zagnazokni
Posts: 1
Joined: Sun Aug 13, 2017 7:43 pm

Is MTP broken already?

Sun Aug 13, 2017 7:46 pm

Time-Memory Tradeoff Attacks on the MTP Proof-of-Work Scheme - https://eprint.iacr.org/2017/497.pdf
By Itai Dinur and Niv Nadler

and also:

Attacks on Merkle Tree Proof - http://blog.zorinaq.com/attacks-on-mtp/
By Marc Bevand

:shock: :shock: :shock:

zcoin
Nickel Bitcoiner
Nickel Bitcoiner
Posts: 23
Joined: Wed Apr 12, 2017 9:05 am

Re: Is MTP broken already?

Tue Aug 15, 2017 1:53 am

We have addressed the concerns in our blog post, of which the relevant sections are quoted here:
MTP

We are very pleased that has been a lot of academic debate on MTP the first being Dinur & Nadler's paper which we had patched a quick fix to it as a temporary solution. It was this paper that prompted us to launch our USD10,000 MTP Audit and USD2,500 MTP Implementation bounties to further encourage research into MTP and also prompted a slew of changes to our MTP code.

Since then, we have also been given a draft copy of research from Fabien Coelho at Zeronote Skunkworks that brings new memory hard PoW proposals to improve MTP and to counter known attacks to the scheme and is currently awaiting feedback from the authors of MTP.

We have also received on the 11 and 12th August several submissions from Marc Bevand to the  MTP bounty which require further investigation and also further scrutiny into the proposed fixes. You can view his submissions here which are currently being validated.

Alex Biryukov (one of the authors of MTP) has mentioned in light of Dinur & Nadler's paper, that MTP needs further work  and we have been informed that they are planning to continue work on MTP in September and October which aims to address these new academic papers and research and to further improve on MTP including proof size optimizations.

As such, although we are technically ready to migrate MTP in its current form to mainnet, in light of the above discoveries, the responsible thing to do is to hold off on deployment on mainnet until the revised paper is out and there is confirmation that the attack vectors are closed as opposed a temporarily patched MTP that will be almost certainly be changed again. We apologize for the late notification but it was not a decision we took lightly but we are thankful that the research came to light before deployment of MTP on main net.

MTP in its current form is completely functional and continues to be able to be tested on our Testnet. You can compile zcoind from our Github mtptest branch and also mine with its inbuilt miner. You can also ask from our Slack if you need binaries to the MTP testnet or get some testnet ZCoins.

You can view our Testnet explorer here: http://testnet.zcoin.io:3001/

We remain committed to MTP as long as it remains a viable PoW and we continue to refine our code to make it easier for third parties to work and read with. We thank you for your patience and understanding especially when developing cutting edge technology.

b4h4mu7
Posts: 3
Joined: Wed Dec 13, 2017 8:55 pm

Re: Is MTP broken already?

Wed Dec 13, 2017 9:14 pm

Time-Memory Tradeoff Attacks on the MTP Proof-of-Work Scheme - https://eprint.iacr.org/2017/497.pdf
By Itai Dinur and Niv Nadler

and also:

Attacks on Merkle Tree Proof - http://blog.zorinaq.com/attacks-on-mtp/
By Marc Bevand

:shock: :shock: :shock:
Hi,

We've improved upon the original MTP design with our new algorithm Itsuku. It offers hardened properties against all known attack vectors and the proof size is 1/16th of the original size. We've implementated Itsuku in our upcoming Boolberry hardfork where we will be branding the fork "Doubloon" to siginify the massive changes we've made to the underlying protocol. Public testnet should begin soon on this. Zcoin and Marc Bevand have been credited in the whitepaper for their efforts in the Zcoin bounty program.

"Itsuku: a Memory-Hardened Proof-of-Work Scheme"
https://eprint.iacr.org/2017/1168

http://www.db.cash

OneChain
Silver Bitcoiner
Silver Bitcoiner
Posts: 1086
Joined: Sat Aug 19, 2017 10:11 am
Contact: Telegram

Re: Is MTP broken already?

Wed Nov 27, 2019 1:44 pm

Yeah, I think it is broken.
Whichever chain wins,the world wins Image

Return to “Zcoin / XZC (Different from Zcash)”

Who is online

Users browsing this forum: No registered users and 9 guests