Author

Topic: Maged SolidCoin defence plan - won't work (Read 960 times)

sd
hero member
Activity: 730
Merit: 500
October 19, 2011, 04:36:09 PM
#5
I'm not saying that the way SolidCoin works is any good, just that this specific attack isn't practical.

It's entirely practical unless SolidCoin has some very high capacity Internet connections on a number of its trusted nodes. As his most trusted node was on Tesco broadband I very much doubt it does.

BCX demonstrated that it is practical to find trusted nodes in a peer to peer network. I knew it was possible in theory but I never tested the theory. The DDOS attacks on slush and deepbit show that it's entirely possible to knock just about anything off the network and the people with that power are interested in BitCoin.
legendary
Activity: 1204
Merit: 1015
October 19, 2011, 04:22:24 PM
#4
Maybe protection from those scale attacks exists but if it does it's going to cost a fortune. Few things have more bandwidth than an army of dumb windows machines on broadband.
If you design a system with centralization, you need to start thinking that way. If it costs a fortune to be a trusted node, it stands to reason that you have a fortune to spend on DDoS protection. CoinHunter can just spend his protection fund. Incidentally, that's part of why the protection fund exists.

I'm not saying that the way SolidCoin works is any good, just that this specific attack isn't practical.
sd
hero member
Activity: 730
Merit: 500
October 19, 2011, 04:05:09 PM
#3
Another honest question, because I might be missing something about how SC2 operates. Assume I somehow gain control of one of the trusted nodes (by accumulating enough coins, gaining remote access or taking control of it physically). In that case, if I have much more hashing power than the other trusted nodes combined, is a 51% attack possible?

Not only possible but easy. Due to the asymmetric difficulty adjustment SolidCoin uses you need considerably less than 51% of the hashing power of the network to build a longer blockchain. You put your trusted node and all your hash power into an isolated network and you keep dropping the hash rate until the difficulty gets really low, then you throw all your hash power at it. Like we saw when SC2 first came out it will take a very long time until it adjusts upwards and during that time you are getting blocks like crazy. Drop your hashrate every so often to reduce the difficulty.

If BCX or whoever actually get a good working GPU miner generating 1 million coins for the trusted miner this attack requires might become easy.

The SolidCoin network is mis-designed and far from safe.
hero member
Activity: 938
Merit: 1002
October 19, 2011, 03:47:29 PM
#2
Another honest question, because I might be missing something about how SC2 operates. Assume I somehow gain control of one of the trusted nodes (by accumulating enough coins, gaining remote access or taking control of it physically). In that case, if I have much more hashing power than the other trusted nodes combined, is a 51% attack possible?
sd
hero member
Activity: 730
Merit: 500
October 19, 2011, 03:35:41 PM
#1

In another locked thread maged asked:

Quote from: maged
What's stopping a single trusted node from being behind a proxy and only making outbound connections? Sure, you can DDoS the nodes that the trusted node is connected to, but the trusted node will be able to detect this and make new outbound connections. Essentially, to take down the network, you'd have to DDoS all of the listening nodes.

Now, you're probably going to say that you could do a sybil attack and just wait until the trusted node connects to you. But what if at least one trusted node is located behind a DDoS protection provider that will block and absorb all incoming connections?


To answer your first paragraph: There is nothing to stop a trusted node from being behind a proxy. Assuming that trusted node is still connecting to effectively random normal nodes that won't provide it any protection from attack. Assuming the attack we are talking about is a DDOS the proxy can be attacked instead, that will prevent the trusted node from communicating and freeze the chain. It doesn't make any difference that the proxy may only allow outgoing connections, it can still be DDOSed off the network. The only case where you would have to DDOS all the listening nodes is where the trusted node communicates with them and no-one else.

To answer your second paragraph: If the trusted node is behind some kind of DDOS protection whoever is doing the protecting would need available bandwidth in excess of the DDOS. That's likely if the DDOS is just a few instances of LOIC but it's highly unlikely if hit by the kind of botnets that have been hitting slush and deepbit recently. Maybe protection from those scale attacks exists but if it does it's going to cost a fortune. Few things have more bandwidth than an army of dumb windows machines on broadband.

SolidCoin 2 introduced critical design flaws. One of these is centralization. To stop a BitCoin network you would need to break every single BitCoin node. To stop SolidCoin you only need to break a handful of nodes. It's Broken As Designed and anyone using SolidCoin should be scared. Although we are talking about DDOS attacks above they are of course not the only thing that takes computers down. Hardware fails, electricity fails, sites have to be shutdown when water starts leaking from the aircon, SCSI cables and ethernet cables fail, the guy digging up the road outside slices though your fiber connection, operators pull the power plug from the wrong machine, the security people steal the disks from your machine at night, DNS people screwup, SAN people screwup, the network team freak out and cut your connection because of some stupid understanding and/or they are drunk after lunch each friday. Anything that can go wrong will at one time or another.

Jump to: