Quote
A large number of details of BSV's two computing power battles have been exposed-public computing power is the cornerstone of security.
Many years later, when miner Zheliang paid close attention to the voting process of other miners in the middle of a certain night, he would still think of the late night against the attack of computing power.
That attack was a long-planned attack. The observer in the dark, after careful planning and preparation, launched the first attack. That was on June 24, 2021, an anonymous attacker used the name "Zulupool" and used a method called "block withholding" by academia to launch an attack on the Bitcoin SV network. This attack method, called "block withholding", uses the original Bitcoin SV merchants and payees to rely on the "confirmation number" for accounting. The attacker first starts to use the secret of great computing power. Mining (withholding), and package the BSV in the block that you mine to transfer to yourself (Ligui transaction), and at the same time transfer the same BSV to the exchange (Li Kui transaction). After a period of secret mining (withholding), the exchange confirmed the transaction and allowed its deposit and transaction withdrawal because the "confirmation number" of the "Li Kui transaction" reached the standard. After completing the above actions, the attacker sees that his secretly mined block is higher than the public honest blockchain, and releases the previously secretly mined block. At this time, in the eyes of other miners and merchants, they found a chain with more workload, so they abandoned the previous honest chain and switched to the blockchain containing the Ligui transaction. At this time, the "Likui transaction" was deleted. , The exchange found that the initial deposit was missing.
The First Attack Attempt
In the first attack attempt (#692928-#692931), the attacker filled in "Zulupool" in the block header to imitate the "Zulupool" that was originally jumping on the chain (Zulupool is a mine that uses the Hathor protocol for joint mining. Pool, when the profit of BSV mining is high, it will switch to BSV mining). Because the influx of a large amount of computing power in a short period of time will shorten the block generation time. At this time, it is a rational behavior for miners to insist on competing for computing power on their own isolated blocks. Therefore, other participants on the network did not recognize this at the time. It was an attack. In hindsight, this may have been a drill.
The Second Attack
After learning the experience of the first attack, the attacker performed the same trick again on July 1, launching a second attack. The second attack started at block height #693995A.
07:16:38 Taal dug out #693999A (2de6ca).
07:39:48 Attackers counterfeiting "ZULUPooL" continuously released four blocks #693996B (282a39)-#693999B (b3fb8a), because #693999B's greater proof of work caused other miners to start working with #693999B.
07:44:39 The attacker dug up #694000A (eeb47c) and asked other miners to switch to #694000A again. The attacker discarded the three blocks #693995B-#693999B.
At 07:57:59, the miner crypto/CODEBLACK/ dug out #694001C (46d995).
08:14:52 #694001C #694001D (01fcf0)-#694003D (25813b) released by the attacker was isolated.
08:24:38 The attacker released #694003A (5c2a59), and isolated himself #694003D (25813b) very insensibly.
08:25:23 The attacker's #694004A (789f48) became part of the main chain. The remaining miners followed.
08:30:44 Taal dug to #694005A (f69f4c).
08:56:36 Taal dug to #694008A (b79739).
09:05:17 The attacker released three blocks #694006E (5082f6)-#694008E (79969d). At this time, the workload of the block exceeded #694008A, and the entire BSV network was switched to the attacker's E chain. Other miners on the BSV network, including TAAL, ViaBTC, and Bcdda, are still happily continuing to produce blocks on the previous #694008E (79969d). At the same time, the attacker packed six consecutive blocks after TAAL #694007A, #694008F (797698)- #694012F (4f76c1), and did not broadcast them to the outside world.
09:15:25 The block height at this time has reached #694011E (102fac). The miners did not expect that the danger was approaching.
09:16:07 The attacker broadcasted #694008F (797698)- #694012F (4f76c1), a total of six blocks, and exceeded the current block height, so that all miners switched to point #694005 (f69f4c), including Start counting on the branch of #694012F. From the outside world, a 6-block reorganization has taken place here.
09:17:05 The attacker broadcasted the next block #694013F (c9e938), which was recognized by other miners on the network. Eventually the F chain became part of the longest chain.
https://mmbiz.qpic.cn/mmbiz_png/HdticE2UdJG70e9DdwWK1KHlMoVCS0ld7uDANfb9luRmeLib9VDjCINl3ak6eTBhJwJeCFcVAekOjdAUpRy0bicpA/640
11:39:08 Attacker broadcasts #694028G (2b635f), reorganized #694025F (c9d50f), but the good times are not long.
11:40:00 was reorganized by Hath at #694029F (6448fb).
18:43:58 The attacker made a comeback again. Reorganized using #694074H (79848a) to #694077H (ba8b77) at the height of #694077F (9dbf18).
What's interesting is that #694008B-#694013B uses the timestamp in the block every two seconds. This also confuses other participants. Calculating based on the timestamp of the block, miners will get the illusion that the attacker's computing power is very large. In fact, when the time in the block header is allowed to be adjusted within a certain range and is considered to be in line with consensus network coordination, the attacker takes advantage of this feature and manually writes the timestamp to make the miners think that these areas Blocks occur in a short time, and because of the characteristics of DAA, the workload of the next block is slightly increased due to the difference in timestamps, resulting in an advantage in the workload competition when compared to the same height . In fact, the attacker broadcasted #694008E at 09:05:15, released #694012F at 09:16:41, and updated #694013F at 09:17:05. There are reasons to believe that the five blocks #694008B-#694012B were discovered between 09:05:15 and 09:16:41. At this time, the difficulty of the BSV network is relatively low, and the remaining miners of the entire network also produced three blocks in 10 minutes. Therefore, it can be roughly estimated that the computing power deployed by the attacker at this time is more than double the original total computing power of the entire network.
At a later time, the attacker also tried to release more than three blocks at once to reorganize other miners. Although different miners felt that they were attacked by other miners, there was no evidence of real hammer. What you see more is that your own blocks are reorganized, and the attacker gains revenue. But in fact, this part of the proceeds was not taken away by the attacker ZULUPooL that was seen on the surface, the real attacker spoofed ZULUPooL. Looking back now, we see that the attacker is not simply digging on one chain, he even isolated his own chain. This part of the attack is trying to use miners who don't know the truth to create a reorganization that exceeds the height of more than 6 blocks.
Multiple attempts to attack
In the following days, the attackers continued to use similar methods to attack, and more and more blocks were reorganized. The reorganization of five blocks from #694628 to #694633, the reorganization of ten blocks from #694663 to #694673, and the reorganization of ten blocks from #694776 to #694785. After several trials without feedback from the miners, a real test of the miners began!
100 blocks highly reorganized and computing power battle
At 15:43:05 on August 3rd, we dug #698740A first. Five minutes later, at 15:48:32, the miners were working at the height of the chain #698740A. At this time, all the miners received the blocks published from "TAAL.com", but in fact, here, the attacker spoofed "TAAL. com" uses TAAL's real payment address. This disguise makes TAAL not "loss", but it confuses other miners and does not know whether this block should be trusted. But the attacker made a mistake that TAAL actually deployed MinerID, which is a protocol that can sign in the block to show the true identity of the miner. Therefore, the counterfeit TAAL.com by the attacker was easily identified. It’s just that we don’t know yet. This will kick off the 100-block height reorganization and computing power war on the BSV blockchain. Although the block height of #698725B here is not as high as #698740A, the attacker’s computing power is greater than that of the entire network at that time, and its cumulative workload exceeds the cumulative workload of miners at that time, so it is regarded as this time. The longest chain. At the same time, the attacker quietly returned to #698736A and began to dig #698737C.
All miners have gone through the 100-block rollback from #698740A (d838a5) to #698641A (e43f25), and started to work on the new block height #698725B, and the block workload caused by the modification of the timestamp The illusion of, together with the attacker, quickly pushed the block height of attack chain B to #698757B (7923fa). At this time, there were 112 confirmations on the attack chain, and at the same time, one event was related to the entire battlefield. The miners' counterattack meeting was also held urgently, and the miners were nervously discussing countermeasures. Around 17:49, Taal decided to say "no" to such a long chain reorganization! Refuse to vote on the attacker's chain and return to mining on the original honest chain. So the miners returned to #698740A (d838a5) and successfully dug out #698741A (81321e) at 18:15:21, and kept digging until 03:47:47#698814A (a969d3). And at 19:58, BA issued a statement calling on everyone to reject dishonest chains and mine on honest chains.
At 03:48:10, the attacker suddenly released #698737C (3d27d7)-#698818C (30fe7e), and publicly continued to dig several blocks to #698820C (2950c8). After that, the attacker returned to #698814A (a969d3) and continued to dig, but it was not disclosed.
03:57:34 The miners switched to the attacker's #698820C (2950c8) due to the greater workload.
04:07:50 The miners dug out #698823C (2d3d0a) on the attacker's chain.
04:14:56 For the second time, the miners actively rejected #698737C (3d27d7) and returned to the honest #698736A (69f2db2).
04:54:50 SVpool dug to #698818A (d07d42).
06:27:31 The attacker released #698815C (c246501) to #698831C (89f565), causing the miner to switch to #698831C (89f565).
06:34:49 The miners manually rejected #698815C (c246501) for the third time, and returned to the honest chain of #698818A (d07d42) to continue mining. After that, no attack was detected for the time being. In the end, thanks to the efforts of many miners, the workload of the honest chain eventually surpassed the attack chain and became part of the longest chain.
https://mmbiz.qpic.cn/mmbiz_png/HdticE2UdJG70e9DdwWK1KHlMoVCS0ld71Zehibo6jCyEbdWyB7JNCrLZTg6YwBG2UaoARdweuCguTrxC0lQy6Lg/640
Did the honest node really win? It can be seen that in #698749 and #698750, the attacker actually used computing power to help the honest chain. There is reason to believe that in the two forked chains #698642A and #698642, there are different double-spending transactions. After the attack chain is confirmed by more than 100 blocks, the attack chain may be recognized by the merchant, and the account can be credited after 100 confirmations. Subsequently, this attack chain was covered by the honest chain, and the transactions on the attack chain became invalid transactions on the honest chain. In this way, merchants who originally approved transactions on the attack chain will suffer losses.
How to resist computing power attacks
Can the Bitcoin protocol, which has been born for eleven years, resist this kind of overwhelming attack? How to fight against the attack of super computing power?
Honest miner and MinerID label
At the same time, we see that attackers can easily imitate other miners, which confuses the audiovisual. The attackers don't care about the revenue generated by the computing power, and even directly use the miner's revenue address. Let us consider the profit in the block as a safety factor to be challenged. Although we are more willing to receive information about honest miners who are familiar with long-term maintenance of honest ledgers, we cannot rely on Coinbase and revenue addresses in the block to determine which behavior is that of the honest miner and make the correct response. It is impossible to reach a consensus quickly. Therefore, we need to urge miners to deploy MinerID as soon as possible to build the credit of miners, and to influence and reach consensus through honest miners publishing their votes.
Bitcoin's security comes from "public"
What I am concerned about is how to protect safe and instant transactions. If everyone is required to give up secure instant transactions and require more than 100 confirmations because of the possibility of reorganization, the Bitcoin system will lose. There are some game thinking behind this. Mainly how can I protect the miners from being artificially framed (partition attacks, and actively send double spends to the miners), but also to reduce the cost (in order to prevent the attack from increasing the cost of everyone is not worth it), but also to protect user. Therefore, a correct security model is very important.
I still think that small real-time transactions are safe. It can be seen that in this attack, the attacker mobilized more computing power than the entire BSV network at that time, but at the same time also assumed the cost of being covered by the honest chain. After paying such a large cost, it is not economically feasible to attack only small zero confirmations and the benefits are limited. What if it is a large transaction? Can we still rely on the confirmation number?
The security of Bitcoin comes from being "open." Therefore, each merchant should pay attention to all block header data on the blockchain, and can identify normal orphan block reorganization and attack behavior by detecting the block header in time, and carry out different countermeasures for different situations. Because of orphan blocks and reorganization within a block, it will happen frequently. As long as the block reorganization occurs publicly, rather than the occurrence of block withholding, it will have no impact on the security of the transaction. In the public reorganization, the merchant can clearly see the situation of the two competing chains. He only needs to ensure that the transactions he receives exist on both chains at the same time. However, if block withholding occurs, merchants can only see one chain, so they cannot judge whether their transactions are received by all miners. This is an attack on the network. For miners who keep accounts honest, they need to ensure that the blocks they pack will become part of the longest chain. Therefore, for this attack, everyone insisted on under the leadership of the large computing power miners, followed the choice of the computing power leader, and quickly reached a consensus that the longest chain surpassed the attack chain. This ability to judge and select an honest blockchain based on block header information is what miners need to try to convince merchants to do. Therefore, miners are motivated to broadcast the block header. Because miners need to broadcast the block header data of their work as soon as possible to get merchants' recognition of honesty. Concealing one's own block header is dishonest. The reason is that the hidden information makes it impossible for users to judge whether there is danger. Users should not believe that although the workload is greater, it hides its own chain. Therefore, it is purely driven by profit, so as long as the block header is hidden, the recipient can completely disallow the accounting results on the hidden blockchain and require waiting for the end of the fork. Or initiate a refund. This is a standard confirmation process based on the merchant's own data perspective.
Corresponding measures for blockchain bifurcation detection
The entire ecology needs to strictly abide by the longest chain principle. But this is not simply a judgment based on the only criterion of the longest chain of computing power. Miners need to judge what an honest chain is and use their computing power to express it. Users need to judge what happened on the blockchain ledger based on the public computing power information, and then judge what response should be made through obvious public signs. When merchants find that there is a long fork, they must be keenly aware that not only the number of block confirmations needs to be met, but also other security measures should be considered.
The countermeasure I suggest merchants take is this. When confirming the user's account, check the block header and workload status of the blockchain. 1. Follow the number of block confirmations when no fork chain is found; 2. If a block fork is found, then the transaction needs to exist on two or more blockchains at the same time. If multiple blockchains contain the transaction, you can confirm that no matter which fork wins, the transaction It can be included in the ledger; 3. Check whether the transaction has double spend, if double spend is found, the transaction should be rejected, and the merchant can choose to refund the transaction; 4. If the transaction is not found temporarily Double spend, but only exists on one blockchain instead of on all detected chains. You need to wait until multiple chains are confirmed at the same time, or some of them become solitary blocks. This judgment strategy, which only needs to pay attention to the block header data and the Merkel proof of the transaction, is the best strategy that merchants can adopt to protect their own interests no matter which chain the miner decides to mine.
What is honest blockchain and gaming
Because the miners did not reach a consensus on the order of the double spend, the miners should not identify which transaction in the double spend transaction is honest and which transaction belongs to the double spend transaction. What the miner must do is to truthfully disclose the double spend and ensure that the user has the ability to correctly detect the double spend. In addition, miners are unlikely to guard every transaction to ensure that the transaction does not have double spend. Doing so will increase the cost of the entire system, but miners can use the correct strategy to make every double spend can be detected in time. As long as the user can quickly detect the double spend, they can quickly refund. Ask the payer to make a new payment. The problem has actually been solved.
This mechanism encourages nodes to broadcast the entire network for the block headers they are digging and received. Because only the block headers dug by oneself can be publicly seen by the entire network, the suspicion of private mining can be removed and isolated by the defense of miners, and excluded by ecological accusations of disrupting network security. The most important part of the Bitcoin protocol is the game and economic incentives. The node does not transmit any byte of data with altruism, but also gains the recognition of the whole ecology through its own efforts and the acceptance of other miners.
Through the above-mentioned screening of block header data, different coping strategies are adopted. No matter how the miners choose, the best strategy that a rational user may choose is certain, so the result of this game is a Nash equilibrium, which is formed by all miners. consensus. Therefore, miners must choose the best response strategy under the Nash equilibrium to prevent their blocks from being rejected by the ecology. At this time, the Nash equilibrium of the entire ecology is reached. Miners know what ledger is an honest ledger and is accepted by the ecology. This honesty means being open without concealment. Afterwards, perhaps out of cost considerations, users may save some costs based on risk and benefit considerations. For example, only ask a few miners instead of all miners.
From this perspective, the so-called "honesty" is not just a "first come, first served" that cannot be tested, but a proper commitment and fulfillment of commitments, as well as correct disclosure. "First come first served" is just a reasonable strategy that miners can adopt. Any hidden behavior will reduce the security of the system and undermine the security of secure instant transactions, and should be regarded as an attack on the network. The detection of double spending should not be a service that the miner must provide, but when asked, the miner should give the correct result, whether he accepts the transaction and gives a promise.
With the introduction of MinerID and miners’ commitment to query results, as well as the ability of merchants to verify public block header data, we can build a more secure blockchain system, allowing miners, merchants, and users to be incentivized to pay security costs to improve their own Security, so there is no fear of hidden computing power attacks.
Read the original text: https://www.dotwallet.cn/article/285
Original Miner Zheliang source https://mp.weixin.qq.com/s/hoBR180NEfc4j5OQKL2oJg
Many years later, when miner Zheliang paid close attention to the voting process of other miners in the middle of a certain night, he would still think of the late night against the attack of computing power.
That attack was a long-planned attack. The observer in the dark, after careful planning and preparation, launched the first attack. That was on June 24, 2021, an anonymous attacker used the name "Zulupool" and used a method called "block withholding" by academia to launch an attack on the Bitcoin SV network. This attack method, called "block withholding", uses the original Bitcoin SV merchants and payees to rely on the "confirmation number" for accounting. The attacker first starts to use the secret of great computing power. Mining (withholding), and package the BSV in the block that you mine to transfer to yourself (Ligui transaction), and at the same time transfer the same BSV to the exchange (Li Kui transaction). After a period of secret mining (withholding), the exchange confirmed the transaction and allowed its deposit and transaction withdrawal because the "confirmation number" of the "Li Kui transaction" reached the standard. After completing the above actions, the attacker sees that his secretly mined block is higher than the public honest blockchain, and releases the previously secretly mined block. At this time, in the eyes of other miners and merchants, they found a chain with more workload, so they abandoned the previous honest chain and switched to the blockchain containing the Ligui transaction. At this time, the "Likui transaction" was deleted. , The exchange found that the initial deposit was missing.
The First Attack Attempt
In the first attack attempt (#692928-#692931), the attacker filled in "Zulupool" in the block header to imitate the "Zulupool" that was originally jumping on the chain (Zulupool is a mine that uses the Hathor protocol for joint mining. Pool, when the profit of BSV mining is high, it will switch to BSV mining). Because the influx of a large amount of computing power in a short period of time will shorten the block generation time. At this time, it is a rational behavior for miners to insist on competing for computing power on their own isolated blocks. Therefore, other participants on the network did not recognize this at the time. It was an attack. In hindsight, this may have been a drill.
The Second Attack
After learning the experience of the first attack, the attacker performed the same trick again on July 1, launching a second attack. The second attack started at block height #693995A.
07:16:38 Taal dug out #693999A (2de6ca).
07:39:48 Attackers counterfeiting "ZULUPooL" continuously released four blocks #693996B (282a39)-#693999B (b3fb8a), because #693999B's greater proof of work caused other miners to start working with #693999B.
07:44:39 The attacker dug up #694000A (eeb47c) and asked other miners to switch to #694000A again. The attacker discarded the three blocks #693995B-#693999B.
At 07:57:59, the miner crypto/CODEBLACK/ dug out #694001C (46d995).
08:14:52 #694001C #694001D (01fcf0)-#694003D (25813b) released by the attacker was isolated.
08:24:38 The attacker released #694003A (5c2a59), and isolated himself #694003D (25813b) very insensibly.
08:25:23 The attacker's #694004A (789f48) became part of the main chain. The remaining miners followed.
08:30:44 Taal dug to #694005A (f69f4c).
08:56:36 Taal dug to #694008A (b79739).
09:05:17 The attacker released three blocks #694006E (5082f6)-#694008E (79969d). At this time, the workload of the block exceeded #694008A, and the entire BSV network was switched to the attacker's E chain. Other miners on the BSV network, including TAAL, ViaBTC, and Bcdda, are still happily continuing to produce blocks on the previous #694008E (79969d). At the same time, the attacker packed six consecutive blocks after TAAL #694007A, #694008F (797698)- #694012F (4f76c1), and did not broadcast them to the outside world.
09:15:25 The block height at this time has reached #694011E (102fac). The miners did not expect that the danger was approaching.
09:16:07 The attacker broadcasted #694008F (797698)- #694012F (4f76c1), a total of six blocks, and exceeded the current block height, so that all miners switched to point #694005 (f69f4c), including Start counting on the branch of #694012F. From the outside world, a 6-block reorganization has taken place here.
09:17:05 The attacker broadcasted the next block #694013F (c9e938), which was recognized by other miners on the network. Eventually the F chain became part of the longest chain.
https://mmbiz.qpic.cn/mmbiz_png/HdticE2UdJG70e9DdwWK1KHlMoVCS0ld7uDANfb9luRmeLib9VDjCINl3ak6eTBhJwJeCFcVAekOjdAUpRy0bicpA/640
11:39:08 Attacker broadcasts #694028G (2b635f), reorganized #694025F (c9d50f), but the good times are not long.
11:40:00 was reorganized by Hath at #694029F (6448fb).
18:43:58 The attacker made a comeback again. Reorganized using #694074H (79848a) to #694077H (ba8b77) at the height of #694077F (9dbf18).
What's interesting is that #694008B-#694013B uses the timestamp in the block every two seconds. This also confuses other participants. Calculating based on the timestamp of the block, miners will get the illusion that the attacker's computing power is very large. In fact, when the time in the block header is allowed to be adjusted within a certain range and is considered to be in line with consensus network coordination, the attacker takes advantage of this feature and manually writes the timestamp to make the miners think that these areas Blocks occur in a short time, and because of the characteristics of DAA, the workload of the next block is slightly increased due to the difference in timestamps, resulting in an advantage in the workload competition when compared to the same height . In fact, the attacker broadcasted #694008E at 09:05:15, released #694012F at 09:16:41, and updated #694013F at 09:17:05. There are reasons to believe that the five blocks #694008B-#694012B were discovered between 09:05:15 and 09:16:41. At this time, the difficulty of the BSV network is relatively low, and the remaining miners of the entire network also produced three blocks in 10 minutes. Therefore, it can be roughly estimated that the computing power deployed by the attacker at this time is more than double the original total computing power of the entire network.
At a later time, the attacker also tried to release more than three blocks at once to reorganize other miners. Although different miners felt that they were attacked by other miners, there was no evidence of real hammer. What you see more is that your own blocks are reorganized, and the attacker gains revenue. But in fact, this part of the proceeds was not taken away by the attacker ZULUPooL that was seen on the surface, the real attacker spoofed ZULUPooL. Looking back now, we see that the attacker is not simply digging on one chain, he even isolated his own chain. This part of the attack is trying to use miners who don't know the truth to create a reorganization that exceeds the height of more than 6 blocks.
Multiple attempts to attack
In the following days, the attackers continued to use similar methods to attack, and more and more blocks were reorganized. The reorganization of five blocks from #694628 to #694633, the reorganization of ten blocks from #694663 to #694673, and the reorganization of ten blocks from #694776 to #694785. After several trials without feedback from the miners, a real test of the miners began!
100 blocks highly reorganized and computing power battle
At 15:43:05 on August 3rd, we dug #698740A first. Five minutes later, at 15:48:32, the miners were working at the height of the chain #698740A. At this time, all the miners received the blocks published from "TAAL.com", but in fact, here, the attacker spoofed "TAAL. com" uses TAAL's real payment address. This disguise makes TAAL not "loss", but it confuses other miners and does not know whether this block should be trusted. But the attacker made a mistake that TAAL actually deployed MinerID, which is a protocol that can sign in the block to show the true identity of the miner. Therefore, the counterfeit TAAL.com by the attacker was easily identified. It’s just that we don’t know yet. This will kick off the 100-block height reorganization and computing power war on the BSV blockchain. Although the block height of #698725B here is not as high as #698740A, the attacker’s computing power is greater than that of the entire network at that time, and its cumulative workload exceeds the cumulative workload of miners at that time, so it is regarded as this time. The longest chain. At the same time, the attacker quietly returned to #698736A and began to dig #698737C.
All miners have gone through the 100-block rollback from #698740A (d838a5) to #698641A (e43f25), and started to work on the new block height #698725B, and the block workload caused by the modification of the timestamp The illusion of, together with the attacker, quickly pushed the block height of attack chain B to #698757B (7923fa). At this time, there were 112 confirmations on the attack chain, and at the same time, one event was related to the entire battlefield. The miners' counterattack meeting was also held urgently, and the miners were nervously discussing countermeasures. Around 17:49, Taal decided to say "no" to such a long chain reorganization! Refuse to vote on the attacker's chain and return to mining on the original honest chain. So the miners returned to #698740A (d838a5) and successfully dug out #698741A (81321e) at 18:15:21, and kept digging until 03:47:47#698814A (a969d3). And at 19:58, BA issued a statement calling on everyone to reject dishonest chains and mine on honest chains.
At 03:48:10, the attacker suddenly released #698737C (3d27d7)-#698818C (30fe7e), and publicly continued to dig several blocks to #698820C (2950c8). After that, the attacker returned to #698814A (a969d3) and continued to dig, but it was not disclosed.
03:57:34 The miners switched to the attacker's #698820C (2950c8) due to the greater workload.
04:07:50 The miners dug out #698823C (2d3d0a) on the attacker's chain.
04:14:56 For the second time, the miners actively rejected #698737C (3d27d7) and returned to the honest #698736A (69f2db2).
04:54:50 SVpool dug to #698818A (d07d42).
06:27:31 The attacker released #698815C (c246501) to #698831C (89f565), causing the miner to switch to #698831C (89f565).
06:34:49 The miners manually rejected #698815C (c246501) for the third time, and returned to the honest chain of #698818A (d07d42) to continue mining. After that, no attack was detected for the time being. In the end, thanks to the efforts of many miners, the workload of the honest chain eventually surpassed the attack chain and became part of the longest chain.
https://mmbiz.qpic.cn/mmbiz_png/HdticE2UdJG70e9DdwWK1KHlMoVCS0ld71Zehibo6jCyEbdWyB7JNCrLZTg6YwBG2UaoARdweuCguTrxC0lQy6Lg/640
Did the honest node really win? It can be seen that in #698749 and #698750, the attacker actually used computing power to help the honest chain. There is reason to believe that in the two forked chains #698642A and #698642, there are different double-spending transactions. After the attack chain is confirmed by more than 100 blocks, the attack chain may be recognized by the merchant, and the account can be credited after 100 confirmations. Subsequently, this attack chain was covered by the honest chain, and the transactions on the attack chain became invalid transactions on the honest chain. In this way, merchants who originally approved transactions on the attack chain will suffer losses.
How to resist computing power attacks
Can the Bitcoin protocol, which has been born for eleven years, resist this kind of overwhelming attack? How to fight against the attack of super computing power?
Honest miner and MinerID label
At the same time, we see that attackers can easily imitate other miners, which confuses the audiovisual. The attackers don't care about the revenue generated by the computing power, and even directly use the miner's revenue address. Let us consider the profit in the block as a safety factor to be challenged. Although we are more willing to receive information about honest miners who are familiar with long-term maintenance of honest ledgers, we cannot rely on Coinbase and revenue addresses in the block to determine which behavior is that of the honest miner and make the correct response. It is impossible to reach a consensus quickly. Therefore, we need to urge miners to deploy MinerID as soon as possible to build the credit of miners, and to influence and reach consensus through honest miners publishing their votes.
Bitcoin's security comes from "public"
What I am concerned about is how to protect safe and instant transactions. If everyone is required to give up secure instant transactions and require more than 100 confirmations because of the possibility of reorganization, the Bitcoin system will lose. There are some game thinking behind this. Mainly how can I protect the miners from being artificially framed (partition attacks, and actively send double spends to the miners), but also to reduce the cost (in order to prevent the attack from increasing the cost of everyone is not worth it), but also to protect user. Therefore, a correct security model is very important.
I still think that small real-time transactions are safe. It can be seen that in this attack, the attacker mobilized more computing power than the entire BSV network at that time, but at the same time also assumed the cost of being covered by the honest chain. After paying such a large cost, it is not economically feasible to attack only small zero confirmations and the benefits are limited. What if it is a large transaction? Can we still rely on the confirmation number?
The security of Bitcoin comes from being "open." Therefore, each merchant should pay attention to all block header data on the blockchain, and can identify normal orphan block reorganization and attack behavior by detecting the block header in time, and carry out different countermeasures for different situations. Because of orphan blocks and reorganization within a block, it will happen frequently. As long as the block reorganization occurs publicly, rather than the occurrence of block withholding, it will have no impact on the security of the transaction. In the public reorganization, the merchant can clearly see the situation of the two competing chains. He only needs to ensure that the transactions he receives exist on both chains at the same time. However, if block withholding occurs, merchants can only see one chain, so they cannot judge whether their transactions are received by all miners. This is an attack on the network. For miners who keep accounts honest, they need to ensure that the blocks they pack will become part of the longest chain. Therefore, for this attack, everyone insisted on under the leadership of the large computing power miners, followed the choice of the computing power leader, and quickly reached a consensus that the longest chain surpassed the attack chain. This ability to judge and select an honest blockchain based on block header information is what miners need to try to convince merchants to do. Therefore, miners are motivated to broadcast the block header. Because miners need to broadcast the block header data of their work as soon as possible to get merchants' recognition of honesty. Concealing one's own block header is dishonest. The reason is that the hidden information makes it impossible for users to judge whether there is danger. Users should not believe that although the workload is greater, it hides its own chain. Therefore, it is purely driven by profit, so as long as the block header is hidden, the recipient can completely disallow the accounting results on the hidden blockchain and require waiting for the end of the fork. Or initiate a refund. This is a standard confirmation process based on the merchant's own data perspective.
Corresponding measures for blockchain bifurcation detection
The entire ecology needs to strictly abide by the longest chain principle. But this is not simply a judgment based on the only criterion of the longest chain of computing power. Miners need to judge what an honest chain is and use their computing power to express it. Users need to judge what happened on the blockchain ledger based on the public computing power information, and then judge what response should be made through obvious public signs. When merchants find that there is a long fork, they must be keenly aware that not only the number of block confirmations needs to be met, but also other security measures should be considered.
The countermeasure I suggest merchants take is this. When confirming the user's account, check the block header and workload status of the blockchain. 1. Follow the number of block confirmations when no fork chain is found; 2. If a block fork is found, then the transaction needs to exist on two or more blockchains at the same time. If multiple blockchains contain the transaction, you can confirm that no matter which fork wins, the transaction It can be included in the ledger; 3. Check whether the transaction has double spend, if double spend is found, the transaction should be rejected, and the merchant can choose to refund the transaction; 4. If the transaction is not found temporarily Double spend, but only exists on one blockchain instead of on all detected chains. You need to wait until multiple chains are confirmed at the same time, or some of them become solitary blocks. This judgment strategy, which only needs to pay attention to the block header data and the Merkel proof of the transaction, is the best strategy that merchants can adopt to protect their own interests no matter which chain the miner decides to mine.
What is honest blockchain and gaming
Because the miners did not reach a consensus on the order of the double spend, the miners should not identify which transaction in the double spend transaction is honest and which transaction belongs to the double spend transaction. What the miner must do is to truthfully disclose the double spend and ensure that the user has the ability to correctly detect the double spend. In addition, miners are unlikely to guard every transaction to ensure that the transaction does not have double spend. Doing so will increase the cost of the entire system, but miners can use the correct strategy to make every double spend can be detected in time. As long as the user can quickly detect the double spend, they can quickly refund. Ask the payer to make a new payment. The problem has actually been solved.
This mechanism encourages nodes to broadcast the entire network for the block headers they are digging and received. Because only the block headers dug by oneself can be publicly seen by the entire network, the suspicion of private mining can be removed and isolated by the defense of miners, and excluded by ecological accusations of disrupting network security. The most important part of the Bitcoin protocol is the game and economic incentives. The node does not transmit any byte of data with altruism, but also gains the recognition of the whole ecology through its own efforts and the acceptance of other miners.
Through the above-mentioned screening of block header data, different coping strategies are adopted. No matter how the miners choose, the best strategy that a rational user may choose is certain, so the result of this game is a Nash equilibrium, which is formed by all miners. consensus. Therefore, miners must choose the best response strategy under the Nash equilibrium to prevent their blocks from being rejected by the ecology. At this time, the Nash equilibrium of the entire ecology is reached. Miners know what ledger is an honest ledger and is accepted by the ecology. This honesty means being open without concealment. Afterwards, perhaps out of cost considerations, users may save some costs based on risk and benefit considerations. For example, only ask a few miners instead of all miners.
From this perspective, the so-called "honesty" is not just a "first come, first served" that cannot be tested, but a proper commitment and fulfillment of commitments, as well as correct disclosure. "First come first served" is just a reasonable strategy that miners can adopt. Any hidden behavior will reduce the security of the system and undermine the security of secure instant transactions, and should be regarded as an attack on the network. The detection of double spending should not be a service that the miner must provide, but when asked, the miner should give the correct result, whether he accepts the transaction and gives a promise.
With the introduction of MinerID and miners’ commitment to query results, as well as the ability of merchants to verify public block header data, we can build a more secure blockchain system, allowing miners, merchants, and users to be incentivized to pay security costs to improve their own Security, so there is no fear of hidden computing power attacks.
Read the original text: https://www.dotwallet.cn/article/285
Original Miner Zheliang source https://mp.weixin.qq.com/s/hoBR180NEfc4j5OQKL2oJg
This is what happens in the narrow mind of a CUC small blocker filled with hate & jealousy.
& compare The originel bitcoin source code 
As you can see, BSV money transfer is instantaneous:
.
