Friday, July 28, 2017

Hash Attacks against HUSH cryptocurrency

In the past 15 days HUSH has released 10% to 20% of its blocks to miners who have 2x to 3x the network hashrate and come on for about 20 blocks. This is a little high because hush is using something like N=50 for its averaging window for the difficulty. That's why they come on for about 20 blocks. If hush used N=25 they would likely come on for 12 blocks, twice as often. The only solution I know of is to go as low as possible, like N=8. I thought Zcash was using N=17. Zcash could get away with N=50 because they are big. I did the measurement by checking for any sequence of 20 blocks that were solved 4 std devs faster than expected (less than 20 minutes instead of 50 minutes). I checked the validity of my statistics against a generated Poisson and it came out correct. I doubled checked it by trying to get the same avg, median, and std dev for the solve time. The only way I could generate the same data was for 3x attackers to come on at least 6x per day, so >20% blocks may be going to big miners, but I can only directly detect 3x per day (10%). My simulation was 3x attack for 1/2.5 of N and waiting for 3xN before doing it again. The std dev > 4 detection only worked 1/3 or the time or less. The median was 11% lower than it should be. This is a way to directly detect the attacks. There were no zero or negative solvetimes which makes me think HUSH is using a 3rd party for the timestamps which I did not think coins normally do. Whoever controls the clock controls the difficulty and therefore the rate of coin release. The good clock goes a LONG way to protect blocks from being stolen. I've read it negates the reason for mining. If they messed with the timestamp, then they can get all the coins they want in a few hours, up until the point a fork is forced.

They are raising the difficulty. I usually speak of it as a theft and attack, but can be argued it is not a theft, but just the magic of a free market. Asking devs for protection is like asking for government regulation.

The free market argument is that if there were enough of them seeking profit like this, then they would erase each other's profit. They are getting paid to switch around to several coins during the day while the less sophisticated are stuck on one.

Here are hash attacks against hush who has a N=50 window for averaging and karbowanek who has N=17. Most of the big karbowanek swings are reacting to shorter hash attacks.

No comments:

Post a Comment