cr1pton00b



Offline



Activity: 12

Merit: 0







NewbieActivity: 12Merit: 0 RaiBlocks is NOT secure January 01, 2018, 12:59:49 AM #1 Why RaiBlocks is not secure.



In this article I will try to explain why RaiBlocks is not secure and why its technology is any better neither comparable than the Bitcoin technology.



1. Decentralized payments

Decentralized payment networks are, in opposite of centralized payment network like banks, a way to secure your money without having the risk that a central authority could steal your money or manipulate the money in the market. Decentralized payment networks use asymmetric cryptography to ensure that you are the only one who can spend your money.

When you create a cryptocurrency wallet you are given a public key and a private key. The public key allows other people to send you money, while the private key allows you to spend them.



But how other users know how many money do you have?

To accomplish this, every user of a decentralized payment network must download the entire transaction database which is replicated on the entire network. When you send a payment over the network, it is received by all the users connected on the network allowing them to know your updated wallet balance and allowing them to discard that payment if you dont own enough funds.



2. Double Spending

The main problem that afflicts decentralized payment networks is double spending: the ability of an user to spend his money multiple times. In the real world, when you pay someone you give him the real cash. In a centralized payment network, like VISA, the central database is updated every time you make a payment, and they will not allow you to spend more money than your balance.

In a decentralized payment network what happens if you send the same amount of money on two users of the network in the same time? Since their database takes time to update for a small amount of time they both will receive the payment and accept it. In a later moment, when the network tells them that you double spent your money, they will cancel the payment, this is possible because every payment is broadcasted to the entire network, not only the receiver.

Without any other security layer, if a malicious user double spends his money and succeeds to block a payment receiver to know that he sent the same money to someone else (or even better, to another wallet of his own), the payment receiver will accept the payment and ship the good. This is so bad, since even a network connection problem could temporarily lead a payment receiver to undetect double spendings.



3. The Bitcoin Solution

To solve this problem, Bitcoin relays on the fact that after you receive a payment you need to wait a confirmation block, the confirmation block tells you that the payment you have received has been accepted by the entire network and you are allowed to spend it. To create a confirmation block, the miners create a list of all the pending unconfirmed transactions and solve a very difficult mathematical puzzle. The miner who solves the puzzle first, sends the block he found with all the list of confirmed transaction and the solved puzzle to the network, the users of the network will check if the puzzle solution is valid and then reward him with some free coins plus the sum of all the payment fees of each transaction in the block. The miners must create a valid list of payments to be accepted by the network, so double spend attempts are just discarded.



In Bitcoin an attacker, to make a succesful double spending, should not just stop you from receiving a double spend attempt message, but he should also solve the puzzle to create a confirmation block in a reasonable time frame. Currently solving that puzzle with a single computer would take years; at writing time to solve that puzzle a network of thousands dedicated hardware is used, an attacker would require a billionaire investment to replicate that network. Moreover, it would not only need to create one confirmation block but six of them (6 confirmation blocks are required in the Bitcoin network to trust a payment).



Critics of Bitcoin say that all the computation power used to make the Bitcoin network secure is just a waste of energy because there are other reliable and better technologies. Is that true?



4. What is RaiBlocks?

RaiBlocks is a crypto currency that advertises itself as a fast, fee-less and secure currency, unlikely Bitcoin which is currently slow and high-fee (usually requires 1 hour to a full payment confirmation).

But the key point is that Bitcoin has been made that way to guarantee his users a certain amount of security to prevent double spendings.



RaiBlocks completely ignores the Bitcoin technology and relies on a special version of the Proof Of Stake concept.

When you receive a payment in the RaiBlocks network you have to wait a certain amount of time to be sure that a double spending has not been attempted (and remember the first problem, if an attacker stops you from receiving the double spend you would never know!)

When a double spent is detected, the RaiBlocks network starts a vote. Every peer connected to the network vote to accept the payment A or payment B; every user vote is weighted with the amount of his balance. Usually each peer votes for the first transaction he receives. The transaction which the sum of votes reaches the 51% of online amount of currency wins. The winning transaction is accepted by the network and the other one is discarded. (Reference



The payment receiver, if his network has not been compromised, will then know if he can trust the payment or not, and will ship the good accordingly. This system leads to an unsolvable problem.



5. The Man in the Middle attack.



If an attacker succeeds to put himself between a merchant and the RaiBlocks network he can just filter the double spending payment packets, and the merchant will never know that he is receiving a double spending. The Raiblocks network will discard that payment while the merchant will accept it.



https://s18.postimg.org/7pnm6yweh/doublespend.png



6. Solutions proposed by the RaiBlocks team



a) The merchant should ask a vote for each payment he receives and wait for the confirmation.

The problem is that the attacker could manipulate the vote by telling the merchant that only his peers are connected to the network thus he will win the vote by filtering only his votes. Plus, asking a vote for each payment would cause a huge increment of bandwidth usage that many peers could not handle.



b) The merchant should have a remote node verifying the payment.

The attacker could just attack that network too.



c) The merchant should ask the RaiBlocks.net website if the payment has been accepted.

The attacker can hack the RaiBlocks.net website. Also if you have to rely on a website you can no longer consider RaiBlocks a decentralized network.



Other solutions



1) A payment to be accepted should require a vote with a minimum weight quorum.

It's difficult to establish a correct quorum, and if that quorum is offline no payments will be processed.



2) A payment need to be accepted by some trusted representatives.

This will stop the network on being decentralized. Also, if those representatives are offline the payments are not processed.



7. Why Bitcoin is not vulnerable to this type of attack

Simply because an attacker, to be trusted by a merchant, would require to solve a very difficult puzzle for six times. An attacker cannot alter the difficulty of that puzzle.



8. Other observations



a) RaiBlocks is just Bitcoins without the Bitcoin securing algorithm. The creator of Bitcoin, Satoshi Nakamoto, describes the double spending problem in the original Bitcoin paper:



b) The official representatives of the RaiBlocks network own more than 52% of total voting weight, allowing the developer to manipulate every vote on his will.

Source:





9. References

https://RaiBlocks.net/media/RaiBlocks_Whitepaper__English.pdf

https://github.com/clemahieu/RaiBlocks/wiki/Double-spending-and-confirmation In this article I will try to explain why RaiBlocks is not secure and why its technology is any better neither comparable than the Bitcoin technology.Decentralized payment networks are, in opposite of centralized payment network like banks, a way to secure your money without having the risk that a central authority could steal your money or manipulate the money in the market. Decentralized payment networks use asymmetric cryptography to ensure that you are the only one who can spend your money.When you create a cryptocurrency wallet you are given a public key and a private key. The public key allows other people to send you money, while the private key allows you to spend them.To accomplish this, every user of a decentralized payment network must download the entire transaction database which is replicated on the entire network. When you send a payment over the network, it is received by all the users connected on the network allowing them to know your updated wallet balance and allowing them to discard that payment if you dont own enough funds.The main problem that afflicts decentralized payment networks is double spending: the ability of an user to spend his money multiple times. In the real world, when you pay someone you give him the real cash. In a centralized payment network, like VISA, the central database is updated every time you make a payment, and they will not allow you to spend more money than your balance.In a decentralized payment network what happens if you send the same amount of money on two users of the network in the same time? Since their database takes time to update for a small amount of time they both will receive the payment and accept it. In a later moment, when the network tells them that you double spent your money, they will cancel the payment, this is possible because every payment is broadcasted to the entire network, not only the receiver.Without any other security layer, if a malicious user double spends his money and succeeds to block a payment receiver to know that he sent the same money to someone else (or even better, to another wallet of his own), the payment receiver will accept the payment and ship the good. This is so bad, since even a network connection problem could temporarily lead a payment receiver to undetect double spendings.To solve this problem, Bitcoin relays on the fact that after you receive a payment you need to wait a confirmation block, the confirmation block tells you that the payment you have received has been accepted by the entire network and you are allowed to spend it. To create a confirmation block, the miners create a list of all the pending unconfirmed transactions and solve a very difficult mathematical puzzle. The miner who solves the puzzle first, sends the block he found with all the list of confirmed transaction and the solved puzzle to the network, the users of the network will check if the puzzle solution is valid and then reward him with some free coins plus the sum of all the payment fees of each transaction in the block. The miners must create a valid list of payments to be accepted by the network, so double spend attempts are just discarded.In Bitcoin an attacker, to make a succesful double spending, should not just stop you from receiving a double spend attempt message, but he should also solve the puzzle to create a confirmation block in a reasonable time frame. Currently solving that puzzle with a single computer would take years; at writing time to solve that puzzle a network of thousands dedicated hardware is used, an attacker would require a billionaire investment to replicate that network. Moreover, it would not only need to create one confirmation block but six of them (6 confirmation blocks are required in the Bitcoin network to trust a payment).Critics of Bitcoin say that all the computation power used to make the Bitcoin network secure is just a waste of energy because there are other reliable and better technologies. Is that true?RaiBlocks is a crypto currency that advertises itself as a fast, fee-less and secure currency, unlikely Bitcoin which is currently slow and high-fee (usually requires 1 hour to a full payment confirmation).But the key point is that Bitcoin has been made that way to guarantee his users a certain amount of security to prevent double spendings.RaiBlocks completely ignores the Bitcoin technology and relies on a special version of the Proof Of Stake concept.When you receive a payment in the RaiBlocks network you have to wait a certain amount of time to be sure that a double spending has not been attempted (and remember the first problem, if an attacker stops you from receiving the double spend you would never know!)When a double spent is detected, the RaiBlocks network starts a vote. Every peer connected to the network vote to accept the payment A or payment B; every user vote is weighted with the amount of his balance. Usually each peer votes for the first transaction he receives. The transaction which the sum of votes reaches the 51% of online amount of currency wins. The winning transaction is accepted by the network and the other one is discarded. (Reference https://github.com/clemahieu/RaiBlocks/wiki/Double-spending-and-confirmation The payment receiver, if his network has not been compromised, will then know if he can trust the payment or not, and will ship the good accordingly. This system leads to an unsolvable problem.If an attacker succeeds to put himself between a merchant and the RaiBlocks network he can just filter the double spending payment packets, and the merchant will never know that he is receiving a double spending. The Raiblocks network will discard that payment while the merchant will accept it.a) The merchant should ask a vote for each payment he receives and wait for the confirmation.The problem is that the attacker could manipulate the vote by telling the merchant that only his peers are connected to the network thus he will win the vote by filtering only his votes. Plus, asking a vote for each payment would cause a huge increment of bandwidth usage that many peers could not handle.b) The merchant should have a remote node verifying the payment.The attacker could just attack that network too.c) The merchant should ask the RaiBlocks.net website if the payment has been accepted.The attacker can hack the RaiBlocks.net website. Also if you have to rely on a website you can no longer consider RaiBlocks a decentralized network.1) A payment to be accepted should require a vote with a minimum weight quorum.It's difficult to establish a correct quorum, and if that quorum is offline no payments will be processed.2) A payment need to be accepted by some trusted representatives.This will stop the network on being decentralized. Also, if those representatives are offline the payments are not processed.Simply because an attacker, to be trusted by a merchant, would require to solve a very difficult puzzle for six times. An attacker cannot alter the difficulty of that puzzle.a) RaiBlocks is just Bitcoins without the Bitcoin securing algorithm. The creator of Bitcoin, Satoshi Nakamoto, describes the double spending problem in the original Bitcoin paper: https://Bitcoin.org/Bitcoin.pdf . The developer of RaiBlocks just thinks to solve the problem by ignoring the problem.b) The official representatives of the RaiBlocks network own more than 52% of total voting weight, allowing the developer to manipulate every vote on his will.Source: https://dev.RaiBlocks.net/page/representatives.php

algo123



Offline



Activity: 4

Merit: 0







NewbieActivity: 4Merit: 0 Re: RaiBlocks is NOT secure January 01, 2018, 04:46:45 PM #2 Thanks for the MITM analysis. Is your MITM attack scenario a problem for IOTA as well and not just XRB? If not, why not?

CyraxMax



Offline



Activity: 142

Merit: 10







MemberActivity: 142Merit: 10 Re: RaiBlocks is NOT secure January 01, 2018, 05:51:16 PM #4 Quote from: percocet on January 01, 2018, 11:47:34 AM To all newcomers to Raiblocks



If you are new to Bitcointalk you may not realize how things work around here. Ask yourself this - why would someone who states that Raiblocks is crap/a pump and dump/full of flaws, etc. keep coming on here posting the same thing over and over again even though it has already been addressed numerous times before? Because they care about noobs and want to protect them from the big bad Raiblocks dev stealing their money? LOL, I think not.



There are 3 reasons for these FUD (Fear, Uncertainty, Doubt) posts:



1) Usually the person posting the FUD is actually holding the coin they are bashing - they make negative posts in an attempt to drive down the price so they can buy more.



2) They may also be holding a competing coin (IOTA for example) and they are angry that another coin has taken the spotlight away from them. You can spot people in this group as they will often have a signature advertising another coin or they will shill it directly in their post.



3) Pure saltiness. This forum has really gone downhill over the years and it is now filled with desperate, salty children who are angry that they missed the boat.



The world is full of toxic people who cannot accomplish anything on their own so they try to make themselves feel better by attacking other people's accomplishments. Ignore them and DO YOUR OWN RESEARCH!



Blacklisted users that are here to spread FUD:



fracas:

xibeijan:

djpitagora:

cr1pton00b:



read their past posts and decide for yourself.

This is a coordinated attack against XRB and we need to stop this shit show. Blacklisted users that are here to spread FUD:fracas: https://bitcointalk.org/index.php?action=profile;u=1018688;sa=showPosts xibeijan: https://bitcointalk.org/index.php?action=profile;u=110938;sa=showPosts djpitagora: https://bitcointalk.org/index.php?action=profile;u=1264506;sa=showPosts cr1pton00b: https://bitcointalk.org/index.php?action=profile;u=1557981;sa=showPosts read their past posts and decide for yourself.This is a coordinated attack against XRB and we need to stop this shit show.

christianb35



Offline



Activity: 66

Merit: 0







NewbieActivity: 66Merit: 0 Re: RaiBlocks is NOT secure January 03, 2018, 11:41:51 PM #6 Quote



5. The Man in the Middle attack.



If an attacker succeeds to put himself between a merchant and the RaiBlocks network he can just filter the double spending payment packets, and the merchant will never know that he is receiving a double spending. The Raiblocks network will discard that payment while the merchant will accept it.



https://s18.postimg.org/7pnm6yweh/doublespend.png



6. Solutions proposed by the RaiBlocks team



a) The merchant should ask a vote for each payment he receives and wait for the confirmation.

The problem is that the attacker could manipulate the vote by telling the merchant that only his peers are connected to the network thus he will win the vote by filtering only his votes. Plus, asking a vote for each payment would cause a huge increment of bandwidth usage that many peers could not handle.



b) The merchant should have a remote node verifying the payment.

The attacker could just attack that network too. The payment receiver, if his network has not been compromised, will then know if he can trust the payment or not, and will ship the good accordingly. This system leads to an unsolvable problem.5. The Man in the Middle attack.If an attacker succeeds to put himself between a merchant and the RaiBlocks network he can just filter the double spending payment packets, and the merchant will never know that he is receiving a double spending. The Raiblocks network will discard that payment while the merchant will accept it.6. Solutions proposed by the RaiBlocks teama) The merchant should ask a vote for each payment he receives and wait for the confirmation.The problem is that the attacker could manipulate the vote by telling the merchant that only his peers are connected to the network thus he will win the vote by filtering only his votes. Plus, asking a vote for each payment would cause a huge increment of bandwidth usage that many peers could not handle.b) The merchant should have a remote node verifying the payment.The attacker could just attack that network too.



This is not a security issue with RaiBlocks but all over the Internet if you dont use a secure connection Yes, a man in the middle can make you think all he want, Bitcoin IS vultnerable to that too and the 6 confirmations other than tiring the middle man is not a solution, the solution is to use SSL between peers.This is not a security issue with RaiBlocks but all over the Internet if you dont use a secure connection

crypt0heaven



Offline



Activity: 182

Merit: 100









Full MemberActivity: 182Merit: 100 Re: RaiBlocks is NOT secure January 03, 2018, 11:52:02 PM #7 Quote from: cr1pton00b on January 01, 2018, 12:59:49 AM Why RaiBlocks is not secure.



In this article I will try to explain why RaiBlocks is not secure and why its technology is any better neither comparable than the Bitcoin technology.



1. Decentralized payments

Decentralized payment networks are, in opposite of centralized payment network like banks, a way to secure your money without having the risk that a central authority could steal your money or manipulate the money in the market. Decentralized payment networks use asymmetric cryptography to ensure that you are the only one who can spend your money.

When you create a cryptocurrency wallet you are given a public key and a private key. The public key allows other people to send you money, while the private key allows you to spend them.



But how other users know how many money do you have?

To accomplish this, every user of a decentralized payment network must download the entire transaction database which is replicated on the entire network. When you send a payment over the network, it is received by all the users connected on the network allowing them to know your updated wallet balance and allowing them to discard that payment if you dont own enough funds.



2. Double Spending

The main problem that afflicts decentralized payment networks is double spending: the ability of an user to spend his money multiple times. In the real world, when you pay someone you give him the real cash. In a centralized payment network, like VISA, the central database is updated every time you make a payment, and they will not allow you to spend more money than your balance.

In a decentralized payment network what happens if you send the same amount of money on two users of the network in the same time? Since their database takes time to update for a small amount of time they both will receive the payment and accept it. In a later moment, when the network tells them that you double spent your money, they will cancel the payment, this is possible because every payment is broadcasted to the entire network, not only the receiver.

Without any other security layer, if a malicious user double spends his money and succeeds to block a payment receiver to know that he sent the same money to someone else (or even better, to another wallet of his own), the payment receiver will accept the payment and ship the good. This is so bad, since even a network connection problem could temporarily lead a payment receiver to undetect double spendings.



3. The Bitcoin Solution

To solve this problem, Bitcoin relays on the fact that after you receive a payment you need to wait a confirmation block, the confirmation block tells you that the payment you have received has been accepted by the entire network and you are allowed to spend it. To create a confirmation block, the miners create a list of all the pending unconfirmed transactions and solve a very difficult mathematical puzzle. The miner who solves the puzzle first, sends the block he found with all the list of confirmed transaction and the solved puzzle to the network, the users of the network will check if the puzzle solution is valid and then reward him with some free coins plus the sum of all the payment fees of each transaction in the block. The miners must create a valid list of payments to be accepted by the network, so double spend attempts are just discarded.



In Bitcoin an attacker, to make a succesful double spending, should not just stop you from receiving a double spend attempt message, but he should also solve the puzzle to create a confirmation block in a reasonable time frame. Currently solving that puzzle with a single computer would take years; at writing time to solve that puzzle a network of thousands dedicated hardware is used, an attacker would require a billionaire investment to replicate that network. Moreover, it would not only need to create one confirmation block but six of them (6 confirmation blocks are required in the Bitcoin network to trust a payment).



Critics of Bitcoin say that all the computation power used to make the Bitcoin network secure is just a waste of energy because there are other reliable and better technologies. Is that true?



4. What is RaiBlocks?

RaiBlocks is a crypto currency that advertises itself as a fast, fee-less and secure currency, unlikely Bitcoin which is currently slow and high-fee (usually requires 1 hour to a full payment confirmation).

But the key point is that Bitcoin has been made that way to guarantee his users a certain amount of security to prevent double spendings.



RaiBlocks completely ignores the Bitcoin technology and relies on a special version of the Proof Of Stake concept.

When you receive a payment in the RaiBlocks network you have to wait a certain amount of time to be sure that a double spending has not been attempted (and remember the first problem, if an attacker stops you from receiving the double spend you would never know!)

When a double spent is detected, the RaiBlocks network starts a vote. Every peer connected to the network vote to accept the payment A or payment B; every user vote is weighted with the amount of his balance. Usually each peer votes for the first transaction he receives. The transaction which the sum of votes reaches the 51% of online amount of currency wins. The winning transaction is accepted by the network and the other one is discarded. (Reference



The payment receiver, if his network has not been compromised, will then know if he can trust the payment or not, and will ship the good accordingly. This system leads to an unsolvable problem.



5. The Man in the Middle attack.



If an attacker succeeds to put himself between a merchant and the RaiBlocks network he can just filter the double spending payment packets, and the merchant will never know that he is receiving a double spending. The Raiblocks network will discard that payment while the merchant will accept it.







6. Solutions proposed by the RaiBlocks team



a) The merchant should ask a vote for each payment he receives and wait for the confirmation.

The problem is that the attacker could manipulate the vote by telling the merchant that only his peers are connected to the network thus he will win the vote by filtering only his votes. Plus, asking a vote for each payment would cause a huge increment of bandwidth usage that many peers could not handle.



b) The merchant should have a remote node verifying the payment.

The attacker could just attack that network too.



c) The merchant should ask the RaiBlocks.net website if the payment has been accepted.

The attacker can hack the RaiBlocks.net website. Also if you have to rely on a website you can no longer consider RaiBlocks a decentralized network.



Other solutions



1) A payment to be accepted should require a vote with a minimum weight quorum.

It's difficult to establish a correct quorum, and if that quorum is offline no payments will be processed.



2) A payment need to be accepted by some trusted representatives.

This will stop the network on being decentralized. Also, if those representatives are offline the payments are not processed.



7. Why Bitcoin is not vulnerable to this type of attack

Simply because an attacker, to be trusted by a merchant, would require to solve a very difficult puzzle for six times. An attacker cannot alter the difficulty of that puzzle.



8. Other observations



a) RaiBlocks is just Bitcoins without the Bitcoin securing algorithm. The creator of Bitcoin, Satoshi Nakamoto, describes the double spending problem in the original Bitcoin paper:



b) The official representatives of the RaiBlocks network own more than 52% of total voting weight, allowing the developer to manipulate every vote on his will.

Source:





9. References

https://RaiBlocks.net/media/RaiBlocks_Whitepaper__English.pdf

https://github.com/clemahieu/RaiBlocks/wiki/Double-spending-and-confirmation

In this article I will try to explain why RaiBlocks is not secure and why its technology is any better neither comparable than the Bitcoin technology.Decentralized payment networks are, in opposite of centralized payment network like banks, a way to secure your money without having the risk that a central authority could steal your money or manipulate the money in the market. Decentralized payment networks use asymmetric cryptography to ensure that you are the only one who can spend your money.When you create a cryptocurrency wallet you are given a public key and a private key. The public key allows other people to send you money, while the private key allows you to spend them.To accomplish this, every user of a decentralized payment network must download the entire transaction database which is replicated on the entire network. When you send a payment over the network, it is received by all the users connected on the network allowing them to know your updated wallet balance and allowing them to discard that payment if you dont own enough funds.The main problem that afflicts decentralized payment networks is double spending: the ability of an user to spend his money multiple times. In the real world, when you pay someone you give him the real cash. In a centralized payment network, like VISA, the central database is updated every time you make a payment, and they will not allow you to spend more money than your balance.In a decentralized payment network what happens if you send the same amount of money on two users of the network in the same time? Since their database takes time to update for a small amount of time they both will receive the payment and accept it. In a later moment, when the network tells them that you double spent your money, they will cancel the payment, this is possible because every payment is broadcasted to the entire network, not only the receiver.Without any other security layer, if a malicious user double spends his money and succeeds to block a payment receiver to know that he sent the same money to someone else (or even better, to another wallet of his own), the payment receiver will accept the payment and ship the good. This is so bad, since even a network connection problem could temporarily lead a payment receiver to undetect double spendings.To solve this problem, Bitcoin relays on the fact that after you receive a payment you need to wait a confirmation block, the confirmation block tells you that the payment you have received has been accepted by the entire network and you are allowed to spend it. To create a confirmation block, the miners create a list of all the pending unconfirmed transactions and solve a very difficult mathematical puzzle. The miner who solves the puzzle first, sends the block he found with all the list of confirmed transaction and the solved puzzle to the network, the users of the network will check if the puzzle solution is valid and then reward him with some free coins plus the sum of all the payment fees of each transaction in the block. The miners must create a valid list of payments to be accepted by the network, so double spend attempts are just discarded.In Bitcoin an attacker, to make a succesful double spending, should not just stop you from receiving a double spend attempt message, but he should also solve the puzzle to create a confirmation block in a reasonable time frame. Currently solving that puzzle with a single computer would take years; at writing time to solve that puzzle a network of thousands dedicated hardware is used, an attacker would require a billionaire investment to replicate that network. Moreover, it would not only need to create one confirmation block but six of them (6 confirmation blocks are required in the Bitcoin network to trust a payment).Critics of Bitcoin say that all the computation power used to make the Bitcoin network secure is just a waste of energy because there are other reliable and better technologies. Is that true?RaiBlocks is a crypto currency that advertises itself as a fast, fee-less and secure currency, unlikely Bitcoin which is currently slow and high-fee (usually requires 1 hour to a full payment confirmation).But the key point is that Bitcoin has been made that way to guarantee his users a certain amount of security to prevent double spendings.RaiBlocks completely ignores the Bitcoin technology and relies on a special version of the Proof Of Stake concept.When you receive a payment in the RaiBlocks network you have to wait a certain amount of time to be sure that a double spending has not been attempted (and remember the first problem, if an attacker stops you from receiving the double spend you would never know!)When a double spent is detected, the RaiBlocks network starts a vote. Every peer connected to the network vote to accept the payment A or payment B; every user vote is weighted with the amount of his balance. Usually each peer votes for the first transaction he receives. The transaction which the sum of votes reaches the 51% of online amount of currency wins. The winning transaction is accepted by the network and the other one is discarded. (Reference https://github.com/clemahieu/RaiBlocks/wiki/Double-spending-and-confirmation The payment receiver, if his network has not been compromised, will then know if he can trust the payment or not, and will ship the good accordingly. This system leads to an unsolvable problem.If an attacker succeeds to put himself between a merchant and the RaiBlocks network he can just filter the double spending payment packets, and the merchant will never know that he is receiving a double spending. The Raiblocks network will discard that payment while the merchant will accept it.a) The merchant should ask a vote for each payment he receives and wait for the confirmation.The problem is that the attacker could manipulate the vote by telling the merchant that only his peers are connected to the network thus he will win the vote by filtering only his votes. Plus, asking a vote for each payment would cause a huge increment of bandwidth usage that many peers could not handle.b) The merchant should have a remote node verifying the payment.The attacker could just attack that network too.c) The merchant should ask the RaiBlocks.net website if the payment has been accepted.The attacker can hack the RaiBlocks.net website. Also if you have to rely on a website you can no longer consider RaiBlocks a decentralized network.1) A payment to be accepted should require a vote with a minimum weight quorum.It's difficult to establish a correct quorum, and if that quorum is offline no payments will be processed.2) A payment need to be accepted by some trusted representatives.This will stop the network on being decentralized. Also, if those representatives are offline the payments are not processed.Simply because an attacker, to be trusted by a merchant, would require to solve a very difficult puzzle for six times. An attacker cannot alter the difficulty of that puzzle.a) RaiBlocks is just Bitcoins without the Bitcoin securing algorithm. The creator of Bitcoin, Satoshi Nakamoto, describes the double spending problem in the original Bitcoin paper: https://Bitcoin.org/Bitcoin.pdf . The developer of RaiBlocks just thinks to solve the problem by ignoring the problem.b) The official representatives of the RaiBlocks network own more than 52% of total voting weight, allowing the developer to manipulate every vote on his will.Source: https://dev.RaiBlocks.net/page/representatives.php

look at pascal a much better one look at pascal a much better one

mademanalex



Offline



Activity: 39

Merit: 0







NewbieActivity: 39Merit: 0 Re: RaiBlocks is NOT secure January 11, 2018, 09:34:52 AM #8 Bitcoin which code is only one page long had a bug, Ethereum got hacked 2 times, and you guys think Raiblocks which is on the market for less than 4 months is secure enough to trust 3 or 4 billion of your money to it...? It will get tested. Dont worry. And if it fails it goes to 0 , if it succeeds if will be a trillion dollars worth. There is no hush. if someone tells you to buy now or you miss the train , that person is lying to you. now it 3 billion marketcap. If Raiblocks can keep its promise of being secure it will be worth a few trillion. If you fomo and want to get in now , then you will just be the test subject.



your decision. And yes it is pretty centralised.

Exterminador de Scam



Offline



Activity: 28

Merit: 0







NewbieActivity: 28Merit: 0 Re: RaiBlocks is NOT secure January 11, 2018, 07:52:59 PM #9 Quote from: cr1pton00b on January 01, 2018, 12:59:49 AM Why RaiBlocks is not secure.



In this article I will try to explain why RaiBlocks is not secure and why its technology is any better neither comparable than the Bitcoin technology.



1. Decentralized payments

Decentralized payment networks are, in opposite of centralized payment network like banks, a way to secure your money without having the risk that a central authority could steal your money or manipulate the money in the market. Decentralized payment networks use asymmetric cryptography to ensure that you are the only one who can spend your money.

When you create a cryptocurrency wallet you are given a public key and a private key. The public key allows other people to send you money, while the private key allows you to spend them.



But how other users know how many money do you have?

To accomplish this, every user of a decentralized payment network must download the entire transaction database which is replicated on the entire network. When you send a payment over the network, it is received by all the users connected on the network allowing them to know your updated wallet balance and allowing them to discard that payment if you don’t own enough funds.



2. Double Spending

The main problem that afflicts decentralized payment networks is double spending: the ability of an user to spend his money multiple times. In the real world, when you pay someone you give him the real cash. In a centralized payment network, like VISA, the central database is updated every time you make a payment, and they will not allow you to spend more money than your balance.

In a decentralized payment network what happens if you send the same amount of money on two users of the network in the same time? Since their database takes time to update for a small amount of time they both will receive the payment and accept it. In a later moment, when the network tells them that you double spent your money, they will cancel the payment, this is possible because every payment is broadcasted to the entire network, not only the receiver.

Without any other security layer, if a malicious user double spends his money and succeeds to block a payment receiver to know that he sent the same money to someone else (or even better, to another wallet of his own), the payment receiver will accept the payment and ship the good. This is so bad, since even a network connection problem could temporarily lead a payment receiver to undetect double spendings.



3. The Bitcoin Solution

To solve this problem, Bitcoin relays on the fact that after you receive a payment you need to wait a confirmation block, the confirmation block tells you that the payment you have received has been accepted by the entire network and you are allowed to spend it. To create a confirmation block, the miners create a list of all the pending unconfirmed transactions and solve a very difficult mathematical puzzle. The miner who solves the puzzle first, sends the block he found with all the list of confirmed transaction and the solved puzzle to the network, the users of the network will check if the puzzle solution is valid and then reward him with some free coins plus the sum of all the payment fees of each transaction in the block. The miners must create a valid list of payments to be accepted by the network, so double spend attempts are just discarded.



In Bitcoin an attacker, to make a succesful double spending, should not just stop you from receiving a double spend attempt message, but he should also solve the puzzle to create a confirmation block in a reasonable time frame. Currently solving that puzzle with a single computer would take years; at writing time to solve that puzzle a network of thousands dedicated hardware is used, an attacker would require a billionaire investment to replicate that network. Moreover, it would not only need to create one confirmation block but six of them (6 confirmation blocks are required in the Bitcoin network to trust a payment).



Critics of Bitcoin say that all the computation power used to make the Bitcoin network secure is just a waste of energy because there are other reliable and better technologies. Is that true?



4. What is RaiBlocks?

RaiBlocks is a crypto currency that advertises itself as a fast, fee-less and secure currency, unlikely Bitcoin which is currently slow and high-fee (usually requires 1 hour to a full payment confirmation).

But the key point is that Bitcoin has been made that way to guarantee his users a certain amount of security to prevent double spendings.



RaiBlocks completely ignores the Bitcoin technology and relies on a special version of the Proof Of Stake concept.

When you receive a payment in the RaiBlocks network you have to wait a certain amount of time to be sure that a double spending has not been attempted (and remember the first problem, if an attacker stops you from receiving the double spend you would never know!)

When a double spent is detected, the RaiBlocks network starts a vote. Every peer connected to the network vote to accept the payment A or payment B; every user vote is weighted with the amount of his balance. Usually each peer votes for the first transaction he receives. The transaction which the sum of votes reaches the 51% of online amount of currency wins. The winning transaction is accepted by the network and the other one is discarded. (Reference



The payment receiver, if his network has not been compromised, will then know if he can trust the payment or not, and will ship the good accordingly. This system leads to an unsolvable problem.



5. The Man in the Middle attack.



If an attacker succeeds to put himself between a merchant and the RaiBlocks network he can just filter the double spending payment packets, and the merchant will never know that he is receiving a double spending. The Raiblocks network will discard that payment while the merchant will accept it.



https://s18.postimg.org/7pnm6yweh/doublespend.png



6. Solutions proposed by the RaiBlocks team



a) The merchant should ask a vote for each payment he receives and wait for the confirmation.

The problem is that the attacker could manipulate the vote by telling the merchant that only his peers are connected to the network thus he will win the vote by filtering only his votes. Plus, asking a vote for each payment would cause a huge increment of bandwidth usage that many peers could not handle.



b) The merchant should have a remote node verifying the payment.

The attacker could just attack that network too.



c) The merchant should ask the RaiBlocks.net website if the payment has been accepted.

The attacker can hack the RaiBlocks.net website. Also if you have to rely on a website you can no longer consider RaiBlocks a decentralized network.



Other solutions



1) A payment to be accepted should require a vote with a minimum weight quorum.

It's difficult to establish a correct quorum, and if that quorum is offline no payments will be processed.



2) A payment need to be accepted by some trusted representatives.

This will stop the network on being decentralized. Also, if those representatives are offline the payments are not processed.



7. Why Bitcoin is not vulnerable to this type of attack

Simply because an attacker, to be trusted by a merchant, would require to solve a very difficult puzzle for six times. An attacker cannot alter the difficulty of that puzzle.



8. Other observations



a) RaiBlocks is just Bitcoins without the Bitcoin securing algorithm. The creator of Bitcoin, Satoshi Nakamoto, describes the double spending problem in the original Bitcoin paper:



b) The official representatives of the RaiBlocks network own more than 52% of total voting weight, allowing the developer to manipulate every vote on his will.

Source:





9. References

https://RaiBlocks.net/media/RaiBlocks_Whitepaper__English.pdf

https://github.com/clemahieu/RaiBlocks/wiki/Double-spending-and-confirmation

In this article I will try to explain why RaiBlocks is not secure and why its technology is any better neither comparable than the Bitcoin technology.Decentralized payment networks are, in opposite of centralized payment network like banks, a way to secure your money without having the risk that a central authority could steal your money or manipulate the money in the market. Decentralized payment networks use asymmetric cryptography to ensure that you are the only one who can spend your money.When you create a cryptocurrency wallet you are given a public key and a private key. The public key allows other people to send you money, while the private key allows you to spend them.To accomplish this, every user of a decentralized payment network must download the entire transaction database which is replicated on the entire network. When you send a payment over the network, it is received by all the users connected on the network allowing them to know your updated wallet balance and allowing them to discard that payment if you don’t own enough funds.The main problem that afflicts decentralized payment networks is double spending: the ability of an user to spend his money multiple times. In the real world, when you pay someone you give him the real cash. In a centralized payment network, like VISA, the central database is updated every time you make a payment, and they will not allow you to spend more money than your balance.In a decentralized payment network what happens if you send the same amount of money on two users of the network in the same time? Since their database takes time to update for a small amount of time they both will receive the payment and accept it. In a later moment, when the network tells them that you double spent your money, they will cancel the payment, this is possible because every payment is broadcasted to the entire network, not only the receiver.Without any other security layer, if a malicious user double spends his money and succeeds to block a payment receiver to know that he sent the same money to someone else (or even better, to another wallet of his own), the payment receiver will accept the payment and ship the good. This is so bad, since even a network connection problem could temporarily lead a payment receiver to undetect double spendings.To solve this problem, Bitcoin relays on the fact that after you receive a payment you need to wait a confirmation block, the confirmation block tells you that the payment you have received has been accepted by the entire network and you are allowed to spend it. To create a confirmation block, the miners create a list of all the pending unconfirmed transactions and solve a very difficult mathematical puzzle. The miner who solves the puzzle first, sends the block he found with all the list of confirmed transaction and the solved puzzle to the network, the users of the network will check if the puzzle solution is valid and then reward him with some free coins plus the sum of all the payment fees of each transaction in the block. The miners must create a valid list of payments to be accepted by the network, so double spend attempts are just discarded.In Bitcoin an attacker, to make a succesful double spending, should not just stop you from receiving a double spend attempt message, but he should also solve the puzzle to create a confirmation block in a reasonable time frame. Currently solving that puzzle with a single computer would take years; at writing time to solve that puzzle a network of thousands dedicated hardware is used, an attacker would require a billionaire investment to replicate that network. Moreover, it would not only need to create one confirmation block but six of them (6 confirmation blocks are required in the Bitcoin network to trust a payment).Critics of Bitcoin say that all the computation power used to make the Bitcoin network secure is just a waste of energy because there are other reliable and better technologies. Is that true?RaiBlocks is a crypto currency that advertises itself as a fast, fee-less and secure currency, unlikely Bitcoin which is currently slow and high-fee (usually requires 1 hour to a full payment confirmation).But the key point is that Bitcoin has been made that way to guarantee his users a certain amount of security to prevent double spendings.RaiBlocks completely ignores the Bitcoin technology and relies on a special version of the Proof Of Stake concept.When you receive a payment in the RaiBlocks network you have to wait a certain amount of time to be sure that a double spending has not been attempted (and remember the first problem, if an attacker stops you from receiving the double spend you would never know!)When a double spent is detected, the RaiBlocks network starts a vote. Every peer connected to the network vote to accept the payment A or payment B; every user vote is weighted with the amount of his balance. Usually each peer votes for the first transaction he receives. The transaction which the sum of votes reaches the 51% of online amount of currency wins. The winning transaction is accepted by the network and the other one is discarded. (Reference https://github.com/clemahieu/RaiBlocks/wiki/Double-spending-and-confirmation The payment receiver, if his network has not been compromised, will then know if he can trust the payment or not, and will ship the good accordingly. This system leads to an unsolvable problem.If an attacker succeeds to put himself between a merchant and the RaiBlocks network he can just filter the double spending payment packets, and the merchant will never know that he is receiving a double spending. The Raiblocks network will discard that payment while the merchant will accept it.a) The merchant should ask a vote for each payment he receives and wait for the confirmation.The problem is that the attacker could manipulate the vote by telling the merchant that only his peers are connected to the network thus he will win the vote by filtering only his votes. Plus, asking a vote for each payment would cause a huge increment of bandwidth usage that many peers could not handle.b) The merchant should have a remote node verifying the payment.The attacker could just attack that network too.c) The merchant should ask the RaiBlocks.net website if the payment has been accepted.The attacker can hack the RaiBlocks.net website. Also if you have to rely on a website you can no longer consider RaiBlocks a decentralized network.1) A payment to be accepted should require a vote with a minimum weight quorum.It's difficult to establish a correct quorum, and if that quorum is offline no payments will be processed.2) A payment need to be accepted by some trusted representatives.This will stop the network on being decentralized. Also, if those representatives are offline the payments are not processed.Simply because an attacker, to be trusted by a merchant, would require to solve a very difficult puzzle for six times. An attacker cannot alter the difficulty of that puzzle.a) RaiBlocks is just Bitcoins without the Bitcoin securing algorithm. The creator of Bitcoin, Satoshi Nakamoto, describes the double spending problem in the original Bitcoin paper: https://Bitcoin.org/Bitcoin.pdf . The developer of RaiBlocks just thinks to solve the problem by ignoring the problem.b) The official representatives of the RaiBlocks network own more than 52% of total voting weight, allowing the developer to manipulate every vote on his will.Source: https://dev.RaiBlocks.net/page/representatives.php



Recently I found a PRE-ANN of Stone

I do not know if it's a scam ...

But they can solve this problem

only you do not have any code yet... In fact, currencies based on DAG technology have a problem in decentralizing the network and distributing the coins, ie there is no incentive for people to run full nodes, but RaiBlocks was the best on this issue (they could have done better, but it was a good solution, just need a bigger network now)Recently I found a PRE-ANN of StoneI do not know if it's a scam ...But they can solve this problemonly you do not have any code yet...

v.stekelenburg



Offline



Activity: 16

Merit: 0







NewbieActivity: 16Merit: 0 Re: RaiBlocks is NOT secure January 19, 2018, 08:43:49 AM #11 You put a lot effort in this. It is super clear this way that RaiBlocks isnt safe, no one can argue with that now. Greatly done and I learned a lot the same time. Thanks