Author

Topic: Could ASIC-producers perform a block withholding attack? (Read 1217 times)

legendary
Activity: 4592
Merit: 1851
Linux since 1997 RedHat 4
Well ... there's also the fact that block withholding on different pools has different effects ...

PayoutAffect on withholderAffect on minersAffect on pool OP
PPSAlmost zero (one share lost per block)0% risk100% risk
CPPSRBMinimal risk if the miner keeps mining and avoids getting far down the payout queue100% risk0% risk
PPLNSSame risk as all miners100% risk0% risk

There are also, of course, long term issues that would probably mean most pools would lose their miners.
N.B. the PPS solution would be to charge a higher fee than the high fee they already need to charge to hope they can cover pool variance.

Take those into consideration when choosing a pool ...
legendary
Activity: 1666
Merit: 1185
dogiecoin.com
Right, these miners have to be somewhere. But it is almost impossible to detect a distributed block withholding attack, isn't it?

At a pool level, not really. You know the GH of all users over a time period, and how many blocks solved, how many you'd expect to find = luck. Get enough data and if you're being BWDOS'ed then you'll start picking up trends which are a statistical improbability.

a) There would be absolutely no reason for a mining company to spend $2-8M on a chip run which has the sole purpose of bogging down a pool.
It would be quite trivial for a chip that requires a secret code before it will find blocks...
It could even only react once the timestamp is sufficiently far in the future - we've seen this before with optimised FPGA bitstreams (although they stopped finding any shares when the time hit).

So what would the required specifications of said chip have to be to be sold en mass to the market?
  • Competitive GH/$
  • Competitive W/GH
  • Competitive package costs / other board components blah blah blah

And that, is going to cost $2-8M to do. Sure you could replicate it on an FPGA, but then it wouldn't hit any of the above criteria. If you did replicate it on an FPGA, the hash rate would be not be enough to care about it.

So.... assuming someone does have $2-8M to burn on a latest gen chip, again why would they do this? Why would they turn that money to dust while risking jail and every penny they have in order to pull something off. To attempt BWDOS competing pools? Lets assume that's why as its the only suggested reason so far. So now we have to assume that

  • ...they could harm a pool's luck sufficiently [that's a lot of money wasted]
  • That users would actively move from a pool with low luck, more so now than
  • That those users wouldn't simply jump onto BTCGuild, Ghash etc and instead would land on your intended pool target.

Right. So with the above 8 assumptions completed, great you've got more users on your pool. But as Luke has previously mentioned, pools don't make bucketloads of money, and certainly not $2-8M [unless you're a platform rather than a pool].

And how many pools would be in a position to monetise users, while also being large enough to receive some of the ship-jumping miners? About 3 companies. All of whom would not risk doing this in the first place, when they could either keep the money or properly sell a latest gen chip to the marketplace.
donator
Activity: 919
Merit: 1000
Modifying cgminer or bfgminer to drop every block not going to pool X with a probability of Y is a one liner to code. If done in closed-source products, the exposure risk is basically zero. We would need organofcorti here to give us reliable numbers on how long you would need to collect statistics to have an indication that a 1TH machine is withholding blocks. Since you are not dropping low-difficulty shares but only blocks, I'd assume it would be impossible to detect a malicious behavior even with a pool of 100 units.

So technically, what you describe is absolutely and trivially doable. Above that, everything is conspiracy Wink

Fight this easily by not using closed-source products and deploy them with FW you built from source yourself. And if you can afford, do solo-mine - pools are in fact quite unlucky recently...
full member
Activity: 237
Merit: 100
Smile while thinking.

IF a producer, by using closed source software, could steer people to their pool, they would definitively make money, wouldn't they?

Even if open-sourced, the only way to make sure such malicious code is not running on miner is to compile it ourselves from source.

Maybe one way to check is to use the hardware on testnet and analyze results.  Unless they took it into account in malicious code and turn it off when using testnet.
staff
Activity: 4284
Merit: 8808
Yup, worse, they could return only 80% of solutions after some time or difficulty threshold passes unless fed a secret handshake...  Thats enough a shortfall to make for huge losses, but not enough to make detection easy.
legendary
Activity: 2576
Merit: 1186
a) There would be absolutely no reason for a mining company to spend $2-8M on a chip run which has the sole purpose of bogging down a pool.
It would be quite trivial for a chip that requires a secret code before it will find blocks...
It could even only react once the timestamp is sufficiently far in the future - we've seen this before with optimised FPGA bitstreams (although they stopped finding any shares when the time hit).
legendary
Activity: 2338
Merit: 1124
0) Its pretty transparent because those miners have to be somewhere, as we can see that. Most are on large pools for non lottery earnings, which again we can see.

Right, these miners have to be somewhere. But it is almost impossible to detect a distributed block withholding attack, isn't it?

Quote
a) There would be absolutely no reason for a mining company to spend $2-8M on a chip run which has the sole purpose of bogging down a pool. They would essentially be setting money on fire, both in production and electricity costs. Again, what incentive would that company have to sell these miners? It would be crazily obvious because the expected 'luck' and actual network block finding rate would separate. Miners can be infected with various naughty software but not on a large scale without being detected, especially with open source.

Agreed, it wouldn't probably make sense to produce faulty chips. But wouldn't it be possible to use software for a withholding attack? Some producers have implemented closed source software. And there are pools with some pretty bad luck which seems to not sum up with expected luck. And as I described: As long as producers are running their own pools, it would make sense for them.

Quote
b) Why? Why would they waste money doing this? They would lose 1000x the money they could make from pools, even assuming that people would 1) move from their pool due to bad luck, 2) land at the desired pool.

IF a producer, by using closed source software, could steer people to their pool, they would definitively make money, wouldn't they?
legendary
Activity: 1666
Merit: 1185
dogiecoin.com
0) Its pretty transparent because those miners have to be somewhere, as we can see that. Most are on large pools for non lottery earnings, which again we can see.

a) There would be absolutely no reason for a mining company to spend $2-8M on a chip run which has the sole purpose of bogging down a pool. They would essentially be setting money on fire, both in production and electricity costs. Again, what incentive would that company have to sell these miners? It would be crazily obvious because the expected 'luck' and actual network block finding rate would separate. Miners can be infected with various naughty software but not on a large scale without being detected, especially with open source.

b) Why? Why would they waste money doing this? They would lose 1000x the money they could make from pools, even assuming that people would 1) move from their pool due to bad luck, 2) land at the desired pool.

tldr, no no and no.
legendary
Activity: 2338
Merit: 1124
Hi all,

first of all: I am not a tech guy like so many people here in the board. I'm not a mathematican or engineer, therefore, I lack some basic technical understanding when reading several posts and whitepapers.

What I am: A Bitcoin-enthusiast since years. I'm mining with some lousy 40 Th. I'm involved in a mine in Switzerland. I'm working on several Bitcoin-related projects. And I'm a profound enemy of conspiracy theories – i leave them for the nutties.

However, lately, I'm asking myself a couple of questions, and maybe, some savvy people here in the board will be able to explain me why my theories are totally wrong.

First two sentences which summarize my theories:

a) ASIC-producers could be behind withholding attacks
b) ASIC-producers could influence the difficulty

Let me explain.

Today, most of us rely on ASIC-producers. And a lot – if not most - of these ASIC-producers are also mining. This is not only intransparent, it is also a possible threat to the mining-sector of the Bitcoin-economy.

In the past, we have seen some withholding attacks. There was the one on Eligius. Wizkid wrote back then:

Quote
So, after some investigation over the past month or so, it turns out a couple of clients/addresses were involved in a “block withholding attack” against Eligius which has cost us an estimated 300 BTC, and likely miners of other pools as well. A block withholding attack is where a miner submits low difficulty shares but does not submit block solutions— so they appear to be working for the pool and continue to get paid while not actually doing useful work for the pool.

It is unknown how many other pools they’ve executed this attack against. While withholding attacks are detectable, they are not possible to prevent: the risk of block withholding is inherent in how Bitcoin pooling works. Since the attacker does not gain any direct benefit by performing the attack it is usually assumed to not be a serious risk. A withholding attacker can’t profit, except through indirect effects like making a pool look less “lucky” and driving miners to other pools.

So block withholding attacks are real. The question is: cui bono?

Producers of mining equipment who also are mining, for example, could take their profit out of this.

Just as a theorie:
A producer of ASIC-miners could produce two kinds of miners. Normal working miners and some which are not working correctly. What could they do with these miners?

a) They could sell these defetive miners and use them for a basically undetectable because widely distributed withholding attack. Alternatively, by using a closed-source software, they could remote control the behavior of some miners and switch them into „withholding mode“ at their will. Both scenarios would basically be undetectable.

b) They could stash such manipulated miners in their own premises and use them from time to time for a withholding attack against one or several pools. Again, this would be basically undetectable.

What would be the benefits of such an attack? First, they could steer miners to their own pools or pools they are working with. Or they could make sure that their own pools get profits while the attacked pools don't.

At the same time, they make two times profits: With their pools and with selling equipment.

Furthermore, the difficulty could be manipulated. A lot of worthless hashrate drives the difficulty up and could be used for manipulating it. If I look at the BTC-price and the posts of many miners who just switch off or underclock their equipment, while the hashrate is only going down a tiny little bit, the question arises why. If some ASIC-producers would be manipulating the hashrate, it would – in my laymans's understanding – make sense.

As mentioned before: I do not have any evidence that such an attack is taking place, nor do I blame any producer of such a behavior. But the fact that ASIC-producers are selling their equipment and some are using closed source software and also set up their own pools is making me suspicious.
Jump to: