Posts made by groll

2.5 minutes is the target. the time vary for each search with an average of 2.5 minutes. so each period (2016 for Bitcoin and Litecoin, 126 now for Feathercoin) an average is calculated. and applied to adjust the difficulty to get the 2.5 minutes.

Bitcoin and Litecoin And Feathercoin at start had a basic formula. that can be simplified as (1+ (delta time deviation/target) )* difficulty = new difficulty. this works when you have a steady and small change in hashrate. (the % is limited by a min and a Max on ) so 2.4 minutes would give (1+(-0.1/2.5))*difficulty= 1.04*difficulty

so if time is lower the 2.5 minutes diff will increase and if more then 2.5 diff will decrease.

actual FTC to make change a bit slower for hash rate jump for coins hoppers (delta over 126 + delta over 504)/2*0.25 *difficulty this is done every 126 blocks.

so time between 2 blocks is mostly never exactly 2.5 minutes. But it always try to get to that number. if you get the average of last 1000-1500 blocks you will find we are pretty much on it. With LTC retarget to lower diff some hours ago we will have longer time and diff will go down a bit for next day. we should be around 2.5 minutes tomorrow and stable at 145-150 diff and in 2.5 days when LTC retarget again we will probably get pretty fast to 1-1.5 minutes and back to 175-180 difficulty shortly after :(

for the one saying the diff is broken. i post yesterday that diff will go up as LTC retarget big time so they lost 13% of hashrate so we got some and 170 will probably be the diff for next 3 days unless price ratio between LTC and FTC and to a lesser extend to other coin change much. so this is mostly normal.

in another idea:

i have look at the block chain and something is pretty weird. at some place we got ~15 min between blocks, this can happen, but they occur in short period of time and around the block are pretty fast. with acp fork lower then the last checkpoint are remove from chain so it’s difficult to say if someone try to trick the system.

one thing i have seen is that most block are found very fast and then we got very long block like 10-15 min. in both case they are spread between the 6-7 usual address that found blocks and not seems to have heavy single multi-pool address in them ( many from coinotron and wemineFTC, i have not search who are the other address exactly). the probability don’t follow the “luck” distribution we should have. we find block below 2 minute or over 10 minutes and very few in middle so something is weird. it can be just a weird probability run, but seems to occur too much to be just a: it can happen. I already note that a month ago, but I have no idea what is happening still searching, but mostly no time.

so far, I also found that around those time my client receive weird message block that fail the diff check, Calerts and transactions refuse for not enough fee by the client:
[code]ERROR: CTxMemPool::accept() : not enough fees 4ba6269fa2273e1f6bb295e2fcc9c650d6ac63847443c19c68f61145b9a04cfe, 1000000 < 2000000 [/code]but the transaction is in the chain

one multi-ppol address is:
6mLMVznd9xav2DPZsrL5whSJ9hjA95i2rw

Ok, I’m late to the tread, sorry busy in my life.

the faster we adjust to hash power input the easier a 51% will be to do as more mining means less profitability so profit miner goes away so you get Loyal vs attacker. if hashrate is big enough to keep diff high enough profit miner are out of the equation until the end of the attack. so in actual condition with .00034BTC/FTC a constant 6Gh can keep the diff at ~200 and profitability in the bottom list as we are at 138 diff. so a 51% of 10000 block would be possible. so number of confirm just make it more time but 10000 confirm is just not a valid option.

so difficulty retarget changes can help a bit, but would not solve the issue :(

one note the attacker get coins for mining if that don’t destroy too much FTC and he is not too much on the unprofitable side he will get a mining revenue that is nearly fair if this mining farm is already used for mining. so the cost if the attacker has the mining farm already is FTC price- usual mining coin price and he get what he benefits from the 51%(double spend, FTC rep down, etc.)

in my opinion POS in most form I have looked at would lead to another form of possible 51%

• consume coin day: i keep a lot of coin until i need to spend a lost of coins day for my 51% attack
• simple coins own and online: someone with large money just hold a lot and make the vote, most big wallet are offline for security reason so 1% should be enough (we know that more the 1.5M FTC was involve in previous attack)
• etc.

in fact if a distributed attack resistant concensus method is found the mining as we know would be useless(can be another form of mining). but i don’t know one

paxos is a very useful distributed voting, but it lacks one big thing for coins the notions of attacker node that is one of the problem of coins.

someone can setup millions of voting nodes to say yes so win the concensus but those node are attacker node. coin own in POS is a way to minimized this and replace it by who own more coins. the actual POW is who work hard enough to find the solution.

LTC is going by where FTC have go in may, they will need to adjust the retarget and then probably need to get ACP as some big multipool would be able to 51%. so LTC the safe would not be so safe.

Multipool are bad for coins when they becomes bigger then the coins they mine. for now most of the time they play with 42 and now doge. (this explain a big part of LTC diff drop), but 42 is now less profitable and doge is going that way too. so FTC will probably get more steady hash rate soon as LTC just retarget back to ~3300 diff.

in fact Scrypt mining has a finite mining power that is just divide between coins, multi pool just switch portion of the hash power fast from one coin to another. theyare their and many miner are just mining for profit so unless they really feel the bottom line lost on profitability they will continue to use multi-pool as they just want money(they probably sell BTC for fiat just as fast as the multi-pol swith from FTC to BTC for them)

the FTC retarget is making a good job in my view. it’s not perfect but also leave many problems/attacks of very fast retarget away from the coin.

they say it’s a failure it was probably not they get all coin from 1.1k to 8k in the 4-5h prior to the “disclose pump coin name” and sold many at high price as many saw the yesterday pattern of pre pump and compete with them to buy, but was buying on already inflate price (another possibility is a whale smarter then them got all their money ). I see it this afternoon but was away at 19h so can’t attend the show. finding the coin was so obvious as it was the coins always moving on cryptsy with starcoin between 15h and 19h.

seems that the synccheckpoint was loaded from the DB in DB.cpp and initialised at load of block chain via ReadSyncCheckpoint. this code is relovatd in main.cpp in 0.8.5 but seems to not load the checkpoint so the checkpoint is not initilised and stay at 0

[quote]
Feathercoin version v0.6.4.4 (Sep 21 2013, 08:46:22)
Startup time: 11/21/13 02:33:20
Default data directory C:\Users\…\AppData\Roaming\Feathercoin
Used data directory C:\Users\…\AppData\Roaming\Feathercoin
Bound to [::]:9336
Bound to 0.0.0.0:9336
[b]Loading block index…[/b]
dbenv.open LogDir=C:\Users\…\AppData\Roaming\Feathercoin\database ErrorFile=C:\Users\…\AppData\Roaming\Feathercoin\db.log
LoadBlockIndex(): hashBestChain=c479e1f97c80d2d83a46 height=110649 date=11/09/13 02:41:38
[b]LoadBlockIndexDB(): synchronized checkpoint 42bb31183d1437566b7cedfa0f120d616975f2b4462372af681859cf77528516[/b]
Verifying last 2500 blocks at level 1[/quote]

from new main.ccp you should have one of the message

[code]// ppcoin: load hashSyncCheckpoint
if (!pblocktree->ReadSyncCheckpoint(hashSyncCheckpoint))
printf(“LoadBlockIndexDB(): synchronized checkpoint not read\n”);
else
printf(“LoadBlockIndexDB(): synchronized checkpoint %s\n”, hashSyncCheckpoint.ToString().c_str());

[/code]
my guess is that the DB upgrade have not move the syncCheckpoint to the new DB so the load fail.
if DB has no checkpoint save should we just initialise with genesis block (as it’s the only block on initial load)?

can you add me to the repository. user: groll

I will take a look but as usual my time is limited.

you are right i have not really take care to verify too much the non damped one as they are not working well and yes the 20 is broken by the formula and i was screwed as i calculate on time and you on hashrate so moving the Z column makes some row going to a different value than others as they have different formula, representing with an expected value on Z the same reality. I played a lot on A-Y especially on U-Y to see the effects before and send a working one with FTC values. but this altered futur is good to see what happen also

with 2% retarget every 20 and 100/500 sampling more damping can also work well .1 for example is fine as it’s going to retarget often so moving a bit more slowly would work great even if large change occur. as if larger then 20% occur it goes to max and if lower then it just move 1/10 of the error each time. the error is calculate on 5 and 25 sample so a 20 blocs deviation would be include several time in the calculation. it’s the reason we see some echo of the past in the curves.

I like the 20/100/500 with .1 damping as small immediate effect of change can be seen and the overall effect of 20 if completely off is minimized by both other sampling and the damping. my second choice would be 100/500 with .1 but anything in .25 or more damping (

here in attachment you will find Ghostlander simulation with a more agressive hashrate change vs diff that don’t converge. anything without damping oscillate. 100-500 or 126/504 seesm to be the good choice with .25 or possibly an even more aggressive damping

[attachment deleted by admin]

I have try to find a good function for hashrate but still don’t have a perfect one. the one you use converge by itself so a constant diff would converge, we know this is not true.
ahasrate like =($Z27*0.0288)-(AQ27-$Z27)/5 seems to make a not too bad formula. sorry no time o finish my version of it tonight :(

my reply
[quote]That is interesting, but unlikely to be possible. the transaction will eventually enter the chain else he need to make and sustain a 51% attack

The biggest problem for the attacker is that the block making it longer (mined by rational pool ) is likely to have the orphan transaction and another bounty is needed to orphan this one so every one block need to be orphan, else it just delay the transaction for some blocks as the transaction is just delayed to enter the chain. By doing this it’s not invalidate so the attacker need to repeat to keep it from going in and this will be costly.

so if you can’t make the 2-3 first example you can’t create a chilling effect or even get rational pool software install. even if he can get the rational pool software install: only pool that disclose the block they found would be possible target. miner and rational pool that don’t disclose block can change address so only this mining block is in that address and then send to exchange to make it untraceable so chilling is not working on them.

In fact running the rational pool software would be usable to make a double spend with a parallel chain. if enough bounty is put to keep rational pool on the chain and if he has like 20% and the rational pool 33% so he can add his 20% to keep just behind until he reach the confirm required then make an effective 51%. he can then make a 6-10-20 blocks fork just behind the normal chain and then orphan it when it’s needed. so running this kind of rational pool software would just make sure your coin is just going to loose value. So no gain to run this as at the end you will loose.[/quote]

in addition : nothing prevent the attacker from adding to claimed bounty to remove the bounty from everyone if they win as he had done with the first transaction bounty. this until he get the block himself. possible if he have some hash also and many rational are competing.

from his conclusion: the OP seems to have just trigger thinking around adding spend at x height. as this can add some weird attack derive from this kind of idea, but not this one.

I made a simulation but have no time to make more for now,

it’s a work in progress, copy of sheet1 with graph on sheet 5 are the latest test, as far as I see it 20-126-504 damping .25 seems better as 126-504 has a reapeat every 126 that seems exploitable if you throw then stop some hash at well choose point.
[url=https://docs.google.com/spreadsheet/ccc?key=0ApYFJvIJozEwdEJla3d2M1NCXy1XYXJCNUJPZVFzYVE&usp=sharing]https://docs.google.com/spreadsheet/ccc?key=0ApYFJvIJozEwdEJla3d2M1NCXy1XYXJCNUJPZVFzYVE&usp=sharing[/url]

all this seems ok, i have 2 comments
[quote]the third thing to do is a faster retargetting with a better averaging. 9% difficulty limiter over 126 blocks is a good choice in general, but 1% over 20 blocks (~30 minutes) seems better. As for averaging, my choice is a combined average of the past 126 and 504 blocks with 0.25 damping as it seems to do really well.[/quote]
change using longer sampling usually gives some weird effect as pre-last change is reused and is likely to make he next go the opposite way as the new state. But the 1% can possibly make this safe, I don’t have time to simulate that. but from what i see from FTC and the 2-3Gh/s switch from a pool switcher(not multipool only 1G). the switch to one side to the other is instant and can even occur back and forth depending on price 2-3 times in a 126 blocks . You can’t get switcher out you need to make sure you play with them nicely without starving yourself because of history. i wouls try to put 10M- 1G on a 0.5 diff switching in a simulation and play with 1-2 change to see the effect. the damping will probably do nothing in this case as damping would need to be an order of magnitude more , but that would make the coin too much irresponsive.

[quote]What comes to the block chain protection agaisnt 51% attacks including time warps, we need to reduce the future time limit from 2 hours to 30 minutes. nMedianTimespan has to be increased from 11 to 19 blocks accordingly. [/quote]
depending on ACP depth i would add a bit more then 19 as even with 51% you are likely to get time warp with 51% without orphaning as PXC is low hashrate on normal condition.
so the 30 min in future can be used to get more then 10 blocks in future and keep it on attacker control as other block would not enter.

for past i suggest you add also a max past from the any of the most recent valid block. (not just the last one)depending on ACP depth you can have to trick it a bit as to get any valid block on any chain. so orphaning block under the ACP range would not allow to place past too far. ACP at 1 makes no orphan so it would work great with only top but if 3(like FTC) you can still 51% time warp the past(would need keep a precalculate queue of block so can orphan at will as soon as they arrive). so the only way to max past time allowed is to include orphan chain.(its now decribe so now someone will try it, but FTC is possibly safe for now as long as it stay over 3Gh/s. it’s not the case of PXC)

putting 1000 client is not difficult, i can do like 30 on my i5 6G ram with VM each having a different IP.

for the think you know about a node it’s pretty much nothing:
IP: can be as i want mostly. so you know the ip I’m talking to you with but i can have many others.as far as i can get them routed o me it can be any address, i can even assign many to my computer and choose the one to use to talk to any other node. they change also and anode is only connect to few nodes so getting a list of all unique is very expensive in consolidation processing.
Hashrate: nope pool have an idea as you submit share, solo you don’t know you can only extrapolate from time between block found correlated to difficulty
Blocks Found: from your address yes, but you can have other address
Public Key Age: nope the chain only know the first use of it
coin: yes with address
coin age: yes with address

the big problem is that what the client gives you if you can’t verify it against the chain can be what the sender want it to be if he takes the time to manipulate the code to send that.

in fact the actual POW is a voting system base on hash rate. POS base on coins earn and usually for how long you have them.

for 2 example on how it can be implement please read(they write better then me ;))
[url=https://en.bitcoin.it/wiki/Proof_of_Stake]https://en.bitcoin.it/wiki/Proof_of_Stake[/url]

so POS complement to protect POW in both case. PPC, orbit and other has POS also, but most bitcoin forum and other crypto forum discussion about POS have similar conclusion: it is probably not yet safe to keep a coin running on it to choose the chain as distribution of coins is not sufficient to prevent attacks. In most form of POS described: that is probably true, can a POS design be able to make it? I don’t know.

adding a second voting system can be used to checkpoint the first one that is POW. but in fact it makes this second one having the ability to determine a POW winner even if it’s not the biggest work(you still need to find a block, but can invalidate 20 blocks chain with a single block if they have not been checkpointed yet). so this gives a lot of control attacks on this can negate the POW. possible giving an attack that is easier then a 51% POW attack.

note for POS. to participate you need to have your coin in your wallet and run a full node to participate. running a full node all the time is not done by most. exchange are likely to have a lot of coins that can make POS so able to influence POS(possibly manipulate).

[quote name=“mnstrcck” post=“30971” timestamp=“1381519883”]
I was thinking about this - and actually did some reading to understand things better. I’m still left with a lot of questions on some details, so pardon the following if it’s totally undoable:

Would it be possible to automate the checkpointing system by a “voting” system that uses weighted averaging?

Let’s assume a tiny network with three nodes - the global hashrate of this network is [b]600 kh/s[/b] at block [i]x[/i]

Node 1 - 300 kh/s
Node 2 - 200 kh/s
Node 3 - 100 kh/s

To vote on the checkpoint, the system looks at each node’s hashrate, and calculates a vote multiplier on each node so that all nodes’ voting power in hashrate is equal:

[b]Network Average Node Hashrate[/b] is [b]200 kh/s[/b] - this is our 1 vote average, anything above or below get’s adjusted, so:

Node 1 - 0.66666667 of a vote
Node 2 - 1 vote
Node 2 - 2 votes

So now, it’s not longer who has the biggest hashrate that decides. Only issue I see is if someone is using a botnet [but I am still trying to figure out exactly how those work, I imagine it’s like a pool].
[/quote]

sorry for the short answer that I just have 1 minutes so without sugar coating ;-)

unfortunatly with the 200k i would just make 1000 client with fraction of .2k each so I get 1000 votes for each of the 1000 miner so 1M vote (no really true as average will be lower, but you get the idea). so now I control the chain without even close to 51%

I will start with the time problem.

Client need to accept block when they arrive, if you open your client the block 2 days old need to b accepted with the timestamp in it so current time is not usefull. the ay it is done is that the blocks are validate to not be too much in future and not too much in the past. the future is now 30 minutes from now. ACp remove this but it would not be impossible for someone without acp to begin to mine at the last block of a retarget with a time way in the future and then release the chain only when in time range, and continue his chain with a lower retarget.

the 9% been small help us here a bit, but lets make an example with the old 1.41 so we get a very easy to see example. let say the network is at 503 block of a low diff at 160 and will retarget at 225 for a 12h run. the attacker begin to mine at the 503 and put in his not yet release chain the 504 block 18 hour later in fact getting 1.41 down to 113 as it is a 504 with 30h. so he can mine a chain with significantly lower hash rate then the network and get a longer chain(30%). he can release his chain after the 18h are pass with all his new chain at a small time after the first one to get back the 160 retarget and repeat.

let say he release after 20h so his block are 2 hour old. since it’s block are in the past the client can only validate against the surrunding chain. else any client that is at some point isolate from the network would not be able to reorganize and get back to the “concensus” chain.

so what is used is that a block can’t go back in time from the mean of the previous one and if get now can’t get in future too much. (machine time can be off in time a bit even when using NTP as it use drift and not instantaneous corrections). the fact is that the miner put the time in the block, normal client would put correct time a rogue one can put what he want and unless it is certified(signed) no one can verify what is put is real at the time it is pu. other can only validate the it’s in range so possibly valide.

on a side note window and most network credential exchanged like kerberos, saml, etc usually use a ± 15 minutes window for token as time can vary and delay can happen. so validating in a range is standard way in distributed environment.

so what we have it’s an orphaning of a long part of the chain. and this is what ACP prevent as you can’t do it more then 3 blocks old. time can still be manipulate but would be difficult to sustain even with more then 50%. a limit has been added for the past time to be less then one hour before the last block so the legitimate network should never be able to make a current time block been checkpointed. so the legitimate network should never be able to find 3 locks in row before they get orphan by the attacker. this would approximatly require more then 75% of the hashrate to be possible with greater the 90% chance of success over a 20h period. and he attacker would not benefit form been on a lower diff chain for more the 3 blocks.

setting a min max time between block is not an option! few seconds between 2 blocks is possible and like we had in may 1 hour between 2 blocks is also possible (we don’t want that but still something that unfortunately can happen).

one technic exists that is the digital timestamping where an authority sign a timestamp with a hash to prove it was done at that time. in fact that is what the block chain do in a decentralise way so using a centralize timestamper don’t make sense in my mind. this only prevent you from stamping the hash at another point in time but it don’t prevent you from waiting a long time before timestamping it. if used to construct next block it will prevent precalculation to orphan chain with wrong timestamp. not orhaning it.

time is one manipulation that most miner see, long chain orphaning has way more bad side one of then is double spend, another is reject any transaction to be confirm. so long orphan should be prevented. so the question that most would say is why allow reorganize? the reason is that you can be on the wrong fork (as some pool have been and possibly some client still are in the pre client 0.6.4.4 protocol chain and are in around block 88300) so when they update they need to reoganize and get to the new chain. this is one easy to understand example, but other reason can make a client follow a “wrong” chain. The big question is how to make sure the “concensus” chain is not replace. the actual solution is ACP and is what should be enhanced, replace ,etc. by something more decentralize.

the bitcoin protocol concider that you can’t get enough power to overtake the network, this was possibly a good assomption for bitcoin as it was and as it is still the principal coin. for alt this is not true as hash power of attacker is enough to overtake the coins when time correctly.

so a form of checkpointing need to be done, but by the network not by a central authority. similarly to the current mining network isolation and other glitches makes the decentralization of checkpointing a difficult task. you can’t just let the network checkpoint if you get a network split you can get two checkpoint at same blocks height for 2 different block and then your screwed.

POS is a form of checkpointing and have been discuss and implement in many coin. each having some change in the way POS is used. some consume the coin age, some just use it. but in all if you get a significant amount of coins sitting for long time you can make a POS 51% attack (it’s 51% of the vote not 51% of the coins). since not all coins are used in POS a 51% can take a lot less then 51% of the total coins especially when it consume coin age as timing in use of coin age can make a POS 51% possible with less then 1% of the coin and it is known that 3-4 address has more then 300K coin from the 30000-40000 blocks and still have not move them(6oADBx5Xxhc273rnppgNDP4dHzgrsbtxjE from 33789 is one of them and the coins are 3 transactions away from coins used in the attacks so possibly still on the hand of the attacker).

I’ll continue in next few days as my time for today is over. I need to go to sleep. but should be enough to start some discussion

I don’t like drugs and silk Road, but any main stream currency is used for illicit. $ and Euro are the 2 top. BTC had enough stability and way to transfer them to be safe for been used at silk road by the big illicit dealer without significant lost(fiat laundering cost ~50%). and Bitcoin is way more difficult to track then fiat.
FTC need to be used to gain value. It will be used in illicit as any other currency or pseudo currency(gold, diamond, stocks, treasury bond, etc.). Kevlar has a drama way to expose things, but the bottom line is true. FTC need to develop usage to be [i]the coin[/i]. Many side usage will happen and it already do some more illicit then others.

to be used currency need to be available and usable. both side are very difficult for FTC at the moment. going to exchange with fiat is more problem and cost a lot more then transferring 20K$ between 2 persons from Canada to China and back(yes i have done all). Transferring 20K$ cost around 70$ total and require only 2 Id cards(yes it is between 2 banks accounts).

for availability I really think FTC need to explore some distribution mechanism not yet used by other crypto-currency.
For example a FTC scratch card that can be sell everywhere like many cell phone operator do. those cards can be a way to distribute. This is difficult to do as it require to fix the amount and exchange rate as you sell them in store at fix price. And require to find a way to secure the card to be verifiable and not spendable before the scratch(another problem is I would not trust most scratch card manufacturer to put private key of the coin address to be scratch they would stole the key and cash them when they this just becomes a bit popular). plastic mag strip and other storage just require too much hardware or fiat network link to be possible at the moment.

let’s start. the last discussion about retarget seems to have make a very good example that idea confronted and debate in civil way ca be constructive so let roll.