Pages:
Author

Topic: Blockchain weaknesses, how does bitcoin solve/protect against it ? - page 2. (Read 4265 times)

legendary
Activity: 1596
Merit: 1012
Democracy is vulnerable to a 51% attack.
However this does present a problem for the future: the idea was to "cut away the blockchain" and replace it with a hash only, this is the concept of the merkle tree.

Perhaps this is not yet done to make sure the blockchain is long, but after a certain while this long blockchain might become impractical and will have to be "pruned/cut away" leaving just a hash.

At that point it will become easier since there is no more blockchain to check it has been pruned away, leaving only the remaining blockchain to be checked.
If the pruned away part of the blockchain is replaced with just a hash, replacing that part of the blockchain will go from difficult to impossible. The client could not possibly accept a different view of those blocks because it would have no way to undo their transactions and replace them with transactions in different blocks. A client can only reorganize the block chain for blocks it has. Any pruning of the block chain would only be possible for blocks that had been permanently locked in.

Pruning a block means forever accepting the version of that block you pruned. Without the old contents of that block, there's no way you can replace them with new contents.
donator
Activity: 1218
Merit: 1079
Gerald Davis
Anyway hashes are broken all the time, and I think sha-1 was already broken, then there are also rainbow table attacks, birthday attacks, and so forth... I am not expert in that... but I know attack methods exist.

rainbow tables = only work because one can search a tiny % of possible hashes due to fact that most passwords have only small amount of entropy
birthday attacks = only work when the chance is small relative to the number of trials (checking 1 day vs only 31 possible chances and 20 kids in the class)

SHA-1 isn't already broken.  Flaws have been found which reduce its strength.  Its strength currently is still more than adequate but it is a good idea to move to more secure algorithms in case deeper attacks are found in the future.  This highlights how attacks which completely break an algorithm tend to not just appear out of nowhere.  The first attack on SHA-1 was published in 2005, 8 years later it still requires 2^51 operations to find a collision in SHA-1 (vs 2^80 by brute force).  So while SHA-1 is 8 million times weaker it is still computationally intensive to find collision.  Far too computationally intensive to be of any practical value. 

Still companies are urged to move away from SHA-1 to stronger algorithms.  SHA-1 may be broken eventually but it likely will be decades after the first flaws were published.  Bitcoin is capable of changing algorithms if a flaw was found in SHA-256 there would be litterally years (maybe decades) to plan for a migration.

Quote
Did you include algorithm attacks in your chances calculations ? I don't think so... so sha-2 might be broken much more quickly... and hash collisions could become pretty real.. ?! Wink

I don't think you realize how large 2^256 is.  Hey it is only 256 it doesn't sound that much bigger than 32 bit or 64 bit right?

Lets assume:
Someday Bitcoin has 10 billion users and they on average have 1 million active addresses or 1 quadrillion known addresses/hashes. 

Lets also assume that computers are so powerful they could instantly find collision in a 56bit hash (DES) in 1 second.  For the record today it takes roughly 24 hours to find a collision in DES using special built hashing array so that would be on the order of  100,000x increase in computing power.

Lets also assume you used 1 billion computing nodes nonstop 24/7 to look for collisions.  The have a 0.01% chance of finding a collision would on average take  5,095,567,111.43 quadrillion years.   

Now lets say an attack similar to the one found on SHA-1 reduced the number of rounds from 2^80 to 2^51 in that case it would "only" take you 607 quadrillion years .... to have a 0.01% chance of finding a collision against a random existing hash.
hero member
Activity: 714
Merit: 504
^SEM img of Si wafer edge, scanned 2012-3-12.
Algorithm attacks is weaknesses in the algorithm? I did not take those into account, no. Using two different hash algorithms reduces this chance greatly (ripemd-160 and sha160 for example. This is already done for bitcoin addresses, as far as I know).

birthday attacks is pertaining to the birthday paradox? That will account for an increased chance equal to the number of hashes you are considering as a 'success'. Won't be a lot.

SHA-1 is not really broken, but rather weaker than originally thought. A collision can theoretically be found in about 2^51 processing steps. This is still a pretty significant number.

Rainbow tables can't be used, since we need to make an actual blockchain. Rainbow tables are only generated for short strings. Generating them for a blockchain-type message would take longer than just doing the attack.

So to sum it up, it may be true that at some point this could pose a problem. However, I don't expect this to be in at least 5 years, more likely 20.
full member
Activity: 385
Merit: 110
Ah, I didn't understand you were talking about cutting away part of the blockchain.

So: Hash collisions. If hashes are 160 bits long, every new hash you generate has a 1 in 2^160 chance of being the same. If an attacker could generate new hashes at, say, 1 Ghash/sec (4 high end videocards) times, say, a million people (it's a well-connected attacker, I'm being generous here Smiley), then it would take them on average 460 000 000 000 000 000 000 000 centuries to find the same hash. Or, in one century, they would have a chance of 0.0000000000000000000002% chance of finding it in one century.

But let's say the processing power doubles every year. Then after ten years the chance would be 0.00000000000000000004% (That's 2 zeroes less than that century chance up there).

In 100 years we would have a problem, if processing power doubles every year. In 100 years things will be rather different anyway. Let them figure that out Smiley

I'm not too familiar with the exact idea for cutting away the blockchain, but this seems possible, for at least the coming tens of years.

Originally I was indeed considering replacing the entire blockchain... however if only a hash is stored then that's pretty much the equivalent... so I am just exploring both options.

Anyway hashes are broken all the time, and I think sha-1 was already broken, then there are also rainbow table attacks, birthday attacks, and so forth... I am not expert in that... but I know attack methods exist.

Did you include algorithm attacks in your chances calculations ? I don't think so... so sha-2 might be broken much more quickly... and hash collisions could become pretty real.. ?! Wink
hero member
Activity: 714
Merit: 504
^SEM img of Si wafer edge, scanned 2012-3-12.
Ah, I didn't understand you were talking about cutting away part of the blockchain.

So: Hash collisions. If hashes are 160 bits long, every new hash you generate has a 1 in 2^160 chance of being the same. If an attacker could generate new hashes at, say, 1 Ghash/sec (4 high end videocards) times, say, a million people (it's a well-connected attacker, I'm being generous here Smiley), then it would take them on average 460 000 000 000 000 000 000 000 centuries to find the same hash. Or, in one century, they would have a chance of 0.0000000000000000000002% chance of finding it in one century.

But let's say the processing power doubles every year. Then after ten years the chance would be 0.00000000000000000004% (That's 2 zeroes less than that century chance up there).

In 100 years we would have a problem, if processing power doubles every year. In 100 years things will be rather different anyway. Let them figure that out Smiley

I'm not too familiar with the exact idea for cutting away the blockchain, but this seems possible, for at least the coming tens of years.
full member
Activity: 385
Merit: 110
Note: I am using alternate terminology, better suited to explain bitcoin to new people, as discussed here. I'm trying to get this terminology used more, not implying you are new. The old terms are bracketed.

1. A ledger (blockchain) is a book with pages (chain of blocks). Every time 1 page (block) is written (added), it doesn't change all the previous pages in the ledger (blocks in the blockchain).
This basically means that to get your scenario of "replacing the entire blockchain with bullshit transactions" they would need to do all the calculations the recorders (miners) did since the start of bitcoin, doing a calculation for every page of this completely new book. This is practically impossible.

2. The recorders (miners) can record "empty" pages (blocks) without any transactions. This is no problem.

Ok, I get what you are saying.

This would require bitcoin to first examine the entire blockchain to make sure that all hashes are indeed valid and correct, and that all work was done.

However this does present a problem for the future: the idea was to "cut away the blockchain" and replace it with a hash only, this is the concept of the merkle tree.

Perhaps this is not yet done to make sure the blockchain is long, but after a certain while this long blockchain might become impractical and will have to be "pruned/cut away" leaving just a hash.

At that point it will become easier since there is no more blockchain to check it has been pruned away, leaving only the remaining blockchain to be checked.

Impossible is a dangerous statement to make, but I will accept it for now, but the impossibility will surely go down as computers become much more powerfull.

All processing power in the world today, might be in somebody's pocket in 10 years or so... perhaps the difficult will have risen or perhaps not, see my question about maximum difficulty.

So bottom line:

1. Large parts of processing power might be ignored because of merkle tree hash pruning.

2. Large parts of processing power might be easily reproducible because of super computers in the future.

3. Leaving only recent work done, which leads to the question of "maximum difficulty".

If maximum difficulty is achieved in 1 second times, then perhaps switching to a different hashing technique might be possible to increase it... so this probably answers my own question about difficulty.

However getting the whole world to switch to a new standard is difficult as ipv4 to ipv6 has proven to be Wink


Considering your point 2: miners can do empty transactions, is this actually done in practice to work when there is nothing real to work on ?
full member
Activity: 385
Merit: 110
I found some partially answers to parts of my questions on this wikipedia link:

https://en.bitcoin.it/wiki/Weaknesses

Which I will quote here:

"
Every few releases of Bitcoin, a recent block hash is hardcoded into the source code. Any blocks before that point can't be changed. An attacker starting at that point would have to reduce the difficulty, but this would require him to generate blocks at a much slower rate than once per 10 minutes. By the time he finally gets to a difficulty of 1, a new version of Bitcoin with an updated hardcoded block will probably have been released.

"Block chain length" is calculated from the combined difficulty of all the blocks, not just the number of blocks in the chain. The one that represents the most CPU usage will win.
"

My thoughts on it:

The hardcoded block hash, assuming it is just a hash, offers some protection, but not absolute protection, a block hash collision might still be found by an attacker, which could still allow him to change the history of the blockchain.

This is pretty much the same thing as "bitcoin mining" where a hash needs to be find with zeros in it, except this time, the entire hash must match.

So it can probably be considered "maximum difficulty" for the attacker.

Which is a good question: Is there such a thing as "maximum difficulty" ?

If not, how is maximum difficulty extended to infinity ?

If no, then bitcoin might fail in the future when maximum difficulty is easily processed.

(Let's call this: "Super computer in your pocket which does maximum difficulty attack in 1 second Wink" Smiley)

The block chain length is kinda interesting, this requires the attacker to examine the real blockchain, and make sure his fake blockhain is longer...
hero member
Activity: 714
Merit: 504
^SEM img of Si wafer edge, scanned 2012-3-12.
Note: I am using alternate terminology, better suited to explain bitcoin to new people, as discussed here. I'm trying to get this terminology used more, not implying you are new. The old terms are bracketed.

1. A ledger (blockchain) is a book with pages (chain of blocks). Every time 1 page (block) is written (added), it doesn't change all the previous pages in the ledger (blocks in the blockchain).
This basically means that to get your scenario of "replacing the entire blockchain with bullshit transactions" they would need to do all the calculations the recorders (miners) did since the start of bitcoin, doing a calculation for every page of this completely new book. This is practically impossible.

2. The recorders (miners) can record "empty" pages (blocks) without any transactions. This is no problem.
full member
Activity: 385
Merit: 110
Hello,

I have some questions about potential weaknesses in the blockchain idea and how bitcoin potentially solves it ?

First question:

1. Suppose the attackers manage to outrun the defenders with a blockchain of +1 for the attackers.

Are the attackers capable of replacing the entire blockchain with bullshit transactions ?

If not how does bitcoin protect against replacing/invalidating the entire blockchain ? (Perhaps it uses some kind of timestamp/datestamping to prevent this from happening ? For example after X days the transactions/blockchain cannot be replaced ?)

2. How does bitcoin protect against the "no work to do" situation ? For example: there are no transactions being broadcasted, miners have no work to do. But an attacker could make a bullshit transaction and start working on the next block, while the miners have nothing to do... (More or less related to question 1 as well).

Bye,
  Skybuck.

Pages:
Jump to: