Difficulty

[Mojo-LB]

Dear @mbg033 ,

Since you are very active today, care to comment on: https://github.com/graft-project/GraftNetwork/pull/78

For a completely different approach, please check: https://github.com/zawy12/difficulty-algorithms/issues/3

Thank you :)

[mbg033]

@Mojo-LB we did some tests with algorithm used in Masari, but currently this task was put on hold until it's confirmed as high prio task

[Mojo-LB]

@mbg033 An argument can be made that this currently is a high priority task, looking at several issues with current network, and the implications of leaving things as they are.

However, I understand this is not your decision, and I hope the management realizes that responding to market demands is good way to approach issues.

[bobbieltd]

I object difficulty algo changes.

1. We still need to wait to see the effectiveness of new algo.
2. Graft network is quite stable and soon big enough to avoid network fluctuation.
3. We need to wait for opinions from other projects’ well known dev.

Nothing to be hurried.

[bobbieltd]

@Mojo-LB For info, if you use that difficulty algo, you must change Readme to put copyright notice to Massari project at Readme to avoid copyright issue. It’s really annoying when people go around to try to put their copyright at Readme of other projects.

[Mojo-LB]

@bobbieltd Please don't make any comments before checking the linked pull request.

[bobbieltd]

@Mojo-LB Sorry, I think you are promoting zawy12’s new difficulty algo. That requires to add copyright notice to Readme and difficulty.cpp for Masari Project. One person (I guess from Masari Project) have raised copyright issue with DeroProject and I feel really angried about that demand. For Pull Request, I have nothing to comment. Sorry again, I misunderstanded you.

[Mojo-LB]

@bobbieltd

1. Check = check, not advertising, just what I thought is good.
2. I seen you going around spamming any post related to algos, especially zawy12. Triggered much?
3. Again, did you check the linked pull request before posting, again?

[bobbieltd]

@Mojo-LB

1. Check = Check. Let be it.
2. I feel it’s wrong so if I see it is promoted any where. I’ll give a warning. Warning = warning, not spamming, it’s what I thought. It’s same as your way of thinking. If they didn’t raise their copyright demand, I wouldn’t need to be angried with them. I posted only two new issues at two repos where there is post about this new algo. The other two, it’s my replies like this post.
3. Before posting this, I saw your posts relating to new difficulty algo and I didn’t check your pull requests. At this point, I agree that I’m wrong. I’m not hard coders and I don’t understand much blockchain. However, I still can give out my opinion.

[Mojo-LB]

2. I am subscribed to two repos, and I saw comment on 100% of repos I’m watching.
3. My pull request doesn’t need a coder to understand it, or to understand that is not related to Masari or zawy12. Zawy12 was an alternative suggestion.

Please have a look at it.

---

From: Learner notifications@github.com Sent: Saturday, March 10, 2018 10:26:45 AM To: graft-project/GraftNetwork Cc: Mojo; Mention Subject: Re: [graft-project/GraftNetwork] Difficulty (#91)

@Mojo-LBhttps://nam03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fmojo-lb&data=02%7C01%7C%7C3a5d06dba19846196b9b08d58660a993%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C636562672072978099&sdata=GnEKJsgp%2Fsy0t2nb4iDP7K8cFQHdrnnevYHWJ1LOO%2FA%3D&reserved=0

1. Check = Check. Let be it.
2. I feel it’s wrong so if I see it is promoted any where. I’ll give a warning. Warning = warning, not spamming, it’s what I thought. It’s same as your way of thinking. If they didn’t raise their copyright demand, I wouldn’t need to be angried with them. I posted only two new issues at two repos where there is post about this new algo. The other two, it’s my replies like this post.
3. Before posting this, I saw your posts relating to new difficulty algo and I didn’t check your pull requests. At this point, I agree that I’m wrong. I’m not hard coders and I don’t understand much blockchain. However, I still can give out my opinion.

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHubhttps://nam03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fgraft-project%2FGraftNetwork%2Fissues%2F91%23issuecomment-372012984&data=02%7C01%7C%7C3a5d06dba19846196b9b08d58660a993%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C636562672072978099&sdata=cDnInAGcysF2mvpTj1RFOBU20eC5738rNF1oQLWcYEw%3D&reserved=0, or mute the threadhttps://nam03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fnotifications%2Funsubscribe-auth%2FAh-jjeroKgQ40c5x-51dEaM6_ACKI8Rqks5tc45FgaJpZM4SgvJV&data=02%7C01%7C%7C3a5d06dba19846196b9b08d58660a993%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C636562672072978099&sdata=5QSl9jJ3qmAVc1iQjZv5dJc%2FBPEbmzdvkIR2RDVHzJ8%3D&reserved=0.

[bobbieltd]

I think I’m very wrong in my over-reactions. I need to double check all infos. For you PR, of course, I saw it and it’s unrelated.

[bobbieltd]

@Mojo-LB I think I was confused between two people which are unrelated 😂. Oufff.

[zawy12]

There are now 5 Monero clones using my LWMA algorithm. These charts show how much the coins have improved at stopping "hash attacks" and post-attack delays. Miners with 25x the baseline hash rate can jump on without causing hardly any harm. On the LWMA page you can see links to their code.

[zawy12]

The suggestion @Mojo-LB has made in his pull request to simply reduce the window from 720 to 60 is a good one. If Monero/Cryptonote/Forknote coins had used this, they would have never been desperate to find a new algorithm, and so no one would have heard of my algorithms. But the LWMA algorithm is a lot better.

[Mojo-LB]

@zawy12 Thank you for your endorsement. I realize that my pull request would be better if done as a planned fork rather than change instantly, however I made it just to show how easy it is to make things better.

Graft Team announced they are working on it along with the monero7 asic-resistance move, but haven't announced/merged anything yet to indicate if they're simply adjusting the window or using your LWMA algo. https://www.graft.network/2018/03/22/brief-update-status-asic-resistance-difficulty-algorithm/

My personal preference is your LWMA algorithm. It has been proven repeatedly to be the best out there, and I've seen its effect on the stability of Masari network, and several others.

[zawy12]

I've been talking to ultranote, and it seems they have 2 hour delays on occasion with N=35. So maybe it is important to go to LWMA

[Mojo-LB]

It is.

Although adjusting difficulty window makes it much less profitable for anyone to perform a "high hashrate attack", it doesn't allow the network to efficiently recover following such incident. That is a big part where your algo really shines.

Devs already have access to this information for some time, and are aware of the conditions that have been affecting mining since day 1 (difficulty and hash pumps) and day 30 (botnet).

I think the real issue here is not HOW, but IF and WHEN.

[zawy12]

@bobbieltd No one has to use the Masari version of the algorithm pseudocode. My copyright notice is not important as long as it remains open source as the M.I.T license requires. But I like people to know where the algorithm comes from so that they can check for updated versions. Same thing in regards to including a reference to Masari. There are important reasons for people to know where the code originally comes from that is not related to boosting the dev's reputation or whatever. They may want to be able to do searches that can reveal if someone else (not necessarily Masari) made an improvement or found a security hole.

[zawy12]

I hear graft lost 340 blocks in the past hour. Similar things were happening to the 25 coins that have switched to my LWMA difficulty algorithm in the last 2 or 3 months. Coins that have switched or are in process of switching:

karbo stellite masari alloy iridium bitsum? qwerty? brazuk? ultranote BTC Gold BTC Candy IPBC turtle haven myztic wownero niobio bbscoin redwind? balkan? bulwark? NYCoin intense vertical? forknote is going to get it so this stops happening to it's offspring.

[Mojo-LB]

@zawy12, Graft haven't haven't moved to LWMA yet. Fork is planned on block 67850 as of now (might be sooner). Changes are implemented in https://github.com/graft-project/GraftNetwork/pull/100

Edit: Just adjusted to block number 65110 expected Saturday April 14th. https://github.com/graft-project/GraftNetwork/pull/106

[zawy12]

This shows graft has been a very typical cryptonote coin, suffering from the slow difficulty at the beginning, then seeming to be OK for a while, and then slowly advancing to the point of "blowing up" from the oscillations. They are switching just in time, although I can see the past week (last plot) was not good.

[zawy12]

This is the chart of what happened immediately after I posted the warning above. Graft "blew up" like the others I've been following. This is from being too slow to respond in the presence of big miners having the option to come and go. Maybe ASICs no longer having Monero are the overwhelming cause of this. I've tried to warn Monero about this aspect of their incredibly slow algorithm, but they have no interest. I guess they'll be alright as long as they are one of the top two coins for their POW. But there are other reasons to have it faster, and no benefit to having it so slow.

At the worst of it (second-to-last magenta peaks) the on-off mining like this got 500 blocks in 8.3 minutes. This was followed by a 6 hour block, 20 hours to get 10 confirmations. They then switched to LWMA and everything looks fine. I included per-LWMA data from above because I needed to change the scales.

[plavirudar]

@zawy12 There are significant benefits to having a slower DAA if your coin is not at risk of 51% attacks. For one, the XMR difficulty is remarkably stable, which means that miners get highly consistent payouts, as well as providing them no incentive to switch between multiple coins following profits. Compare that with LWMA, which has up to 50% difficulty fluctuations due to the Poisson distribution of blocks, and their rationale should become clearer. The same also applies for BTC vs BCH, where BTC has a 2-week DAA, and suffers no ill effects due to its majority hashrate position, as opposed to BCH, which had to switch its DAA.

If no miner can achieve 51% attack hashrates, they can't perform timewarp attacks or "block-stealing" attacks effectively, and therefore the benefit of having a stable difficulty outweighs the benefit of preventing these attacks.

[zawy12]

Timestamp manipulation: let a miner with 2% of the network hashrate send a timestamp 7000 seconds into the future once every 2 hours to see the effect. I've told miners to stay on graft because they'll get 7 days worth of blocks in 3 hours if and when the timestamp manipulator drops by this coin like he has on 4 others the past 2 months. Terminology: time warp attack as it was originally a problem in BTC and described is not possible on coins with rolling averages.

Stable difficulty = unstable network. There is no problem from difficulty jumping all around if it that's the result of it accurately tracking network hashrate. It also achieves more consistent solvetimes. See the blow up above which is the result of trying to achieve a stable difficulty. The goal is not stable difficulty, but to match difficulty to the current hashrate. A 24 hour avg like monero is matching difficulty to the hash rate as it was 12 hours in the past (24 hr average). Miners do not want constant difficulty. They want a fair difficulty. Constant difficulty = unfair mining conditions. A difficulty that matches hashrate = a consistently fair difficulty. Talk to miners on the 10 coins using LWMA. They do not about it rising 3x in 30 minutes in response to a 10x hash attack , or about it dropping 80% in 30 minutes after the attackers leave. They love it. They are the small miners who spread the word about a coin and hold the coins, rather than a big miner looking to sell right away. They do not have a problem with it changing all the time +/- 15% as it tries to find the correct value.

[zawy12]

I forgot that they have a limit (10xT) inside the difficulty algorithm also. That means it takes a 15% (or maybe 30% miner with the LWMA) to consistently lower it until the 7200 second limit is reached. I could run the test to know how low they can get it but I think someone is going to start doing it before I get a chance to run the test. ( He has to have > 1/10 Network hashpwer to consistently make it go lower until the 7200 limit is reached whereas with the 1/7 he needs more than 13% to do it)

[jagerman]

I've told miners to stay on graft because they'll get 7 days worth of blocks in 3 hours if and when the timestamp manipulator drops by this coin like he has on 4 others the past 2 months.

I could run the test to know how low they can get it but I think someone is going to start doing it before I get a chance to run the test.

Indeed you appear to be several hours too late already: this has been happening to graft since last night, with the +2h forged timestamps hitting approximately every 3 hours. The most recent is four blocks in 66220-66228; another couple at 66197 and 66204; another five forged timestamps between 66145-66154; 1 at 66109; another at 65940; two more at 65910-65911.

[imperdin]

I still firmly believe the the correct approach to solve the "Hash attacks" and the threat of 51% attacks is to slightly tweak the PoW to limit the means of acquiring massive amount of hash power

[plavirudar]

@zawy12 You're right about timewarp attacks being nomenclaturally unsound since they can also be used to refer to an older, different attack. Let's stick to using the term "forged timestamps" instead when talking about the issue currently occurring to low hashrate CN coins.

You're also right in that miners want a fair difficulty, and when difficulty is divorced from true hashrate, there is a problem.

The issue with using fast DAAs is that any sampling of a Poisson process with small N will result in fluctuations, and the only way to correct for this is to increase N. In fact, one can model this deviation. For a given coin taking N blocks into account, Poisson statistics will mean that the actual standard deviation time of these N blocks will be $sqrt(N)$, or roughly 24% from the normal after 17 blocks, or 10% from the normal after 100 blocks in the absence of true hashrate fluctuations. Approximately 31% of blocktimes will fall outside of this range, and approximately 5% of blocktimes will be outside double this range (hence my initial 50% fluctuations claim).

By setting N too small in the absence of external hash attacks, you end up creating deviations from the true hashrate, instead of protecting the network from deviations.

[Mojo-LB]

@jagerman Those are either a wrongly configured node hosts, or a probe. We have no way to identify that at this point.

[zawy12]

@jagerman In short, the single bad timestamps are not much of a problem due to the 10xT that is in the code. If it was not there, it would be a big problem like I said 2 posts above. The attack has not yet hit. Long story The single +2 hour timestamps are limited to dropping the difficulty in Graft to about (60-10)/60 = 0.83 of the previous difficulty because there is a 10xT limit in the code rather than the FTL=7200 limit. A 20% miner can drop it to about 50% of the correct difficulty in about 50 blocks, but then the 7200 limit starts blocking him, so he has to go away for up to 2 hours before he can repeat the manipulation. But once he erodes difficulty by "only" 25%, 3x more hash power will switch to the coin, and he'll no longer be able to get the blocks he was hoping for, and he won't be able to manipulate it any further because he'll be below the 10% network hash power required to take advantage of the 10xT limits. A > 50% miner can make the difficulty reduce by (N-7200/T)/N max which is D=0 in this case of N=60 and T=120. He can get about 30 blocks at I think 25% of the original difficulty. He also will have to stop periodically to let chain time go back to being close to normal once his blocks start getting near the 7200. You have to go through the simple but confusing recursive math involved here to confirm my numbers and equation. My experiments indicated these approximate results for all DAs.

@imperdin Hash attacks by ASICs and NiceHase are not a problem for LWMA when it's implemented with the tighter 500 second limit. >51% hash rate is only a danger to other aspects of a coin.

@plavirudar I've written many times about the 1/SQRT(N) effect, although in a Poisson process like this, the variation is a little bit more. I am the source of SMAs with N=17 that Karbo and Sumo loved for curing their cryptonote hash attack problems and spread to many coins. It was only about 9 months ago I finally looked at the results when trying to help with BCH's new DA and realized it was a bad idea. It wasn't near as good as Digishield which is like N = 4x17 = 68. The >24% variation from N=17 was very harmful to sumo and karbo although they did not seem to realize it. It was the source of constant on-off mining. 3x changes in hashrate 20 times a day was almost typical. But they never locked up either. They just knew they were not being sent off to the Cryptonote slow difficulty graveyard like many others....who either died out or copied them.

Karbowanc shows the improvement when switching from SMA N=17 to LWMA N=60. BTW the bad spot in the graph below is what I think will happen to Graft pretty soon. Karbowanec had the 7200 and was sorting timestamps which is effectively the same as Graft's current liability.

LWMA N=60 has a speed of response like SMA N=45. So, you are suggesting I might be still pushing for an N that is too low. I have data to argue against this. HUSH uses Zcash's digishield (N like 68). There are many coins with LWMA N=60ish and they all are performing very well and look like the end of the karbo plot above. Most are smaller than hush so you'd expect hush to be more stable. But here's what Hush's results look like, from choosing an SMA equivlaent N=68, more than 50% slower than LWMA N=60. You can see it's not nearly as well. Like karbo, these are very recent blocks.

For comparison, here's Masari's (Masari is 1/7 the price of HUSH with fewer total coins)

[jagerman]

@zawy12 - any insights into what just happened in graft, starting from 66250? (If using the blockchain explorer website, the displayed age time looks a little wonky until you realize that it can't show negative ages--it just shows them as positives, but the age goes down if you refresh the page until it hits 0 after 2 hours).

[imperdin]

Hash attacks by ASICs and NiceHase are not a problem for LWMA when it's implemented
with the tighter 500 second limit. >51% hash rate is only a danger to other aspects of a coin.

@zawy12 We can agree that the primary goal of LWMA is to stop Hash attacks
And one of best practices to stop attacks is to chomp down the root of the problem where in our case the main offender is Nicehash.

In order stop Nicehash it requires slight modifications to the PoW code and break Cryptonightv7 compatibility while "enforcing" that Nicehash will not support the new variant under the pretext that they are actively aiding attackers to exploit the vulnerabilities in the code.

[zawy12]

Unfortunately I have not looked at any blocks since this morning...maybe later tonight.

Sumo and Karbo had these same problems in 2016 and early 2017, caused by the slow algorithm. I believe that was before Nicehash was such a problem. The POW "fix" is basically trying to minimize the number miners and their source of mining equipment. I think it's at best a band aid, if not pouring poison on a wound. ASICs and the same POW for everyone seems to be a legitimate market option that causes no problem for LWMA-like algorithms.

[imperdin]

@zawy12 The POW "fix" is basically trying to minimize the number miners and their source of mining equipment.

The result would be the opposite, by tweaking the PoW it will further incentive legitimate miners to mine Graft as the rewards per individual miners will increase as a smaller portion of the block rewards will be "stolen" by Hash rentals.

before Nicehash was such a problem

At least we can acknowledge that Nicehash is a problem.

Let's take another look at the "hash stability" of Sumo / Haven.
as far as I've seen/read they haven't had any major hash attacks after their last fork.

[jagerman]

In fact, one can model this deviation. For a given coin taking N blocks into account, Poisson statistics will mean that the actual standard deviation time of these N blocks will be $sqrt(N)$, or roughly 24% from the normal after 17 blocks, or 10% from the normal after 100 blocks in the absence of true hashrate fluctuations.

One minor stats tangent on modeling this: the distribution of the time for N blocks at difficulty D precisely follows a gamma(N, 1/D) distribution, which of course has the standard deviations you point out (that holds for any sum of independent draws), but is still noticeably different from normal at N=17: and, while closer, is still discernibly non-normal at N=100:

[zawy12]

I am sort of Playing devil's advocate because I often advocate small miners as a source of marketing. But from an economic perspective trying to improve marketing this way is different than creating real value in a coin. Trying to create a p o w for a select group of individuals is also reminiscent of a tariff. My devil's advocate position is based on simple capitalism trying to minimize government intervention. Trying to seek the perfect poww for a selected group seems something like government intervention trying to enforce a tariff. On the other hand I believe a type of aggressive tariff system is what has led to the rise of China. Similarly there's an excellent book that discusses America's economic take off occurred as a direct result of tariffs protecting us from Great Britain. When I said nicehash was a problem I only meant from a perspective of those who had an inadequate difficulty algorithm that was not doing its job of tracking hash rate. Simply trying to track hash rate is a neutral scientific position that has nothing to do with trying to protect the coin from supposedly bad acting miners. Even trying to protect the coin from Bad Time stamps is trying to really make sure it is measuring the right hash rate. Unlike simple mining for profit, bad time stamps are actually crossing a line because they are being paid not only to do the work but to assign the correct time. I am not morally opposed to Asics because they can end up following a diverse approach as much as gpus although it will take a little more time for the ecosystem to reach that point. So putting marketing aside as a suspect reason for diversity, the traditional 51% attack is the only thing remaining. But satoshi said a 51% attack was sort of theoretical since it's in their best interest to not hurt a coin by forcing a hard fork and reversion. But I think it would be a good thing if there was a p o w that really burned electricity on CPU cores independent of the surrounding Hardware so that cell phones with their smaller line resolution in risc architecture would be cheaper than gpus and Asics on a electricity basis and of course the cell phone Hardware is already there and free. It's not that I want the main source of mining to come from CPUs and cell phones which is very suspect, but because rather than using government regulation to restrict who can mine a coin I want to use regulation to level the playing field between all to increase competition rather than decreasing it with a p o w for a select group.

Haven by the way got a lot better because they switched to lwma. Rather than fixing their difficulty algorithm sumo took the less effective path of changing their poww. Since their future time limit was fixed long ago, the only problem that remains is my old awful difficulty algorithm that is not tracking hashrate very well. They still look like karbo used to

[imperdin]

51% attack was sort of theoretical

Say that to Intense.

Tweaking the PoW is by no means exclusive it merely imposes a slight penalty for algorithm switching and mainly Nicehash.
Letting a coin like Graft to have 20-40% of the blocks rewards "stolen" due to hash spikes is by no means inclusive and inviting.

To further emphasize the point letting the current conditions persist is like yielding to the "Viking expansion" and getting plowed for resources to further feed the malicious invaders and penalizing benevolent actors by cutting their gains.

The correct approach is to create a balanced ecosystem where malicious actors are penalized instead of getting rewarded in a similar method to Minarchism which also advocates for open-market and minimal tariffs but also emphasize that "bad" actors needs to be properly penalized

Minarchism is a libertarian political philosophy which advocates for the state to exist solely to provide a very small number of services. A popular model of the state proposed by minarchists is known as the night-watchman state, in which the only governmental functions are to protect citizens from aggression, theft, breach of contract and fraud as defined by property laws, limiting it to three institutions: the military, the police and courts.

[zawy12]

Again, LWMA-like DAs and tighter time limits were all that was needed to stop a significant number of "stolen" blocks. The hash attack problem is fixed. POW work is needed for other reasons.

Hash attacks are not breaking any rule of law. They love minarchy. It's merely a technical challenge (that LWMA solves) to make sure they are allowed to act in their own best interest as long as they are not lying or stealing. They get a "steal of a deal" only when they find "stores" with a block sale going on (low difficulty). They get the cheap stuff and future customers have to pay a higher price in part to support the coupons and discount days. I use the "stolen" terminology in this "steal of a deal" sense.

But bad timestamps are 1) a lie 2) for profit 3) at the expense of others. These are the 3 elements needed to prove fraud. But we have this worked out too and it's not a problem anymore.

Assuming we subconsciously don't want concentrated mining merely because we like lots of little miners in message boards promoting our coin (a big assumption), only non-difficulty 51% problems remain. The POW solution is to make computing cores burn as much electricity as possible by changing the algorithm with every node or nonce, avoiding memory rather than requiring it. TXN fees to support the burn are the underlying value of a future constant-value coin that's desperately needed.

[imperdin]

significant number of "stolen" blocks.

If attackers would continue this attack cycles for all of the LWMA + SMA Cryptonightv7 coins it would amount to a massive amount of stolen blocks.

P.S. I view hash attack as a rule violation, Miners are meant to secure the network not maintain it by spiking the hash-rate they are compromising the stability very chain they are mining on!.

[imperdin]

@zawy12 Please take a look at Graft Block Explorer and tell me if it looks like a normal and healthy chain.

If it escalates further to full 51% attack we might see Intense 2.0

[jagerman]

Please take a look at Graft Block Explorer and tell me if it looks like a normal and healthy chain

Something very strange happened here. It looks like, for some reason, all the forged timestamps somehow prevented other pools from finding any blocks for 67 blocks (66303 through 66369). It doesn't make sense to me why that would happen, and yet: not one single block in that range, over a 3 hour span, was found by any of graft's big (public) pools. This despite the pools being in sync and difficulty being lower the post-fork average. The absurd effort levels on all of them at once suggest something else was seriously wrong:

397.9% - https://graft.hashvault.pro/en/#!/blocks 771% - https://graftpool.net/#/blocks 9431% - https://graft.spacepools.org/#pool_blocks 1165.8% (and counting) - https://cryptoknight.cc/graft/# 589% - https://easyhash.io/graft/blocks

(The exceptionally high spacepools one appears to have had a ~25MH NiceHash order trying to take advantage of the low difficulty. Apparently it didn't work out).

It isn't at all clear why this happened, nor why it ended (with https://blockexplorer.graft.network/block/66370, found at https://graftpool.net/#/blocks). This is more than just difficulty manipulation: difficult wasn't high here, yet some unknown pool made off with around 114K GRFT.

[zawy12]

Intense, like several other coins, had a problem because they copied Sumo code without knowing to lower the FTL=7200 like Sumo. A bunch of coins got hit like someone suddenly realized the wonders of timestamp manipulation.

Intense seems to be doing good now with LWMA. There were two really slow blocks showing as blue spikes but those were network problems.

[zawy12]

I was playing aorund with a new "block's stolen" metric that gave 25% above with LWMA. In the other basis that the rest of the charts are in, it's 10%. That's still pretty bad for LWMA, but it's what I've seen in a couple of coins after they started up. Since that post above, I see a lot of timestamp manipulation like I've been warning. Here one series:

He got the difficulty to drop from 1.8 to 0.9 in 18 blocks because of the 7200 limit. The limit of 10xT in the code prevented a lot more damage. He got 8 blocks out of 25 that I can identify (if a large negative does not follow the large forward stamp, then he got that one too...he had already reached the 7200 limit with one big one and can't assign another one. So he's somewhere around 33% of network power.

[zawy12]

Graft can't experience the same kind of problems the sumo clones experienced. It handles the timestamps better. I don't think it's going to lose 500 blocks in an hour, let alone 5000. The damage possible is limited. But you can see from the above a attacker can just keep repeating the above, getting 20 low cost blocks which results in long delays. Once that comes down, he jumps on it again, sending it possibly even lower. He can't sit there and keep difficulty low indefinitely like he did on the Sumokoins.

[jagerman]

But you can see from the above a attacker can just keep repeating the above, getting 20 low cost blocks which results in long delays.

Right, that seems to have been the pattern 2-3 times now, and will likely repeat. But then there is the stretch from 66303 through 66369 which makes no sense at all.

[zawy12]

Now I see what you're saying. The fake 7200 solvetime should have soon been followed by a -7200 negative from an honest miner. But it took 66 blocks for the fake to show up...as if the attacker got 66 blocks in a row. The real time between was not weird...170 secs per block.

[zawy12]

@jagerman Do you have a reference or derivation of the gamma function?

[zawy12]

Here's what graft LWMA looks like so far. It does not look as good as other LWMA coins, but they don't start sending a lot of bad timestamps again, it should settle down.

[jagerman]

Do you have a reference or derivation of the gamma function?

It's the gamma distribution (the gamma function is something quite different). The wikipedia article on it is pretty good.

The (not-so) short of it is finding a block is a binomial distribution draw with an extremely low probability of success (i.e. the inverse of the difficulty) and an extremely high number of draws (i.e. the hashrate times the number of seconds to find the block), under which conditions the binomial is for all intents and purposes a Poisson distribution. The inter-arrival time for a Poisson (i.e. the time between blocks being found) follows a exponential distribution, in our case with rate parameter H/D (where H is the hashrate per second attempting to solve it and D is the difficulty). The time to find N blocks is thus: x1 + x2 + x3 + .. + xN., where each xi is an independent Exp(H/D) draw. The sum of a set of N independent and identically distributed exponentials follows a Gamma(N, H/D) distribution (this is also sometimes called an Erlang distribution when N is an integer, but is exactly the same distribution).

While the sum of independent draws from any distribution tends to a normal distribution in the limit (i.e. as the number of terms in the sum goes to infinity), an exponential distribution is so heavily asymmetric that it takes quite a few draws to get there, which is why even after 100 draws you can still see the skew (for something like a uniform distribution it's pretty close to normal after 5 draws and virtually indistinguishable after 10 draws).

Here's the R code that produced those density plots, if it's helpful to someone:

plot(function(x) dgamma(x, 17, 1), xlim=c(5,29), ylim=c(0,0.105), xaxs="i", yaxs="i", ylab="Density", main="N=17")
plot(function(x) dnorm(x, 17, sqrt(17)), xlim=c(5,29), ylim=c(0, .105), col="red", add=T)
legend("topright", legend=c("gamma(N,1)", "normal(N, sqrt(N))"), col=c("black", "red"), lty=1)

plot(function(x) dgamma(x, 100, 1), xlim=c(70,130), ylim=c(0,0.042), xaxs="i", yaxs="i", ylab="Density", main="N=100")
plot(function(x) dnorm(x, 100, sqrt(100)), xlim=c(70,130), ylim=c(0, .042), col="red", add=T)
legend("topright", legend=c("gamma(N,1)", "normal(N, sqrt(N))"), col=c("black", "red"), lty=1)

[sebseb7]

Why the hell coins are still switching to this way too fast algo? It's doesn't work in the presence of attackers, when people will understand? You can play with the difficulty.

"I've tried to warn Monero about this aspect of their incredibly slow algorithm, but they have no interest"

Maybe because Monero can see how LWMA coins break one after another...

"I hear graft lost 340 blocks in the past hour. Similar things were happening to the 25 coins that have switched to my LWMA difficulty algorithm in the last 2 or 3 months."

I see a pattern here...

[Mojo-LB]

@sebseb7

Hello Sebastian Green.

This difficulty algorithm is specifically targeted against people like you, who abuse low difficulty and leave miners to suffer.

That negatively affects the network you mine, as after you stop pumping, it is left with very long block times, very far from specifications.

This DAA makes it much less profitable for you to pump TF out of it, while ensures difficulty restores back to reasonable level when you stop.