51% Attack - Countermeasure Roundup

[nodemaster]

As you already know namecoin network was threatened by a 51% attack. We also announced that we were mounting a wall of defense. This threat seems to be over now. During the threat some people commited to namecoin joint forces in order to counter this attack. I really hope you understand that we didn't made this decision public from the beginning, as it seems that BitcoinEXpress changes his mind like my little son gets changed his diapers. Thus we decided it might be best to operate in secrecy. However with Davincij15 going nuts and telling everybody it's no longer a secret. Thus heres a roundup of the incident.

We came up with the following plan:

1. Create a new binary with activated merged mining, lock ins and checkpoints immediately
2. Mount a massive amount of hashing power on this chain using merged mining with a big BTC pool
3. Inform NMC pool operators (Exchanges are already offline)
4. Split the blockchain for about 10 blocks
5. Let vinced announce on forum and provide new binaries

However we were not sure about our plan will work out or not. Our plan B was to roll back after 10 blocks reverting to the original blockchain if things go wrong and retry with another block later on. The first splitted blockchain however should have been saved. It was no longer compatible with the current blockchain as it effectively rejected blocks after the chain split. Like some countries had "emergency currencies" during cold war we created an "emergency blockchain" independent from the original but carrying all information up to the split. In case we failed with splitting blockchain and distributing new binaries we at least would have a quite decent (and recent) blockchain with checkpoints and the possibility to merge mine we could use to rebuild on. The idea was to reopen the P2P network on this blockchain with trusted nodes at first in that case

Yesterday we tried the first split of the blockchain. Merged mining started on block 19850. Block 19851 found by MasterPool was the last block valid on both blockchains. We already splitted for 11 blocks and were ahead 6 blocks of the original blockchain with ease. At that time the pools in question already had the announcements ready to post on forum. Unfortunately vinced wasn't available and we didn't want to go public without his announcement. In the meantime we started to go nuts because we wanted to gain a small advance over a potential attacker but didn't want the blockchains drifting apart too much. But we found block for block and were unable to get vinced announce this issue. Furthermore the one big pool started to have technical problems running merged mining and thus we decided to revert back as we all were tired as well. We didn't sleep much the last days due to this action and it seemed best to sleep a bit before solving the problem and starting over with another block. Unfortunately at that point something went utterly wrong as Davincij15 kept mining on the new splitted blockchain.

I humbly apologize for this drastical measure. Please believe me. This was no light hearted decision. Please bear with us, even if you do not comply with this decision or don't like the lack of transparency. But we felt this was the only possibility to counter the attack and safe the NMC blockchain.

As the threat seems to be over now we should not stop working together strengthening the blockchain. We came up with good solutions. I ask everybody to discuss more solutions in order to use the momentum we have at the moment. It showed, the community CAN effectively counter such an attack. But we also had an unfair advantage, as we knew about a potential attack. We should at least optimize our findings. If we are under real attack without prior warning we need to act much faster. Please get involved in this community task!

[Aseras]

It's been interesting to watch. I still don't see how forking the blockchain would have helped as it would have given up more of the original chain over to the "attacker" and even legitimizing the fork later seems to be more of an attack than the 51% exploit. There are much better ideas to be done to shore up namecoin. Developing ways to do Lock-ins, finding a way to use discouraged blocks for an "attack" or fixing the difficulty swings via a dynamic block-difficulty adjustment and block delays would have been a far better use of resources over the past few days.

[MaxSan]

I think the main issue with this was the timeframe in which it was expected. To get the entire network to update is not an easy task (although the major pools doing this is a significant step)

[nodemaster]

It's been interesting to watch. I still don't see how forking the blockchain would have helped as it would have given up more of the original chain over to the "attacker" and even legitimizing the fork later seems to be more of an attack than the 51% exploit. There are much better ideas to be done to shore up namecoin. Developing ways to do Lock-ins, finding a way to use discouraged blocks for an "attack" or fixing the difficulty swings via a dynamic block-difficulty adjustment and block delays would have been a far better use of resources over the past few days.

We needed to fork the blockchain in order to start merged mining earlier. That way we had the possibility add more than 2 THash/s to the network within a second. We are aware of the fact that this wouldn't have solved all of your named issues. But we would have bought a massive amount of time we could then use in order to fix the other problems.

Fixing those problems is now the most urgent community task!

[JohnDoe]

So will lockins + merged mining be the full extent of the "fix" or is there a more elaborate solution in the works?

[doublec]

So will lockins + merged mining be the full extent of the "fix" or is there a more elaborate solution in the works?

There needs to be a fix for the time warp mining exploit as well.

[Davincij15]

I did not go crazy. Shinning the light on a plan is the best way to determine it's merit. I talked to other people in the community and conclude that the plan was flawed.

[nodemaster]

I did not go crazy. Shinning the light on a plan is the best way to determine it's merit. I talked to other people in the community and conclude that the plan was flawed.

Umm.. yeah. Must be the reason why you was the only one mining on the wrong blockchain after all. Anyway thank you very much for your integrity handling the issue secretly as you was asked by everybody. I really appreciate your trustworthyness and keep that in mind.

[vinced]

Sounds like a good exercise in case of future emergency. I would say it's best to wait until evidence of attack before trying to do a fork. This way you don't react to a threat that is never put into action.

You have copies of all the blocks even if there is an attack, so you can always go back to the last block before the attack started.

If a real 51% attach starts we need a way to exclude or disadvantage the chain built by the attacking miners. Any idea how we would do that? We still want to be an open system while defending.

[doublec]

You have copies of all the blocks even if there is an attack, so you can always go back to the last block before the attack started.

This doesn't help exchanges and merchants who suffer loss in physical goods or other currencies during an attack.