Topic: Freezing a blockchain (Read 2494 times)

If the attacker has less than 51% of network speed, then even though he could be lucky and mine two (or even three) blocks in a row very fast and thus become the longest block chain, eventually (in half an hour or so) the network will take over the attacker's chain because it's just faster of the two.
Mind you that mining three blocks in a row is very improbable.
The attacker has spent enormous resources in order to give the network a hick-up.

Yes, an attacker briefly achieving the majority of the total hashing power could be thwarted that very same way if the legitimate network generated a few quick blocks in a row.



Yes, and it's bloody damned simple: don't mine for the big pools. I'd say don't mine for ANY pool but suggesting that to a person with 2 or 3 GPUs would be going straight into the realm of absurdity and paranoia. If one is actually worried about a cabal of pool operators colluding to gain the majority of the hash power, they can always mine for p2pool (requires that every miner run their own instance of bitcoind).

Sorry to start such big discussion

IMHO a 51% attack is definitely a disaster for bitcoin, but I understand now that a 'freeze' is fatal because it would stop economy because no transaction is possible. Good that people already have concepts how we could defend this attack.

But wait, having 51% of the hashing power means having very good chances to solve blocks, right? But isn't it still possible for the rest of the world, to have a lucky block solved with transactions in 49% of the time? Sorry for the newbie question. Or could empty blocks be ignored? But probably the latency problem is what I'm missing out, an attacker could hold back a long chain and then release it. Even when the rest of the world has mined normal blocks with transactions, the longest chain wins.

What about making reaching the 51% as hard as possible? The mining pools which don't have a central server sound interesting. Maybe best would be if pools would not be necessary as everybody who decides to mine gets a small share (although I have no idea how this could work).

In fact, when you think about it: mining is increasing your chance of solving a block, meaning that more blocks are solved, meaning the difficulty will rise, because the total number of blocks (/h) should be constant. So you mine to increase your percentage of the world hashing power. Sounds like 'arms race'. Although I think this 'proof of work' is really brilliant, I'm just thinking: is there a way to amend it that way that the most important thing is archived: the network power/control is distributed among different real persons in meatspace as equal as possible?

Good summary.

DeathAndTaxes, understand that I don't mean that a double-spender with 51% would be something "easy to deal with". I just say that I find a complete freeze of all transactions a worse thing.
In your last post, you talk about using Bitcoinica and MtGox. Well, both services would be completely unavailable if the network is frozen. While in a double-spender case, they would be in danger, but they might remain operating, with much more care probably (asking identifications etc).

You keep saying this, but without any regard to the "how". The very nature of shipping means that the seller would end up with several confirmations on the coins before the order goes out the door. Any blockchain reorg longer than 6 blocks will cause all Bitcoin clients that were online at the time of the attack to enter safemode. Because the reorg was so big, the honest community would overwhelmingly support the original fork.

The only way you can get away with double-spends is if someone is irrevocably sending goods after fewer than 6 confirmations. You would be able to get away with that, but only once.

That's why the solution in that thread is so nice: it reduces the freezing problem to the double-spend problem, which is much easier to manually resolve.

You assume the attacker would keep a static pool of payment addresses.

So he is shorting BTC on Bitcoinica while conducting the attack with "clean" coins.  He gets paid via a Mt.Gox USD code.  He uses it on Mt.Gox and gets completely "clean" and unrelated coins for next wave of double spends.

I know. I just said that it would be harder to remain anonymous after doing that many trades, in comparison to just spamming garbage blocks behind many proxies.


Only the attacker would have that ability. Today, everyone buying anything in the internet with a credit card has the ability to chargeback. People would have to deal in bitcoins as they deal with credit cards or paypal today, while the blacklist of the attacker's addresses grows and his incentive to keep the attack decreases.

If the intent is to cause economic damage (and not profit) he could ship goods to random people.

or better yet to create confusion create a "win a gold coin" website to datamine.  And then send the gold coins purchased via double spend to the "winners".  Then do the same for thousands of orders to thousands of "winner"/victims involving hundreds of different products and merchants.


How?  If an attacker can double spend at will and any transaction you accept could result in a 100% loss how exactly is that partial protection useful for anything?  It protects you enough to let you spend and lose all your coins?  Now that is protection that can keep Bitcoin alive.

Tor only grants you cyberspace anonymity. Again, never forget we are all bound to what happens in meatspace.

If the attacker is just freezing the network, than OK, his interaction with the physical world is minimum (although it would still be hard to hide such mining farm, the investment in creating it etc)
But if he's double-spending, he must be exchanging that stockpile of millions of bitcoins against something else. And that's lots of money and lots of "something else". That's why I believe it would be hard to remain anonymous (I didn't mean to say they would have a hard time to acquire a stockpile of coins, only that it would be hard to remain anonymous while doing it)


Possibly. That's why that thread is interesting. I've been reading it yesterday. If it really helps to counter the freezing attack, it could be useful as a partial protection against such "thermonuclear warfare".

Aren't you getting ahead of yourself?
As has been said before, a freezing attack would require government-level funding. In such case, is it so hard to imagine that the attackers would stockpile a million or so bitcoins?
As to retaining anonymity, the government can use TOR as well as anyone else.

The most devastating attack would be a combination of both approaches - an equivalent of thermonuclear warfare for the bitcoin universe.
Defraud - paralyze, defraud - paralyze. After a single day's worth of hostilities the prognosis would be terminal - why bother if the adversary can strike again?

Just imagine these two situations:

• Somebody strikes the greatest(s) theft(s) of dollars of all times, and may potentially repeat
• All dollar flow in the world is frozen. Everywhere, people just can't transact in dollars anymore.

You really think the first thing would be more catastrophic to the dollar?

Thefts happen all the time. A double-spender with 51% would be a very dangerous thief. But he would not be jamming the entire economy. A complete freeze is much worse.


Yes. By "just freezing", everyone invested in bitcoins would lose everything, not only the sellers of these items.
And there are many reactions people may attempt, from blacklisting the addresses of the attacker to using green or "whitelisted" addresses and trust networks. For the freezing attack, the only possible reaction I was aware of would involve a certain degree of centralization, what would create central points of failure precisely when you don't want them. (That's why I'm interested by this blocktree thing.)

Oh, and don't forget the attacker would first need to legitimately own those 100K BTCs before double-spending them. It's hard to remain anonymous after doing all these trades.


Granted, governments would probably attempt a typical ban before an attack of this kind, and that might have catastrophic effects as you note. I imagine such an attack would only be "propaganda-supportable" once bitcoin is used exclusively by informal markets.


Try to answer these same questions in a scenario where no transaction is possible at all.

If you want to consider "non profitable" attacks why not consider a non-profitable double spend.

Spend 100,000 BTC from 15K different addresses with products being shipped to random people.
Now create an attack chain and do the same thing w/ different products, merchants, and delivery addresses.
You still think that would be less damaging than simply freezing economic activity?


If you wanted to declare war on Bitcoin and didn't care what it costs why would you give the "defenders" a fighting chance.  They may surprise you with how much hashing power they can amass and grow to fight the chain.  A non-economical 51% attack would cause catastrophic damage.  Merchants would lose millions instantly for accepting Bitcoin.  Do you think they will accept it in the future?  What will that do to the exchange rate? The value of horded coins?

If the attacker is also levered short Bitcoin to the tune of tens of thousand BTC they gain as the value plummets 50%, 70% 99%.  The falling value combined w/ block chain reorgs makes it unprofitable for miners to continue.  They drop out and hashing rate falls massively making further double spends even easier (requires less resources to maintain 51%) AND you can use the shorted coins to fund further economic attacks.

So you really think that is less effective than temporarily freezing the block chain?

Really... I can't imagine them being.
Let's not forget that ultimately we're all bound to what happens in meatspace.

If you just double-spend "a little" to avoid getting caught, then, is it really worth all you've invested, not to mention the risks? (also, if you double-spend just a little, the damage you cause is also little)
Now, if you double-spend a lot, then you'd better also hire a good mercenary army to protect you, otherwise those you traded with will get you!

Plus, in the case of an attacker double-spending, only those which are unlucky to exchange with him will lose. In a chain frozen for indefinite time, everybody loses everything.

And finally, you cannot double-spend something you never owned. The addresses of the attacker could eventually get blacklisted, if he hasn't being jailed or killed yet.


What if the attacker in question is a government that can confiscate money from its subject to invest in its operation? (not to mention trying to violently stop those who are honestly mining under their jurisdiction).
Imagine, USA, EU, China, Russia etc get together to "rid the world of this terrorist money threat!!". War on Bitcoins declared!

I find the freezing attack worse than double-spendings. The only "relief" in it is that it's not profitable, so we're not to expect somebody to do it with his own resources. But there are these huge institutions out there who don't give a fuck to losses...

Double spends aren't worse?  Really?

If the only thing an attacker does is freeze the block chain eventually the "good guys" can get enough hashing power to overcome the 51% and resume the block chain w/ no damage.

What could be worse than that? Double-spends are not.

I guess I should read that topic with more care.

I agree. That's why I pointed out in that thread that the method provides a "neat side-effect" of making the chain unfreezable. The true gem in that thread is the solution to the latency problem.

Ah, so what you say is when you have 51% you could freeze the blockchain, but not when you have less power. I thought it is an attack below the 51% power threshold.

I agree, it's not worth implementing a block tree instead of chain for a 51% attack. If someone has actually that power, freezing the chain is the smallest problem. People could stand up and donate their CPU power all around the world to make Bitcoin running again, because this would reduce the attackers relative power.

If you have 51% of hashing power you could simply mine empty blocks and prevent any transactional or mining to occur.

See CoiledCoin attack in alt currency section.

Personally I think it is a non-issue as like you pointed out someone w/ 51% of hashing power can do a lot worse than freeze the blockchain.  So *if* someday someone makes an "unfreezable" block chain then the attack w/ move from a freeze to active double spend.

When looking at the surface of the discussion of an "unfreezable blockchain":
https://bitcointalksearch.org/topic/unfreezable-blockchain-57647

I wonder what the problem actually is. I could not find this information easily, maybe somebody points me to it.

A block-tree instead of blockchain should be resistant to "freezing", but has other effects. But what means "freezing"? I mean if you have 51% of hash-power you can do a lot, including double-spending attacks. Assuming you have less, the blockchain is the central tool to bring transactions in an order to eliminate double spending. How can this chain be frozen?