Topic: How to destroy Bitcoin with a 10% attack: Roadmap for a Central Bank Takeover (Read 3122 times)

I did not read through all the post so maybe someone said this, wouldn't it mean that the entity would have to bring enough hashing power to guarantee them getting all the blocks going forward to execute this or at least half to make it effective in the first place. Then the expense of putting the operation together would be eminence and would need cooperation among banks, they don't trust each other.

That's a good point. I hadn't thought of that. There was a smaller pool (I can't remember the name right now) being discussed in a thread by organofcorti and Meni Rosenfeld that was about to fail because of their constant orphaned blocks. I can't remember when or I'd look it up. It was back when deepbit was crushing everybody and finding most of the blocks and right after organofcorti started his pool watch thread.  They were talking about the very same thing.

Part of the cost of mining is the cost of orphaned blocks. If a block is so large that it takes a long time to propagate, and get validated throughout the network, then a miner who finds this very large block might not broadcast this block (nor build on top of it) because the chances of it becoming orphaned is too high (they would probably not actually be working on a block this size in the first place).

If a miner calculates that adding 1 kB worth of additional transactions increases the chances of their block getting orphaned by 0.0005 BTC, then the miner will probably not include any transactions that pay fees at a rate of 0.0005 BTC per 1 kB because doing so would not allow them to have any net benefit.

Right, than this means that there is another miner that is working better then you. (he has a better management of his costs)

Yes, but this is the same as now for nodes supporter of BU or Segwit or whatever, miners know this. The possible sybil attack is a common knowledge for every one, even for the possible sybil attacker.
So it isn't an easy attack, because it isn't an automatic signal, but it is still a signal between all the others.*

Example: the common connection on the larger part of the world is 4 MB/s (*this is one of the things evaluated by miners), but miners will see that there are 60% of nodes that are signaling as supporting only 1 MB ... or the opposite 10MB!
So the sybil attack is mostly useless and expensive for a real result.

This kind of signal is more likely a confirmation: "The larger part of the nodes is confirming that they are supporting the common widespread of connections/cpu/harddisk (like 4MB, as the example before), by more than 7/8 months. Time to try with a bigger block. Let's add 50 Kb over the last limit!"

The good things about this, it is exactly that it isn't automatic, so miners will be very careful on making changes, but still they will be "free" to conform to the market request, without waiting any permission by some perceived authorities...


Everything that can be done wrong from the miners can cause panic on the market (as it happen when a pool was near the 50%), and the lowering of the price is the first thing that worries the miners.
I think that it is easy to say that even if someone try to cause a fake panic, then this will still help the decentralization (and making miners moving even safer)

I never said they would. If you make a block smaller than the maximum permitted when there are fee paying transactions waiting-- you are making less money than someone who builds the largest block they can. -- and when they do so they undermine the effort you made at your own expense to artificially boost prices.

What nodes 'show' is perfectly Sybil attackable-- if it weren't we wouldn't need mining at all.

Miners will not work for free.
In the situation that you are writing, this just means that I've chosen the wrong limit, one time.

As a miner, if I want to put a limit (because I want the users pay more), I'll see which is the usual mempool amount of tx.
I'll put an higher limit (but not higher than the average block setting showed by all the BU nodes), and I'll start to lower it by like the 1% every next block.
I'll do this until I will see that other miners are usually making blocks bigger then me.

Then, I'll just stop lowering it, and I'll put it back at the block size of the block of the other miner that was bigger then mine.

This, after a while, all the miners will have likely the same blocksize (market result), and all of them will also have some stats to check the behavior of the other miners.

That's possibly correct for today. What happens when the block reward drops in seven years and the price of Bitcoin+transaction fees have not kept up with rising inflation, electricity cost and equipment replacement?

Difficulty adjustments take roughly two weeks (2016 blocks), don't they? In the interim they aren't making a profit. I remember mining and switching off when the price dumped from $15 to $2 but not before I had mined for a couple of weeks at a loss (granted, I was mining in California, land of expensive electricity and not paying attention). Profit is based on the efficiency of your individual equipment setup. What returned my profitability was just sitting still for months until the price recovered not the difficulty adjustment. Isn't the difficulty drop also an incentive for more miners to enter the playing field and further dilute the "profit" from those people that continued to mine?

Limiting yourself will not increase your income when other miners undercut you-- they will take the transactions you reject, undercut your price, and be more profitable than you, then the difficulty will adjust and they will be making a profit and you will be making a loss and either have to adopt their practices or exit the business.

No, not really. NTP uses coordinated universal time. Special computers set up as primary time servers are connected with receivers to a radio clock and those time servers use protocols such as NTP to synchronize the clock times of networked computers. Why couldn't some little brilliant bastard with no life figure out a way to interrupt the network connection to NTP servers and possibly a way to roll back the network time? Seems like a better "central bank" project than just throwing a begillion dollars at mining (Sybil Attack, Eclipse Attack, etc.)

Are you worried about someone changing the Unix time-stamp server?
It does seem like a central point of failure.
If this happens, someone would notice very soon.
Can the bitcoin network mitigate this issue?

This seems like a silly and expensive way of screwing with the network. I've never understood why no one has figured out how to hack the 16 minute protection for device time changes to the unencrypted network time protocol. Just turn the network time back a couple of days and watch the whole thing come crashing down for almost no cost. A man-in-the-middle-attack between the Bitcoin network and the Network Time Protocol would be catastrophic. I'm sure some 12 year old kid will figure it out eventually.

If what you are saying is true, that banks have unlimited funds to buy 10% of the hashing power, then why just go for 10% then? They could just buy a whole mining pool and cripple the whole network with a 51% attack. The double spend, will pay for the whole operation and everything will collapse.

Unfortunately that is not how it works. Banks have shareholders and they will have to account for their actions. Once something like this is leaked, people will support the next Bitcoin even more. People will query these "free" transactions and realize what is going on, and they will react to it. If they push, we will push back harder. ^smile^

If blocks are not being filled, as long as the size is not unreasonably large, the transaction price will drop, and they will soon be filled with micro-payments, colour meta-data, proof-of-knowledge, smart-contracts, mix-nets, ...
If the blocks are raised to 8MB (when is that happening?), transaction process would probably decrease by a factor of about 8 (I am not an economist) and the miners would still get their fees.
As Bitcoin is growing, it needs help from Moore's Law to be able to handle transactions to the scale of fiat transferrers, otherwise nodes would require an expensive data centre (something most people don't have).
If Moore's Law betrays us, one idea would be to reserve some space in blocks for node operators and to have them prove they have a node (scrypt-like system over the blockchain).
My point is, empty blocks are not something we should be worried about, people will always find data to fill them with.
Therefore, all this government can do is fill blocks with low-fee transactions instead of high-fee transactions, I doubt that would help them.

Miners aren't working for free.
Even with an unlimited blocksize all the miners will try to get as much possible as they can, by limiting them self the blocks as they did until now.

If there is a state/central bank that starts to mine blocks by accepting even free tx, then they are going to lose money on the long run, and they'll need to inflate their currency to maintain this status.

This will then make bitcoin more valuable. (so the other miners will be even richer, as the holders ...)
You will see all the population moving from the fiat currency to bitcoin, until even the energy will be preferred to be sold in exchange of bitcoin instead of fiat currency

I don't think that we will never arrive to the last step, this "attack" idea will break way before...

The whole meaning of my post was that we must keep the blocks limited in size.
If we increase the block size to much then we risk that the blocks are no longer full.

If the blocks are never full then it does not matter what the upper limit is.

I’m not saying that the block size should never be raised. I’m just saying that the size should never be so big that most of the blocks are no longer full.

The blocks must stay full for the fee market to function properly.

If the blocks are full = the price is set by users:
Miners are simply filling blocks based on the fees that are payed by users.
Users are competing for blockspace, and the price of blockspace is determined by how much the users are willing to pay to send a transaction.

If blocks are not full = the price is set by miners:
Miners are competing to offer the lowest possible price for blockspace. They try to include as many transactions as possible while at the same time excluding those that pays too little in fees.
The price of blockspace is determined by how little the miners are willing to demand in fees.

The attack I have stated is not possible as long as the price of blockspace is set by the users (and not the miners)

FTFY.


Houses are a bad metaphor as their most valuable property tends to be the land they stand on.


Lets try it away and assume the location is not important for some reason and houses could be easily interchanged. The number of houses that are given away is limited. The places the free houses are build on are removed from the land and house building markets. Less places to build houses on, but the still the same amount of people that need a place to live. Buy a house now or hope for a lucky chance in 9 years?

You seem to forget that blocks are limited in size (everyone gets a house) and that without a fee you have no way to know for sure your transaction will be confirmed. I have no doubt that this attack would significantly increase the amount of free transactions, but I doubt it would have a meaningful impact on the other transactions. After all all the attackers can offer is a lucky chance. People that want to do business can not rely on lucky chances.

Have you ever heard about the relationship between supply and demand?

Lets be clear:

Miners are selling blockspace

Users are buying blockspace

So let us talk a little bit about housing instead..

What do you think would happen if the government gave everybody a house for free every 10th year?

What do you think would happen to the prices of real estate?

Do you think it will be easy to sell your house during the 9 years in between?

Do you think people will be willing to pay good money for your house?

the implications would be huge, putting aside the fact that someone would need to convince a board of directors/shareholders that wasting a shit load of money would make any sense, bitcoin does not belong to a country, so if someone or institution decided to do that it would affect people and businesses all over the world, that would probably be illegal and against all the treaties out there.

Cyber warfare is conducted with extreme secrecy, and institution trying to make an attack like the one you describe could not make it in secret, plus the attack could always be mitigated.

Say for example, that miners can include 1,000,000 bytes worth of transactions in each found block (the actual number is slightly less, however this makes the math a little bit easier).

Conforming with the OP's scenario, say that the attacker/spammer controls ~10.416% (15 blocks found per day) -- this is slightly above the 10% indicated by the OP to make the math simpler -- of the network hashrate. Also assume that the average cost of including a transaction into a block is 50 sats/byte, which means that blocks will have, on average 0.5BTC worth of tx fees in each found block. Also assume that there is demand of 950kb worth of transactions every 10 minutes that is willing to pay up to 201 sats/byte to have their transactions included in a block, but will only pay the average fee necessary to have their transactions included in a block -- there is also a demand of 50 kb worth of transactions every 10 minutes that is willing to pay no more then 50 sats/byte ("spam transactions").

Prior to the attacker launching the attack, his income from mining would be as follows:
*Found blocks: 15
*TX fee revenue: 7.5BTC
*cost of attack: 0.0BTC
*revenue from attack: 0.0 BTC
*net income from attack: 0.0BTC

At first the attacker creates transactions so that users need to pay at least 70 sats/byte to get their transactions confirmed -- they do this by creating 1 MB worth of transactions every 10 minutes that include tx fees in the amount of 70 sats/byte. Users are slow to react, so, on the first day of the attack, 50% of confirmed transactions are that of the attacker, however the other 50% of transactions do in fact include tx fees averaging 70 sats/byte.

After one day, the attackers revenue is as follows(per day):
*Found blocks: 15
*TX fee revenue: 10.5BTC
*revenue from attack: 3BTC
*cost of attack: 50.4BTC
*net income from attack: (47.4BTC)
*transaction backlog: 64,800,000 bytes = 64,800 kb

The attacker will have spent 50.4BTC in transaction fees, however some of that is mitigated by the fact that the attacker received 10.5BTC worth of transaction fees in the blocks they confirmed, which is 3BTC more then what the attacker would have received had the attack not happened.

On day two, users realize they must now pay a higher transaction fee, and start paying 70 sats/byte to get their transactions confirmed. Since the current price of transaction fees is too high for the spam transactions, there is only 950 kbs worth of demand for block space that is paying 70 sats/byte (excluding the attacker's transactions). This means that the attacker only has 5 kbs worth of transactions paying 70 sats/byte included in their transactions.

After day two, the attacker's revenue is as follows (per day):
*Found blocks: 15
*TX fee revenue: 10.5BTC
*revenue from attack: 3BTC
*cost of attack: 5.04BTC
*net income from attack: (2.04BTC)
*transaction backlog : 64,800,000 bytes = 64,800 kb -- unchanged

On day two, the transaction backlog remained unchanged because users who attempted to send transactions on day one used RBF to pay a higher fee, however a similar number of additional transactions are unable to get confirmed. The transaction backlog does not include transactions from the attacker.

On day three, the attacker increases the tx fees on the transactions they broadcast to 90 sats/byte. Again, users are slow to react, although not as much as they were on day one because they are aware that transaction fees are rising, so only 30% of the transactions confirmed on day three are that of the attacker, and 70% are that of other users, that are paying an average fee of 90 sats/byte.

After day three, the attacker's revenue is as follows (per day):
*Found blocks: 15
*TX fee revenue: 13.5BTC
*revenue from attack: 6BTC
*cost of attack: 38.88BTC
*net income from attack: (32.88BTC)
*transaction backlog: 108,000,000 = 108,000 kb -- an increase of 43,200,000 = 43,200 kb

On day four, users start paying 90 sats/byte in masse, and the attacker again only has 5% of the transactions confirmed on day four belong to him. The increase in the transaction backlog is that of the transactions that the attacker outbid that otherwise needed to get included in blocks.

After day four, the attacker's revenue is as follows (per day):
*Found blocks: 15
*TX fee revenue: 13.5BTC
*revenue from attack: 6BTC
*cost of attack: 6.48BTC
*net income from attack: (0.48BTC).

On day 5, the attacker increases the tx fees on the transactions they broadcast to 120 sats/byte. Again, users are slow to react, so only 30% of the transactions confirmed on day three are that of the attacker, and 70% are that of other users, that are paying an average fee of 120 sats/byte.

After day 5, the attacker's revenue is as follow (per day):
*Found blocks: 15
*TX fee revenue: 18BTC
*revenue from attack: 10.5BTC
*cost of attack: 51.84BTC
*net income from attack: (41.34[btc)
*transaction backlog: 151,200 kb -- an increase of 43,200,000 = 43,200 kb

On day 6, users start paying 120 sats/byte in masse, and the attacker again only has 5% of the transactions confirmed on day four belong to him. The increase in the transaction backlog is that of the transactions that the attacker outbid that otherwise needed to get included in blocks.

After day 6, the attacker's revenue is as follows: (per day):
*found blocks: 15
*TX fee revenue: 18BTC
*revenue from attack: 10.5BTC
*cost of attack: 8.64BTC
*net income from attack: 1.86BTC

At this point, the attacker is making 1.86BTC per day from the attack -- this is because they would make 7.5BTC worth of tx fees absent their attack, and is making 18BTC worth of transaction fees as a result of the attack, and is only paying 8.64BTC worth of transaction fees in order to keep the average transaction fee as high as it is. Prior to the this day, the attacker has already "invested" 82.8BTC into the attack, and does not want to wait 1.5 months to break even, so they continue to raise the TX fees of their transactions.

On day 7, the attacker increases the tx fees on the transactions they broadcast to 150 sats/byte. Again, users are slow to react, so only 30% of the transactions confirmed on day three are that of the attacker, and 70% are that of other users, that are paying an average fee of 150 sats/byte.

After day 7, the attacker's revenue is as follows (per day):
*found blocks: 15
*TX fee revenue: 22.5BTC
*revenue from attack: 15BTC
*cost of attack: 64.8BTC
*net income from attack: (49.8BTC)
*transaction backlog: 194,400 kb -- an increase of 43,200,000 = 43,200 kb

On day 8, users start paying 150 sats/byte in masse, and the attacker again only has 5% of the transactions confirmed on day four belong to him. The increase in the transaction backlog is that of the transactions that the attacker outbid that otherwise needed to get included in blocks.

After day 8, the attacker's revenue is as follows (per day):
*found blocks: 15
*TX fee revenue: 22.5BTC
*revenue from attack: 15BTC
*cost of attack: 10.8BTC
*net income from attack: 4.2BTC
*total income from attack: (126.54BTC)

On day 9, the attacker increases the tx fees on the transactions they broadcast to 200 sats/byte. Again, users are slow to react, so only 30% of the transactions confirmed on day three are that of the attacker, and 70% are that of other users, that are paying an average fee of 200 sats/byte.

After day 9, the attacker's revenue is as follows (per day):
*found blocks: 15
*TX fee revenue: 30BTC
*revenue from attack: 22.5BTC
*cost of attack: 86.4BTC
*net income from attack: (63.9BTC)
*total income from attack: (190.44BTC)
*transaction backlog: 237,600 kb -- an increase of 43,200,000 = 43,200 kb

On day 10, users start paying 200 sats/byte in masse, and the attacker again only has 5% of the transactions confirmed on day four belong to him. The increase in the transaction backlog is that of the transactions that the attacker outbid that otherwise needed to get included in blocks.

After day 10, the attacker's revenue is as follows (per day):
*found blocks: 15
*TX fee revenue: 30BTC
*revenue from attack: 22.5BTC
*cost of attack: 14.4BTC
*net income from attack: 8.1BTC
*total income from attack: (182.34BTC)

The attacker would need to continue to keep broadcasting transactions with an average tx fee of 200 sats/byte for ~22.5 additional days until he breaks even on the attack. After the attacker stops broadcasting his attack transactions, an additional 50 kb worth of block space (per block) would become available to reduce the backlog, or roughly 7,200 kb per day. This results in it taking roughly 33 days to clear the backlog, during which time, transaction fees should stay at roughly 200 sats/byte, and after the backlog is cleared, the average necessary TX fee should crash back to 50 sats/byte that it was originally.

tl;dr -- you control a small portion of the miners, benefit from the increased transaction fees that everyone else is forced to pay because you bid up the price of transactions for everyone.

If you are paying X per byte in fees then how on earth can that possibly have *no cost*?

(five left - not sure I should waste them on stupid things)