Topic: Major flaw of Bitcoin found (Read 4508 times)

Just wait until they find out it's possible to bring down the whole network by flooding the queue (distributed memory pool, whatever) with fake transaction requests.

This doesn't make sense. Surely without transmitting the found block, no transactions would be written to it and the block would just become orphaned (as would the subsequent blocks)? My technical knowledge is limited but that's what I thought.

Actually I think the mcduck cartoon was the only part of the article worth reading.

The paper isn't quite that crazy. To begin with, they're assuming 33% of the hashrate, not 10%. The idea is that someone with full control over 1/3 of the hashrate might be able to find two blocks in the time it takes the rest of the network to find one, which is certainly possible. When the rest of the network finds its first block the attacker can release both blocks. At that point the rest of the network has wasted a block's worth of hashing, since the block it found doesn't make it into the blockchain. The attacker's costs are 1/3 of the total, or about half of what was spent on the main blockchain, and the attacker gets the reward for both blocks while the rest of the network gets nothing. On the flip side, of course, the attacker can't claim the rewards for all the times it only found one block rather than two, since it has to keep the first block private.

If the attacker holds out for three blocks rather than publishing after the first two, the situation gets a bit worse. At that point they can wait until the network finds a new block (N) and then release two (N, N+1), while maintaining a one-block head start. Then they can continue working on finding a successor to their remaining hidden block (N+2) while the network is still searching for N+1. If the attacker wins that race they can keep going, releasing the older blocks and holding the newer ones in reserve. If not, they'll have to start over, but in the meantime they get all the rewards and the rest of the miners get nothing (while spending twice as much).

There are some suggestions that the minority pool could improve its ability to stay ahead by carrying out a Sybil attack and promoting its own blocks just ahead of the "honest" miner's blocks through superior connectivity, but I just don't see that working in any realistic environment. Resistance against Sybil attacks is always welcome, of course, as is better connectivity among "honest" miners.

The main flaw, as I see it, is that the paper assumes 33% of the hashrate is controlled by someone willing to undermine the network in this way. There are pools with 33% of the hashrate, but the pool's administrators can't do this on their own, and I can't see a majority of the miners going along with this scheme to make some short-term cash at the expense of long-term trust in Bitcoin. If miners were purely profit-oriented we'd probably end up with a monopoly anyway--larger pools are more efficient and have less variance than smaller pools. As long as miners continue to keep an eye on the pool operators' policies with an eye toward maintaining the long-term value of Bitcoin, there is no issue.

The paper suggests selecting the active blockchain out of two equal-length candidates randomly to thwart Sybil attacks. My own proposal is a bit different: implement a hysteresis function to make it more difficult to switch blockchains. Instead of switching whenever a new chain is strictly more difficult than the current chain, switch when the new chain's total difficulty is strictly greater than the current chain's difficulty, plus the square of the difficulty of all the blocks which are only in the old chain. To extend the old chain by one block, no penalty. To undo/replace one block, your chain has to be at least two blocks longer rather than just one. To undo two blocks, your chain has to be more than four blocks longer. To undo six blocks, more than thirty-six blocks longer, etc. As a bonus, this could probably replace the current checkpoint system, since no one is going to get the four million block lead which would be necessary to undo the last two weeks (2016 blocks) of progress on the main blockchain, and checkpoints are generally less frequent than that.

Somebody wants cheap coins!! 


COME AND GET THEM!!!

I fail to see how this is even relevant... are they trying to claim a small network making up about 10% of the total BTC hashrate has event he REMOTEST chance to outpace the 90% in block solutions... it is mathematically impossible... the 10% on average would only be able to generate blocks at this difficulty 1/10th as quickly as the main network...

Am I missing something here... or is that just a blatant oversight by the university? 10% of the hashrate cannot generate the same amount of blocks as 90% in the same time period at the same difficulty... paper debunked.

shit, dude --- if the outcome of "major flaw" is as we experience this very moment, i hope they find such flaws every week !

We don't blink, because we know more. It is they who will be hit. They are like wandering zombies, and when bitcoin hits, they will never know what it is before it is too late.

Because this 'major flaw' isn't relevant to bitcoin as it is right now.

i don't think bad news can really affect a bull market like this. this rally wont stop till the bubble is ready to pop.  

FUD 

The Chinese probably know nothing about bitcoin, other than that it's going up and making them money.

I find it interesting that the old methods of attack do not even get a blink out of Bitcoin users.

University professors take it on, politicians try to stop it.

I fully expect a public attack by George Clooney at any moment which will be seen as the final nail in the coffin of this whole "Bitcoin" idea to be followed shortly thereafter by a rise in the price of Bitcoin. And the establishment will be flaberghasted that people are not dropping it left and right.

The author Explained with Donald Duck cartoons Academics is a joke these days. http://hackingdistributed.com/2013/11/04/bitcoin-is-broken/

EDIT: This is basically what notme said above, except with more words. Paper is fail. Flaw is not "major" and proposed fix in some way makes the exploit easier. TL;DR is the parts that I bolded. Gmaxwell to the rescue:

I just read it.  They misunderstand one key thing:

The choice is not arbitrary.  Miners work on the first block they see.

The "attack" is to withold a found block until someone else publishes a block.  Then you publish your block and split the miners.  Except, you didn't broadcast until you saw the other block.  And by that time, probably half of the network had seen it too.  So that leaves you, a single broadcast node competing against the broadcast power of half the nodes in the network for the remaining portion the mining power.

Their "fix" is to randomize the choice any time a node sees a different fork than the one they see.  Not only does this require you to track each fork (so they don't spam you with the same one, eventually you would "randomly" choose it), but it allows their attack a chance to work.  Without their proposed fix, they would be pissing into the wind.

Is there evidence that P2Pool would alleviate the situation? So long as P2Pool is honest, it seems the selfish mining strategy still gives an advantage. The real way to solve this is a change to the consensus algorithm.

Yeah much more stronger than when "the debt ceiling didn't pass" dropped it by 14%

Wow, not even a jitter in the Bitcoin price with this coming out. This is quite the stable rise.

I don't think anyone who is buying bitcoin would even care about anything to do mining as long as their own coins weren't affected and the network still worked.

Has anyone actually read the study? It seems like a legitimate problem from a cursory glance. Bitcoin miners should take steps to prevent selfish mining.

As the paper points out, what we thought was a 51% attack looks to be a 26% attack.

So this is really nothing new...   ok.

What's with Eyal?

Panic button! (:sarcasm:)

Panic seeds! Never trust a person named Eyal.

https://bitcointalksearch.org/topic/majority-is-not-enough-bitcoin-mining-is-vulnerable-324413

http://www.sciencedaily.com/releases/2013/11/131104112234.htm

But post-doctoral fellow Ittay Eyal and Prof. Emin Gün Sirer have discovered that the conventional wisdom is wrong. In a paper that was released on ArXiv today, they describe a mining strategy they call Selfish-Mine, which allows a group of colluding miners, known as a mining pool, to earn more than its fair share of compensation. Moreover, large mining pools can use this strategy to increase their revenue even more, at the expense of honest miners.

The implications of this result are devastating for the system, say Eyal and Sirer. Once a selfish mining pool forms, other miners will want to join that pool to increase their revenue. This process could lead to a takeover, where the selfish miners become a majority, control the global Bitcoin ledger, and the decentralized nature of the currency collapses.