Author

Topic: Bitcoin Watchdog Service (Read 8718 times)

founder
Activity: 364
Merit: 7423
August 13, 2010, 12:09:27 PM
#9
Quote
But there will be no irc server to bootstrap from.
Which doesn't matter because you can't access sourceforge to download the software either.

If you've ever been connected before, you don't need IRC to bootstrap anymore.  Even if you haven't, you can bootstrap from seed nodes.  IRC is completely redundant since 0.3.0.
full member
Activity: 158
Merit: 100
August 13, 2010, 01:45:50 AM
#8
Definitively, we need some overall network hps meter in every node.

And at last I've found that article:
http://www.informit.com/articles/article.aspx?p=1237179

Network splits are easier to produce, and happen more often, than many users on this forum think.
You don't really need to cut any cable, nor hack into ISP's router to plug that ISP off Internet.
You don't need to hack his peers either. All you need is BGP router in any AS (and some unwary BGP peers).
I have one  Grin

So, it is possible to talk about a short (1 - 3 hours) and controlled network split.
Not just split in half, but split into ASes. After an hour or three-four most of ISPs will recover, but that
really depends on work hours. Weekend attack may have more prolonged effect.
Perhaps in the future that will be fixed and no BGP router will be vulnerable, but
anyway, nobody should count on Internet stability and persistent connectivity.
How would an attacker connect to both sides during this split in order to spend the coins? And if the attacker can do it, the likelihood that one or more honest nodes could bridge the divide is pretty good.
1. Why an attacker is forced to be a single person with a single PC?
Copy the wallet on another PC and use it anywhere!

2. Why should network isolation only be used for double spending?
Can't it be used to slow down block generation? Will that affect difficulty adjustment?

True, there would probably be someone with a dial-up modem or satellite dish internet.  Rarer would be someone who has both that and the wired internet that has the outage, but if it's a big enough segment to matter, out of a million people there's bound to be a multi-home geek.
But there will be no irc server to bootsrap from.
founder
Activity: 364
Merit: 7423
August 12, 2010, 04:34:44 PM
#7
True, there would probably be someone with a dial-up modem or satellite dish internet.  Rarer would be someone who has both that and the wired internet that has the outage, but if it's a big enough segment to matter, out of a million people there's bound to be a multi-home geek.

ISP network cuts are just your local area.  If you still have communication with the rest of your area, it would probably be something like 1/1000 of the world or less.  Block generation in the segment would take several hours per block.

I favour the plan to monitor if the frequency of blocks received drops too slow.  That covers a large range of possibilities.
full member
Activity: 307
Merit: 102
August 12, 2010, 12:02:43 PM
#6
Definitively, we need some overall network hps meter in every node.

And at last I've found that article:
http://www.informit.com/articles/article.aspx?p=1237179

Network splits are easier to produce, and happen more often, than many users on this forum think.
You don't really need to cut any cable, nor hack into ISP's router to plug that ISP off Internet.
You don't need to hack his peers either. All you need is BGP router in any AS (and some unwary BGP peers).
I have one  Grin

So, it is possible to talk about a short (1 - 3 hours) and controlled network split.
Not just split in half, but split into ASes. After an hour or three-four most of ISPs will recover, but that
really depends on work hours. Weekend attack may have more prolonged effect.
Perhaps in the future that will be fixed and no BGP router will be vulnerable, but
anyway, nobody should count on Internet stability and persistent connectivity.

How would an attacker connect to both sides during this split in order to spend the coins? And if the attacker can do it, the likelihood that one or more honest nodes could bridge the divide is pretty good.
legendary
Activity: 1596
Merit: 1100
August 12, 2010, 11:14:11 AM
#5
A good way to prevent long-chain takeover is to store the signature of the last-known "good" block in each bitcoin release binary.


But that is only as good as the trust you have in the distribution channels, which are being discussed in other threads. If a compromised client was to be served as an upgrade, and most running clients would be using this version, then a new chain would replace the old one. What would happen when, after some time, the attack was disclosed and new clients with the real block chain signatures were run? Would the old (real) chain still be alive and replace the bogus one?

We could convince satoshi to always post SHA1 signatures of uploads inside a PGP-signed blocks...  establish a chain of trust for both source code and official binaries.
full member
Activity: 158
Merit: 100
August 12, 2010, 10:28:43 AM
#4
Definitively, we need some overall network hps meter in every node.

And at last I've found that article:
http://www.informit.com/articles/article.aspx?p=1237179

Network splits are easier to produce, and happen more often, than many users on this forum think.
You don't really need to cut any cable, nor hack into ISP's router to plug that ISP off Internet.
You don't need to hack his peers either. All you need is BGP router in any AS (and some unwary BGP peers).
I have one  Grin

So, it is possible to talk about a short (1 - 3 hours) and controlled network split.
Not just split in half, but split into ASes. After an hour or three-four most of ISPs will recover, but that
really depends on work hours. Weekend attack may have more prolonged effect.
Perhaps in the future that will be fixed and no BGP router will be vulnerable, but
anyway, nobody should count on Internet stability and persistent connectivity.
legendary
Activity: 1540
Merit: 1002
August 03, 2010, 01:59:58 PM
#3
A good way to prevent long-chain takeover is to store the signature of the last-known "good" block in each bitcoin release binary.


But that is only as good as the trust you have in the distribution channels, which are being discussed in other threads. If a compromised client was to be served as an upgrade, and most running clients would be using this version, then a new chain would replace the old one. What would happen when, after some time, the attack was disclosed and new clients with the real block chain signatures were run? Would the old (real) chain still be alive and replace the bogus one?
legendary
Activity: 1596
Merit: 1100
August 03, 2010, 01:12:28 PM
#2
A good way to prevent long-chain takeover is to store the signature of the last-known "good" block in each bitcoin release binary.
legendary
Activity: 1708
Merit: 1010
August 03, 2010, 12:53:51 PM
#1

Another thread that asked what would happen if the bitcoin network were to split over a period of time and reconnect got me thinking....


One way to protect against such an unlikey event would be to have a watchdog process that kept track of the average time between blocks since the last change in difficulty, and alert the owner if the time between blocks were to jump significantly and uncharacteristicly over one or more consecutive blocks.  This would also help protect a vendor from a double-spending scam if the theives involved were talented enough to be able to spoof his client's connections to delay another spend event from reaching him.

But then I realized that a server running a modified client on another machine, without a hard connection limit, could do the above for a collection of vendors, while monitoring the vendor's client by maintaining a connection to it and notifying the vendor by other means if the connection is lost.  Also, if a war, internet virus, or other were to divide the bitcoin network for an extended time; the watchdog would be able to deterimine *where* the problem on the Internet actually is by analysis of it's customers' connections that were lost, and notify all customers in the affected zone that, presumedly, they are on the wrong side of the split.

The watchdog would also work quite well as a rapid annouce clearinghouse, improving the odds for it's customers that if they are subjects of a double-spending scam, that it's less likely that they are those left holding the raw deal.

Any talented programmers willing to take this up?

Jump to: