[Dev] Hard fork to change retarget, averages and block time
-
Hi Ghostlander, that doesn’t seem to be a problem GetNextWorkRequired().
Can you help us specify a test for additional vulnerability to Time Travel attack?. I’ve heard of Timewarp, which I don’t think we are more vulnerable to.
Plus ReTargeting every 15 Blocks opens up to the 14 Block attack, which is not theoretical.
-
Produce a series of blocks with their time stamps adjusted to the maximum possible, either to the past or to the future, and see what it does to the difficulty.
-
Cheers mate, were obviously busy at the moment with the normal tests to see if the code performs as specified. We’re just checking the hard fork changeover as our main priority. That doesn’t need a lot of testers.
We have set up a central pool so we can manipulate the hash rate and check the difficulty change performs in more realistic circumstances.
Things are actually going surprising well. I have devised some extra tests for other scenarios the changes will protect us from.
Obviously, I don’t want to post attack mechanisms directly on the forum, especially ones that could be used on other coins, but we will be taking your advice.
-
Re: Attack scenarios: -
https://bitcointalk.org/index.php?topic=122013.20;wap2
These are the current Bitcoin Satoshi client protections to deter DoS attacks, as of version 0.7.0:
Does not forward orphan transactions/blocks
Does not forward double-spend transactions
Restrict the maximum number of signature checks a transaction input may request
Continuous rate-limit of free transactions to mitigate ‘penny-flooding’
Keeping a DoS score of each connected peer and disconnects from a peer that send messages that fail to comply with the rules.
Permanently ban IP addresses that misbehave for a time lapse (24 hours default)
Limit the number of stored orphan transactions (10000 by default)
Use a signature cache to prevent attacks that try to continuously trigger the re-verification of stored orphan transactions
Limit the number of stored signature in the signature cache (50000 signatures by default)
Tries to catch errors in transactions before the time consuming signature verifications.
Penalize peers that send us lots of duplicate/expired/invalid-signature/whatever alerts, so they eventually get banned.
In orphan/signature caches: when removing an item, evict a random entry.
Data structures are specially chosen to avoid loops in which the number of iterations can be controlled by an attacker that result in exponential complexity.
Ignore big orphan transactions, to avoid a send-big-orphans memory exhaustion attack.
In RPC: Only send a HTTP 403 response if it’s not using SSL to prevent a DoS during the SSL handshake.
In RPC: Sleep some time if authorization fails to deter brute-forcing short passwords.
In GUI: Limit URI length to prevent a DoS against the QR-Code dialog -
Here’s some more about “Time Travel” attack.
https://bitcointalk.org/index.php?topic=114751.0
With the time warp bug, a 51% attacker can create value out of thin air by lowering the difficulty to 1 and generating the remaining 11 million BTC of block rewards for himself. Time warp keeps rewinding time to fit unlimited blocks before the current time. (I think ArtForz actually demonstrated the attack on one of the altcoins) etc
Time Warp Test, in Testnet3
https://bitcointalk.org/index.php?topic=114751.msg1237900#msg1237900Re: ArtForz
Re: Other Attack solutions
http://gldcoin.com/documents/GoldCoin_0.7_51percent_defense_october_11_2013.pdfThe resulting discussion …
https://bitcointalk.org/index.php?topic=309629.0 -
The shorter the blocks the more effect the time warp has. Being able to shift the time 30 minutes on Bitcoin with their 10 minute blocks has much less effect than on our proposed changes of 1 minute. Ghostlander has proposed some increased restrictions to time manipulation which are already in the hard fork code. one minute offers convenience to merchants and reduces the risk of double spend without becoming an orphan generator. Extremely fast blocks see many more orphan block for each one accepted into the blockchain. One minute proves to be a popular block target for new coins. If there are further steps to limit the effect of time manipulation please share them.
I am not worried about time attacks as the manipulation seems to be much less serious as they cannot orphan blocks at the same time. When there was no automatic checkpointing time attacks came to toy with our difficulty, with one attack over the course of 24 hours, orphaned all the blocks to replace them with blocks that totalled an hours worth of time. This was a one off, and the effect was to make our difficulty drop when it should have gone up. An attack of this magnitude should not be possible, and if they did try to do such a thing, we can increase the protection of automatic checkpointing to fully remove the ability to orphan any blocks.
Difficulty solutions seem to be getting more complex in general with KGW becoming popular and more complex itself with the additional newly required time warp prevention code. Taking a look at KGW it seems to be more complex than Wrapper’s solution and coins using KGW have a different difficulty on each block so must trigger every time. Perhaps we can look at the effects of KGW on coins that uses one minute targets.
-
Interesting discussion re: What is a Hard or Soft Fork?
-
Just post right here whenever you need more mining power :)
I have 3 R9 280x and a water cooled i5… not really doing much mining on GPU now, its getting less profitable as the days goes by.
Still waiting for my 2 – 600GHs Butterfly Labs ASIC :(
-
earvax, thanks for the offer, the testing needs to be “relative” so we can check the specific figures.
The devs have discussed how we can bring more members in to help and Wellenreiter is working on a way we can run the “Test pool” but switch between the test and normal coins, so a normal miner can help us test, but still be earning.
Don’t throw your rig away yet, we are doing this update for “you”…
-
Testing - Update
The Testnet has moved to http://188.226.166.44:19328
We need a small number of CPU miners ~ 50 KHash and you can use the test p2pool so there is no extra configuration.
minerd -o http://188.226.166.44:19328 -u Address+0.000011 -p -x
You can replace Address with a real Test address. I have updated the guide to compiling a test wallet in a VirualBox, to include the new test version git link.
If you do compile in a test box, it is then a good place to get used to Coin Control, by sending some test coins about. Warning: At this stage it must be kept isolated and DON’T update your normal wallet to the test version.
Here is the github link, for test wallet: WARNING, it is under development, so recompiles will be required, do not use as your normal wallet!
-
It may be a problem over time because GetNextWorkRequired() is called while verifying every block in the chain. This approach is also more vulnerable to time travel attacks. PPC retargets every block, but their retarget code is rather simple. They don’t look back 500 blocks or so on every retarget.
Hi Ghostlander,
Because of your concerns, we are doing some extra work looking into GetNextWorkRequired(). So far it would seem that confirmations are not based on looping back through the all blocks in the chain so your fears are unfounded.
We also don’t look back 500 blocks in any of the simulated difficulty adjustment solutions that were tested.
-
Testing - Update
The Testnet has moved to http://188.226.166.44:19328
For those of you that are used to have a redundant configuration, or in case the above pool is not available due to upgrades or new setups, you can add the second testnet pool:
If we need to modify the software on the pool, we will do it one server after the other, so if you have the second server configured changes will be transparent to you.
We need a small number of CPU miners ~ 50 KHash and you can use the test p2pool so there is no extra configuration.
minerd -o http://188.226.166.44:19328 -u Address+0.000011 -p -x
You can replace Address with a real Test address. I have updated the guide to compiling a test wallet in a VirualBox, to include the new test version git link.
If you do compile in a test box, it is then a good place to get used to Coin Control, by sending some test coins about. Warning: At this stage it must be kept isolated and DON’T update your normal wallet to the test version.
Here is the github link, for test wallet: WARNING, it is under development, so recompiles will be required, do not use as your normal wallet!
For those not wanting to complile the wallet themself I can provide precomiled binaries and also installation packages for a couple of Linux distributions and a short instruction how to install the testnet wallet.
If you don’t want to install any new software on your system, you still can help with the tests, by just providing hashing power.
You can use a wallet address from your normal wallet to login to the pool server, but of course you will not receive any coins from the testnet.
-
Interesting discussion re: What is a Hard or Soft Fork?
A soft fork introduces a new protocol functionality without a threat to split the network. For example, PXC will do a soft fork tomorrow with a block limiter. This feature requires a hard fork usually, but we can force the old clients to accept results of the block limiter through the ACP. Those new blocks which violate the block limiter will never be checkpointed. The updated nodes will reject them simply and the outdated nodes will re-organise according to the ACP.
-
I am minging on testnet node. It is about 250Khash/s, I hope for your help.
minerd -o http://188.226.166.44:19328 -u lizhi_miner+0.000011 -p -x
-
Thanks for everyone who has helped, is helping, provide some hash for the testnet.
The main tests for the new algorithm (Enhance Hash Rate Compensation, eHRC) are pretty amazing and it works as simulated.
eHRC simply extends the current hash change compensation calculation by taking the long and short term hash rate into account when calculating the difficulty for the next block. It is easy to understand, small amount of code and introduces no novel features that could have unknown variabilities.
We are keeping the testnet open for some longer term soak in testing. It will then be up for testing the new hashing ASIC resistant hashing algorithm.
You don’t have to download or compile test wallets, just attach a CPU miner on the testnet will help keep it going, we can switch to normal mining so you will get paid if a standard address is added. Otherwise, your name, on the testnet p2pool charts, seems cool.
I’ll post here when the soak test is complete.
e.g. cpuminer
minerd -o http://188.226.166.44:19328 -u YouRNameOrFTCorFTCTestaddress+0.000022 -p -x -
I just put some cores of my server at work on the testnet!
Hope I got the name right…
-
Jep, you did :D
Your miner shows up in the statistics.
You can check on http:188.226.166.44:19328
Thank’s a lot for supporting the testnet with some hashpower
-
The charts are on
-
maximum change on difficulty must be fixed ?
Thanks again Lizhi - for help testing Rep++
Just checking that we didn’t miss any points now there is a tested version of Feathercoin 0.8.6.1 available for PublicBeta testing.
**What were some of the reasoning or justification for the design decisions, such as retaining damping and difficulty change limitation? **
1. We can not defeat coin hopping, the pools are obviously a part of the crypto currency environment and infrastructure.
Coin hopping is the symptom not the problem.
The cause of the problem was found to be large Hash switches. In this case it was obvious that we needed to ReTarget the difficulty each block, to compensate for hash switches. That was the simplest software update that acted to make difficulty adjustment fairer.
2. After modelling this change it was obvious that a coin hopper could still gain network advantage because the old averaging window was too long into the past.
However, just shortening the window re-opened us up to some historic network exploitation vectors. Adding the 2 extra timespans solved that problem, as it takes short term change into account, but is stable over the long and medium term. Which of course, was what eHDC was designed to do.
By modelling all the proposed solutions we were able to monitor all their responses to various hash rate scenarios.
Sometimes small changes in parameters had little beneficial effect so they were left as is. Also, as we were also changing to one minute block time, that was expected to have an effect. In the end, it didn’t for some parameters, which were there to solve other problems, and “if it ain’t broke, don’t fix it”.
All the other solutions worked as well (Euler, Kimoto), and it was simplicity of eHDC was its main benefit.
That was the easy bit, then Bushstar had to program it!
Don’t forget the testnet is still up. You can compile a Seperate test wallet inside Virtualbox with this guide.
You can view p2pool on this
http://188.226.166.44:19328/static/
You can test mine on this CPU preferred.
e.g. CPU miner
./minerd -o http://188.226.166.44:19328 -u mmVjNeDvYKUsCZop8yGeZScdkeZm2pc1T2+0.000022 -p -xor minerd -o http://188.226.166.44:19328 -u YouTestAddresOrVanityAddress+0.000022 -p -x
or minerd -o http://188.226.166.44:19328 -u FTCAddresss+0.000022 -p -x
Next tests will be potential hashing algorithm changes, hard forks…
-
Just checking that we didn’t miss any points now there is a tested version of Feathercoin 0.8.6.1 available for PublicBeta testing.
Hey wrapper,
do you still need the hashing power on the testnet?