I had a question come in via PM on Reddit and I wasn’t sure of the answer; I’ll pass it along here so everyone can see the answer.
[b]Q[/b]: The current implementation of Peercoin has checkpointing built in, presumably to bootstrap the network's security while it is young. Does Peershares also use checkpointing, and if so, what determines which node is the "trusted" one? Is this centralization problematic for the Peershares implementation?
When Sunny King created Peercoin, it started out using exclusively Proof of Work. It was quite vulnerable to miners of the much larger Bitcoin network at the time. So while it was prudent to have checkpoints in Peercoin, they are unnecessary in Peershares (because they use only Proof of Stake) and will be removed entirely.
There is a flaw in this thinking in my opinion.
checkpointing wasn’t just necessary for proof-of-work, it very much was also important for proof-of-stake. Early miners who owned the most coins, and used their stake could have hijacked the network if it didn’t have the central checkpointing safety measure in place.
Once proof-of-stake is evenly distributed, it becomes harder to coordinate a proof-of-stake block generation attack.
To be fair, I admit that I know very little of Peershares at the moment.
…but I really do think that proof-of-stake needs central checkpointing just as much as proof-of-work until there is enough of a distribution of the coins. Trying to fork a network into a long orphan chain that grows longer than the main chain and wins, is always a concern. This is why Sunny must have included central checkpointing until the Peercoin network matured.
Peershares may very well have to be around for a couple years before its network would also be considered “mature” without needing a central checkpointing mechanism.
I could be wrong. I am interested to follow this thread to see more.
[quote=“ppcman, post:3, topic:2032”]There is a flaw in this thinking in my opinion.
checkpointing wasn’t just necessary for proof-of-work, it very much was also important for proof-of-stake. Early miners who owned the most coins, and used their stake could have hijacked the network if it didn’t have the central checkpointing safety measure in place.
Once proof-of-stake is evenly distributed, it becomes harder to coordinate a proof-of-stake block generation attack.
To be fair, I admit that I know very little of Peershares at the moment.
…but I really do think that proof-of-stake needs central checkpointing just as much as proof-of-work until there is enough of a distribution of the coins. Trying to fork a network into a long orphan chain that grows longer than the main chain and wins, is always a concern. This is why Sunny must have included central checkpointing until the Peercoin network matured.
Peershares may very well have to be around for a couple years before its network would also be considered “mature” without needing a central checkpointing mechanism.
I could be wrong. I am interested to follow this thread to see more.[/quote]
Each Peershares network is indeed vulnerable to the concentrated stake of the issuer. This does not really represent an added risk though, because you are already trusting the issuer in a multitude of ways. By funding an IPO I am necessarily trusting the issuer. They could take the IPO funds and disappear or use the funds in a way that are not consistent with shareholder interests. What will restrain them the most is the very fact that they have a huge stake in the value of the shares.
interestingly, the threat model is quite different.
In PoS systems, the attacker must acquire the asset in order to stage an attack.
thus they must buy out a sufficient amount of the currency(51%) in order to destroy it.
Why would someone buy out 51% of the shares, just to fork the chain and render the currency valueless? there’s no incentive to do that. Unless maybe you were some sort of crypto-Marxist 
.
example:
[i]
total market cap of ZShares is 1 million dollars.
someone buys $510,000 worth of their shares and manages to fork the chain.
they reverse some transactions gaining minimally, the price plummets, now their shares are worth $10,000. [/i]
not really disagreeing with you BTW- but the attack model is quite different to Bitcoin where the total BTC market cap has no direct relationship to the capital requirements(cost of 51% of hashing power).
-jmz
[quote=“Jordan Lee, post:4, topic:2032”][quote=“ppcman, post:3, topic:2032”]There is a flaw in this thinking in my opinion.
checkpointing wasn’t just necessary for proof-of-work, it very much was also important for proof-of-stake. Early miners who owned the most coins, and used their stake could have hijacked the network if it didn’t have the central checkpointing safety measure in place.
Once proof-of-stake is evenly distributed, it becomes harder to coordinate a proof-of-stake block generation attack.
To be fair, I admit that I know very little of Peershares at the moment.
…but I really do think that proof-of-stake needs central checkpointing just as much as proof-of-work until there is enough of a distribution of the coins. Trying to fork a network into a long orphan chain that grows longer than the main chain and wins, is always a concern. This is why Sunny must have included central checkpointing until the Peercoin network matured.
Peershares may very well have to be around for a couple years before its network would also be considered “mature” without needing a central checkpointing mechanism.
I could be wrong. I am interested to follow this thread to see more.[/quote]
Each Peershares network is indeed vulnerable to the concentrated stake of the issuer. This does not really represent an added risk though, because you are already trusting the issuer in a multitude of ways. By funding an IPO I am necessarily trusting the issuer. They could take the IPO funds and disappear or use the funds in a way that are not consistent with shareholder interests. What will restrain them the most is the very fact that they have a huge stake in the value of the shares.[/quote]
Hi Jordan,
This is exactly why the Color Coins model for equities doesn’t really make much sense. The CC technology allows for a sense of ‘zero trust’ (by piggybacking the BTC block chain) whereas in the case of crypto-securities you have this basic trust relationship as part of the business arrangement(as you explain above). The way you’re using PoS does seem to be an appropriate model for these kind of applications. In addition I think Color Coins are going to introduce a very serious problem of block chain bloat. They are likely to multiply the number of transactions exponentially by number of hosted coin colors.
best, -jmz
[quote=“jmzeidner, post:5, topic:2032”]1) In PoS systems, the attacker must acquire the asset in order to stage an attack.
The attacker doesn’t need to buy 51% of the shares. He only needs 51% of minting stakes that keep the network running, which can be much smaller than 51% of the shares.
Why would someone buy out 51% of the shares, just to fork the chain and render the currency valueless? there's no incentive to do that. Unless maybe you were some sort of crypto-Marxist ;) .
The attacker may want to bring down the company by creating FUD rather than to profit from its shares.
Hello,
Is there some background material on your statement?
It’s been suggested elsewhere that one must obtain 51% of the assets in order to fork the chain. Do you have any references for your claims?
Someone wants to create FUD by purchasing half the shares and wrecking the chain? can’t really understand that sort of MO or in what cases it would arise.
-jmz
[quote=“mhps, post:7, topic:2032”][quote=“jmzeidner, post:5, topic:2032”]1) In PoS systems, the attacker must acquire the asset in order to stage an attack.
The attacker doesn’t need to buy 51% of the shares. He only needs 51% of minting stakes that keep the network running, which can be much smaller than 51% of the shares.
Why would someone buy out 51% of the shares, just to fork the chain and render the currency valueless? there's no incentive to do that. Unless maybe you were some sort of crypto-Marxist ;) .
The attacker may want to bring down the company by creating FUD rather than to profit from its shares.[/quote]
What mhps is referring to is the fact that in a perfect world, where every available stake is minting, you WOULD need to own 51% of the outstanding shares in order to attempt an attack on the network (~510,000).
However, in reality, where some portion of the shareholders will not be minting (for various reasons), you would only need to secure enough shares to give you 51% of those that are active. For instance, if 50% of 1,000,000 shares were not minting, for a bad actor to manipulate the block chain, approximately 255,000 shares would need to be held by the attacker (~25.5%).
Why someone would want to do this varies, and while I doubt that it’s going to be a common attack vector to attack Peershares block chains, it is one that needs to be kept in mind.
thanks for clearing that up. much appreciated! 
-jmz
[quote=“Ben, post:9, topic:2032”]What mhps is referring to is the fact that in a perfect world, where every available stake is minting, you WOULD need to own 51% of the outstanding shares in order to attempt an attack on the network (~510,000).
However, in reality, where some portion of the shareholders will not be minting (for various reasons), you would only need to secure enough shares to give you 51% of those that are active. For instance, if 50% of 1,000,000 shares were not minting, for a bad actor to manipulate the block chain, approximately 255,000 shares would need to be held by the attacker (~25.5%).
Why someone would want to do this varies, and while I doubt that it’s going to be a common attack vector to attack Peershares block chains, it is one that needs to be kept in mind.[/quote]
If competition become fierce enough, anonymously purchasing shares on secondary market and use them to sabotage the issuing company, may become an attractive option. That said, as far as network security is concerned, I think many people would accept Peershares to keep checkpoint because many company have a centralized existence to start with. With DACs checkpoint has more problem.
How exactly does the minting incentive model work if the chain is ‘premined’ so to speak? The only one I can think of is that the owners want to uphold the integrity of the chain and their investment- this seems to be the basic model for PeerShares. They are communally invested in the chains survival.
Are there potentially TX fees on the transfer of PeerShares between accounts? do they work like Bitcoin?
-jmz
If competition become fierce enough, anonymously purchasing shares on secondary market and use them to sabotage the issuing company, may become an attractive option. That said, as far as network security is concerned, I think many people would accept Peershares to keep checkpoint because many company have a centralized existence to start with. With DACs checkpoint has more problem.[/quote]
The security aspect is the only thing that worries me about Peershares. I hope it’s been well thought out. I’ll have nightmares about rival companies with more money buying up shares and attacking the network. Please make sure these attacks have been properly tested before something bad happens to some company that decides to use Peershares. It would be a horror story and bad press would ensue if the company lost all its money because of an attack.
one strategy to promote ‘many hands’ (and prevent a fork attack) is to create a special block chain that hosts many different sorts of shares. This way they could own 100% of a given share without having 51% of all the minting power. Haven’t really thought much about this idea though… has this ever been raised before?
-jmz
[quote=“jmzeidner, post:14, topic:2032”]one strategy to promote ‘many hands’ (and prevent a fork attack) is to create a special block chain that hosts many different sorts of shares. This way they could own 100% of a given share without having 51% of all the minting power. Haven’t really thought much about this idea though… has this ever been raised before?
-jmz[/quote]
Attacks on Peershares network has been discussed several times but I agree with Sentinelrv that the level of risks with Peershares is different form that of Peercoin so many security issues needs to be evaluated for Peershares specifically, as I mentioned here.
[quote=“mhps, post:15, topic:2032”][quote=“jmzeidner, post:14, topic:2032”]one strategy to promote ‘many hands’ (and prevent a fork attack) is to create a special block chain that hosts many different sorts of shares. This way they could own 100% of a given share without having 51% of all the minting power. Haven’t really thought much about this idea though… has this ever been raised before?
-jmz[/quote]
Attacks on Peershares network has been discussed several times but I agree with Sentinelrv that the level of risks with Peershares is different form that of Peercoin so many security issues needs to be evaluated for Peershares specifically, as I mentioned here.[/quote]
thanks.
I’ll try to go through those referenced pages ASAP.
"Short selling is another scenario where the attacker doesn’t care about loosing the value of the coin he holds (actually it’s intended) "
this particular point is an important one because short selling is the primary way to profit from a declining price, and one of the primary motivation models for a PeerShares attack. But I think you might be overlooking something, in a short sell scenario, the short seller does not posses the actual share, but rather is obligated to buy it back at the maturation date. While I’m not 100% positive this clears us of this risk, I do think it deserves a bit more attention. The actual mechanics of short selling are rarely understood.
What I’m suggesting above is to modify the TX format so that the block chain supports many ‘colors’ or share types. Then all the PeerShares(or a subset of them) are hosted on one chain. This way in order to fork the chain the attacker needs a certain percentage of ALL shares in the global registry. This also has a performance disadvantages and removes some of the core qualities Jordan outlined in his first message. Color Coins is similar, however in this case we don’t need the complex coloring algorithms- you just need an extra field in every input/output that indicates share type.
-jmz
"Short selling is another scenario where the attacker doesn’t care about loosing the value of the coin he holds (actually it’s intended) "
this particular point is an important one because short selling is the primary way to profit from a declining price, and one of the primary motivation models for a PeerShares attack. But I think you might be overlooking something, in a short sell scenario, the short seller does not posses the actual share, but rather is obligated to buy it back at the maturation date. [/quote]
Yes. The short seller could profit at peershares’ expense by opening short position on the market, attacking the network of peershares of a company to create FUD and lots of sell volume on the market, and close the position at a lowered price. If opening short position is not possible or difficult, the attacker can simply attack the network, buy shares at low prices, stop attack and wait for price to recover, then profit by selling at a higher price.
Short selling attack is not peershares specific. We should be careful not to open attack angles that is cheap to execute and hard to trace.
"Short selling is another scenario where the attacker doesn’t care about loosing the value of the coin he holds (actually it’s intended) "
this particular point is an important one because short selling is the primary way to profit from a declining price, and one of the primary motivation models for a PeerShares attack. But I think you might be overlooking something, in a short sell scenario, the short seller does not posses the actual share, but rather is obligated to buy it back at the maturation date. [/quote]
Yes. The short seller could profit at peershares’ expense by opening short position on the market, attacking the network of peershares of a company to create FUD and lots of sell volume on the market, and close the position at a lowered price. If opening short position is not possible or difficult, the attacker can simply attack the network, buy shares at low prices, stop attack and wait for price to recover, then profit by selling at a higher price.
Short selling attack is not peershares specific. We should be careful not to open attack angles that is cheap to execute and hard to trace.[/quote]
not exactly. The Short Seller does not hold the assets to take the short position, actually quite the opposite. So the short seller must be cooperating with some party, or own the shares himself to have the minting power to make an attack. If he attacked the chain, he, or his accomplice would lose. For every short position there is a long position, the COST of taking out those positions are what determine the risks. Given these systemic attack risks, the markets for Calls and Puts might be very different than in eg. NYSE.
in modern markets there are exotic situations like Naked Short Selling that can only exist when you have complex credit arrangements.
FUD is a problem in any market, so it’s not really something that we can build a software solution to fix. Adapting human nature and correcting irrational behavior is, unfortunately, outside of the scope of Peershares
For an example, take a look at Bill Ackman’s FUD campaign against Herbalife (in support of his short position).
[quote=“Ben, post:19, topic:2032”]FUD is a problem in any market, so it’s not really something that we can build a software solution to fix. Adapting human nature and correcting irrational behavior is, unfortunately, outside of the scope of Peershares
For an example, take a look at Bill Ackman’s FUD campaign against Herbalife (in support of his short position).[/quote]
Hi Ben,
Just to clarify here, I don’t think you can use short selling to profit from an attack here. What I think what @mhps is overlooking is that if you want to take out a short position, there must be someone with a long position who is willing to cooperate with you and take that bet. Sometimes when you’re trading at the consumer level this is not exactly evident. In most consumer/e-trading scenarios your brokerage firm is taking the long position- and they would be the ones holding the crypto-share and THEY would need to execute the attack. Why would they do that if they had a long position? A: they wouldn’t.
tl dr; Fork Attack + Short Sell is not as scary as it looks in our case.
-jmz