At first, I would like to emphasis, that I am a huge fan of Peershare. You guys do great work.
As far as I understand peershare, only proof-of-stack should secure the Peershare blockchains. Then, maybe the following scenario describes a problem.
Suppose a company wants to raise funds and decides to use Peershare. They create 100 000 shares and keep 60% of them for securing the network. Dr. Evil wants to harm this company. His plan is to buy 20% of the shares. Then he starts a DDos attack on the server - or servers - which contain the 60% of shares holded by the company. Now, the company can no longer secure the network and Dr. Evil possesses 50% of the active stack. He is eager to doublespend his coins.
Will he succeed?
I guess there are easy workarounds, just want to know, whether you guys considered this attack?
Double spends only work if you are accepting 0 confirmation transactions.
There is no place he can dump 20% of the coins without the price going to near 0.
Its as effective as taking a million dollars cash out of your bank and setting it on fire. You don’t win.
Also Gavin has a half finished pull request on the Bitcoin upstream repo that pretty much solves double spends.
Basically instead of dropping double spends you broadcast them. Since you have to send out double spends at nearly the same time, they now become detectable network wide.
I think that kind of attack is feasible for any coin that has most of it’s processing done by a few pools and they are also not able to withstand a DOS attack.
This kind of attack is incredibly risky for the attacker. They first would need a very large investment. Obtaining 20% of all the stake would be incredibly costly and time consuming. Then once the attack is performed and discovered the market will quickly react by lowering the price (due to lack of confidence) and/or ceasing transactions. Making it impossible to capitalize enough money to justify the original investment and destroying the value of any holdings of the attacker.
In the case of damaging the company, they still will have all the money people used to purchase the shares, so it will really only hurt the shareholders who purchased shares.
DDoS attacks are typically performed against web servers, which Peershares clients are unlikely to be run on as this would be insecure. If the Peershares client is not a web server, the only sort of action that looks anything like DDoS that would be possible would be to send a massive quantity of transactions. Each would incur the standard fee and it wouldn’t really be an attack specific to a particular server, but an attack distributed throughout the network because the transactions would get relayed between peers. Therefore, this really isn’t fundamentally different from the issue of spam transactions. Transaction fees have proven to be an effective defense against this.
If we presume a majority stakeholder has foolishly placed their Peershare client on a web server, it is still likely that blocks can be found because doing so requires so few resources. This is particularly true because of the relatively high block target interval that is likely to be employed.