Open in app

Sign in

Write

Sign in

Why Stellite’s Difficulty Algorithm and proof-of-work Variant is one of the toughest to attack

Philip J
Scala
Published in
9 min readAug 13, 2018

Most CryptoNote coins have had issues with malicious attacks with the intent of stealing rewards from the blockchain. (i.e. timewarp attacks, stalling the blockchain, …)

Slow adapting Difficulty Adjustment Algorithms (DAA) and the popular CryptoNight (CN) proof of work algorithm make the system more vulnerable to these malicious attacks.

For some coins, these attacks sometimes went on for weeks because the development team could not bring a good solution to their mainnet fast enough. We saw this problem as an opportunity to bring Stellite to a technically better place.

The choice we had and the path we took

What could we do to solve this ?

  • ignore it and hide it
  • Improve difficulty algorithm only
  • Improve difficulty algorithm and have a custom PoW algorithm

Also whenever taking a decision we need to keep consistency with Stellite key values

  • Mobile mining compatibility
  • Network decentralization
  • Open source
  • Be fair to the majority

So what does that mean for us in technical terms?

  • ASIC resistance to enable mining for low end hardware
  • PoW algorithm has to be light on hardware resources (no Cryptonight Heavy and such)
  • Improving the DAA to avoid having stolen blocks
  • Keeping the code open. We get ideas from others coins and communities but in return we are open to share some of our work.

The path we decided on

Before going further, let’s have a look at the technical context.

What are the most common vectors of attacks?

  • Big centralized pools that accumulate 51% or more of the network hashrate
  • Hashpower rental services (NiceHash and such) that allow to quickly take control of huge amounts of hash power

What attacks do they usually perform?

  • Double spending attempts
  • Stealing block rewards from other miners by playing with difficulty
  • Clogging the network to bother it’s users

What can we do about that?

  • Not being supported by rental services
  • Being resilient to difficulty attacks and network hashrate fluctuations
  • Having a big network hashrate spread across a lot of miners
  • Encourage miners to spread hashrate across a bigger number of different pools

While we can never say a network is 100% safe, we can make it so the barrier of entry for attackers is as high as possible. As stated in the beginning of this article we have had few options here :

Do nothing (or even try to fork, get the chain stuck for a few days and then return to nothing ?!)

Doing nothing has a good benefit for the team and the coin. We can develop the product faster !

But if we were taking this route, it would imply that

  • we lie on the roadmap about the possibility of mobile mining.
  • we hide the fact that over months a lot of blocks have been stolen by few people and the team did nothing about itwithout the team taking any action.
  • with no changes, that mean the coin would concentrate rewards to few people/companies that are able to afford ASICs.
  • we still allow the combination of a slow and weak difficulty algorithm and enable nicehash simultaneously that which makes it easier to play with difficulty, to ultimately get more blocks.

Improve difficulty algorithm only

Improving difficulty algorithm is a first effective step, as it makes harder for attackers to play with the difficulty to get free block rewards. But we thought it was not enough, because whatever we do with difficulty algorithm tools such as NiceHash, it´s still allowing enough power to profit from abusing a fast DAA.

Why doesn’t the perfect difficulty algorithm exist? To make things as simple as possible: the aim of any difficulty algorithm is to predict the future from data you get from the past. As you know, history will always help you to understand the present and predict the future, but no one can exactly predict the future. This is really the same with any difficulty algorithm.

Improve difficulty algorithm and work on a custom Proof-of-work algorithm

OK, you’re still with us, thank you! So no surprise here, this is the choice we made for all the reasons we described before.

We wanted to create a suited DAA in combination with a variant PoW that is not widely used and can be changed. This is what makes abuse against the blockchain much harder than it’s economically viable.

Hardfork history

V2 was our first attempt to reduce the number of blocks we take from the past to predict the current hashrate (can be assimilated as to predict future hashrate from a computer point of view). Here we detected some weakness towards timewarp manipulations.

V3, we changed our DAA to something close to Masari with advices from zawy who is a difficulty specialist. I would say that this is the reference for almost all CN coins at this point in time. Also we were very proud to be the first CN coin to follow CNv7 PoW from Monero and the second to go live. This was possible mainly thanks to Seb Green who helped us to set up and test a private network. Also, as we needed to understand the pool code and miner code, Stellite team had also secretly tested our own new variant in a very private testnet. However changing the difficulty algorithm was already a very big change and a PoW modification was very risky for a mainnet release. We really like to test things and make sure of what we push onto the mainnet. A little step that is validated is better than a big one that you need rollback.

V4, the day after the V3 release, it was already on our to-do list to improve our network again. Sharing some of our ideas with Zawy, he gave us some leads to improve our difficulty algorithm. The idea was to add some custom “jump rules”. Also, as we said, during V3 we already started to figure out how to write our custom rules. So V4 had 2 goals: having one of the best CN difficulty algorithms and our own PoW algorithm. In the same time we got two other extremely talented developers in our team (donovan) who had the crazy idea to create a new very intuitive GUI miner. This is by far one of the simplest and most stylish miners that anyone can use. We also had the virtue of working with another developer (loofacoman) who created a blockchain analysis tool that helped us monitoring the blockchain in real time. This is one of the fastest available tools to parse and cherry pick important information from the obfuscated XTL blockchain.

Some key points about Stellite

  • The 1st CN alt-monero coin to make PoW CNV7 work on a testnet.
  • Among top 3 first CN coin to push PoW CNV7 to mainnet.
  • Created one of the best difficulty algorithms on mainnet.
  • Has the most intuitive and opensource GUI miner.

How Does our difficulty adjustment algorithm (MLWMA) work?

Our implementation is based on LWMA whose first and critical efforts were made from Zawy and Thaer (Lead developer for Masari). This is a decent algorithm with a respectable response time when facing a hashrate drop. Most of you must’ve followed our successive hardforks and see how smooth it was for the network to recover from a significant drop of hashrate. However there is a weakness when a significant amount of hashrate comes in to the network. It’s important to address this specific point as a big increase of hashrate can be seen as an attempt to “steal” some block rewards. To explain it in layman terms, if the difficulty adjustment algorithm doesn’t go up fast enough, this high hashrate miner can bring his huge rigs on the network but the network difficulty will be low, helping him scoop up some rewards.

The idea we had is quite simple. If the attacker comes to steal blocks, then the resolve time of the most recent blocks have a really big chance to decrease a lot. This leads to have many fast solved blocks. If so, the network should be able to detect this kind of behavior and increase difficulty faster. We also have to consider that some “natural luck” on the network may happen and it would be would good to not increase the difficulty too fast (in case such an event were to take place). We think our implementation helps to detect a real increase of hashrate over the network from lucky blocks. Let us try and explain why it is the fact that the mallus (difficulty jump) is progressive. What we do is just count from the last 7 latest blocks. If a lot among these last 7 blocks are high then the jump (mallus) is also high.

So take a look at an example

  • Let’s assume we got 3 fast blocks, we create a jump that increases difficulty by 10%. Then next block is harder to find. This means if an attacker is present, he will still find blocks fast but natural luck will decrease. This is how the network can easily differentiate between luck and an attacker.
  • So next step we have 4 fast blocks found. Then the chain increases difficulty by 20%.
  • The process continues like this until the latest 7 blocks were all fast solved. At the end, the chain will increase difficulty with a factor of 2 on the network. This is the reason why we can sometimes see such huge spikes on the network.

You may argue that with a lot of luck the last 7 blocks maybe found fast, but as we explained before this doesn’t happen as difficulty gets progressively larger than the previous block until this tip block. In this way even if there is some “natural luck/spikes”, the network is really stable.

Moreover to protect the network from at most the factor 2 spike, if the tip block found is not a fast one, all the jump rules are broken helping the network recover very quickly.

Let’s now check the result we had while simulating an attacker with old V3 difficulty algorithm and newest V4 one

Attacker is simulated from block 130 on this private chain.

Blue line is new V4 (MLWMA) difficulty algorithm, red line is V3 regular LWMA difficulty algorithm.

We can see a huge improvement between these two lines. The blue one has jumps that occur very fast and make the blocks harder to find. Also the blue line reaches the target difficulty faster than the red line.

These spikes you can see are really good because

  • it helps to increase difficulty faster
  • it’s tough for attackers to deal with when spikes occur because it also depends on luck.

Stellite’s Proof-of-work variant and other Ideas

For us at Stellite we find it crucial to have an egalitarian PoW algorithm, which is the reason why were among the first to experiment and apply CryptonightV7 on mainnet and also a custom variant of it. We now know that there are highly adaptable and optimized FPGAs that are capable of mining CNV7 and even our own variant. This is the reason why we’re experimenting with chaining other interesting other PoW algorithm’s such as YescryptRH, Argon2di etc which highly promotes CPU mining (Stellite’s premise) and also restricts and/or makes specialized hardware mining very hard to be economically feasible.

Conclusion

There is no better feedback than from a reputed difficulty algorithm specialist who has an objective view on the project

“Stellite made a big modification to my LWMA difficulty algorithm that definitely makes it the toughest good algorithm to attack. It’s really aggressive. Due to their work and BTC Candy’s work, and especially the good results they are seeing, I’ve modifed LWMA to a LWMA-2 that will do a much milder form of extra protection than what Stellite uses. Most devs copy someone else’s algorithm and have no interest or understanding in the algorithm. There are many complexities in trying to make an algorithm better without messing it up. 80% of those who try make it worse. But Stellite jumped in and made big changes. They came up with a good modification to a good algorithm without messing it up.” — Zawy 14th June 2018

We have to thank zawy for sharing his ideas. This helps us directly improve our algorithm and also help zawy to improve his own algorithm he aims to provide to the cryptocurrency community. We decided to stay on our own algorithm instead of using the one given by zawy for these reasons,

  • We think both algorithms are really good, and according to the performance chart done by zawy (http://wordsgalore.com/diff/index.html) we are always among the best coins listed.
  • It’s always best to have some diversity in what is implemented by all CN coins.
  • We have the most aggressive algorithm in terms of new incoming hashrate on the network.

It is easy to showcase and promise everything on a website but in the crypto world, it ultimately comes down to the superior technology and not the most elaborate hype or marketing efforts.

Sometimes the best way is to build an opinion on what a team is able to deliver and these successful hardforks are a good proof of the developer’s capability. And this is certainly not the end, we’re just getting started.

Now Stellite V4 has been live for the past couple of months and we are glad to say that our hard work has brought out the expected results. This way we are proud to provide our users a healthy and fair network, but most importantly this will enable the team to focus on delivering new features. When we build a house, we have to be sure that the base is solid enough to carry all the nice features that might be inside of it.

Stellite
Xtl
Cryptocurrency
Proof Of Work
Daas

--

--

Philip J
Scala

Written by Philip J

75 Followers
Editor for

Founder of SolydBot & Dev at Scala $XLA

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams