REAL-TIME PAYMENT BLOCKCHAIN

Nicehash Attacks Update

As many of you know, GRAFT and numerous other projects are being regularly attacked using Nicehash (service providing hash power on demand). The attackers’ goal is to perform a sustained 51% attack to produce an alternative chain that would include their own double-spending transaction in it, and attempt to withdraw the funds from the exchange before the network adopts a new chain.

These attacks are unpleasant for several reasons: 1) the exchanges have to raise number of confirmations leading to very long withdrawal and deposit times, 2) some legitimate transactions get stuck while being written to the alt-chain, and it takes days until they get reversed.

What others have done:

A common approach is to create a small tweak to the hash algorithm, or use existing tweaks.

https://www.graft.network/wp-content/uploads/2019/01/CryptoNight-PoW-Versions-1.pdf

The downside of this approach is that it requires coordinated changes to the node, miner software, and pool software. (some of it is going to happen organically since miners are incentivized, but it is far from guarantee as practically no software miners support all the changes listed above).

What we plan to do about it:

The best approach to solving this problem at this time is something like ChainLocks, which is using the 2nd layer network to help validate the blockchain. This approach is much more robust and provides a long-term solution to the issue. The “ChainLocks approach” will take some time, however, as it’s reduced from conceptual to practical implementation and will rely on having a robust 2nd tier network to execute it, so we’re looking at 4-6 months out.

We recognize the need to deal with this issue now, however, and as such have decided to implement our own unique CryptoNight variation (more details will be published soon, after we finish preliminary testing). Rolling out this tweak will not be trivial, however, as again, it will require support from mining software and pool software. We will create a separate testnet for the new PoW algorithm and will rely on the miners community to not only test for robustness and unintended consequences, but also engage with the mining and pool software publishers to incorporate the change.

Keep in mind that any new hash algorithm solutions are temporary and are only effective until Nicehash adds support for it, which is driven by economics of the gains for the Nicehash community.

Additional Information

We’ve done some polling among the miners as to what mining software they use and how likely they would be to switch mining software if necessary. Here are some results so far, but we welcome you to provide your feedback as well.

https://docs.google.com/forms/d/e/1FAIpQLSdt85jV4QxY2a3N8jD6bj4SGSuDnEp4G0xc4QVNfyLiZLIZdA/viewform

Update

Earlier this week we implemented a tweak to CN8 algorithm we dubbed CryptoNight Waltz, which will prevent the attackers from using available Nicehash hashing power.

We have put together a private testnet. To test download CryptoNight Waltz here Seeds:

  • 54.208.86.27:28880
  • 54.144.192.6:28880
  • 35.175.164.180:28880
To launch miner on the node simply run node and enter command “start_mining

The main reason we created this testnet is to add the possibility for miner and pool maintainers to add and test support of CryptoNight Waltz. Please help reach out to your favorite mining software maintainer or pool operator to get them to update their software. We will not be able to roll this patch out to the Mainnet before we have that support.