Topic: [INFO - DISCUSSION] Eclipse Attack (Read 380 times)

It's rather general definition though. I was thinking something more specific such as,
1. Cost to create and operate full node.
2. Total node/mining pool.
3. Amount of full node software implementation which is actively developed.
4. And many more.

1. That's because creating criteria and measuring decentralization isn't easy. Although i could just point to definition on dictionary such as these,


2. Majority? Can you point to any relevant research or data?
3. Because selfish mining (and few other attack) isn't trivial to detect. And there's higher financial risk if they don't have high hashrate percenrage.

I mean, according to these definitions every cryptocurrency is decentralized, so no. It is easy to spot that Ethereum is operated by a few developers which can pretty much do everything-- from censoring transactions, to messing with the money supply.

Centralization is quite of a spectrum. Bitcoin isn't 100% decentralized, in the sense that every node is equally contributory to the network. There are a few pools which produce the majority of Proof-of-Work, and even if you don't argue that pools have the power, there are large farms which make a hell more than regular miners.

Technically speaking, Bitcoin was centralized when it ran on only one computer (Satoshi's node/miner).

As soon as someone made a second node/miner it became decentralized.

Of course there are also other criteria.

For example, BSV has a mechanism to steal coins from "criminals" with a court order.

Does that make it decentralized (despite having many BSV nodes)? Not really.

ps: HmmMAA is a huge CSW/BSV fanboy.

He doesn't even mind Calvin Ayre's pedo shenanigans... go figure! 

Isn't it quite easy to define centralized and decentralized in technical terms?

Centralized - there is a central server that serves all of the nodes and computers who request data from it
Decentralized - each node and computer functions as its own server, and many other computers connect to each other to request for data as they would from a server.

You can ignore the truth all you like. I will still cover all the BSV bullshit.

Nobody argues that the number of nodes helps in the consensus process. As I previously discussed in our local board, the choice to run a full node is largely driven by individual preferences. There isn't a strong incentive beyond concerns for security and privacy. What people argue, is that the average person should be able to run such a piece of software, a perspective differing from what you and your BSV associates propose.

Wanna try out spinning up fifty thousand nodes to beat the air? Go for it. We've covered in literally the previous page that a malicious node without doing Proof-of-Work, is essentially a harmless node.

1. If you can't give a definition how do you know that btc isn't centralised ? This reminds me the documentary "what is a woman" https://twitter.com/Gidi_Traffic/status/1697747679659360322
2. In an environment where the majority of nodes are mallicious , -i think- you will verify a false ledger .
3. If that is valid , why don't we see selfish miners and other attacks happening everyday ? No one leaves more profitability on the table , especially in that sector . Maybe there are other reasons that make pools stay honest ?

An individual might not be able to , but everything is geo-located if big countries decide it . I'm not certain if there's a list of trusted IP's , but definitely mining pools share each other their IP's , it's for their best economic interest to being interconnected .

To BHC , thanks to Dump3er quote as you are ignored now like your "friend" .
Let's consider an example of the attack in a massive scale . Let's say that i flood the network with a massive amount of sybil nodes ( 90% ) . In that way the probability of your "full node" to be connected only to malicious nodes is very high . So your "validation" has nothing to do with the real ledger which is produced by the mining nodes . You can understand that mining nodes are unaffected by that kind of attack as they give a shit about your node .  
Bitcoin isn't a democratic network where everyone can change the consensus by running a "full node" . That's why it's called PoW and not PoMN( Most nodes ) . Bitcoin provided a solution to the problem of byzantine generals , not byzantine soldiers . Troops have a by far low number of generals than soldiers . Imagine a troop where every soldier would have to decide if the attack ordered should be executed . Do you think that there be a consensus ? That's what you (and most here ) don't get , that you are part of the consensus but just acknowledge it . It's like i use a bucket to take water from a river and by throwing it back i believe that i'm contributing to it's flow . But as i said to you many times , you only look bitcoin from the coding side , you can't extend your thought to the philosophical aspects behind it .  
To Dump3er . The problem with current model that btc uses is that there's no economic incentive for non mining nodes to be honest . If you could use a service of a honest node that gains money by earning a small amount (less than a cent ) each time you use their explorer to see if the transaction you're interested is double spent , would you use it ? Of course , with the current fee market created by the 1 MB limit that's not possible . If you could create such a node that earns you money everyday would you be interested to give fake results for a double spend that doesn't affect you at all and you don't get any profit from it , while on the other hand you would lose the profit from the service you are providing ?  
SPV's was the solution satoshi provided for massive scale . At some point we shall see if that model can work . If it works no one will want to use the current banking/credit system . Companies will earn insane amounts from fees in the long term as visa/MC has at least 1% fee + 10 cents per transaction .


Define centralised and decentralised . I can provide examples of a 5 nodes network that's decentralised and a 10k nodes network that's centralised . Decantralisation comes not from the number of nodes but from the incentive nodes have to not collude .

How do you know in a network flooded by malicious nodes which one is the malicious ? How do you know which one is honest ? If the truth in the network is the one provided by the malicious actor isn't the real truth false ?

Who are the only CERTAIN trusted/honest nodes in the network and why? Mining nodes because no one wants to kill the golden goose just to earn a double spend .

Not just multiple , multiple HONEST nodes that many for profit nodes can connect .

Yes that's right, and this is also why I linked the paper because it really explains in simple terms how these attacks work, how they are set up (calculated) and executed. They provide an example based on the Neutrino protocol.



But they also provide some insightful stuff for Electrum Light clients. "By default, Electrum tries to maintain connections to ~10 servers."
This is not a whole lot compared to the example given for the Neutrino protocol in the paper. The required number of attacker Sybil serving nodes to achieve reasonable probability for success isn't that high.

But all of this is no reason to freak out as there is a number of other factors that have to be sorted out first before an attack 1) can be executed and 2) makes any sense at all.

But dealing with potential security issues is fun as I think it contributes a lot to expanding one's knowledge about the technicalities of the network. And trying to understand its vulnerabilities contributes a great deal to understanding Bitcoin's robustness. Because most of the attacks that are discussed here on the forum have never really led to publicly known large-scale damage, which means Bitcoin is really resilient because there is no lack for people trying to attack it. They do, but they can't get it done in notable ways. Yet, having some good talk about security can never hurt.

The only source of truth? Bitcoin isn't centralized.


Malicious node would be banned quickly, so anyone who want to run full nodes for non-malicious purpose (e.g. perform full verification, need whole blockchain data) also have incentive to be honest.


I already know that. Although FWIW one mining pool may have multiple full nodes.


That image doesn't represent Bitcoin or other decentralized network.


Fortunately some light wallet (such as Electrum) connect to multiple server, node or backend which make such attack more costly and difficult.

Mining pools can't accept the incoming connection of dozens of thousands of Bitcoin nodes, and neither should they. The network is peer-to-peer. That's why we have DNS seeds.

"Only banks have the economic incentive to be honest by receiving rewards from transaction fees". 

That model doesn't work great. It is demonstrated that the more power you give to a group of people, the more likely it is to be exploited. Mining is useful at decentralizing the issuance of money. Miners should only decide the order of the transactions.

Correct and the group of people you are mentioning here are often users of light weight clients. The most fatal attack is a double-spend and that is what most people have in their heads when they hear the word "attack", but likewise an eclipse attack can as well be used to disrupt network communication and thereby delay or censor transactions.

The issue with lightweight clients like Electrum or the Neutrino protocol or even the Lightning network is that they are dependent on communication with honest nodes. If those communication channels are cut off and infiltrated with malicious sybil attacks, there is all kinds of shenanigans an attacker could do. It's not necessarily the double-spend someone loses it all problem. But it could be the case for lightweight and second layer solutions. Communication with "honest nodes" is key to security of funds, aka for funds to stay with the rightful owner.


Thanks for sharing this and this paper is also worth having a look at although a bit outdated maybe (from 2020).

@everyone

Keep in mind HmmMAA is a CSW/BSV fanboy.

That's why he spreads propaganda material straight from the BSV wiki:

https://wiki.bitcoinsv.io/index.php/Mandala_Network

Everyone knows BSV is not censorship-resistant, but he believes the (totalitarian) state should be able to confiscate coins from "criminals".

Nice image, the figures reminds me of mysterious  crop circles found all around the globe, I wonder if these large pools/ nodes can be geo-located? If they can be located then there is a danger of physical attack on nodes( considering if they really want to disrupt the network), another thing, is there a trustworthy source to get the IPs of these networked nodes and only connect to them?

That's exactly the reason that for-profit nodes should be connected as close to the only source of truth which is mining nodes . Only mining nodes have the economic incentive to be honest by receiving rewards from subsidy and fees .
Most people can't understand that even mining nodes aren't the same . Have a look at the pools history and you will notice that there are always 3-4 nodes that solve the majority of blocks . Take a look at the image and you will understand how bitcoin is designed .

I don't get it much, what benefits gets the attacker if he prevents nodes to broadcast blocks?

I mean, totally false. It surely matters. Full nodes verifying the integrity of the blockchain is what's Bitcoin all about. Their incapability to change the blockchain (in terms of orders of transactions, as with miners) is irrelevant. The whole point is full nodes verifying the difficultywise-longest chain produced by honest nodes, without trusting third parties. An eclipse attack is pretty much trying to forbid you from figuring out there's a more-worked chain to verify.

Miners are immune to that kind. People who merely want to verify their transactions are not.

If that node mines it has no problem as mining pools are interconnected to get the solved block and work on the next one as soon as possible . If that node belongs to an attacker which uses multiple "sybil" nodes it cannot attack the rest of the mining pools unless it owns the majority of them . As a pool you want to be connected with the source which is the rest of mining pools and not "full nodes" . The designed system is robust as mining nodes have economic incentive to receive and broadcast with high speeds . Only "full nodes" might face that kind of attack and it doesn't matter as they cannot change the blockchain . Bitcoin designed as a mandala network and that's why it is immune to attacks of that kind https://www.nature.com/articles/srep09082 .

I did a little bit of a research, and eclipse attacks appear to be concerning. Paper "Eclipse Attacks on Bitcoin’s Peer-to-Peer Network" greatly demonstrates experiments and countermeasures of such attack.

Fortunately, Bitcoin Core has implemented 6 out of the 7 countermeasures (which are described in detail above). You can check it out the pull requests in the official page of the paper's authors: http://web.archive.org/web/20220412122303/http://cs-people.bu.edu/heilman/eclipse/ (I found out the site from the v0.10.1 releasing notes, in which three of them were fixed)

I wouldn't take this for granted. To the best of my knowledge, Bitcoin Core has no mechanism in place that makes it exit with an error message if something like that happens, for instance. Therefore, unless you actively monitor the logs of your node, I can definitely see how getting no blocks for a while could go unnoticed.
Realistically, you would notice it when you try to send BTC and get 0 confirmations, check on block explorers and realize something's wrong with your node.