Pages:
Author

Topic: Cheap way to attack blockchain - page 2. (Read 28254 times)

legendary
Activity: 2702
Merit: 1261
November 30, 2015, 11:59:04 AM
Nice security research. Can this attack be made profitable, or is it just DoS?

This "attack" is a nuisance just like the HighS malleability.

Is fixing of this issue requiring a full 'hard forking'

No. As trout already wrote the miners can just take a higher fee for transactions with a large number of SIGOPS.

1) You are missing that miners are interested in fees. They have a right to include/exclude any transaction.

They might be interested in the BTC value, too. So it's interesting for them to include all transactions to preserve the value of their BTC.
full member
Activity: 462
Merit: 100
Viarium.io - DECENTRALIZED VR WORLD
November 30, 2015, 11:39:36 AM
Is fixing of this issue requiring a full 'hard forking'
sr. member
Activity: 333
Merit: 252
November 30, 2015, 11:26:03 AM
Am I missing something?
1) You are missing that miners are interested in fees. They have a right to include/exclude any transaction.

2) You are missing that it is almost impossible to upgrade relay policy on thousands of nodes.

BTW. This is funny test.
Miners just raised the minimum fee, leaving a lot of unconfirmed transactions and screaming users.
Blocks are not filled.
Right now mempool on https://tradeblock.com/bitcoin/ is 12mb (note: transactions with a fee less than 5 satoshi per byte are ignored)

https://en.wikipedia.org/wiki/Tragedy_of_the_commons

Edit:
3) Since the start of this stress test the price on exchanges rized up. Everybody likes it  Grin
Are you sure that you really want to fix this issue? A lot of people would vote against  Grin

I've been just speaking about the default policy in the "Core" client.
In this sense, fixing the issue is trivial.
After such an update  miners/ relay nodes are of course still free to run any code they like -
nobody forces them to update their policy

Edit: All I'm saying is that it is easy to make this kind of attack as expensive as the "traditional" block-size-filling spam attack. I'm surprised this is not done yet.
hero member
Activity: 900
Merit: 1014
advocate of a cryptographic attack on the globe
November 30, 2015, 11:18:13 AM
Nice security research. Can this attack be made profitable, or is it just DoS?
hero member
Activity: 700
Merit: 500
November 30, 2015, 10:49:17 AM
I would like to thank those that have (re)discovered this attack and shown it to be a viable attack using their own money to prove it.

Is anyone planning a large scale attack using this method?  That would be interesting.

How much would it take to fund a sustained attack, for example a 24 hour period?

Daily attack 5.7024 BTC - not a big deal
legendary
Activity: 1260
Merit: 1019
November 30, 2015, 12:57:16 AM
Did they raise min because of this speicif attack?
I can non prove it. Of course, this is a joke. May be with truth in it
full member
Activity: 462
Merit: 100
Viarium.io - DECENTRALIZED VR WORLD
November 29, 2015, 10:46:00 PM
Am I missing something?
1) You are missing that miners are interested in fees. They have a right to include/exclude any transaction.

2) You are missing that it is almost impossible to upgrade relay policy on thousands of nodes.

BTW. This is funny test.
Miners just raised the minimum fee, leaving a lot of unconfirmed transactions and screaming users.
Blocks are not filled.
Right now mempool on https://tradeblock.com/bitcoin/ is 12mb (note: transactions with a fee less than 5 satoshi per byte are ignored)

https://en.wikipedia.org/wiki/Tragedy_of_the_commons

Edit:
3) Since the start of this stress test the price on exchanges rized up. Everybody likes it  Grin
Are you sure that you really want to fix this issue? A lot of people would vote against  Grin

Did they raise min because of this speicif attack?
legendary
Activity: 1260
Merit: 1019
November 29, 2015, 05:52:49 PM
Am I missing something?
1) You are missing that miners are interested in fees. They have a right to include/exclude any transaction.

2) You are missing that it is almost impossible to upgrade relay policy on thousands of nodes.

BTW. This is funny test.
Miners just raised the minimum fee, leaving a lot of unconfirmed transactions and screaming users.
Blocks are not filled.
Right now mempool on https://tradeblock.com/bitcoin/ is 12mb (note: transactions with a fee less than 5 satoshi per byte are ignored)

https://en.wikipedia.org/wiki/Tragedy_of_the_commons

Edit:
3) Since the start of this stress test the price on exchanges rized up. Everybody likes it  Grin
Are you sure that you really want to fix this issue? A lot of people would vote against  Grin
sr. member
Activity: 333
Merit: 252
November 29, 2015, 04:38:16 PM
the fix seems trivial - calculate the min relay fee (and all the rest of the fee thresholds) based on the size and the number of  sigops, rather than the size only. I don't get why it's not in the latest release.
Am I missing something?
full member
Activity: 462
Merit: 100
Viarium.io - DECENTRALIZED VR WORLD
November 29, 2015, 03:12:29 PM
Another attack...last 6 blocks (edit: and counting) have been hit.

Example: #385910 with 19125 fake sigOps.  The block is only 200KB despite a 5MB backlog (according to tradeblock).  It seems this attack is very effective.

Edit:
#385911 unaffected (enough high-fee legit txs)
#385912 = 18990 fake sigOps, 280KB.
#385913 = 18945 fake sigOps, 281KB.
#385914 = 17325 fake sigOps, 470KB.
...etc.

Wow this is bad news. Any pull requests on githbu to fix this yet?
legendary
Activity: 996
Merit: 1013
November 29, 2015, 11:25:43 AM
I don't think there really is a fix for this.

Lower priority of P2SH transactions with multiple sig ops?
And/or make them cost more.
member
Activity: 60
Merit: 10
November 29, 2015, 10:40:05 AM
Another attack...last 6 blocks (edit: and counting) have been hit.

Example: #385910 with 19125 fake sigOps.  The block is only 200KB despite a 5MB backlog (according to tradeblock).  It seems this attack is very effective.

Edit:
#385911 unaffected (enough high-fee legit txs)
#385912 = 18990 fake sigOps, 280KB.
#385913 = 18945 fake sigOps, 281KB.
#385914 = 17325 fake sigOps, 470KB.
...etc.
sr. member
Activity: 574
Merit: 250
In XEM we trust
November 29, 2015, 01:39:09 AM
Shit, the devs shoud fix this asap before the word gets out and FUD-ers start screaming the price down.
This is not something that can be easily fixed. The sig op limit is to prevent spamming blocks full of transactions that take a lot of time to process. Yet increasing the limit would mean that more transaction could go in that delay processing even more and a lower limit means that fewer other transactions can make it into the block. I don't think there really is a fix for this.
We'll if you're afraid of confirmation times you could just increase the transaction fee?

However when bitcoin increases in price the said attack wouldn't really be that cost efficient, when people could just mitigate this by increasing their trasaction fee. However couldn't we just implement burn fees if this said spam attack gets way out of hand. You know, just to make the spammers profitable for the rest of us?
staff
Activity: 3458
Merit: 6793
Just writing some code
November 29, 2015, 12:18:08 AM
Shit, the devs shoud fix this asap before the word gets out and FUD-ers start screaming the price down.
This is not something that can be easily fixed. The sig op limit is to prevent spamming blocks full of transactions that take a lot of time to process. Yet increasing the limit would mean that more transaction could go in that delay processing even more and a lower limit means that fewer other transactions can make it into the block. I don't think there really is a fix for this.
hero member
Activity: 854
Merit: 1009
JAYCE DESIGNS - http://bit.ly/1tmgIwK
November 28, 2015, 11:44:07 PM
Shit, the devs shoud fix this asap before the word gets out and FUD-ers start screaming the price down.
full member
Activity: 462
Merit: 100
Viarium.io - DECENTRALIZED VR WORLD
November 28, 2015, 09:51:52 PM
#99
I would like to thank those that have (re)discovered this attack and shown it to be a viable attack using their own money to prove it.

Is anyone planning a large scale attack using this method?  That would be interesting.

How much would it take to fund a sustained attack, for example a 24 hour period?

I think it is not ethical to do this attack, but also interested to know these answers for security purpose.
legendary
Activity: 2646
Merit: 1137
All paid signature campaigns should be banned.
November 28, 2015, 09:27:46 PM
#98
I would like to thank those that have (re)discovered this attack and shown it to be a viable attack using their own money to prove it.

Is anyone planning a large scale attack using this method?  That would be interesting.

How much would it take to fund a sustained attack, for example a 24 hour period?
sr. member
Activity: 266
Merit: 250
November 28, 2015, 09:24:39 PM
#97
Is it really a atack of the Blockchain  Cheesy or simply a slowment/decrease of included tx?
I just know back in Time hwen an transaction took about 14 Days out from Coinbase Cheesy:D that was akward lol

regards
lama-hunter
full member
Activity: 462
Merit: 100
Viarium.io - DECENTRALIZED VR WORLD
November 28, 2015, 08:53:29 PM
#96
Why would you want to spam the blockchain.
Because I have a right

But why does that make you want to do it? Maybe for attention???
legendary
Activity: 1260
Merit: 1019
November 28, 2015, 07:25:47 AM
#95
Quote
You either dont understand what Bitcoin is  Grin

I wrote my Bachelor Thesis about Bitcoin and developed a Paper Wallet site: moneyart.info
I know a lot about Bitcoin.

Pages:
Jump to: