Namecoin is Prime for a 51% attack

jtimon
Posts: 27
Joined: Fri Jul 22, 2011 5:36 pm
os: linux

Re: Namecoin is Prime for a 51% attack

Post by jtimon »

vinced wrote: If an attack starts, we could restart the chain at the last lockin with merged mining.
Oh, I didn't thought that. Then we would just have to wait until most of the hash prefers to generate namecoins rather than attacking the network. The attack will fail. What a stupid panic I had: nothing can force us to download a client that listens to a chain we all know is a lie.

Does merged mining come earlier with this new release?
BitcoinEXpress wrote:You're burning time on lock in points. You will also need to get the majority of miners to do this quickly with updated clients.
No, we can just wait for you to get bored or the rest of bitcoin miners to become a majority supporting namecoin. We offer 50 namecoins per block, what do you offer them to be on your side?
BitcoinEXpress wrote: If you read ArtForz responses to the original thread I made at Bitcoin talk he talks about a specific flaw to NMC.
As far as I can tell, namecoin is a fork of bitcoin with a new service embebed into the chain, do you mean a bitcoin and namecoin specific flaw?
BitcoinEXpress wrote:"Time Traveling" in the block chain wasn't possible till two days ago and now you are saying it's impossible to invalidate a lock in?
If doubleC doesn't, yes I claim it.
BitcoinEXpress wrote: Want to know what the previous two exploits have in common with the lock in bypass? They were announced by ArtForz and discounted as a falsehood.
If you can beat a lock in, this is because the lock in is not correctly implemented. But I don't know how you can do it wrong with such a simple if.

Code: Select all

if(... && thisBlocksIsCompatibleWithTheChainIhaveDownloadedWithThisRelease()) {
Yes you can freeze the network as long as you're the main miner, but I was wrong, you can't destroy anything if we're aware you want to. Well, you can make the blocks after any lock in just by threatening, effectively freezing the trade and domain registration service for a while.
makomk wrote: As far as I know ArtForz doesn't have a lock-in bypass though. The problem he found with merged mining is that, because the Namecoin client has no block chain lockins, an attacker can rewrite history to drive down the difficulty, get to the merged mining point relatively cheaply but with a chain that has less total proof of work, then do "free" merged mining to drive the total difficulty on their fork above that of the original.

If any other blockchain decides to switch to merged mining, the developers need to add a block chain lockin at the same time or preferably earlier and they're likely to run into issues if there's a difficulty retargetting between the lockin and the switch-over point. In retrospect it might actually have been safer to specify the threshold based on block timestamps...
Thank you. A clear explanation of the attack. But I don't like relaying much on clock reports by miners.
Also good to now that the attack is only feasible against a chain that didn't start with merged mining from the beginning.
johntobey253 wrote: So what I read from this is, we'd like a lockin at the merged-mining block. Maybe the next release should simply refuse to accept blocks starting at 19200 (MM start) in the hope that we can quickly agree on a 19199 lock-in and upgrade. Whoever stays at 0.3.24.62 get to see a bunch of noise from the attack, but if we have the majority after MM, that will eventually die off.

But I would like to see some motion on the 2015-out-of-2016 bug, any news there?
+1
Maybe the sooner the better. They can change their minds and attack earlier than 19199. Of course, once it's all tested.
If they choose to attack earlier, a release with a lock in the block before the attack would be needed.

johntobey253
Posts: 17
Joined: Mon Jun 13, 2011 3:58 am
os: linux

Re: Namecoin is Prime for a 51% attack

Post by johntobey253 »

jtimon wrote:
johntobey253 wrote: So what I read from this is, we'd like a lockin at the merged-mining block. Maybe the next release should simply refuse to accept blocks starting at 19200 (MM start) in the hope that we can quickly agree on a 19199 lock-in and upgrade. Whoever stays at 0.3.24.62 get to see a bunch of noise from the attack, but if we have the majority after MM, that will eventually die off.

But I would like to see some motion on the 2015-out-of-2016 bug, any news there?
+1
Maybe the sooner the better. They can change their minds and attack earlier than 19199. Of course, once it's all tested.
If they choose to attack earlier, a release with a lock in the block before the attack would be needed.
If you mean "the sooner start merged mining the better" I tend to agree. Set Vince and the four largest pool operators in a chat session and hope they release and upgrade to a merged-mining namecoind before they leave. But I wonder if anyone took up luke-jr's offer to implement MM in Eligius if someone helps him? Better get that duck in the row too if we can.

Post Reply