypt ASICs come in. If we do not make positive effort to distribute cheap small ASICs we will then be open to attack again.

Peter has done some very good sanity checks so far, so I will trust his judgement.

To take this further, I think we need to do enough to show Peter the coin is safe from attack, I know and can understand how responsibility changes your perspective.

See Chart.

[attachment deleted by admin]

wrapper

Hey Kevlar,

I agree. The second test net attack test - should be with more confirms. We need to attack it at different % levels and get exact evidence of the effect all the systems on the attack. Compare to no ACP with ACP, with DDoS on ACP.

Great some real evidence at last, everything else is hearsay.

Can we have a TV channel that monitors the attacks with commentators? Like Robot wars?

wrapper

I have stickied / pinned this subject as I think it needs keeping in mind, and is an important development ‘issue’.

Feel free to unsticky when less relevant.

Tuck Fheman

[quote name=“wrapper0feather” post=“53209” timestamp=“1390058328”]
Unfortunately Peter is right.
[/quote]

[quote author=wrapper0feather link=topic=6956.msg53212#msg53212 date=1390059275]
Hey Kevlar,

I agree.
[/quote]

I sense we’re missing out on some inside information.

ghostlander

[quote name=“Kevlar” post=“53044” timestamp=“1389997064”]
According to Sunny, ACP has already been eliminated in PPC, meaning it’s not a necessity.
[/quote]

Peercoin cannot remove the ACP currently unless they remove the PoW mining together. This has to do with their trust score calculation algorithm to resolve block chain forks. It’s much different to cumulative difficulty used by Bitcoin, Litecoin and many others. To make a long story short, one PoS block has enough weight to orphan any reasonable number of PoW blocks. The ACP limits this number to 5 or so.

Yacoin has no ACP and they have suffered recently when the attackers generated and injected PoS-only forks orphaning [b]hundreds[/b] of blocks. The summer attacks on Feathercoin are a joke compared to this. Novacoin has implemented a much better solution already which makes many kinds of attacks inefficient as a hybrid chain outweighs PoS- and PoW-only ones.

chrisj

The question was what solutions there were to ensuring blockchain security regardless of ACP. So I was hoping to explore solutions in depth like Wrapper’s and Kevlar’s 0% PoS.

I understand that solution incentivises people to leave their wallets open? Is that good or bad? Can they be rewarded with payment fees? If so this could be economic incentive.

wrapper

Terracoin Attack Analysis

[url=http://forum.feathercoin.com/index.php/topic,7024.msg53435.html#msg53435]http://forum.feathercoin.com/index.php/topic,7024.msg53435.html#msg53435[/url]

chrisj

[quote name=“Bushstar” post=“52869” timestamp=“1389949775”]
ACP is still a necessity, I would not imagine that we would still be on BTC-e if attackers were still rolling back our blockchain and they would still be attacking it.
[/quote]

I agree that ACP has helped us so far. Are there any other measures you think we can take to ensure the protection of the blockchain or do you think ACP is enough?

I suppose where I am coming from on this is that attackers will probably adapt and find other ways of attacking us, so my underlying assumption is that we can’t be caught off guard.

[b]ACP or no ACP, what’s important is the viability of our coin and the security of the blockchain. [/b]

Anyone disagree?

chrisj

[quote name=“Bushstar” post=“52869” timestamp=“1389949775”]
There seems to be some people out there that hate us and want to see us destroyed. I do not see other coins getting this kind of treatment though WDC recently suffered a 51% attack which might have coincided with rumours that it was going on to BTC-e.
[/quote]

As @Wrapper says also Terracoin, Dogecoin, various other online wallets and exchanges etc. We are not alone. I am glad we have the courage and the will to survive where perhaps others have not. The worst thing of all would be to accept defeat and that’s why we are still here.

Tuck Fheman

[quote name=“chrisj” post=“53445” timestamp=“1390162625”]
[b]what’s important is the viability of our coin and the security of the blockchain. [/b]

Anyone disagree?
[/quote]

I agree.

But it’s obvious we among this forum have two very strong differing opinions when it comes to reaching an agreement on what “security” means and how we accomplish securing the blockchain.

As I see it …

One group feel that handing control of the blockchain over to one individual = [b]security[/b].
One group feel that the above completely defeats the purpose of cryptocurrency and therefore != [b]security[/b].

And my personal view is … that’s pretty much where we’ve been for several months now, with no movement whatsoever towards an actual solution for [b]security[/b].

Hopefully this thread will solve this problem once and for all and we can move forward with an agreed upon solution.

chrisj

[quote name=“Tuck Fheman” post=“53450” timestamp=“1390164698”]
[quote author=chrisj link=topic=6956.msg53445#msg53445 date=1390162625]
[b]what’s important is the viability of our coin and the security of the blockchain. [/b]

Anyone disagree?
[/quote]

I agree.

But it’s obvious we among this forum have two very strong differing opinions when it comes to reaching an agreement on what “security” means and how we accomplish securing the blockchain.

As I see it …

One group feel that handing control of the blockchain over to one individual = [b]security[/b].
One group feel that the above completely defeats the purpose of cryptocurrency and therefore != [b]security[/b].

And my personal view is … that’s pretty much where we’ve been for several months now, with no movement whatsoever towards an actual solution for [b]security[/b].

Hopefully this thread will solve this problem once and for all and we can move forward with an agreed upon solution.
[/quote]

Let me see if I can find Wrapper’s original proposed solution to this back in the summer. There were also some others. This thread is about solutions not problems.

Wellenreiter

My ideas are here:

[url=http://forum.feathercoin.com/index.php/topic,6861.msg53258.html#msg53258]http://forum.feathercoin.com/index.php/topic,6861.msg53258.html#msg53258[/url]

If it’s worth discussing…

chrisj

[quote name=“Wellenreiter” post=“53454” timestamp=“1390165226”]
My ideas are here:

[url=http://forum.feathercoin.com/index.php/topic,6861.msg53258.html#msg53258]http://forum.feathercoin.com/index.php/topic,6861.msg53258.html#msg53258[/url]

If it’s worth discussing…
[/quote]

Noted, thanks very much. I will take some time to read it and come back with some comments.

chrisj

Ok was this is @Wrapper?

[quote name=“wrapper0feather” post=“16932” timestamp=“1371896674”]
A novel method to stop attacks, distribute the confirmations logarithmically.

I had an idea to make Feathercoin quicker / more secure. “Confirmation locality”. This would mean confirmations would decrease in value the distance (time) from the transaction with an exponential decay. This would mean the transaction is proportionally confirmed, but not fully confirmed till time > 80% network time. This means one person could not mount a 51% attack as the confirmations are distributed more widley through the network. Local confirmations have more value, the attacker cannot be local to everyone!
It would also have the added benefit local (small) payments are confirmed almost immediately with 99% validity.
[/quote]

chrisj

Re-reading Bush again:

[quote name=“Bushstar” post=“52869” timestamp=“1389949775”]
To supersede ACP we need 51% protection that is distributed. That is the kind of protection that we and many others need.
[/quote]

Good. I liked that. One of the comments you made when we prepped for the Amsterdam Conference is that coins are too dependent on their hashrate for security. Which ironically is in itself a form of centralisation - HA!

So with this in mind, maybe a way of turning a bad situation in to a good one is to come up with multiple methods of protecting the coin as a whole, something other coins can learn from?

[quote author=Bushstar link=topic=6956.msg52869#msg52869 date=1389949775]
Right now the only attack seems to be “strip mining” as Warren put it and bringing all those coins to market. [b]This suppresses our market cap and keeps us cheap which I have no objection with[/b].
[/quote]

That’s only true if you if the long term price is higher than it is now. The problem is that is a question of market confidence which is a result of outcomes from discussions like this.

The other problem is that people are starting to see a fall in the purchasing power of their Feathercoins which undermines our efforts to drive FeathercoinMarket.com and destroys hope in the future when people see 4.8m FTC sell walls on exchanges.

I propose a more helpful way of framing a response to the attacks:
[b]Think of these attacks as a test of our resilience and will to survive, imagine the story we will be able to tell after we have overcome them. In a way we should be thanking our adversaries.[/b]

Tuck Fheman

[quote name=“chrisj” post=“53462” timestamp=“1390165988”]
Ok was this is @Wrapper?

[quote author=wrapper0feather link=topic=1878.msg16932#msg16932 date=1371896674]
A novel method to stop attacks, distribute the confirmations logarithmically.

I had an idea to make Feathercoin quicker / more secure. “Confirmation locality”. This would mean confirmations would decrease in value the distance (time) from the transaction with an exponential decay. This would mean the transaction is proportionally confirmed, but not fully confirmed till time > 80% network time. This means one person could not mount a 51% attack as the confirmations are distributed more widley through the network. Local confirmations have more value, the attacker cannot be local to everyone!
It would also have the added benefit local (small) payments are confirmed almost immediately with 99% validity.
[/quote]
[/quote]

There is a Bitcoin proposal that is similar to this, but I’ve been unable to locate the website or the video they made. =/

I’ll keep looking.

Update : Since wrapper has posted more detail, that is nothing like the proposal I saw long ago.

chrisj

[quote name=“Tuck Fheman” post=“53464” timestamp=“1390166520”]
There is a Bitcoin proposal that is similar to this, but I’ve been unable to locate the website or the video they made. =/

I’ll keep looking.
[/quote]

That would be very cool, thanks.

wrapper

There were a lot of discussions and learning going on when we were discussing attack prevention measures. We need the test net, to try stuff out properly. So its’ not just talk. First we need a flat level of mining to calibrate the system.

My best idea was to use 3 “temporal zones”, instead of one - to calculate the average block rate. Say 100, 1000 and 5000 blocks. Then divide by 3 to get the composite average block rate.

If necessary we could increase the importance of short term Block time compliance by multiplying the short term average by 2, and then dividing the total by 4 to get the composite average block Hash Rate.

How this slight modification to the difficulty calculation, (advanced difficulty calculation) works is similar to how the “granulated difficulty change” has worked but more refined mathematically. It wouldn’t prevent the rewriting of history with a 51% attack like ACP. But, it would be expensive for “evil miners” to affect the short term difficulty as the medium and long term difficulty is taken into account in the block difficulty recalculation.

Like the granular change we ended up with, it makes it more expensive to try to take control of the network, but is much more analogue in effect and more configurable.

I also suggested the recalculation period for difficulty could also be reviewed, down slightly.

If you want to try my solution, I will work on coding it up, and will ask for help to check, as I am much more limited on what I can do than when I was well. I also don’t think people knew how it would work, or how easy it would be to code.

At the time when we discuses these ideas, I think every one was a very good idea, that were worth testing.

Certainly, solutions also need to fit the decentralised model, which some of us knew was important for their long term success for a number of reasons.

In my case I could see, certain things from the original mathematics were critical to the protocols success and retaining that it was working as a self evolving system was important.

At that time I hadn’t had a chance to look at the difficulty recalculation function. The idea was better than I could put across at the time, it came from some tested research work I did at Manchester, I’m pretty sure it will be very effective in making variable hash rate attacks too expensive at our current hash rate.

It would replace the “granular change” with a “smooth difficulty change”.

In a separate post I proposed the weighting of each temporal period could be adjusted by using Artificial Intelligence Alignments Techniques. Those weightings could be stored with the difficulty. Each miner that get a block is allowed one guess at a better weighting, if that gave a more accurate (predicted last) block time it would replace the current weighting.

A * Time for 10 Blocks + B * Time for 100 Blocks + C * 1000 Blocks / (10 * A + 100 * B + 1000 * C)

= Average block time

A, B, C are stored in the block as Difficulty. One can be corrected, by the winning miner, if it’s guessed new value would have given a more correct block rate on recalculation.

I was assuming that is too much for Feathercoin to introduce and the idea was for proposed ASIC friendly version of Feathercoin and putting it in writing. Mainly because it means adding a database field or using a standard field in a different way to Bitcoin, which could cause a lot of software update complications (for an established coin).

The A.I technique system, would mean the mean average block time would be self aligned by the system automatically, as the mining levels and times varied. This would mean say, if enough coins were not being produced per month, the coin would produce more per day to make up, even though more were produced per day or week …

Otherwise, I particularly would consider a small % transaction fee (~0.05 %) to attract more miners. Kevlar’s extra confirmations idea.