Advanced Checkpointing - New Feature
-
[quote name=“Bushstar” post=“15226” timestamp=“1371291854”]
[b]Intro[/b]
The recent attacks have made us look around for ways to protect ourselves when the hash power is low. There may be longterm solutions, but we need something to protect us now. There is an Advanced Checkpointing system that Sunny King has developed. If you do not know, Sunny King is the chap who first implemented Proof-of-Stake in PPCoin.Checkpoints allow us to define in the client, blocks from our blockchain, that the client will look for. The client will reject any chain that does not have the blocks specified. There is more information on checkpoints on the page below.
https://en.bitcoin.it/wiki/Checkpoint_Lockin
Currently checkpoints need to be coded into the client which then needs to be redistributed. This system is far to slow to be able to protect us when we are under attack. What Advanced Checkpointing will allow us to do is define checkpoints without having to redistribute the client.
[b]How it works[/b]
The system works by allowing clients to subscribe to checkpoints that we issue. Subscribed clients will then only accept chains with the checkpoints we define. The idea is that we would ask the pools to subscribe so that the majority is protected. Local clients can choose whether to subscribe or not. After attacks have finished we can remove the checkpoints from the system and continue as normal.[b]In practice[/b]
This would have been extremely useful in the last attack we found ourselves under. We could clearly see the genuine blocks which got orphaned seven or more blocks a time. They were using a continuos chain to try and make the next difficulty start from a day earlier. With Advanced Checkpointing we would have checkpointed a genuine block moving the attacker away from on our chain who would end up with his own fork, separate from the subscribed network. When the attacker stop the attackers chain will die and all the clients will pick up the protected chain.
[/quote]Dam i had this idea - and i contacted Balthazar about implementing it for nibble - if you guys implement that would rock ! : D -
-
Who is going to set these checkpoints(time & which chain is valid if there is already a second one)
, and who is distributing them?nice regards
hynodeva.com dev
btw. i would help implement such system, if more details how to do that in our case are given to me.
i would like to help FTC to get out of this pretty dangerous situation… since the only thing holding the attacker back right now is the high netspeed, which might change once price drops again,
-
I believe this is fitting:
https://forum.feathercoin.com/index.php?topic=1845.0
If you’re interested in helping out with any aspect of Feathercoin (dev to artist to merchant services), please make sure you fill out the survey. I use the survey information to help organize teams as well as give Bushstar immediate resources when he requests it.
==
Ok, back to Advanced Checkpointing
-
[quote name=“hynodeva” post=“15326” timestamp=“1371310953”]
Who is going to set these checkpoints(time & which chain is valid if there is already a second one)
, and who is distributing them?nice regards
hynodeva.com dev
btw. i would help implement such system, if more details how to do that in our case are given to me.
i would like to help FTC to get out of this pretty dangerous situation… since the only thing holding the attacker back right now is the high netspeed, which might change once price drops again,
[/quote]pm me if you need help coding… no time for any surveys…
-
[quote name=“hynodeva” post=“15335” timestamp=“1371312531”]
[quote author=hynodeva link=topic=1878.msg15326#msg15326 date=1371310953]
Who is going to set these checkpoints(time & which chain is valid if there is already a second one)
, and who is distributing them?nice regards
hynodeva.com dev
btw. i would help implement such system, if more details how to do that in our case are given to me.
i would like to help FTC to get out of this pretty dangerous situation… since the only thing holding the attacker back right now is the high netspeed, which might change once price drops again,
[/quote]pm me if you need help coding… no time for any surveys…
[/quote]That’s fine. It takes all of 3 minutes and helps allocate resources correctly. With 1500+ members, it’s becoming more of a challenge to organize.
Bushstar: Please drop hyno a PM when you have a chance
-
I’m VERY wary of this solution because it threatens to un-decentralize the currency.
Whoever controls the checkpoint subscriptions… need I say more?
-
[quote name=“Kevlar” post=“15565” timestamp=“1371358564”]
I’m VERY wary of this solution because it threatens to un-decentralize the currency.Whoever controls the checkpoint subscriptions… need I say more?
[/quote]I’m probably on the other side of the spectrum. I believe in compromises concerning straight decentralization, I realize others do not.
-
[quote name=“justabitoftime” post=“15573” timestamp=“1371360215”]
[quote author=Kevlar link=topic=1878.msg15565#msg15565 date=1371358564]
I’m VERY wary of this solution because it threatens to un-decentralize the currency.Whoever controls the checkpoint subscriptions… need I say more?
[/quote]I’m probably on the other side of the spectrum. I believe in compromises concerning straight decentralization, I realize others do not.
[/quote]If you haven’t got dynamic decentralization (a tendency to spread out), you’ll get run over anyway.
Best option: get in the code and make things happen right.
-
[quote name=“Kevlar” post=“15565” timestamp=“1371358564”]
I’m VERY wary of this solution because it threatens to un-decentralize the currency.Whoever controls the checkpoint subscriptions… need I say more?
[/quote]I share this concern. Firstly I want to get this checkpointing in so we can protect against malicious users trying to control the network.
I have some ideas going forward to remove the centralisation of this solution. The majority of miners are on pools, we could ask these pools to contribute to the checkpoint feed. Checkpoints would not be published unless we had agreement between the majority. This would not work so well for adhoc checkpointing but should work for the continuos feed. The consensus between pools would stop anyone individual from controlling the checkpoints and prevent attackers from replacing the chain.
I think that this would be a sensible approach to distribution of our checkpointing solution.
-
We can delegate authority on checkpointing to the largest pools. Each pool can have a pair of keys (public/private) to sign feeds. They may also exchange information between themselves on consensus before distributing it to miners and users. A protocol needs to be defined first though. Anyway, I’d like to look at the code when it’s ready.
-
[quote name=“ghostlander” post=“15668” timestamp=“1371388489”]
We can delegate authority on checkpointing to the largest pools. Each pool can have a pair of keys (public/private) to sign feeds. They may also exchange information between themselves on consensus before distributing it to miners and users. A protocol needs to be defined first though. Anyway, I’d like to look at the code when it’s ready.
[/quote]Right, so it’s still decentralized overall with some centralized decisions within each larger pool?
-
[quote name=“justabitoftime” post=“15669” timestamp=“1371388761”]
[quote author=ghostlander link=topic=1878.msg15668#msg15668 date=1371388489]
We can delegate authority on checkpointing to the largest pools. Each pool can have a pair of keys (public/private) to sign feeds. They may also exchange information between themselves on consensus before distributing it to miners and users. A protocol needs to be defined first though. Anyway, I’d like to look at the code when it’s ready.
[/quote]Right, so it’s still decentralized overall with some centralized decisions within each larger pool?
[/quote]Let’s say large pools work together on centralised decisions. Small pools and solo miners subscribe to them. It’s like long polling.
-
[quote name=“justabitoftime” post=“15669” timestamp=“1371388761”]
Right, so it’s still decentralized overall with some centralized decisions within each larger pool?
[/quote]First iteration will be single feeds that people can subscribe to. The next iteration we can look to make sure that several miners will have to agree upon the checkpoints in the feed.
-
I’m liking the idea a LITTLE more when you started bringing in signing using PKE, but then you still have a central authority doing things like certificate issuing/revocation. Problem not solved.
-
[quote name=“Kevlar” post=“15731” timestamp=“1371410717”]
I’m liking the idea a LITTLE more when you started bringing in signing using PKE, but then you still have a central authority doing things like certificate issuing/revocation. Problem not solved.
[/quote]The central authority maintains the client & daemon. Hope you don’t mind.
-
There are already checkpoints defined in the source code of the client. This new solution allows us to continue creating checkpoints without everyone having to download a new version of the client. If we get to allow several entities to define checkpoints together then we have an improvement over the current system.
I would rather have the legitimate pools where the miners are working help define the blocks in the network than a malicious attacker with 51% of the total hashing power.
If we do not evolve against threats like this then we are not going to last. The attackers out there are savvy and they seem to be getting more powerful over time. This solution will stop attackers from orphaning blocks and therefore rolling back transactions. If we end up with 100MH again and have this solution then we do not need to worry about attacks.
-
Bushstar: I completely understand.
My question to you is: Who defines when to checkpoint? Can it be automated, and decentralized? Right now the answer is “The developers”. If you’re now pushing that responsibility to pool operators, how do you get a consensus among them?
-
[quote name=“Kevlar” post=“15757” timestamp=“1371413588”]
If you’re now pushing that responsibility to pool operators, how do you get a consensus among them?
[/quote]By voting. The majority decides unless we end up implementing some advanced weighing system based upon hash rate, number of miners, etc.
-
Checkpointing can be automatic, perhaps it should be rather than than any one person setting them.
I imagine it as ghostlander suggests, the majority, at least 51%. We can discuss whether this needs any weighting.
-
If the current thinking is that it is a dedicated rogue pool which is carrying out the attacks, or at least some massive solo miners, we could allow “trusted” pools who have a lot to lose to nominate blocks they have mined as checkpoint blocks after they’ve had 6 confirmations or so. The other pools could then choose to accept the checkpoint block and create a consencus (sp?).
The nomination of checkpoints could be limited to x per day or hour or whatever to avoid excess overhead.Any technical reason why this would not be a good idea?