Re: Nothing-at-Stake & Long Range Attack on Proof-of-Stake (Consensus Research)
let me google that for you: "kushti n@s attack"
First hit:
https://github.com/ConsensusResearch/articles-papers/blob/master/multistrategy/multistrategy.pdf
First hit:
https://github.com/ConsensusResearch/articles-papers/blob/master/multistrategy/multistrategy.pdf
That is the article I linked to which indicates you can perform short range N@S attacks with 10% stake. When kushti published it he even admitted such:
- we have formally defined nothing-at-stake attack(again, using Buterin's informal definition) and made initial simulations. We haven't included their results in paper as they are seems to be too raw, but I can reveal them here: N@S attack could happens only in short-range, e.g. for within 20 blocks for 10% stake, so with 30 confirmations we haven't observed the successful attack. Also please note the attack has pretty unpredictable nature for attacker, so he can hardly enforce it, even in theory(in practice it's even harder to get it done properly). The correlation with stake size is still the open question, but it's nearly impossible to attack a proof-of-stake currency with "1% stake even" as stated by Buterin
I believe what is happening now is Nxt Supporters are now suggesting N@S is impossible because they are interpreting "Nothing" literally and indicating only short range attacks are possible. If you want to play word games that is fine, lets call it a bear raid and short range attack combo.
That article isn't the latest information, this post from 14th Jan is..
To summarize the discussion, known claimed attacks on proof-of-stake distributed consensus algorithm(and concrete implementations) at the moment:
*snipped*
3. Nothing-at-stake attack - not possible at the moment! Will be possible when a lot of forgers will use multiple-branch forging to increase profits. Then attacker can contribute to all the chains(some of them e.g. containing a transaction) then start to contribute to one chain only behind the best(containing no transaction) making it winner. Previous statements on N@S attack made with assumption it costs nothing to contribute to an each fork possible and that makes N@S attack a disaster. In fact, it's not possible at all to contribute to each fork possible, as number of forks growing exponentially with time. So the only strategy for a multibranch forger is to contribute to N best forks. In such scenario attack is possible only within short-range e.g. with 25 confirmations needed 10% attacker can't make an attack. And attack is pretty random in nature, it's impossible to predict whether 2 forks will be within N best forks(from exponentially growing set) for k confirmations. So from our point of view the importance of the attack is pretty overblown.
*snipped*
*snipped*
3. Nothing-at-stake attack - not possible at the moment! Will be possible when a lot of forgers will use multiple-branch forging to increase profits. Then attacker can contribute to all the chains(some of them e.g. containing a transaction) then start to contribute to one chain only behind the best(containing no transaction) making it winner. Previous statements on N@S attack made with assumption it costs nothing to contribute to an each fork possible and that makes N@S attack a disaster. In fact, it's not possible at all to contribute to each fork possible, as number of forks growing exponentially with time. So the only strategy for a multibranch forger is to contribute to N best forks. In such scenario attack is possible only within short-range e.g. with 25 confirmations needed 10% attacker can't make an attack. And attack is pretty random in nature, it's impossible to predict whether 2 forks will be within N best forks(from exponentially growing set) for k confirmations. So from our point of view the importance of the attack is pretty overblown.
*snipped*
When he published the multistrategy paper in Dec, the post indicated that he thought the N@S was overblown and explicitly stated that he hadn't included these results in that paper.
Kushti's research shows that the Nothing @ Stake attacked described by Vitalik (as he was the only one to describe it in any detail) is BS. If you have a different attack, you'll need a different name
