Myths

From Peercoin Wiki
Jump to: navigation, search

There are some myths about Peercoin. These myths are often based on misconceptions about Peercoin and born out of ignorance. This page lists the most common ones, along with additional information so that the reader can put the myth into context. The idea is to provide the reader with accurate information, so that the reader may form his or her own opinion based on facts.

Please share this page with all people who have misconceptions about Peercoin. If you know about a myth that has not already been listed below, or find any errors, please post in the thread from which these myths have been sourced: http://www.peercointalk.org/index.php?topic=2976.0

Peercoin is highly vulnerable to 51% attack

Myth: Given enough coins, it's very easy to control the blockchain.

Concerns are overblown

By design, the blockchain can only be updated by an entity controlling coins. While different myths details different ways of acquiring and using coins to attack the network, most of them is based on the assumption that given enough coins, the blockchain can easily be controlled. But is it really that easy?

The short answer is that, no it's not easy. The implementation of Proof-of-stake (PoS) in Peercoin is designed in such a way that there are several counter measures against attacks on the blockchain. It's difficult to describe these defense mechanisms, without going into technical details, but the general idea is that those that create blocks (in Peercoin this is called minting) must commit coins to a stake and therefore has money at stake in the wellbeing of the network.

An example of a defense mechanism, is that the coins used in the stake, will be locked for a period of time and therefore can not be sold on an exchange or likewise. Another defense mechanism is that coins have to mature for a period of time, before they can be used in a stake again. Perhaps the best way to understand the implications of this, is to compare it with how Bitcoin works, where mining machines can be used uninteruptedbly in a 51% attack. In Peercoin, an attacker have to wait a long period of time before the coins used in the attack, can be used again in a new attack. Another difference compared to Bitcoin, is that AltCoin compatible mining machines can be used to attack the Bitcoin network, whereas in Peercoin the attacker has to use peercoins, i.e. the attacker can not use coins from an AltCoin as a stake in Peercoin.

How many coins are actually needed to pull off an attack, is still being debated (http://www.peercointalk.org/index.php?topic=3141.msg29474#msg29474) but consensus is that a huge amount is needed. As the price of peercoins increases the cost of acquiring these coins increases. The incentive for more people to mint also increases which pushes up the Proof-of-Stake difficulty and hence the attacker has to acquire even more coins, which will push up the price even more. But let's say the attacker is able to pull it off, then what happens?

Just as in Bitoin, a reorganization attack on the Peercoin blockchain can't do anything that goes against the protocol. More coins then the protocol allows for, can't be created. Other peoples coins can't be spent. Coin days can't magically appear from nothing and the attacker still has to consume coin days during the attack. So why would the attacker even attempt an attack? Perhaps one of the most cited reasons for doing so, is to double-spend coins.

The double-spend attack works like so, first the attacker sell all of his coins and then publish a new version of the blockchain where the sale of the coins didn't happen. In the attack scenario detailed above, this means that the market have to be able to absorb a very large chunk of the total supply of coins. In the current environment this could create a market crash. But let's say the attacker has bought a financial derivative where he stand to profit from a market crash, what happens then? To begin with the attacker has now increased both the cost of the attack and increased his own financial risk, should the attack fail. Then one has to consider that one does not simply consume so much coin days required for an attack, without network participants noticing.

Besides the massive amount of coin days consumed, the mere fact that 6 blocks have been replaced, is an inescapable symptom of an attack taking place. This in-itself would be enough for the receiving end of all of those peercoins sold, to wait more then 6 confirmations.

Yes, protecting oneself against this attack is just that easy. When the alarm bells goes of, one simply just wait a few more confirmations (the receiver can actually calculate how many confirmations he should wait, since it is known how many coin days have been consumed) thereby decreasing the odds of the attacker successfully pulling off the attack considerably. Its also noteworthy that the attacker can't possibly know with certainty how many confirmations the receiving end of the transaction will wait under such conditions, which complicates and increases the cost of the attack even further.

In summary, as Peercoin matures the difficulty and cost associated with this attack will go up considerably. Even if an attacker is able to accumulate all the coins needed for an attack, it's still not risk free and far from certain that it will be economically justifiable to do so. Instead of attacking the network, the coins could be used to ensure the integrity of the blockchain and for this work, there is an almost guaranteed risk free return.

Counter-argument

In Bitcoin a mining pool could decide to attack the network and do so continously, making money by double-spending coins and shortselling bitcoins on financial markets. It's not certain that the mining pool have a vested interest in Bitcoin either, since there are several AltCoins that are using the same hashing algorithm as Bitcoin, which the mining pool could decide to mine instead after the attack on Bitcoin. Furthermore there is clear evidence that mining is an expensive operation and that the current trajectory of the Bitcoin network is that of cloud mining services, pool mergers and centralization.

Peercoin is in many ways the total opposite. Only money invested in peercoins, can be used to mint new blocks. Minting is energy efficient and reqires no special hardware. It's an open network with a trajectory towards decentralization.

Sources

Nothing-at-stake

Busting the myth

Nothing-at-Stake is a busted myth because it is extremely unlikely that someone could successfully carry out this attack for both economical and technical reasons. When verifying whether the myth is true or false it is important to realize that Peercoin is not the only coin using PoS as a consensus mechanism and that there meaningful differences in the different implementations. In Peercoin there is a double-block protection mechanism (cancelling of top block for double stakes), coin age consumption and economical implications serving to protect against attacks. Now follows some variants of the myth and counter-arguments.

Version 1 of the myth: There is nothing that prevents minters from minting on several chains at once, and since doing so doesn't cost anything, there is an incentive to do so. Therefore, the network will never reach consensus and there will be a multitude of competing chain forks.

Duplicate blocks are not propagated by the network and a limit is imposed on how often an attack can be attempted, by the coin age being consumed by staking. Secondly the top block is removed when a duplicate stake (using the same output more then once) is received directly punishing the attacker by delaying the reward, thus losing out on compounding interest.

Another protection is that because the attacker has to own a considerable amount of coins, it exposes the attacker to exchange rate risk (the value of their investment collapsing); a risk that is increased by the person's own attempt to attack the network. The argument is flawed because it argues that the attacker has nothing at stake, when in reality the attacker has to spend resources to acquire the coins used in the attack, thereby exposing themselves to exchange rate risk. It is also false because the probability of succeeding with an attack greatly diminishes for each new block confirmation. The attacker's coin age is consumed, thus preventing an extended attack from taking place.

Version 2 of the myth: Everyone will mint on as many chains as possible, because no-one have anything to lose and nothing can stop them.

As already described, this won't work since honest nodes will filter out and stop duplicate blocks from propagating on the network and double staking entities are punished. Furthermore all peercoins holders have an incentive to run honest nodes, because if the blockchain would fork, the exchange rate is likely to collapse. This is especially true for minting nodes, since staked coins can not be spent. While the profit would be relatively small, dishonest nodes minting on several chains would put their entire stake at risk (exchange rate risk). This myth is busted, because everyone have something to lose (the value of the coin) and honest nodes stops duplicate blocks from propagating.

Version 3 of the myth: The double-block prevention mechanism in Peercoin can be removed and there is an incentive for everyone to do so and then mint on as many chains as possible, because no-one have anything to lose and nothing can stop them.

Nothing-at-Stake assumes that a stake doesn't have value, which is false. If there was multiple chains and chaos, the exchange rate of peercoins would collapse. Nobody would be able to trust that the coins they buy, receive or hold will be there for them to spend. There is a clear economic incentive for Peercoin users to not run a patched client that propagate double-blocks.

If everyone was minting on all chains and there was chaos, then the coin wouldn't be worth anything at all. If it was worth nothing at all, there would be neither any point in holding nor minting peercoins. Why risk everything, when there is nothing to gain?

It's in both the peercoin buyers and holders interest that coins are buried as deep as possible in the blockchain that has the most chaintrust. This is true also for custodians, such as exchanges. Everyone that are exposed to the exchange rate risk of peercoins, have an incentive to build only on the blockchain with the most chaintrust and protect the network against double-block propagation.

Also note that when coins are used as a stake, they are locked and can't be spent for a long period of time. The greater the stake, the greater the incentive to not do anything that could cause the exchange rate to collapse. The greater the stake, the more chaintrust contributed to the blockchain that already has the most chaintrust. Consensus is reached, because Peercoin users have the value of the coin at stake.

Learn more

Counter-argument

The argument that the double-block protection mechanism in Peercoin could be removed, is similar to the argument that the reward for mining a block in Bitcoin could be increased. Technically there is nothing that prevents this from happening in Bitcoin, yet is hasn't happen. Why has this not happened in Bitcoin? Because Bitcoin miners have a stake in Bitcoin! But how great is this stake?

With Peercoin, the attacker must be fully invested in Peercoins. With Bitcoin, a malicious miner has resources invested in an infrastructure that can be pointed in the blink of an eye to perform mining on alternative coins. The attacker doesn't need to own bitcoins, therefore it could be argued that the malicious Bitcoin miner has nothing at stake in Bitcoin.

Stake grinding

Version 1 of the myth: Using only a limited amount of coin age, the blockchain history can be re-written by grinding through the probabilities involved in creating the longest blockchain. As long as there is only a little coin age left, it is possible to create one more block. This makes Proof-of-Work arbitrator in Peercoin.

Very unlikely in a mature network

When this myth is found in the wild, most often it is based on the fundamental misconception that the longest blockchain is the winning blockchain, whereas in reality the chain that has the most chain trust is selected as main chain.

Even though its theoretically possible to get lucky and mint blocks using only a small amount of coins and thereby creating the longest blockchain, it won't matter since the consumed coin days will be to small to compete with the rest of the network.

In some version of this myth, the attacker has bought old private keys that once held enough coins to attempt an attack. The misconception here is that there is a limit to how many coin days coins can accumulate. If the attacker is using very old coins, to overtake the blockchain the attacker has to create a very deep reorganization of the blockchain for the attack to be successful. To get a better understanding of how many coins we are talking about here, the reader is encouraged to study the "Peercoin is highly vunerable to 51% attack" myth here: http://www.peercointalk.org/index.php?topic=2976.msg28107#msg28107

But let's say that the attacker has somehow been able to get enough old private keys, say from the early days of Peercoin, and now has enough coins to do some serious damage, what then? Then there is hard checkpoints in the Peercoin source code (same as in Bitcoin) that protects against such a deep reorganization of the blockchain.

This means that the attacker has to acquire private keys that once held enough coins to compete with the rest of the network, but that are fresh enough so that the checkpoints won't protect against a reorganization. As the Peercoin network matures and the coin distribution widens this becomes improbable, but for the sake of the argument let's say the attacker succeeds with this, what then? Well, besides the massive amount of coin days consumed, the mere fact that a deep reorganization of blocks have occurred, is an inescapable sign of an attack taking place. Once again the attacker runs into the protection mechanisms described in the "Peercoin is highly vunerable to 51% attack" myth which you can study here: http://www.peercointalk.org/index.php?topic=2976.msg28107#msg28107

In summary, the odds of successfully carrying out a stage grinding attack is very low and as the network matures, it lowers the odds even further.

Version 2 of the myth: The blockchain can be re-written using only a trivial amount of coins. The attacker simply goes through the history of the blockchain and finds places where the stake wins a block.

Debunking the myth

The stake grinding attack doesn't work on Peercoin because the block hash is not used in the Proof-of-Stake (PoS) process. Furthermore nothing in the previous block is used in the minting of the next block. These are misconceptions about Peercoin, probably originating from people who have studied how Bitcoin works but that haven't studied the Peercoin source code.

Learn more

Study the source code yourself here:

Synchronized checkpointing

Myth: The network is centralized because the synchronized checkpointing mechanism allows Sunny King to control the blockchain history.

The purpose of synchronized checkpointing

Peercoin has hardcoded checkpoints. Bitcoin also use hardcoded checkpointing. It is a way to mitigate attacks when a new node that has yet to download the blockchain, connects to the network. In addition to hardcoded checkpointing, Peercoin use synchronized checkpoints.

Minting is when a Peercoin node creates a block (in Bitcoin this is called mining). As the number of minting nodes increases, the network becomes more secure. Initially, when the network is young, an attack is relatively cheap. During this time, the bootstrapping phase of the network, synchronized checkpointing is used to deter and protect against malicious entities. Its a temporary and precautionary measure and the plan is to phase out it out, as minting nodes are added to the network and the protection is no longer needed. The first step is to make it possible for users to disable the feature.

The synchronized checkpointing has never been a secret. It's described in the white paper written by Sunny King and Scott Nadal (http://peercoin.net/assets/paper/peercoin-paper.pdf). The mechanism is controlled by Sunny King. It's worth considering that he stands to profit a great deal if Peercoin is successful and that all his work would likely be pointless if he abused the control.

Counter-argument

Whereas Peercoin arguably started off more centralized than Bitcoin, the number of minting nodes is likely to increase over time, hence the network will become more decentralized over time. Bitcon is the opposite. Even if Bitcoin started off as a decentralized network where everyone with a CPU could participate on equal footing, because of the resource intense nature of Proof-of-Work (PoW), those with the most resources outcompete those with lesser resources, therefore Bitcoin is likely to become more centralized over time.

Community support

The Peercoin community is committed to bringing on more minting nodes, by making it easier for new and existing users to start minting.

History revision attack

Myth: An attacker can rewrite the blockchain history using old private keys.

Protection

A successful attack is theoretically possible but very unlikely to happen. Peercoin has hard checkpoints (Bitcoin core has it too) and synchronized checkpoints. Both types of checkpoints protects against this attack, simply by making a deep blockchain reorganization impossible. Coins spent before the latest checkpoint can't be used, so the coins used in the attack would have to be accumulated after that checkpoint.

The other minting nodes on the network also protects against this attack. The attacker must pick a point in time, a block in the blockchain, where the blockchain should fork. From this point forward, the attack chain must now out compete the stakes used in the main blockchain.

Let's illustrate what this means. If the network has an average of 60% of the coins used for minting since the last checkpoint (either hard or synchronized), the attacker now need outputs that had 61% of the coins.

It's also worth noticing that coins used by the attacker, if they have been spent on the main chain, will have added coin age to the chain trust, thus the coins used in the attack will not only compete with the rest of the network, but also against the stakes the same coins were used in before. In a sense, the attack coins will be competing against themselves.

In summary, as more people enter the Peercoin economy, hold coins and run minting nodes, the more expensive, difficult and less likely this attack becomes.

In-depth study

Time-drift attack

Myth: An attacker can manipulate the clock time and generate blocks ahead of time.

A moot point

Proof-of-Stake use a timestamp that is added to the transaction data. The source code allows for a slight time-drift and accordingly to the myth, an attacker can manipulate the time so as to mine blocks ahead of time or to have a much better chance to find a block. However, a closer study of attack reveals that the impact on network security is very limited.

Since the network has a tolerance of two hours of time stamp error, does it mean one can try 14400 different time stamps per second? Well, the previous block hash in not part of the hash you compute in Proof-of-Stake (PoS). So the 14400 hashes available in the time-drift attack, stay the same even if there's a new block. The only thing that may change is the difficulty. If you try the next 14400 timestamps at time t, then at time t+1 you'll try 14399 timestamps you've already tried, and only try 1 new. So you still try only 1 new timestamp per second.

Taking into account the probability of finding a block, exploiting the time-drift is insignificant. Actually the time-drift is there for a reason. The purpose is to protect the network from freezing up which could happen if some time-drift was not allowed.

Learn more

Only one developer

Myth: There is only one developer, Sunny King. He is anonymous and if something happens to him, that's the end of it.

Busting the myth

This myth is false. There are already other developers working with the Peercoin code base, so if Sunny King stopped doing so, they would have to continue without him. The myth probably originates from the fact that it took some time for Sunny King to find developers. In this type of project, it is of utmost importance that the quality of the work must meets the highest standard.

There are several active members in the Peercoin community who knows the Peercoin code base well. Some have deep knowledge and some have only partial knowledge. There are also some developers with a shallow knowledge, with an aspiration to learn more. Some noteworthy people are: Sunny King, sigmike, Jordan Lee, glv, Ben, Fuzzybear (un-verified), mphs, kac- and irigi. Keep in mind that the list doesn't tell anything about level of expertise and isn't an attempt to create a complete list either. It is however proof that there is more then one developer.

Sunny King and sigmike are working directly on the Peercoin protocol. Both have deep understanding of the source code. The team behind Peershares, a fork of Peercoin, has both in-depth knowledge of the code and a stake in a secure and stable Peercoin network.

Peercoin is about long term value and therefore security is one of Sunny King's main concerns. The purpose of Sunny King's anonymity, is that if the network would come under attack, being anonymous could buy him some more time to help secure the network. There are however several other developers with in-depth knowledge of the code base that are not anonymous. Most importantly, the code base is open source.

It is also worth noticing that Peercoin is a fork of Bitcoin, which means that much of the work that is being done on Bitcoin, Peercoin benefit from. These developers and testers, deserves credit as well.

Contributors

Peercoin was pre-mined

Myth: Peercoin was pre-mined/insta-mined.

Busting the myth

This myth is false. Sunny King announced the planned release of Peercoin nine days before the release. There were no blocks mined prior to launch.

Sources

Bitcointalk, was at the time the official forum for posting new coin announcements:

Peercoin is extremely inflationary

Myth: New coins are created all the time, it will be incredibly inflationary.

Busting the myth

The money supply curve is totally dependent on user adoption. Currently, the network is producing less coins each month. It will likely take hundreds of years to reach 1 billion peercoins, if ever.

The change of money supply is determined by:

  • Proof-of-Work difficulty level: In Peercoin, the miners only purpose is to increase the supply of coins.
  • Proof-of-Stake: Minting nodes build blocks and as a reward they get coins. This increases supply at a rate up to 1% per year.
  • Number of transactions: Every time there is a transaction, the coins in the fee is destroyed. This decreases supply.

Learn more

Peercoin is unfair

Myth: The coin is designed to make the rich richer and enrich early adopters.

Sunny King's responses

"The proof-of-stake minting provides a service to the ppc network, so why shouldn’t those who provide the service receive some compensation? The rich and the poor are treated the same here, both can provide proof-of-stake minting, and rate of income is proportional to their holding.

So you can say that the rich get richer, and the poor also get richer, at the same rate, so long as they both try to provide the service to the community. Meanwhile, those who transact in the network with high velocity pay the security cost via low inflation." (Sunny King, http://www.peercointalk.org/index.php?topic=617.0)

The Proof-of-Work difficulty algorithm in Peercoin, is designed so that the greater the interest the lower the award paid out to miners. Early adopters was able to accumulate more coins. This is a common practice in crypto currency and it also true for Bitcoin. The idea is to compensate early adopters for taking on the risk and to create an incentive structure to ensure continued health of the network. Sunny King announced the launch nine day in advance of its release, to ensure a fair distribution of coins.

Counter-argument

In Bitcoin only those who can afford to buy a purpose built mining machine, can participate in solo mining and receive a reward. If the user is willing to take on a third-party risk, there is also the option of buying mining derivatives from example cloud mining service provides. The later may push the Bitcoin network towards a centralization. Peercoin on the other hand, is designed to be resource efficient and therefore requires no special hardware. It can even run on very cheap devices, such as Raspberry Pi.

Peercoin is a scam

Myth: It is just a scam coin with no long-term plan.

Busting the myth

As a Bitcoin fork, Peercoin benefits greatly from much of the work developers put into Bitcoin. There are however many important distinguishing features. It is resource efficient, requires relatively low bandwidth and is energy efficient. It is the first Proof-of-Stake coin and one of the truly unique coins that are in the top market cap.

Peercoin is designed to be a long-term store of value and was partly born out of the concern that Bitcoin might someday suffer from the tragedy of the commons.

Learn more

Wikipedia: