Which of the following actions are possible for the holder of Peercoin’s centralized checkpoint private key?
[ul][li]Roll back the last 1000 blocks, forcing the network to accept the shorter blockchain[/li]
[li]Roll the network back to the genesis block[/li]
[li]Reset PoW difficulty back to 256[/li]
[li]Mine a PoW block without hashing power[/li]
[li]Mint a PoS block without any stake[/li]
[li]Mint a PoS block using 30-day stake, without waiting for the stake to mint in the normal fashion[/li]
[li]Generate a transaction from an address without holding the private key for that address[/li]
[li]Remove a transaction from a block that is 10 blocks deep in the chain[/li]
[li]Remove a transaction from the current block[/li]
[li]Add a transaction to a block that is 10 blocks deep in the chain[/li]
[li]Add a transaction to the current block[/li]
[li]Prevent the network from ever accepting another block[/li]
[li]Thwart a 6-confirmation double-spend attack by reverting to the old chain without losing anyone else’s transactions[/li]
[li]Initiate a 6-confirmation double-spend attack[/li][/ul]
My guess is that most of these are not possible. Are there any “powers of the checkpoint” that I missed?
@Chronos, what sources did you use to generate this list? Are you asking if each of these is possible, or are you stating that each of them is possible and you’re looking for any others that were missed?
from your question i have the feeling that ppc is not open source?!
if those keys are lost somehow can anyone remove those checkpoints or ever alter ppc design for that matter?
The only thing the centrally broadcasted checkpoint system does is tell to the nodes “block xyz is on the main chain”.
It can’t spend funds of an address without the private key, generate a POW or POS block, nor modify parts of a transaction/block in the blockchain.
The checkpoint could do that.
There are hardened checkpoints in the source code (updated with each new version), and I don’t think a broadcasted checkpoint can supersede them.
For ppcoin 0.4, the last hardened checkpoint is at block 99999.
So the broadcasted checkpoint can’t roll the blockchain back to the genesis block.
Glv, thanks for your answers. That’s what I expected.
What about these last two? Any thoughts on these?
[quote=“Chronos, post:1, topic:2646”][ul][li]Thwart a 6-confirmation double-spend attack by reverting to the old chain without losing anyone else’s transactions[/li]
[li]Initiate a 6-confirmation double-spend attack[/li][/ul][/quote]
Let’s suppose that the main chain ends with the blocks A->B->C->D->E->F->G.
Now let’s suppose that an attacker spent some of his coins in B, by some way manages to create a series of blocks after A (with valid POW and/or POS and more coinage destroyed than in B, C, D, E, F and G) and releases it, then the main blockchain becomes A->U->V->W->X->Y->Z.
If the attacker spent in U the same coins he spent in B, his transaction in B is now invalid (and the person who received that payment is now very disappointed…).
A regular user could then find a block, and the chain would be A->U->V->W->X->Y->Z->H.
A broadcasted checkpoint could tell the nodes that G is on the main chain, which would stop the double-spending attack by invalidating the blocks of the attacker (U, V, W, X, Y, Z) as well as the blocks that were mined/minted on top of the attacker chain (H); the main chain would get back to A->B->C->D->E->F->G.
But some transactions of regular users would be invalidated too in this case (the transactions in block H).
Yes, an attacker having the ability to broadcast checkpoints could double-spend.
If the main chain is A->B->C->D->E->F->G, and the attacker spent coins in B, and if he succeeds in mining or minting a block Z after A spending the same coins, he can broadcast a checkpoint telling the nodes that Z is in the main chain.
The main chain would then be A->Z, and the transaction where he spent his coins in B will be invalidated.
That’s really helpful, thanks. I hope this thread helps to take away some of the mystery surrounding the checkpoints. People should understand the extent of what a checkpoint can and can’t do.
[quote=“glv, post:5, topic:2646”]The only thing the centrally broadcasted checkpoint system does is tell to the nodes “block xyz is on the main chain”.
It can’t spend funds of an address without the private key, generate a POW or POS block, nor modify parts of a transaction/block in the blockchain.
The checkpoint could do that.
There are hardened checkpoints in the source code (updated with each new version), and I don’t think a broadcasted checkpoint can supersede them.
For ppcoin 0.4, the last hardened checkpoint is at block 99999.
So the broadcasted checkpoint can’t roll the blockchain back to the genesis block.[/quote]
Yep on the 4th of July a mismanaged checkpoint server caused a rollback of about 500 blocks on BottleCaps. This is one of the reasons I don’t like the checkpoint server much, it can cause huge problems if it isn’t managed correctly.