Pages:
Author

Topic: 51% attack (Read 5169 times)

legendary
Activity: 1162
Merit: 1007
April 26, 2014, 12:45:10 PM
Here are Mike's suggestions:

Quote
  1. Dishonest blocks can be identified out of band, by having honest
   miners submit double spends against themselves to the service anonymously
   using a separate tool. When their own double spend appears they know the
   block is bad.
This only works if the service accepts double-spends from everyone. I'd have thought the service was more likely to restrict double-spends to favoured individuals. For example, it could require some pattern in transaction outputs, so that only people who knew how to create that pattern could make double-spends. That knowledge could be traded on underground bulletin boards, rather like how credit card numbers are traded today.

The honest miners could attempt to figure out and replicate the patterns, and then we get an arms race with the patterns getting ever more subtle.

I'm not saying it's a bad idea, necessarily, but it's far from a panacea.

I agree.  I no longer think this idea is workable.  It will create more problems than it solves.

In fact, it is ironic: it would add further heterogeneity [in block acceptance criteria] as a "solution" for the problems originally caused by heterogeneity in certain miners' TX mempool acceptance criteria:  

https://bitcointalksearch.org/topic/m.6407793
https://bitcointalksearch.org/topic/m.6407938
sr. member
Activity: 365
Merit: 251
April 26, 2014, 10:50:27 AM
Here are Mike's suggestions:

Quote
   1. Dishonest blocks can be identified out of band, by having honest
   miners submit double spends against themselves to the service anonymously
   using a separate tool. When their own double spend appears they know the
   block is bad.
This only works if the service accepts double-spends from everyone. I'd have thought the service was more likely to restrict double-spends to favoured individuals. For example, it could require some pattern in transaction outputs, so that only people who knew how to create that pattern could make double-spends. That knowledge could be traded on underground bulletin boards, rather like how credit card numbers are traded today.

The honest miners could attempt to figure out and replicate the patterns, and then we get an arms race with the patterns getting ever more subtle.

I'm not saying it's a bad idea, necessarily, but it's far from a panacea.
legendary
Activity: 1162
Merit: 1007
April 24, 2014, 07:24:45 PM
How is it the same problem?  And can you summarize/restate the essense of what he said?

I just mean the same problem of "how to come to consensus in a decentralized manner." 

We are both looking to add protocol rules?

Yes, I think so.  For the Mike H idea #1 to work, the majority of the hash power must agree (otherwise you will lose money as Danny pointed out).  If the majority of the hash power agrees, then it's effectively a rule that's been added on top of the Satoshi protocol. 

I can see why extra rules are probably a bad thing, but it's not completely clear to me why they are necessarily a bad thing.  I guess perhaps since you are at risk of 51% attack no matter what the rules are, why risk a loss of confidence from added complexity?

legendary
Activity: 1302
Merit: 1008
Core dev leaves me neg feedback #abuse #political
April 24, 2014, 04:51:32 PM
How is it the same problem?  And can you summarize/restate the essense of what he said?

I just mean the same problem of "how to come to consensus in a decentralized manner." 

We are both looking to add protocol rules?
legendary
Activity: 1302
Merit: 1008
Core dev leaves me neg feedback #abuse #political
April 24, 2014, 04:50:09 PM
Empty blocks in the context of a 51% attack.  That paralyzes bitcoin.  Much worse than a double spend.
Average confirmation time for transactions goes from 10 minutes to 20 minutes and that's a paralyzing disaster worse than a double spend?

 a 51% attack can create longest chain and then be able to mine 100% of blocks, not just 51% of blocks.
legendary
Activity: 1400
Merit: 1013
April 24, 2014, 04:46:49 PM
Empty blocks in the context of a 51% attack.  That paralyzes bitcoin.  Much worse than a double spend.
Average confirmation time for transactions goes from 10 minutes to 20 minutes and that's a paralyzing disaster worse than a double spend?
legendary
Activity: 1162
Merit: 1007
April 24, 2014, 04:45:28 PM
How is it the same problem?  And can you summarize/restate the essense of what he said?

I just mean the same problem of "how to come to consensus in a decentralized manner." 
legendary
Activity: 1302
Merit: 1008
Core dev leaves me neg feedback #abuse #political
April 24, 2014, 04:43:49 PM

Thanks Danny.  I'd say I'm 75% convinced.  The missing 25% is due to my belief that it would be both "obvious" and "independently verifiable" that a certain miner is operating an out-of-band double spend service.  If both these conditions hold, then it seems intuitive that something could be done in a decentralized manner.  Perhaps I am wrong, however.


And to me it seems intuitive that something could be done in a decentralized manner to prevent empty blocks or excluded transactions, but I could be wrong also.


LOL, but I've already convinced myself that nothing can or should be done about empty blocks.  And I guess it is really the same problem, isn't it?  So I think I'm now 95% convinced by what Danny said. 

Empty blocks in the context of a 51% attack.  That paralyzes bitcoin.  Much worse than a double spend.

How is it the same problem?  And can you summarize/restate the essense of what he said?
legendary
Activity: 1162
Merit: 1007
April 24, 2014, 04:41:23 PM

Thanks Danny.  I'd say I'm 75% convinced.  The missing 25% is due to my belief that it would be both "obvious" and "independently verifiable" that a certain miner is operating an out-of-band double spend service.  If both these conditions hold, then it seems intuitive that something could be done in a decentralized manner.  Perhaps I am wrong, however.


And to me it seems intuitive that something could be done in a decentralized manner to prevent empty blocks or excluded transactions, but I could be wrong also.


LOL, but I've already convinced myself that nothing can or should be done about empty blocks.  And I guess it is really the same problem, isn't it?  So I think I'm now 90% convinced by what Danny said.  
legendary
Activity: 1302
Merit: 1008
Core dev leaves me neg feedback #abuse #political
April 24, 2014, 04:37:17 PM
Here's what I'm wondering, Danny.  Imagine I'm a miner that control 5% of global hash power.  I have an employee who is always looking for out-of-band double-spend services.  Whenever he learns of a new service like this, he sends it one "test double-spend" every block.  If I see a block that includes the TX that I personally know to be a pseudo double spend attempt, I choose not to mine upon it.  Otherwise, our behaviour is unchanged.  If the block I rejected as malicious is built upon (i.e., not enough miners implemented my rule set), then I give up and start mining on the longest chain.  

Now imagine I talk about this idea at conferences, over IRC, here at the forum, and start a website dedicated to the cause. Perhaps I am able to convince others to implement the same rule set.  Every block I mine is not a waste, as normally I am working to extend the longest chain.  The only block rewards at risk are when I detect a block that I personally know to come from a malicious double-spend service.  But I think these blocks should be rare, and eventually disappear completely if they are never extended (the double-spend services would go out of business).

I don't see the flaw in my logic here.  It seems that this may work and that if it did that it would be a good thing.  Do you think this idea is dangerous some how?

If each participating miner (or mining pool) implements your idea independently (searches for the double-spend services themselves, and makes their own determinations from their own double-spend attempts which blocks to ignore), then it's dangerous to the income and profitability of the individual miners (or pools).

It is likely that some miners will find some services, and other miners will find other services.  As such, they will waste time mining blocks that won't earn them income, while the rest of the network that hasn't discovered the particular service they are blacklisting continues on without them.  Additionally, if they happen to solve a block while mining a fork that won't make it, they lose out on the block reward they could have had if they had solved a block on the consensus chain.

Additionally, since there are likely to be many services that some miners find and others don't, the blockchain is likely to always be in a state of multiple competing blocks that are all trying to orphan all the others.  This significantly reduces the hashpower that an attacker would need to outpace the rest of the network with their own chain.  If an attacker can create a situation where there are regularly 5 different blocks that are all being treated by equal portions of the network as the last "valid" block, an attacker only needs 17% of the total hash power of the network to continuously outpace the network (instead of 51%).

If, instead of having each miner (or pool) independently search out and choose which blocks they want to try to ignore, you have some centralized service that provides the block blacklist that all miners are supposed to adhere to, then you've introduced a centralization to the decentralized network that can be abused.  The service can become malicious and (for a secret fee) allow some malicious blocks through, or even block some non-malicious blocks.  The service can segregate the network into as many competing forks as it likes by offering each segment a different block blacklist.

Because all of these repercussions result in reduced income for the honest miners (or pools), it will be difficult to convince any of them to take up your consensus destroying ideas.  As such, you'll be left occasionally ignoring blocks on your own, and drastically reducing your revenues wasting hash power on blocks that will never be part of the consensus chain.  Because mining is so competitive, reductions in revenue will almost certainly result in financial loss that will eventually deplete your capital until you can no longer operate.




Thanks Danny.  I'd say I'm 75% convinced.  The missing 25% is due to my belief that it would be both "obvious" and "independently verifiable" that a certain miner is operating an out-of-band double spend service.  If both these conditions hold, then it seems intuitive that something could be done in a decentralized manner.  Perhaps I am wrong, however.



And to me it seems intuitive that something could be done in a decentralized manner to prevent empty blocks or excluded transactions, but I could be wrong also.
legendary
Activity: 1162
Merit: 1007
April 24, 2014, 04:36:00 PM
#99
Only 20% of respondents believe that out-of-band double spend services are not complicit in fraud (https://bitcointalksearch.org/topic/when-does-it-become-fraud-the-ethics-of-bitcoin-mining-and-zero-confirm-txs-502571).  If I send these services trial double spends and detect the block with the transaction that I know to be fraudulent, based on the results of my poll only 20% of the bitcoin community would disagree with me.  So I think it is a valid concept and that one might achieve enough consensus to implement this.
People can believe what they want, but it doesn't make it possible to solve the Byzantine General's Problem without actually solving the Byzantine General's Problem, which is what "a technique to reliably detect malicious blocks created by double-spend services" means.

There is no general solution to the Two General's Problem.  Bitcoin is a practical implementation where consensus is achieved by working on the longest chain.  Consensus can be achieved in other ways, however.  

I am not saying that Mike Hearn's idea (#1 only--#2 seems really bad) is necessarily a good one.  It's just that I'm still not fully convinced that it's a bad one.  
newbie
Activity: 49
Merit: 0
April 24, 2014, 04:34:50 PM
#98
Bitcoin fans monitor and Bitcoin Foundation also manages  and monitor this issue, so  should avoid that. do not worry
legendary
Activity: 1162
Merit: 1007
April 24, 2014, 04:33:01 PM
#97
Here's what I'm wondering, Danny.  Imagine I'm a miner that control 5% of global hash power.  I have an employee who is always looking for out-of-band double-spend services.  Whenever he learns of a new service like this, he sends it one "test double-spend" every block.  If I see a block that includes the TX that I personally know to be a pseudo double spend attempt, I choose not to mine upon it.  Otherwise, our behaviour is unchanged.  If the block I rejected as malicious is built upon (i.e., not enough miners implemented my rule set), then I give up and start mining on the longest chain.  

Now imagine I talk about this idea at conferences, over IRC, here at the forum, and start a website dedicated to the cause. Perhaps I am able to convince others to implement the same rule set.  Every block I mine is not a waste, as normally I am working to extend the longest chain.  The only block rewards at risk are when I detect a block that I personally know to come from a malicious double-spend service.  But I think these blocks should be rare, and eventually disappear completely if they are never extended (the double-spend services would go out of business).

I don't see the flaw in my logic here.  It seems that this may work and that if it did that it would be a good thing.  Do you think this idea is dangerous some how?

If each participating miner (or mining pool) implements your idea independently (searches for the double-spend services themselves, and makes their own determinations from their own double-spend attempts which blocks to ignore), then it's dangerous to the income and profitability of the individual miners (or pools).

It is likely that some miners will find some services, and other miners will find other services.  As such, they will waste time mining blocks that won't earn them income, while the rest of the network that hasn't discovered the particular service they are blacklisting continues on without them.  Additionally, if they happen to solve a block while mining a fork that won't make it, they lose out on the block reward they could have had if they had solved a block on the consensus chain.

Additionally, since there are likely to be many services that some miners find and others don't, the blockchain is likely to always be in a state of multiple competing blocks that are all trying to orphan all the others.  This significantly reduces the hashpower that an attacker would need to outpace the rest of the network with their own chain.  If an attacker can create a situation where there are regularly 5 different blocks that are all being treated by equal portions of the network as the last "valid" block, an attacker only needs 17% of the total hash power of the network to continuously outpace the network (instead of 51%).

If, instead of having each miner (or pool) independently search out and choose which blocks they want to try to ignore, you have some centralized service that provides the block blacklist that all miners are supposed to adhere to, then you've introduced a centralization to the decentralized network that can be abused.  The service can become malicious and (for a secret fee) allow some malicious blocks through, or even block some non-malicious blocks.  The service can segregate the network into as many competing forks as it likes by offering each segment a different block blacklist.

Because all of these repercussions result in reduced income for the honest miners (or pools), it will be difficult to convince any of them to take up your consensus destroying ideas.  As such, you'll be left occasionally ignoring blocks on your own, and drastically reducing your revenues wasting hash power on blocks that will never be part of the consensus chain.  Because mining is so competitive, reductions in revenue will almost certainly result in financial loss that will eventually deplete your capital until you can no longer operate.




Thanks Danny.  I'd say I'm 75% convinced.  The missing 25% is due to my belief that it would be both "obvious" and "independently verifiable" that a certain miner is operating an out-of-band double spend service.  If both these conditions hold, then it seems intuitive that something could be done in a decentralized manner.  Perhaps I am wrong, however.

legendary
Activity: 1400
Merit: 1013
April 24, 2014, 04:25:27 PM
#96
Only 20% of respondents believe that out-of-band double spend services are not complicit in fraud (https://bitcointalksearch.org/topic/when-does-it-become-fraud-the-ethics-of-bitcoin-mining-and-zero-confirm-txs-502571).  If I send these services trial double spends and detect the block with the transaction that I know to be fraudulent, based on the results of my poll only 20% of the bitcoin community would disagree with me.  So I think it is a valid concept and that one might achieve enough consensus to implement this.
People can believe what they want, but it doesn't make it possible to solve the Byzantine General's Problem without actually solving the Byzantine General's Problem, which is what "a technique to reliably detect malicious blocks created by double-spend services" means.
legendary
Activity: 3472
Merit: 4801
April 24, 2014, 04:17:03 PM
#95
51% should be utilized to block stolen funds and recreate those coins so 21M coins will always be in the network.

No.
hero member
Activity: 518
Merit: 500
April 24, 2014, 04:15:14 PM
#94
51% should be utilized to block stolen funds and recreate those coins so 21M coins will always be in the network.
legendary
Activity: 3472
Merit: 4801
April 24, 2014, 04:11:21 PM
#93
Here's what I'm wondering, Danny.  Imagine I'm a miner that control 5% of global hash power.  I have an employee who is always looking for out-of-band double-spend services.  Whenever he learns of a new service like this, he sends it one "test double-spend" every block.  If I see a block that includes the TX that I personally know to be a pseudo double spend attempt, I choose not to mine upon it.  Otherwise, our behaviour is unchanged.  If the block I rejected as malicious is built upon (i.e., not enough miners implemented my rule set), then I give up and start mining on the longest chain.  

Now imagine I talk about this idea at conferences, over IRC, here at the forum, and start a website dedicated to the cause. Perhaps I am able to convince others to implement the same rule set.  Every block I mine is not a waste, as normally I am working to extend the longest chain.  The only block rewards at risk are when I detect a block that I personally know to come from a malicious double-spend service.  But I think these blocks should be rare, and eventually disappear completely if they are never extended (the double-spend services would go out of business).

I don't see the flaw in my logic here.  It seems that this may work and that if it did that it would be a good thing.  Do you think this idea is dangerous some how?

If each participating miner (or mining pool) implements your idea independently (searches for the double-spend services themselves, and makes their own determinations from their own double-spend attempts which blocks to ignore), then it's dangerous to the income and profitability of the individual miners (or pools).

It is likely that some miners will find some services, and other miners will find other services.  As such, they will waste time mining blocks that won't earn them income, while the rest of the network that hasn't discovered the particular service they are blacklisting continues on without them.  Additionally, if they happen to solve a block while mining a fork that won't make it, they lose out on the block reward they could have had if they had solved a block on the consensus chain.

Additionally, since there are likely to be many services that some miners find and others don't, the blockchain is likely to always be in a state of multiple competing blocks that are all trying to orphan all the others.  This significantly reduces the hashpower that an attacker would need to outpace the rest of the network with their own chain.  If an attacker can create a situation where there are regularly 5 different blocks that are all being treated by equal portions of the network as the last "valid" block, an attacker only needs 17% of the total hash power of the network to continuously outpace the network (instead of 51%).

If, instead of having each miner (or pool) independently search out and choose which blocks they want to try to ignore, you have some centralized service that provides the block blacklist that all miners are supposed to adhere to, then you've introduced a centralization to the decentralized network that can be abused.  The service can become malicious and (for a secret fee) allow some malicious blocks through, or even block some non-malicious blocks.  The service can segregate the network into as many competing forks as it likes by offering each segment a different block blacklist.

Because all of these repercussions result in reduced income for the honest miners (or pools), it will be difficult to convince any of them to take up your consensus destroying ideas.  As such, you'll be left occasionally ignoring blocks on your own, and drastically reducing your revenues wasting hash power on blocks that will never be part of the consensus chain.  Because mining is so competitive, reductions in revenue will almost certainly result in financial loss that will eventually deplete your capital until you can no longer operate.

legendary
Activity: 1162
Merit: 1007
April 24, 2014, 03:58:26 PM
#92
If I as a miner have a technique to reliably detect malicious blocks created by double-spend services
In addition to what DannyHamilton said, you don't have one of these because it's not a valid concept.

I'm not sure about that Justus.  Only 20% of respondents believe that out-of-band double spend services are not complicit in fraud (https://bitcointalksearch.org/topic/when-does-it-become-fraud-the-ethics-of-bitcoin-mining-and-zero-confirm-txs-502571).  If I send these services trial double spends and detect the block with the transaction that I know to be fraudulent, based on the results of my poll only 20% of the bitcoin community would disagree with me.  So I think it is a valid concept and that one might achieve enough consensus to implement this.  

Do you think this is dangerous somehow?
legendary
Activity: 1162
Merit: 1007
April 24, 2014, 03:45:56 PM
#91
I'm confused with what exactly your position is now.  

If I as a miner have a technique to reliably detect malicious blocks created by double-spend services, and if I choose not to build upon those blocks, then this does not represent a change to the protocol IMO.  I am expressing my view of the legitimate chain with my hash power.

Correct.

And if you don't have a majority of the hash power in the network, and the other miners don't implement your particular exact ruleset, then your chain will never be longer than the consensus chain.  Therefore, every block that you mine will be a waste of your hash power.

Since every other miner faces this same disincentive, the only financially logical thing for you or any other miner to do is to accept the protocol valid blocks that you receive and mine blocks that follow them.


Here's what I'm wondering, Danny.  Imagine I'm a miner that control 5% of global hash power.  I have an employee who is always looking for out-of-band double-spend services.  Whenever he learns of a new service like this, he sends it one "test double-spend" every block.  If I see a block that includes the TX that I personally know to be a pseudo double spend attempt, I choose not to mine upon it.  Otherwise, our behaviour is unchanged.  If the block I rejected as malicious is built upon (i.e., not enough miners implemented my rule set), then I give up and start mining on the longest chain.  

Now imagine I talk about this idea at conferences, over IRC, here at the forum, and start a website dedicated to the cause. Perhaps I am able to convince others to implement the same rule set.  Every block I mine is not a waste, as normally I am working to extend the longest chain.  The only block rewards at risk are when I detect a block that I personally know to come from a malicious double-spend service.  But I think these blocks should be rare, and eventually disappear completely if they are rarely extended (the double-spend services would go out of business).

I don't see the flaw in my logic here.  It seems that this may work and that if it did that it would be a good thing.  Do you think this idea is dangerous some how?
legendary
Activity: 1750
Merit: 1007
April 24, 2014, 03:38:19 PM
#90
Just a reminder:

A 51% attack cannot break any existing protocol rules, only enforce it's own new rules on top of them, as long as they do not conflict.  Attempting to do otherwise is actually a hard fork where only the attacker is mining.  It will not merge with the "real" blockchain.  The rest of the network will continue happily on the real chain and not even notice the conflicting chain since it is not recognized by bitcoind (unless they update to the attacker's modified version).
Pages:
Jump to: