Topic: Bitcoin topic on Quora.com (Read 7828 times)

Because ideas matter

kakigarden.com redirects to a facebook page.

Why should I read anything more from someone who does that ?

This is all about perceived value (miners hope to gain much more than the current value) and flexibility (amazon offers more than computing hashes).

Interesting when one considers it that way.  So what about a parallel currency whose exchange rate is being subsidized such that mining the new parallel currency is more profitable than mining Bitcoin currently is?

In other words can enough of Bitcoin's miners be seduced into switching to a new parallel currency such that Bitcoin becomes vulnerable?

Maybe that quora question's part 3 (#3. Competition) merits further discussion?

This just occurred to me.  The existing 150 Ghash/s network costs just $144 per hour.

There were 165 blocks created in the past 24 hours (per Bitcoin Watch) and each earned 50 BTC.  That means 8,250 BTC were paid to those mining.  At BTC/USD currently at $0.42 each, that's $3,465 per day that is paid for a network that will do 150 Ghash/s.

So why does Amazon charge seventy times as much?   :-)

There are only, on average, about 1 transaction every 10 minutes.  That is six confirmations in an hour which is the hard time limit before a transaction is confirmed.  Let's assume the attackers are real lucky and get twice that many blocks as they are doubling the generation rate.... hence only two attacks would be possible in an hour.  Maybe a few more than that by "double spending" on each block, but you would also have to "win" all of those blocks too.

BTW, attempts to double spend coins would be ignored once the "attack" is over with likely a bunch of competing chains floating around the network temporarily while nodes are analyzing the transactions, but once the double spending filters are applied to the transactions the double spending transactions and blocks associated with those transactions will be culled... as if the attack never happened in the first place.

It would essentially be wasted CPU effort and even the bitcoins "earned" by winning a block would be discarded too.  It is as pointless of an attack as I've ever seen proposed.

These guys certainly show a lack of understanding here about the Bitcoin protocols.  The issue here isn't gaining temporary control of a majority of the CPU power of the network, the issue is gaining control of a majority of the network over a prolonged period of time.

More importantly, there is a mistaken notion here that transactions are "irreversible".  If you are engaged in gaming Bitcoins, transactions are indeed reversible and any attempt to double spend will be wiped out upon verification by the trusted nodes on the network.  BTW, CPU power alone isn't sufficient but also having the transactions verified by the various nodes including those who aren't necessarily even providing CPU power but rather merely network bandwidth.  If you can't get the majority of the nodes to accept your blocks & transactions, it is a wasted transaction even if you have a huge amount of CPU bandwidth being thrown at the issue.

BTW, this is one of the reasons why changed in 0.3.16 were such a big deal because it did change some of what the "ordinary nodes" were doing with some of the blocks and packets, rejecting certain transactions because of "unusual" data.

This kind of "attack" does point out that folks who are shipping physical merchandise ought to set up perhaps some sort of policy of requiring perhaps a few more than just six confirmations, as that is the real scam here.  In the attempt to double-spend, the attacker is trying to fool somebody into thinking they have legitimately received payment when in fact they haven't received any bitcoins at all.  When the attack fails, the "accounts" or at least who has what bitcoins will be a settled issue.

From the article:


Assuming that they are trying to get physical merchandise from somebody where it is being sent to a physical address of some kind as their way of being able to gain money from this scam.  By double spending, the attacker is assuming that they are going to be receiving the merchandise in spite of the merchant not receiving payment.  When the merchant realizes that the transaction is invalid (you don't even need to be reading the forums to notice that fact... contrary to what was said in the article earlier) they are going to either withhold shipment (and announce a strange set of blocks on the forums if they are thinking clearly or at least saying WTF happened to my transaction!) or they can then notify the shipping agent they are using that some sort of fraud was going on with the package and "request" that the package be returned or discarded and not sent to the addressee.  Either way, the scammer isn't going to get the merchandise and at worst is only wasting somebody's time or forcing a merchant to lose some money.

Furthermore, fraud can certainly be prosecuted under current laws.  Nothing new even needs to be passed in terms of going after these scammers legally in most countries and jurisdictions.  This is indeed very much within the legal definition of fraud and can be proven in court and certainly explained to law enforcement as if a "check" bounced and that payment failed or some other similar kind of explanation until you have to get inside of a court room.  You might be able to attack the validity of Bitcoins as a payment method, but certainly the fact that something of value was transmitted in exchange for something else of value, but then that "something" (in this bitcoins) was not in fact actually transferred would be considered fraud.  I would also argue that typically a judge in this situation would recognize Bitcoins as a valid payment method, at least if you can get somebody to explain what exactly is Bitcoins in simple terms that can be told to a jury without getting into the gritty details.  That both parties thought Bitcoins had value is the only legal question that would have to be asked in this case.

Some idiot presuming that the court system will stay away from you merely because you are using Bitcoins may have cold hard reality facing down upon themselves.  It isn't that this could be illegal, I'm suggesting that an attack of this nature would be illegal already and in fact is.  If you want chapter and verse, at least specify jurisdiction if you want me to give you an answer.  I can think of several laws this would violate and in at least America nearly a dozen law enforcement agencies who would all have jurisdiction too in any given town depending on what was sold and how it was shipped.

It is possible that somebody really thinking this through might set up dead drop mailboxes and have other ways to launder the merchandise, but we aren't talking check kiting here that can take a day or two and up to a couple of weeks to detect.

In short, the author of this piece is completely clueless about Bitcoins and doesn't know what he is talking about.  A good try, and certainly there are ways to scam Bitcoins from people who are unsuspecting, but trying to do that through an attack on the system in the nature described is not only a waste of time, but dangerous to do even from a legal standpoint where the risk on the ROI is far greater than even presumed as with potential criminal penalties and loss of liberty are enough to make this a negative ROI... at least with this method.  If you are going to scam, scam at least with "legitimate" transactions with something like a Ponzi scheme.

The issue of money laundering via Bitcoins is something real, but that is confusing a criticism of Bitcoins with a legal protection of some weird and perverse kind.  Just because trade in cocoa beans may or may not be legal in a jurisdiction doesn't stop a trade transaction using cocoa beans from being illegal for other reasons too.

The other issues listed in this article have been amply debunked in earlier postings on this thread and deserve no further analysis as they are equally faulty.

Why ?

It would allow you to double-spend without controlling the network at the time of the initial transaction that you want to double-spend. Otherwise you need to control the network for the entire time between the first and second transaction.


It's another person do deal with, and they won't be cooperating with you to improve speed. Perhaps it is not much more difficulty right now, but it will be if this is implemented:


Whenever a block chain reorganize occurs, check if any of the replaced transactions are yours or are being replaced by a version that is now yours. If they are, then a double-spend is almost certainly happening with you as a party. The transaction should then be marked specially and not listed by any of the RPC methods by default. You can also watch memory pool transactions in the same way.

This wouldn't protect against an attacker who can reverse your 6-confirmation transactions, but it would stop the person receiving the double-spend from accepting it and alert everyone that someone is double-spending.

From the Quora question:


You can't spend 400 BTC 80 times in 1 hour.  If you control a majority of the generation you could spend them twice an an hour (assuming merchants require 6 confirmations).

So you need to divide your expected profit per hour by 40, making your ROI very, very negative.

Hi theymos,

thanks for the very technical answer.


Why should an attacker want to go back, instead of just being faster than the honest network in producing a longer chain ?


1) Why do you say that a "backspend" is a better double-spending than a second spend towards a second recipient ?
2) How could a future Bitcoin client ever be protected from the double-spending exploit that currently affects Bitcoin ?

Hi Gavin,

thanks for the explanation.


Are you saying that:
a) an attacker should announce a block chain where the spend is never acknowledged ?
b) the attacker should announce a block chain where the spend is acknowledged, and where another opposite transaction is, too ?
c) the attacker should announce a block chain where the spend is acknowledged, but the recipient is not the merchant address anymore but the/a attarcker's address ?


Would you agree on this description of the attack ?

"So in summary the attack works like this: the first BTCs spend happens in, say, block 105000. After the merchant acknowledges it and delivers the good/service to the attacker, the attacker's malicious network releases a new block 105000 and as many blocks after it as needed to make it the longest chain. Now the whole network (honest clients included) acknowledges that the attacker holds the coin because there is no record of first the transaction according to the majority of CPUs. Then the BTCs are spent again, and the process is repeated many times."

I feel that your point is: the transaction can't just disappear.


Ummm ... are you sure ? Could you be specific as which numbers are wrong in my Quora question ? According to my calculations, the ROI of such attack would be extremely positive.

You are confusing "control 50+% of generating power" with "control connections."

Lets say you control 51% of the generating power.

You can:

Spend bitcoins once.  Then wait for them to be confirmed by the rest of the network as many times as the merchant requires, while secretly working on another version of the block chain where you did NOT spend them.  Your secret block chain should be longer than the network's, since you control 51% of the generating power.

So you announce your secret block chain, and instead of sending those coins to a merchant you include a transaction where you send them to yourself.  YEAH!  you just ripped off the merchant!  Wahoo!

You cannot rip off two merchants with the same bitcoins-- one or the other of the transactions will be seen as valid.

And you cannot "unspend" the transaction to the merchant-- if you don't spend it SOMEWHERE, the merchant's bitcoin node will re-announce it to the network and all the other nodes will consider those bitcoins "spent, just waiting to be included in the next generated block."


If you run the numbers again with the realistic double-spend scenario, you'll see crime doesn't pay.  There is no way you can rent enough hashing power to commit a profitable double-spend attack.

If you can steal the hashing power (maybe you're a bot farmer), then if you run the numbers you'll find it is more profitable to just generate blocks and sell the bitcoins rather than try to somehow get stuff trying to double-spend.

No. Rewriting old blocks requires you to generate them again. So if you want to go back 6 blocks, you have to do the work required to generate them with the current difficulty and continue to compete against legitimate generators.


That's much more difficult. A future version of Bitcoin will probably let the second recipient identify this attack immediately, since it is easy to see. A more likely attack is one where the second spend is back to the attacker.

Hi Gavin,

thanks for your technical answer. You sound expert in the details of how Bitcoin works, I hope to learn more.


Satoshi Nakamoto writes in his white paper that it is not needed to control all of the bitcoin connections, but just a majority of them. Am I missing something ?


Please note that the attack I outline targets BTC users who are not pros.

Hi theymos


I'm sorry but I don't understand your argument. The goal of the attacker is to harvest goods/services and have 0 BTCs at the end of the attack, but be plenty of goods/services. The attacker will therefore not suffer from the FRN/BTC ratio plummeting because of panic triggered when the the community realizes to have been hacked, which is after the attack is completed. I hope you agree with me.

HI freetx


I agree with you: the fact that governments, competitors and infiltration will attack Bitcoin should not be a reason not to fight. But my concern is: how will the FRN/BTC ratio be affected when such shocks happen ? This is very important for me and people to know: if I am to accept BTCs in exchange for my labour, I wanna know how likely it is that the result of my labour could plummet, and how much. I hope you have the same concern

Hi caveden


Absolutely. Please note that in the attack I outilned the targets are not moneychangers, nor banks, nor any BTC pro.


Please look at the numbers outlined in the Quora question for this.


I totally agree with you on a moral side. Criminal activities are a bad thing, and Bitcoin is an effort to liberate people from criminal-like monopolies. Unfortunately I think there will always be a country in the world where hacking Bitcoin is not considered illegal. On the other hand, I fear that Bitcoin will soon be rendered illegal in many countries.

Hi Freemoney,

thanks for answering me with such detail.


I think you're referring to this:


I disagree. A slow attack can target slow-shipping goods/services coming from isolated community-unaware sellers. A fast attack can target immediate-delivery goods/services making sure the interval of being alerted is smaller than the duration of the attack.


Yes. That's exactly the business of a malicious attacker. The whole point of Bitcoin should be being resilient to malicious attacks.

You also add:


I disagree. The first scenario I outlined involves attacking just 80 providers accepting BTC, in 60 minutes.



The transactions involved in such attack would be worth around FRN ("USD") 160 each, which is surely not the entire stock of a shop owner, nor all the goods/services providable by a generic seller.


See the two points above.


The attack scenario is based on the current Bitcoin network status.


I disagree. As I said, it takes only 80 relatively small transactions to complete the attack, and it doesn't have to by central banks' currencies. If I were a merchant I would like to be 100% sure that I can't be ripped off if I accept BTC, regardless of what I'm selling. Am I wrong, or do merchants lack this insurance if they use BTC ?

In your last post you add:


I understand your argument. Why shouldn't the attacker be able to releases a new block and as many blocks after it as needed to make its malicious chain the longest chain after the merchant has delivered the good/service to him ?


Makes a lot of sense. The attacker should buy immediate-delivery or fast-delivery goods services, such as: face-to-face material goods (in real shops), virtual goods, music, movies, ebooks, etc. The more the Bitcoin network grows, the more stuff available to be stolen will be available. Also, please consider that the job of an attacker is to figure out these details, while a merchant should be insured that hacking the system is not an option on Bitcoin.


You're right, but you'll agree with me that the attack should consist of 80 small transactions, involving sellers who are not superalert as moneychangers or bankers are.


I agree. The goal of the attacker should not be to steal everything available in Bitcoin, but just enough to reap a positive ROI.


A technical question: isn't owning the majority of the CPU power enough to impose a malicious chain, regardless of the size and age of the network, and the consequent difficulty ?

FreeMoney is absolutely right.

The only way to get 80 people to accept the same 400 bitcoins would be to control all of their bitcoin connections and feed them different versions of the block chain.

And THAT will be impossible, because the people you're trying to rip off (merchants selling stuff) are exactly the people with long-running, well-connected bitcoin nodes.