Yeah most of these folks probably never read peercoin paper nor source code. Some of our competitors clone our code and make arbitrary modifications without understanding the security mechanisms. Yeah if they include block hash in proof-of-stake that would be a huge vulnerability.
Yes sigmike is quite knowledgeable in these matters. He studied peercoin well.
this grinding attack doesn’t work on peercoin because the block hash is not used in the proof of stake process
so you can’t try many block hash to find one that make you find the next block
Myth: The network is centralized because the synchronized checkpointing mechanism allows Sunny King to control the blockchain history.
The Purpose of Synchronized Checkpointing
Peercoin has hardcoded checkpoints. Bitcoin also use hardcoded checkpointing. It is a way to mitigate attacks when a new node that has yet to download the blockchain, connects to the network. In addition to hardcoded checkpointing, Peercoin use synchronized checkpoints.
Minting is when a Peercoin node creates a block (in Bitcoin this is called mining). As the number of minting nodes increases, the network becomes more secure. Initially, when the network is young, an attack is relatively cheap. During this time, the bootstrapping phase of the network, synchronized checkpointing is used to deter and protect against malicious entities. Its a temporary and precautionary measure and the plan is to phase out it out, as minting nodes are added to the network and the protection is no longer needed. The first step is to make it possible for users to disable the feature.
The synchronized checkpointing has never been a secret. It’s described in the white paper written by Sunny King and Scott Nadal (http://peercoin.net/assets/paper/peercoin-paper.pdf). The mechanism is controlled by Sunny King. It’s worth considering that he stands to profit a great deal if Peercoin is successful and that all his work would likely be pointless if he abused the control.
Whereas Peercoin arguably started off more centralized than Bitcoin, the number of minting nodes is likely to increase over time, hence the network will become more decentralized over time. Bitcon is the opposite. Even if Bitcoin started off as a decentralized network where everyone with a CPU could participate on equal footing, because of the resource intense nature of Proof-of-Work (PoW), those with the most resources outcompete those with lesser resources, therefore Bitcoin is likely to become more centralized over time.
The Peercoin community is committed to bringing on more minting nodes, by making it easier for new and existing users to start minting.
Myth: An attacker can rewrite the blockchain history using old private keys.
A successful attack is theoretically possible but very unlikely to happen. Peercoin has hard checkpoints (Bitcoin core has it too) and synchronized checkpoints. Both types of checkpoints protects against this attack, simply by making a deep blockchain reorganization impossible. Coins spent before the latest checkpoint can’t be used, so the coins used in the attack would have to be accumulated after that checkpoint.
The other minting nodes on the network also protects against this attack. The attacker must pick a point in time, a block in the blockchain, where the blockchain should fork. From this point forward, the attack chain must now out compete the stakes used in the main blockchain.
Let’s illustrate what this means. If the network has an average of 60% of the coins used for minting since the last checkpoint (either hard or synchronized), the attacker now need outputs that had 61% of the coins.
It’s also worth noticing that coins used by the attacker, if they have been spent on the main chain, will have added coin age to the chain trust, thus the coins used in the attack will not only compete with the rest of the network, but also against the stakes the same coins were used in before. In a sense, the attack coins will be competing against themselves.
In summary, as more people enter the Peercoin economy, hold coins and run minting nodes, the more expensive, difficult and less likely this attack becomes.
For a more detailed and elaborate discussion of the attack and the protection:
[quote=“sigmike”]Rewriting a blockchain from a point where you had the majority of the minting coins is possible but there are a few things that protect us:
The hard checkpoints in the source code. The last one is from 0.4 release so the new blockchain cannot start before block 99999 generated on 2014-03-06. So the attacker cannot use coins that were spent before this date.
The synchronized checkpoints. The last one is from 1 hour ago. They will be removed, but I guess only when the last protection is strong enough:
The stakes that have been minting since the attacker wants to start the rewrite. For example if the coins the attacker had in the past have been constantly used for minting since they were sold then he won’t be able to compete with the main chain. And in general the more coins are minting the more difficult it is to rewrite the blockchain. Imagine we get an average of 60% of the coins minting since the last checkpoint, then the attacker needs outputs that had 61% of the coins.[/quote]
For those who haven’t followed the discussion in the above link, the conclusions are that the time-drift attack brings the attacker trivial gains. The exploit and some variations of it have little impact on the security aspects of the network.
Alright, I’ve gone over everything in this thread and tried to make edits to fix grammatical errors. I cleaned up a lot of the sentences to make them sound better. I even added some nice looking green font. I’m not a grammar expert though, so somebody should still check my work. Other people that are familiar with the content should check to make sure everything listed is true or what we could improve. Here are some other things I noticed…
This sentence in the history revision post sounds screwed up and I’m not sure how to fix it. Could you take a look at it? “The stakes that have been minting since the attacker wants to start the rewrite, also serve as protection.”
The history revision section feels incomplete to me. It needs more details from this thread http://www.peercointalk.org/index.php?topic=3005.0 on how this attack is supposed to be carried out. I also had a hard time telling when you were talking about synchronized checkpoints or hard coded checkpoints. You might want to make that clearer in all the spots where it’s mentioned. I altered this sentence as well “Coins spent before this checkpoint date can’t be used again.” but I’m unsure if it’s correct. You should go over this whole section and make things more clear.
About the synchronized checkpoints section, the first title is called “The Reasoning Behind Checkpoints,” but I couldn’t find the reason or purpose for why they existed in that paragraph. As I understand it, they’re to protect Peercoin from attacks while the network is still young. The purpose of checkpoints needs to be explained in the beginning of the paragraph.
When talking about increased adoption as a reason for why checkpoints won’t be needed any longer, I think you need to make it clear that you’re talking about the minting participation. As minting participation goes up, the network becomes more secure.
For the reasons why checkpoints shouldn’t be removed in a rush, if the minting participation isn’t at an acceptable level yet, they shouldn’t be removed yet or you’d be inviting an attack. As far as I understand it, they should only be removed once the network has enough people minting that it can take care of itself.
About this sentence: “The first reason is that it’s important to have a margin of error when it comes to evaluating how widespread minting is.” I don’t completely understand what it’s getting at. Maybe you should expand it some.
Myth: An attacker can manipulate the clock time and generate blocks ahead of time.
A Moot Point
Proof-of-Stake use a timestamp that is added to the transaction data. The source code allows for a slight time-drift and accordingly to the myth, an attacker can manipulate the time so as to mine blocks ahead of time or to have a much better chance to find a block. However, a closer study of attack reveals that the impact on network security is very limited.
Since the network has a tolerance of two hours of time stamp error, does it mean one can try 14400 different time stamps per second? Well, the previous block hash in not part of the hash you compute in Proof-of-Stake (PoS). So the 14400 hashes available in the time-drift attack, stay the same even if there’s a new block. The only thing that may change is the difficulty. If you try the next 14400 timestamps at time t, then at time t+1 you’ll try 14399 timestamps you’ve already tried, and only try 1 new. So you still try only 1 new timestamp per second.
Taking into account the probability of finding a block, exploiting the time-drift is insignificant. Actually the time-drift is there for a reason. The purpose is to protect the network from freezing up which could happen if some time-drift was not allowed.
For a more in-depth description of time-drift and how time is used in Proof-of-Stake read:
[quote=“Sentinelrv, post:47, topic:2518”]…history revision post sounds screwed up and I’m not sure how to fix it. Could you take a look at it? “The stakes that have been minting since the attacker wants to start the rewrite, also serve as protection.”
I’ve re-wrote the whole thing (yes I can do that, there is not checkpoints blocking me :P).
I did’t want to go into more details, because I’m aiming for a short text. The attack is kind of abstract and the whole thing requires some knowledge of both the inner workings of minting, checkpoints and so forth and so on. It’s kind of one of the reasons I have those “in-depth study” (I changed the title to better reflect the content) links.
Maybe someone else could do a better job? (I hope someone can :))
“accordingly to the myth, an attacker can manipulate the time so as to mine blocks ahead of time or to have a much better chance to find a block. However, a closer study of attack reveals that the impact on network security is very limited.”
“accordingly to the myth, an attacker can manipulate the time so as to mine blocks ahead of time or to have a much better chance to find a block. However, a closer study of attack reveals that the impact on network security is very limited.”[/quote]
Thanks for reviewing and updating the myth. I changed it accordingly and it is now also added to the index in the first post.
Myth: There is only one developer, Sunny King. He is anonymous and if something happens to him, that’s the end of it.
Busting the Myth
This myth is false. There are already other developers working with the Peercoin code base, so if Sunny King stopped doing so, they would have to continue without him. The myth probably originates from the fact that it took some time for Sunny King to find developers. In this type of project, it is of utmost importance that the quality of the work must meets the highest standard.
There are several active members in the Peercoin community who knows the Peercoin code base well. Some have deep knowledge and some have only partial knowledge. There are also some developers with a shallow knowledge, with an aspiration to learn more. Some noteworthy people are: Sunny King, Sigmike, Jordan Lee, glv, Ben, Fuzzybear (un-verified), mphs, kac- and irigi. Keep in mind that the list doesn’t tell anything about level of expertise and isn’t an attempt to create a complete list either. It is however proof that there is more then one developer.
Sunny King and sigmike are working directly on the Peercoin protocol. Both have deep understanding of the source code. The team behind Peershares, a fork of Peercoin, has both in-depth knowledge of the code and a stake in a secure and stable Peercoin network.
Peercoin is about long term value and therefor security is one of Sunny King’s main concerns. The purpose of Sunny King’s anonymity, is that if the network would come under attack, being anonymous could buy him some more time to help secure the network. There are however several other developers with in-depth knowledge of the code base that are not anonymous. Most importantly, the code base is open source.
It is also worth noticing that Peercoin is a fork of Bitcoin, which means that much of the work that is being done on Bitcoin, Peercoin benefit from. These developers and testers, deserves credit as well.
Myth: New coins are created all the time, it will be incredibly inflationary.
Busting the myth
The money supply curve is totally dependent on user adoption. Currently, the network is producing less coins each month. It will likely take hundreds of years to reach 1 billion peercoins, if ever.
The change of money supply is determined by:
Proof-of-Work difficulty level: In Peercoin, the miners only purpose is to increase the supply of coins.
Proof-of-Stake: Minting nodes build blocks and as a reward they get coins. This increases supply at a rate up to 1% per year.
Number of transactions: Every time there is a transaction, the coins in the fee is destroyed. This decreases supply.
Myth: The coin is designed to make the rich richer and enrich early adopters.
Sunny Kings’s Response
"The proof-of-stake minting provides a service to the ppc network, so why shouldn’t those who provide the service receive some compensation? The rich and the poor are treated the same here,
both can provide proof-of-stake minting, and rate of income is proportional to their holding.
So you can say that the rich get richer, and the poor also get richer, at the same rate, so long as they both try to provide the service to the community. Meanwhile, those who transact in the network with high velocity pay the security cost via low inflation." (Sunny King, http://www.peercointalk.org/index.php?topic=617.0)
The Proof-of-Work difficulty algorithm in Peercoin, is designed so that the greater the interest the lower the award paid out to miners. Early adopters was able to accumulate more coins. This is a common practice in crypto currency and it also true for Bitcoin. The idea is to compensate early adopters for taking on the risk and to create an incentive structure to ensure continued health of the network. Sunny King announced the launch nine day in advance of its release, to ensure a fair distribution of coins.
In Bitcoin only those who can afford to buy a purpose built mining machine, can participate in solo mining and receive a reward. If the user is willing to take on a third-party risk, there is also the option of buying mining derivatives from example cloud mining service provides. The later may push the Bitcoin network towards a centralization. Peercoin on the other hand, is designed to be resource efficient and therefor requires no special hardware. It can even run on very cheap devices, such as Raspberry Pi.