Topic: Can governments spam or ddos the bitcoin network to death? (Read 2368 times)

Yes, I was.  I just wanted to point out that this is the most easy way to crack Bitcoin for goverments.


In almost all countries market manipulation is forbidden. It is prohibited in the United States under Section 9(a)(2).

Then why there is no link to the fingerprint in the Bitcoin.org main page? Why is Bitcoin running on http and not on https anyway?
The fingerprint is only accessible through sourceforge.org (SHASUMS.asc) which is also not secured by http.
You see, it's very easy to forge the binary, the public key and the fingerprint.

My own research says that it's quite easy and cheap to hire 5000 virtual IPs and, with some time, manage to be connected to every other Bitcoin node.

I had been giving the Bitcoin network some thought and how Bitcoin might be exploited, unfortunately  during my travels I answered this very question.
It would require way less work than above (in that it would not need to change the bitcoin protocol or system.)

I've already got the skeleton of the software written, it just needs to be 'scaled up'
I get bored easily, so  If these damned ASIC suppliers do not get their act together soon I'm thinking of writing a paper on it....

The end result of a successful attack on Bitcoin will be a newer and better Bitcoin2.  Bitcoin itself is merely the latest of many iterations on the concept of virtual currency, each of which being an improvement (in one form or another) on earlier iterations.  It would be pretty pointless (even detrimental) to attack Bitcoin on the belief that it will somehow hinder progress.  Competition would be more effective, but I suspect no competitor will be successful if it regresses in terms of features as compared with Bitcoin (including and especially Bitcoin's privacy features).

At one point I do believe the bitcoin client allowed unsigned transactions aimed at IP addresses and those were removed from this list of things allowed fairly soon due to man-in-the-middle. I'm fairly sure anything that reintroduced unsigned transactions, much less forced them, would no longer be bitcoin.

This is how an intelligent adversary would destroy Bitcoin:

https://bitcointalksearch.org/topic/m.1374756

The process works like this: First, use a deceptive narrative to create the illusion of a crisis then use the false crisis as an excuse to push a protocol change which reverses Bitcoin's fundamental nature.

In this case the narrative is that blockchain bloat is a problem that can't be solved without a protocol change, and that a reference client implementation detail like anti-spam rules are impossible to change.

The proposed solution is to change the protocol to allow outputs to be spent without a signed transaction. If that ever happens Bitcoin as we know it is dead. Miners would the means and the economic incentive to claim unspent output for their own use without the consent of their owners (otherwise known as stealing).

A smart adversary would combine this tactic with the appropriate carrot and stick incentives applied to key individuals to either neuter or destroy Bitcoin.

If you are asking specifically about a DoS attack created by sending an extremely large number of transactions created by bouncing the same bitcoin value back and forth between two (or more) addresses, then the enforced transaction fees will do a pretty good job of preventing that specific attack.

There are other attack vectors that might be worth considering.  Regarding those, some are over confident ("It is impossible for the government to interfere with bitcoin! Bitcoin will be the downfall of the current government!").  Others are paranoid ("It would be cheap/easy for any government to destroy bitcoin.")  You'll need to make your own decisions about this, and determine for yourself if there is sufficient risk to keep you away from bitcoin.  It is still a new and largely untested concept.

I suspect that you are grossly underestimating the costs associated with passing the law, enforcement of the law, and engaging in the "cat and mouse race".  Furthermore, it would have to be "forbid" in all countries.  Otherwise bitcoin would continue to exist and function outside the jurisdiction of the countries that forbid it.

I'm not sure that I'd consider this an attack.  This sounds like a legitimate business practice to me, although I'll admit I haven't taken a lot of time to consider all the implications.

You are mistaken when you say "nobody checks fingerprints". Many don't, but enough do.  Word would spread pretty fast once someone found that the software they downloaded didn't match the fingerprint.  It wouldn't be enough to bribe "one of the core devs" (or github, or sourceforge.net).  The remaining developers as well as other individuals who review the code would see the added vulnerability and report it.  Given the number of people you'd need to find and bribe, I suspect that the cost is quite a bit higher than you are reporting.

Bitcoin is distributed/decentralized. There is no central server to mount a DoS attack against.  You might manage to mount a DoS attack against an individual (or a few individuals), but that wouldn't affect the rest of the network.

...which is why the US government would go that route.

The middle and upper level management in the government aren't particularly competent, but the contractors who sell them things are (at getting them to spend money).

Atruk accurately described how it would play out.

IMHO

The best government attack is to legally forbid Bitcoin and force ISPs to block Bitcoin traffic. Then Bitcoin would start a cat and mouse race to obfuscate the protocol data/port and that would hurt Bitcoin and prevent a wider adoption of the system.
This attack probably costs a few hundred USD.

The best private company attack is to earn BTC by market manipulation. This attack probably costs 1M+ USD to control the coin.

The best crybecriminal attack is to exploit vulnerabilities added on purpose to steal BTC from nodes. This attack probably costs 50K - 200K USD and may include bribery to one of the core devs, github or sourceforge.net programmers or ISP workers. Probably the easiest way is by doing a man-in-the-middle attack of Windows binary downloads, since nobody checks fingerprints.

The best gray hat hacker attack is to find ways to DoS the network in order to manipulate the coin price. This attack probably costs 10K - 20K USD.

Costs are only one side of the calculation.

The 51% hardware-based attack could easily be profit-motivated.

The network-based or data-based attack is pure sabotage without direct economic gain for the attacker. [I'm assuming you mean garbage data and not fee paying txns.]

I see a 51% hardware-based attack as much more probable.

A 51% hardware-based attack would cost 10000x more than a simple network-based or data-based attack.

What does the value of BFL have to do with how much it would cost a government to attempt a 51% attack? It would easily cost much more for them to do it first, they'd start soliciting bids from established vendors like Texas Instruments for ASIC hardware. They'd also solicit bids from the likes of Cray and begin going through surplus property to see what supercomputing resources they have that aren't already alllocated.

After going through the investigation process they will decide to assemble mining machines running some sweet yet horribly inefficient NVIDIA Tesla's. Those would run anywhere from a reasonable $2,200 for the C2075 on the market to $4,000 for the K20. Multiply that by the number of cards it would take to reach 51.5% of the network when the bid was originally proposed several months earlier, and then they take delivery of the system several years later when someone has finally shipped ASICs. Before long addendums to the original bid have the government ordering still more Teslas and trying to compete with ASICs (assuming ASICs shipp sometime before 2015).

Government could easily burn several hundred million trying to pull off a 51% attack without succeeding, as long as the task is assigned to the Pentagon.

Gross overestimate. Would you buy shares in BFL at a company valuation of $10-50 million dollars? If not, then why would the government have to pay so much?

And no. The "txn fee attack" won't happen as long as there is a block size limit. That is what central planning rules are for. As in a PoS attack, you would attack by showering your enemies with money. It is not a sensible strategy.

right now, daily transaction fees are just around 15btc. i guess with just 100btc investment per day it would be possible to fill all blocks to the point where either all transactions are significantly delayed or require higher fees.
miners sure would have a field day with that kind of "attack".

Check how many GH/s has the entire network

Calculate how much it costs to get 1 GH/s, multiply the money with the number of GH/s and you will see if it is possible.
I think most goverments can destroy bitcoin easy, if all it takes is to have 51% of the hashing power of the network.

I said that because buying the "infinite money" is almost impossible. Most holders don't use them. The easiest way that I tought was trough mining.

What are you talking about?  A 51% attack has to do with mining power, not with the amount of BTCs you have.
Niko reasoned in another thread that a 51% attack would probably cost 10-50 million to accomplish at the moment (I look up the link later), so in my mind, at the moment, it is not cheap but quite feasible for a goverment or a large corporation to perform such a task.

They need a so high quantity of BTC that it would result in a 51% attack before they reach in the necessary infinite money

Thanks for clarifying this.

Although I wonder how much money it would take to carry out these kinds of attacks and whether or not there is a reason to worry when considering buying bitcoins.

In case you didn't catch it, what Gavin is saying here is that the part of the Wiki that you read is outdated.  If you read a little further down that page you would have seen that many nodes on the network will no longer relay free transactions if they are too big in size (bytes, not value) or use inputs that are too small.