Topic: How are large mining pools not a threat? - page 2. (Read 4587 times)

OK. I think you guys are not understanding (or choosing to ignore) what I'm saying. I am NOT trying to argue exactly HOW a miner would make the attack profitable (I have no doubt that there are profitable methods for doing so, but that's not what this is about). I'm also not arguing that it wouldn't be obvious as to what happened after the fact.

It would be completely stupid to bring a gun into a bank and try to rob it. Any rational person would realize that the potential gain is not really very significant as most banks don't have a lot of cash on hand anyway. Any rational person would not risk the very real possibility of losing years of life, freedom, and "honest" income for such a low payout. A rational person would know that if you were to get away with it (such a low possibility), everyone would know the bank had been robbed. A rational person wouldn't attempt this, BUT IT HAPPENS ALL THE TIME.

The motivation doesn't have to make perfect sense for something to be a very serious threat. The >50% attack is known, there's little we can do currently to stop it (short of significant changes to the protocol and/or algorithms), and it's very much within reach for some of the pools.

Why in the world is there so much pushback (or willful blindness) about this?? Every day that Bitcoin becomes more mainstream, the stakes are higher, and the possible "exit strategies" for this attack become more plentiful. I sincerely don't want it to happen, but I guarantee it will happen eventually unless we are proactive about stopping it. And when it happens, we all (as supporters of Bitcoin) stand to lose.


Or, just go ahead and keep ignoring it because "it wouldn't be as profitable as you'd think." Because the chances are low (never mind the fact that a small probability multiplied over days, months and years becomes a very high probability).

If a pool does that, do you know what will happen? People will abandon the pool. People will discourage blocks made by the pool.

It benefits a lot of people, ask Ben Bernanke and his friends.

Bitcoin is supposed to be based on mathematics and logic, not social factors.
If we wanted to rely on social themes instead of logical proofs, we wouldn't need Bitcoin in the first place.

Don't forget that no exchange will actually send your funds instantly, they all wait days/hours, and large transactions are manually processed.  Additionally, a double spend is not only publicly viewable but OBVIOUS once it has successfully happened.  You'd never get any money from the exchange.

I've started a thread about the possibility of subsidizing mining pools that keep themselves under 25% of the total hash power. I think it may be completely feasible to fund this entirely from community donations, assuming funds are spent intelligently. Let me know what you think.

https://bitcointalksearch.org/topic/bitcoin-decentralization-fund-subsidizing-small-mining-pool-operators-397708

I think one thing you're missing is the fact that the nefarious miner can only succeed with a certain probability.  Consider a nefarious miner with 25% of the global hash power:


The probability that he mines the next block = 25%
The probability that he mines the next two blocks is 0.25 x 0.25 = 6.25%
...
The probability that he mines the next six blocks is 0.25^6 = 0.024%
The probability that he mines the next seven block is 0.25^7 = 0.0061%


Consider your example of double-spending to crash the market: the nefarious miner transfers 10,000 BTC to MtGox to dump, and then starts trying to mine a new chain fast enough that he can "undo" this 10,000 BTC transaction.  While feverishly mining, he waits till his MtGox deposit has confirmed, and then market sells his 10,000 BTC.  Due to slippage he gets significantly below market price.  Then it dawns on him that since he only has 25% of the global hash power, the chances that he will actually succeed in this double-spend attempt is remarkably small.  He literally must perform this fraud attempt hundreds of times before he is likely to succeed.  Each time he fails, he looses a significant amount of his capital (because he just did something stupid like market selling 10,000 coins).  In the extremely unlikely event that he succeeds before he runs out of bitcoins, what he did will be pretty obvious since he would orphan a long valid chain, that, hmm, just happens to correspond with the big dump at MtGox.  
  

I never said you have to wait for the 12th block to begin spending on transactions that will ultimately be nullified by the pool's private fork of the chain. You begin spending at 10001 (from your example), and you broadcast the private fork at 10012, recovering your spent coins. According to the wiki, with > 50% hashrate, the attack "has a probability of 100% to succeed. Since the attacker can generate blocks faster than the rest of the network, he can simply persevere with his private fork until it becomes longer than the branch built by the honest network"

Again, you don't have to wait - you spend, spend, spend, then magically reveal your fork that nullifies the transactions of the past 2 hours (or however long). Except, whoever sold you good/services in that time (or a middleman like BitPay) doesn't get to magically take back all that you stole.

And no, difficulty adjustments should have nothing to do with the scenario as they happen so infrequently, they really don't affect the outcome.


But still, why are we even talking about how easy it is "for the public to find you are trying to do this malicious thing", or the profitability of such a thing? It doesn't matter!

Let me put it this way:

If tomorrow morning you wake up and find out that some colluding mining pools have (surprise surprise) gone on a large-scale double-spending spree, stealing an enormous amount of value from merchants and service providers, which of the following questions are you going to be asking:

"How did this happen?" - No, because we already know how it will happen.

"Why did they do it?" - No, because who cares? I guarantee you won't be thinking "I sure hope the attackers were profitable in this."

"What can we do to prevent this from continuing to happen?" and "Why the heck didn't we take this threat more seriously?" - Yes, because even discovering who did it and what happened, you'll have little recourse. Sorry, can't whine about it to some central authority that makes everything right. You just have to suck it up (while the attack will likely keep happening, over and over) and try to actually do something about it.


But why wait? Why is this not discussed more seriously? Why isn't this a top priority issue?

It does not matter who mined the 12 blocks. If you want to double spend a coin in 12 blocks before (say current block height is 10012, and you want to double spend a coin at 10001), you have to reverse back 12 blocks and begin mining a new block (10001). In the same time, other miners are mining 10013. Your hash rate needs to be faster than all other miners so you can catch up with the main chain before next difficulty adjustment. Don't expect you will finish all blocks 10001 - 10013 before other miners find their block 10013. You have to catch up with them slowly, maybe at block 10033 or even 10133. Before that, all the blocks you mined are treated as orphan blocks.

If you are still mining the shorter chain after next difficulty adjustment, you will never catch up because the other miners mining speed will be doubled due to difficulty decrease.

Moreover, it is very easy for the public to find you are trying to do this malicious thing.
1) The confirmation time of following blocks are doubled, because your hash rate has left to mine a 10001.
2) You've mined many orphaned blocks in a row (10001, 10002, ...) until your chain catches up with the main chain and replace it.
3) All the clients will suffer from a deep reorganization after your chain finally catches up and replace the old block chain.

In short, even if you have 51% hash rate, you will not double spend some coins 12 or even 6 blocks away. Otherwise, it takes a lot of time for you to catch up with the main chain, and people will notice this very easily.

So, it's my understanding that GHash recently mined 6 blocks in a row, with 25% of the network hashing power according to blockchain.info. Let's assume they collude with another similarly-sized pool and mine 12 blocks in a row (not unreasonable or particularly unlikely).

With an average time of 10 mins per block, that's 2 hours. I agree - not a LONG time in day-to-day life, but certainly a long time in the digital world. How much time (or how many confirmations) are most reasonable people waiting for these days? A few? Maybe 8 or 10 confirmations for something of high value?

Now, think of all the coins an attacker may have in reserve, and realize that they could easily all be double-spent in that somewhat short time period in transactions where people are being reasonably careful (waiting for several confirmations)... And unlike many other types of fraud, no one can simply reach in the attacker's bank account and seize/recover those funds. Bitcoin merchants & service providers will lose money, and they'll have little recourse.


Let's try some cost/benefit analysis: assuming 12 blocks of double-spend time... (we'll ignore the costs associated with operating the pool's mining resources as the cost will be the same in either scenario)

Opportunity cost to the pool: none if only the double-spend transactions are somehow reversed because you'll still get the block reward for those blocks. Otherwise, if those blocks are completely discarded by the network, then your opportunity cost is 12 * 50 BTC = 600 BTC (plus transaction fees).

Benefit to the pool operator(s) in attack scenario: The value of all coins in possession of the pool operator. Even after the attack is discovered and the double-spends are corrected on the network, you have whatever you spent your coins on + your original coins.

Risk: possible devaluation of Bitcoin if enough people become concerned with what you just did. But let's be honest - no one's going to care about a few double-spends, right?


I'm not talking about going out and "buying some weed" or having a crazy night on the town. There are plenty of businesses now (brick-and-mortar as well as online services and marketplaces) where people are willing to sell high-value items (e.g., exotic cars) for Bitcoin. Heck, many online exchanges only require 8 or 10 confirmations before funds can be traded. In that time, you could literally crash the market with your double-spent funds. Then just as people figure out what you've done, you buy back in as the market is recovering. Your double-spends are corrected by the network, but guess what - you still have all of your original coins + whatever you made while manipulating the market. As long as that's greater than the opportunity cost (accounting for the level of risk you feel it poses to Bitcoin's long-term value), then it makes economic sense to perform the attack.


Or maybe I'm missing something that prevents all of this... if so, please tell me.

But again, the debate really shouldn't even be about the profitability of the attack. It's about looking for real solutions to real problems (which can and will affect the future of Bitcoin), instead of dismissing them as being "unlikely" because "no one would ever want to."

Even miners controlling large amounts of hash power are significantly limited in their ability to unfairly benefit from their hash power:

Miners can't:

- spend other people's coins
- issue themselves 'extra' bitcoins (beyond the block reward)
- spend coins twice (in a permanent way such that extra coins come into circulation)

Sure they can attempt to "double spend" and be guaranteed to succeed with a certain probability, but this just means they tricked someone into thinking--for only a very short amount of time--that they were paid when in fact they weren't.  When the double spend is complete, everyone will see that the coins were only ever "really spent" once.  This is why you can't withdraw your 1000 BTC jackpot from just-dice.com until your original deposit reaches 7 confirmations.
 

 

So... since this topic has apparently been discussed already at length, would someone kindly summarize the current plan for dealing with this type of attack?

Let's put motives aside. As the wiki explains, "if this attack is successfully executed, it will be difficult or impossible to 'untangle' the mess created." Something which, as we know, is easily within reach even now.

Please don't tell me "it's unlikely to happen because mining pools have no reason to do so." That's not an answer to the question.

I'm not trying to make a point here that Bitcoin is flawed; I'm genuinely curious about the current best proposed solution to what I believe is a very real threat.

Well for one, the increasing adoption of Bitcoin by major businesses/retailers is perhaps a double-edged sword in this case.

Every day, more and more people are willing to accept Bitcoin as a form of payment, which means that every day, more and more people are open to loss via double-spend attacks.

In essence, it's basically a form of money laundering where the game is all about converting value from a high-risk store of value to another store of value with lower risk.

EDIT: The difficulty in profiting from an attack vector really shouldn't even have any bearing on the discussion here. The truth is, it's a known vulnerability with possible/proposed solutions that exist, so why is there so much pushback? I really want Bitcoin to succeed in the long run (hence why I'm even posting). I just think this issue deserves more serious attention.

I realize this topic has been beat to death previously, but apparently it hasn't been discussed enough. Otherwise, I believe it would have already been addressed by a change in the protocol and/or algorithms (which hasn't happened).

I do understand the level of hashing power on the network. I also recognize that if just two or three of the large mining pools were to collude, then 51% would easily be within reach. 51% isn't even necessary to attempt and succeed in many cases in such attempts. Is that really so remote a chance?

How exactly does this criminal pool pull this heist off?

Here's another point to consider:

If we catch a traditional criminal secretly syphoning money from a bank, we call in the authorities, shut down the operation, and (in many cases) recover the funds.

Now consider what happens on the Bitcoin network: we find evidence of pools abusing their power and... wait, there's not a whole lot we can do other than try and buy/build enough competing mining power. Otherwise, the pool just continues on with criminal behavior day after day while we watch Bitcoin's value suffer. It's either that, or be proactive and stop this kind of attack before it happens and destroys the network.

Food for thought.

You realize how big the hashing power of the  network already is right? And getting bigger by the day

All I can suggest is if you believe the 51% attack is bound to happen one day, don't invest anything in bitcoins.

And by the way, this topic has been discussed to death over the last couple of years.

Alright, let's try a little thought experiment: suppose for a moment that you (yes, just you) control a majority of the Bitcoin network's hashing power. Is buying weed really the only thing you can think to do? If so, then more power to you - enjoy!

Give it some thought, and I'm sure you can come up with a number of ways to extract value (where that value no longer depends on the price of Bitcoin) in a series of seemingly small abuses that wouldn't draw much attention or cause immediate widespread panic of the network (according to some, this has already happened). At least, not at first.

You may not have any INTENTION to destroy the network, but if you have that kind of power, I'm sorry... it's just a matter of time.

unless they can manipulate the price upward, there's no reason to do.  what are they planning to do?  double spend on weed transactions on Silk Road??  happy new year!!

Maybe I didn't explain this point clearly enough. Of course no one is going to destroy the network intentionally, especially if they are benefitting from its function.

But if you think someone with (the potential for) a majority of the network's hashing power wouldn't consider a double-spend here and there (possibly getting away with it), you're fooling yourself. No one sets out trying to destroy the environment, but after getting away with a few seemingly insignificant misdeeds, people can and will push the envelope will a false sense of safety and a little greed. In this case, it starts small and snowballs into the network's destruction before anyone realizes what has happened. Even factoring in the possible destruction of the network, such an abuse could actually be quite profitable for a pool if the rewards are quickly converted to other forms of value before Bitcoin's value crashes.

People get greedy - even when it's ultimately self-destructive. History gives us plenty of examples illustrating this.

I hope you're being sarcastic. "Not nefarious" - just like the banks, NSA, government, and pretty much any other organization with power is decidedly not nefarious.