POW irregularity

In the 4.7 hours before block 218505, there were 77 POW blocks and only 19 POS blocks. The ratio of POW:POS is usually 1:5, now it is 4:1. Less than 4 min a POW block! Apparently due to recent price surge someone is mining Peercoins with a lot of hash power.

The thing concerns me is that the miner stopped two hours ago but POS blocks are found every ~30 min. Is POS difficulty affected by POW block rate? There seem to be a security problem here. One miner could slow down PPc network by “pump and dump” the POW hash rate.

Hm and if they are making money on the PoW mining, they stand to benefit from this weakness too.

Hello there! I was going to write the same post, but has been advanced MHPS.

In my pool peercoin.ecoining.com some hours before was running 8PH. I had never see something like this.
For a while, it has been possible to carry out an attack of 51%. Obviously I will not do, of course.
But this is a security problem. ¿Presumably this should never happen in peercoin?

[size=8pt] 2016-01-28 10:56:26 1 0.00000000 PPC 290.00 B 0.00POW
218502 2016-01-28 10:55:23 2 0.00000000 PPC 457.00 B 62,219.19 POS
218501 2016-01-28 10:51:19 1 0.00000000 PPC 291.00 B 0.00 POW
218500 2016-01-28 10:51:01 1 0.00000000 PPC 291.00 B 0.00 POW
218499 2016-01-28 10:49:03 1 0.00000000 PPC 291.00 B 0.00 POW
218498 2016-01-28 10:43:52 2 0.00000000 PPC 456.00 B 72,834.41 POS
218497 2016-01-28 10:43:10 3 0.03000000 PPC 1.46 kB 90.64 POW
218496 2016-01-28 10:38:27 2 0.01000000 PPC 486.00 B 0.00 POW
218495 2016-01-28 10:36:32 2 0.01000000 PPC 589.00 B 14.24 POW
218494 2016-01-28 10:33:32 1 0.00000000 PPC 292.00 B 0.00 POW
218493 2016-01-28 10:28:13 1 0.00000000 PPC 292.00 B 0.00 POW
218492 2016-01-28 10:27:06 1 0.00000000 PPC 291.00 B 0.00 POW
218491 2016-01-28 10:26:30 1 0.00000000 PPC 290.00 B 0.00 POW
218490 2016-01-28 10:25:14 2 0.01000000 PPC 521.00 B 184.96 POW
218489 2016-01-28 10:24:05 2 0.00000000 PPC 457.00 B 17,889.25 POS
218488 2016-01-28 10:23:23 1 0.00000000 PPC 292.00 B 0.00 POW
218487 2016-01-28 10:21:07 1 0.00000000 PPC 291.00 B 0.00 POW
218486 2016-01-28 10:19:26 1 0.00000000 PPC 290.00 B 0.00 POW
218485 2016-01-28 10:18:32 1 0.00000000 PPC 290.00 B 0.00 POW
218484 2016-01-28 10:17:35 12 0.12000000 PPC 4.64 kB 109,959.44 POS
218483 2016-01-28 10:10:37 1 0.00000000 PPC 291.00 B 0.00 POW
218482 2016-01-28 10:10:25 1 0.00000000 PPC 290.00 B 0.00 POW[/size]

Is POS difficulty affected by POW block rate?

nope, the pos diff adjustment is solely based on times measured between pos blocks.

have a look at GetNextTargetRequired() in …master/src/main.cpp

POS target would always be STAKE_TARGET_SPACING = 600 seconds

the newDiff=oldDiff * Pcontant * (% spacing difference measured wrt desired spacing)

ps: I m happy to hear miners are mining ppc; less rewards with higher hashrates!

[quote=“paumiau, post:3, topic:3757”]Hello there! I was going to write the same post, but has been advanced MHPS.

In my pool peercoin.ecoining.com some hours before was running 8PH. I had never see something like this.
For a while, it has been possible to carry out an attack of 51%. Obviously I will not do, of course.
But this is a security problem. ¿Presumably this should never happen in peercoin?[/quote]

It’s no security problem. PoW doesn’t contribute any longer to the security of the Peercoin network.
The trust of a PoS block supersedes the trust of PoW blocks by so many orders of magnitude (sigmike once commented on this topic)…
PoW only did secure the network during the bootstrap phase when PoS was not yet possible (30 days minimum coinage…).
…at least if I don’t mess things up.

The hit and run of PoW miners makes the time between blocks less reliable than normal.
But Peercoin is neither a high speed nor a high number of transactions network.
This should rather be inconvenient than insecure.

I think “learnmore” and “Thireus” made some posts regarding the relationship between PoS and PoW blocks.
I might try to dig them up later (don’t do it now, because it’s no fun on mobile phone )

[quote=“paumiau, post:3, topic:3757”]In my pool peercoin.ecoining.com some hours before was running 8PH. I had never see something like this.
For a while, it has been possible to carry out an attack of 51%. Obviously I will not do, of course.
But this is a security problem. ¿Presumably this should never happen in peercoin?[/quote]

To conduct a 51% attack you would have to control the network for 520 blocks. And obviously your 8PH was not enough since you can’t control POS for that long.

With a lot of hashing power, it would be possible to double-spent, regardless of the much higher chain weight of PoS blocks.

Lets say the attacker spends their Peercoin and mines 6 PoW blocks within say 6 minutes, 1 per minute, broadcasting all of them to the network. There is a good chance that nobody will interrupt this chain with a PoS block. Secretly, the attacker holds even more hashpower than that used to mine 6 blocks in 6 minutes, and with that additional hashpower, he mines 7 blocks during those 6 minutes.
He then just needs to broadcast those 7 PoW blocks, which will replace the 6 PoW blocks. Neither of those 7 blocks will include the transaction that the attacker made, so he will have his peercoins back.

Such an attack would require a large part of the hashpower of the Bitcoin-network I guess, but in theory, it should be possible.

I think the easiest way to solve this would be to change the required confirmations from 6 blocks to 6 PoS blocks, regardless how many PoW block will be found in between. Average transaction times would be a little higher, though.

It would be great to have Sunny’s opinion on this. Maybe it does not work the way I think, or does it?

[quote=“Ötzi, post:7, topic:3757”]With a lot of hashing power, it would be possible to double-spent, regardless of the much higher chain weight of PoS blocks.

Lets say the attacker spends their Peercoin and mines 6 PoW blocks within say 6 minutes, 1 per minute, broadcasting all of them to the network. There is a good chance that nobody will interrupt this chain with a PoS block. Secretly, the attacker holds even more hashpower than that used to mine 6 blocks in 6 minutes, and with that additional hashpower, he mines 7 blocks during those 6 minutes.
He then just needs to broadcast those 7 PoW blocks, which will replace the 6 PoW blocks. Neither of those 7 blocks will include the transaction that the attacker made, so he will have his peercoins back.

Such an attack would require a large part of the hashpower of the Bitcoin-network I guess, but in theory, it should be possible.

I think the easiest way to solve this would be to change the required confirmations from 6 blocks to 6 PoS blocks, regardless how many PoW block will be found in between. Average transaction times would be a little higher, though.

BTC-E requires only 3 confirmations as far as I know, so that seems a bit risky and should be increased.

It would be great to have Sunny’s opinion on this. Maybe it does not work the way I think, or does it?[/quote]

Incorrect. This question pops in from time to time because we have new users. Look at this thread along with Sunny King’s comment: https://www.peercointalk.org/index.php?topic=244.msg1166#msg1166

[quote=“sahkan, post:8, topic:3757”][quote=“Ötzi, post:7, topic:3757”]With a lot of hashing power, it would be possible to double-spent, regardless of the much higher chain weight of PoS blocks.

Lets say the attacker spends their Peercoin and mines 6 PoW blocks within say 6 minutes, 1 per minute, broadcasting all of them to the network. There is a good chance that nobody will interrupt this chain with a PoS block. Secretly, the attacker holds even more hashpower than that used to mine 6 blocks in 6 minutes, and with that additional hashpower, he mines 7 blocks during those 6 minutes.
He then just needs to broadcast those 7 PoW blocks, which will replace the 6 PoW blocks. Neither of those 7 blocks will include the transaction that the attacker made, so he will have his peercoins back.

Such an attack would require a large part of the hashpower of the Bitcoin-network I guess, but in theory, it should be possible.

I think the easiest way to solve this would be to change the required confirmations from 6 blocks to 6 PoS blocks, regardless how many PoW block will be found in between. Average transaction times would be a little higher, though.

BTC-E requires only 3 confirmations as far as I know, so that seems a bit risky and should be increased.

It would be great to have Sunny’s opinion on this. Maybe it does not work the way I think, or does it?[/quote]

Incorrect. This question pops in from time to time because we have new users. Look at this thread along with Sunny King’s comment: https://www.peercointalk.org/index.php?topic=244.msg1166#msg1166[/quote]

I don’t see how this relates to the scenario that I have described. I am not talking about an attacker who holds 51% of the hashpower, but a hashpower about 150 times higher than the current hashrate, that’s 15.000% of the hashpower. - In words: Fifteenthousand Percent. Approximately 7000% to mine one PoW block per minute and another 8000% to mine a second chain at an even faster rate.
The Bitcoin hashrate is about 2500 times greater than the Peercoin hashrate. That’s 250.000%, so it would require 15.000 / 250.000 = 6 % of the Bitcoin hashrate to perform that attack. That’s entirely possible!

Please correct me if my figures are wrong, I was a bit in a hurry.

[quote=“Ötzi, post:9, topic:3757”][quote=“sahkan, post:8, topic:3757”][quote=“Ötzi, post:7, topic:3757”]With a lot of hashing power, it would be possible to double-spent, regardless of the much higher chain weight of PoS blocks.

Lets say the attacker spends their Peercoin and mines 6 PoW blocks within say 6 minutes, 1 per minute, broadcasting all of them to the network. There is a good chance that nobody will interrupt this chain with a PoS block. Secretly, the attacker holds even more hashpower than that used to mine 6 blocks in 6 minutes, and with that additional hashpower, he mines 7 blocks during those 6 minutes.
He then just needs to broadcast those 7 PoW blocks, which will replace the 6 PoW blocks. Neither of those 7 blocks will include the transaction that the attacker made, so he will have his peercoins back.

Such an attack would require a large part of the hashpower of the Bitcoin-network I guess, but in theory, it should be possible.

I think the easiest way to solve this would be to change the required confirmations from 6 blocks to 6 PoS blocks, regardless how many PoW block will be found in between. Average transaction times would be a little higher, though.

BTC-E requires only 3 confirmations as far as I know, so that seems a bit risky and should be increased.

It would be great to have Sunny’s opinion on this. Maybe it does not work the way I think, or does it?[/quote]

Incorrect. This question pops in from time to time because we have new users. Look at this thread along with Sunny King’s comment: https://www.peercointalk.org/index.php?topic=244.msg1166#msg1166[/quote]

I don’t see how this relates to the scenario that I have described. I am not talking about an attacker who holds 51% of the hashpower, but a hashpower about 150 times higher than the current hashrate, that’s 15.000% of the hashpower. - In words: Fifteenthousand Percent. Approximately 7000% to mine one PoW block per minute and another 8000% to mine a second chain at an even faster rate.
The Bitcoin hashrate is about 2500 times greater than the Peercoin hashrate. That’s 250.000%, so it would require 15.000 / 250.000 = 6 % of the Bitcoin hashrate to perform that attack. That’s entirely possible!

Please correct me if my figures are wrong, I was a bit in a hurry.[/quote]

It does not matter whether you hold 51% hash power or 99%, Peercoin relies on PoS blocks for ChainTrust. Even with all the POW hashing rate you will not be able to rewrite blocks without dominating PoS. And yes what you described is a 51% or majority (in your case) double spend attack.

Sakhan, do you actually read and try to understand what I write?

You are just contradicting me without an argument.

Chain weight of PoS blocks does not help if there are many PoW blocks in very short sequence, and not a single PoS block in between. Once it reaches 6 PoW blocks in a row, a transaction will be regarded as confirmed by the client.

A PoS block is only found every 10 minutes on average. PoW blocks can be found much faster if a superhigh hashpower comes in. PoW difficulty will be adjusted by the protocol of course, but that will take longer than those 6 blocks as far as I know.

[quote=“Ötzi, post:11, topic:3757”]Sakhan, do you actually read and try to understand what I write?

You are just contradicting me without an argument.

Chain weight of PoS blocks does not help if there are many PoW blocks in very short sequence, and not a single PoS block in between. Once it reaches 6 PoW blocks in a row, a transaction will be regarded as confirmed by the client.

A PoS block is only found every 10 minutes on average. PoW blocks can be found much faster if a superhigh hashpower comes in. PoW difficulty will be adjusted by the protocol of course, but that will take longer than those 6 blocks as far as I know.[/quote]

I think you are missing my point. What you describing works like this: I have a blockchain with blocks 1, 2, 3, 4,
Now I use your super high hash power to POW block A, B, C, D, E, F
In block A, I spend my coins, by the time I get to block F I cash out on those coins and then rewrite the blocks:
find block 5, 6, 7, 8, 9, 10, 11
And that’s how bitcoin works because it’s all POW based, and this type of double spend attack is called 51% (no matter how fast you create blocks and how much actual hash rate you have). There is also no need to have 7 blocks ready because all you need is one block, block #5 because that’s where we forked it.
In Peercoin block chain is controlled by POS blocks therefore you can’t rewrite blocks without controlling the POS so your block 5 would be rejected by ChainTrust. And this is from Sunny: “Peercoin’s security is 100% proof-of-stake, so in terms of security it’s not really a hybrid system. So you don’t need 51% PoW. You need and only need to attack proof-of-stake.”

[quote=“sahkan, post:12, topic:3757”]I think you are missing my point. What you describing works like this: I have a blockchain with blocks 1, 2, 3, 4,
Now I use your super high hash power to POW block A, B, C, D, E, F
In block A, I spend my coins, by the time I get to block F I cash out on those coins and then rewrite the blocks:
find block 5, 6, 7, 8, 9, 10, 11
And that’s how bitcoin works because it’s all POW based, and this type of double spend attack is called 51% (no matter how fast you create blocks and how much actual hash rate you have).[/quote]

Ok good, now I see that you understand my argument, so we can come closer to solving the puzzle. ;D

[quote=“sahkan, post:12, topic:3757”]There is also no need to have 7 blocks ready because all you need is one block, block #5 because that’s where we forked it.

In Peercoin block chain is controlled by POS blocks therefore you can’t rewrite blocks without controlling the POS so your block 5 would be rejected by ChainTrust.[/quote]

I don’t know the Peercoin protocol in that much detail, because I don’t know C++.
Can anybody confirm if (in Peercoin) a chain that ends with a PoW block will be replaced by a longer chain that ends with 2 PoW blocks? Or does the client always keep the chain that was received frist, as long as no additional PoS block is included?

As far as I remember, PoW blocks do contribute a very tiny amount to chain weight, while PoS blocks contribute a very large amount to chain weight. If that’s the case, than more PoW blocks still have a higher chain weight than fewer PoW blocks.

If anybody with detailed knowledge of the Peercoin protocol could join the discussion, that would be great.

• the chain that wins in ppc is not the longest chain, but the longest coin age.

• pow block dont have coin age.

• pos blocks are more or less predetermined.

• If you plan a 51% attack wit pow, you better hope that in your (1 hour?) A,B,C,D,E,F streak no pos block occurs between A en F
  otherwise your plan to double spend in A fails

• add: pos difficulty is not affected by jumps in hash power at all

[quote=“thehuntergames, post:14, topic:3757”]- If you plan a 51% attack wit pow, you better hope that in your (1 hour?) A,B,C,D,E,F streak no pos block occurs between A en F
otherwise your plan to double spend in A fails[/quote]

In Paumiau’s post above you can see there were 8 POW blocks between two POS blocks. After 218505 the stream of fast POW blocks abruptly stopped, suggesting that all those POW blocks were found by one miner.

This was already discussed here: https://www.peercointalk.org/index.php?topic=2606.msg22152#msg22152
The weight of a PoS block is at current difficulty, whereas the weight of a PoW block is 1.

[quote=“sahkan, post:16, topic:3757”]This was already discussed here: https://www.peercointalk.org/index.php?topic=2606.msg22152#msg22152
The weight of a PoS block is at current difficulty, whereas the weight of a PoW block is 1.[/quote]

So I can double spend if I own a huge Bitcoin-mining farm and mine 6 PoW blocks in a very short time, which results in a chain weight of x+6 and replace all those blocks with a secretly mined chain of 7 PoW blocks, which results in a chain weight x+7.

PoS blocks with their billion times higher chain weight won’t help if they are found too late.

I was right from the beginning, and I am wondering why nobody here wants to accept the facts.

Between blocks 218497 and 218490 we have already had 8 PoW blocks in a row.
If that’s not sufficient for a warning, then what?

218497 2016-01-28 10:43:10 3 0.03000000 PPC 1.46 kB 90.64 POW
218496 2016-01-28 10:38:27 2 0.01000000 PPC 486.00 B 0.00 POW
218495 2016-01-28 10:36:32 2 0.01000000 PPC 589.00 B 14.24 POW
218494 2016-01-28 10:33:32 1 0.00000000 PPC 292.00 B 0.00 POW
218493 2016-01-28 10:28:13 1 0.00000000 PPC 292.00 B 0.00 POW
218492 2016-01-28 10:27:06 1 0.00000000 PPC 291.00 B 0.00 POW
218491 2016-01-28 10:26:30 1 0.00000000 PPC 290.00 B 0.00 POW
218490 2016-01-28 10:25:14 2 0.01000000 PPC 521.00 B 184.96 POW

I don’t know how to look for orphaned blocks, can anybody check if there is an orphaned chain in that block range? In that case this was likely a double spend on BTC-E, which they kept secret. BTC-E requires 6 confirmations for Peercoin transactions to confirm.

Ah… Ohh… You got me. I think you found a major flaw…

NOT!!

You keep describing bitcoin where there is a blockTrust: in bitcoin we trust the blocks based on the hash, so it goes from block 1 to 2 to 3 to 4 etc.
Since Peercoin evolved, we have a ChainTrust so in a chain where alpha blocks are POS and numeric Are POW like so: A 1 2 3 B 5 6 7 8 9 10 11 C the ChainTrust goes A to B to C
the POW blocks are checkpointed like so:

[i]// Automatically select a suitable sync-checkpoint
uint256 AutoSelectSyncCheckpoint()
{
// Proof-of-work blocks are immediately checkpointed
// to defend against 51% attack which rejects other miners block

    // Select the last proof-of-work block
    const CBlockIndex *pindex = GetLastBlockIndex(pindexBest, false);
    // Search forward for a block within max span and maturity window
    while (pindex->pnext && (pindex->GetBlockTime() + CHECKPOINT_MAX_SPAN <= pindexBest->GetBlockTime() || pindex->nHeight + std::min(6, nCoinbaseMaturity - 20) <= pindexBest->nHeight))
        pindex = pindex->pnext;
    return pindex->GetBlockHash();
}[/i]

Ref: https://github.com/ppcoin/ppcoin/blob/master/src/checkpoints.cpp

Therefore your 7 blocks will never replace the first 6 because you can’t fork at a POW block (but I already mentioned that and so did masterofdisaster before you even wrote your post) and the block chain will follow the next POS block with highest ChainTrust (difficulty).

Here is a short video for this since you don’t have time to research it yourself: https://www.youtube.com/watch?v=dQw4w9WgXcQ

I think it is worth to think about having the upcoming halvening in mind in July.
What if a big pool cant make money with mining btc and switches over to alt coins? There will be attacks occurring on alt coins.

There will be a huge jump in pow difficulty for sure, but in that timespan, a serie of 7-8 successive pow blocks only between 2 pos blocks can happen and isn’t impossible. While pos target is set on 10 minutes, in reality it can stretch to 1 hour sometimes.

So I do see a window of opportunity for a 51% pow attack but how would a miner know when the next pos block wont arrive for the next hour? Should it wait when pos difficulty is in a declining momentum and then attack? It remains a guess not exact science…

A pow alt coin would be easier to attack then a hybrid. Too many variables at play to waste your efforts, while you can pick an easier target.

That was changed in the protocol and it is now the PoS difficulty not coin age.