Ninjastic
PostEdited versionsQuotes to this post
Post
Topic
Board Altcoin Discussion
Re: Unattanium: Broken by design.
by
xrobau
on 04/08/2014, 23:33:12 UTC
The number of confirmations you have to wait for is not relevant.  As I pointed out above, by having a block time that is so short, it's amazingly easy to do a 51% attack, without actually having 51% of the coin's hashrate.

I did explain this to the dev, but he said that he knew better, and he was right, and I was wrong.

Here's how it works.

There is the public 'good' chain. It is mining along at.. let's say (for ease of counting) 12TH.  It's split up amongst 3 pools, and each of them have 4TH each (That means that the coin will be asking for difficulty 30000-ish blocks, btw)

We live in a universe where there is a finite speed of light. There is an amount of time it takes for Pool A (that mined the coin) to send it to the other pools, and other coinds.  This is the network latency time. In bitcoind it takes, on average, 4 seconds (and that's an average, not a mean. Mean is much higher) for a block to propogate to 90% of the nodes.  (These numbers are from memory. They're roughly accurate, but not exact. They won't be an order of magnitude out). Whatever the time in una is, it's an amount.. I'm going to keep on at 4 seconds, because the exact number doesn't actually matter.

If we work on 4 seconds, then roughly -half- of the blocks that are mined, will be mined within the same window. There will be two valid blocks, and only one of them will be accepted by the blockchain. 

So that brings the -effective- hashing rate of the coin down to 6TH. Everyone's hashes who mined the rejected coins were wasted.

Along comes Mr 'I actually HAVE a clue' who understands this.  He goes and rents 4TH of SHA mining, and sets up his own coind.  He's going to solomine, to his own pool. His own pool isn't GOING to have any orphans, because he's always going to mine to his chain. He'll never accept a block mined by someone else.

He is, however, going to spam his blocks out, so that everyone else must discard what they're doing (on the non-evil chain), and start working on the new (evil) block.

Now, we have 4TH of 100% guaranteed never-gunna-orphan, and 6TH of 25% chance of orphaning (we still have network latency, but now it's only half as likely).

So there's your first 51% attack. It's pretty visible though, as people watching the blockchain will notice.

The second one is much sneakier, and kinda awesome. Basically, the second one runs his own parallel blockchain. Same deal, it'll never orphan (so you only need 25%-ish), BUT, he doesn't send his blockchain out until AFTER his double spend is completed.   

This one is much easier to manage, as you can control the hashrate exactly to encourage more blocks to be mined than the public chain.

I am, admittedly, glossing over the hard-er bits. I encourage anyone who's actually interested in this to watch the upcoming Dogecoin double spend attack, which is going to be using option 1 I believe, from what I've read.