Bitcoin Forum>Bitcoin>Development & Technical Discussion
Pages:
Author

Topic: Majority is not Enough: Bitcoin Mining is Vulnerable - page 8. (Read 51020 times)

jl2012
legendary
Activity: 1792
Merit: 1111
Re: Majority is not Enough: Bitcoin Mining is Vulnerable
November 05, 2013, 12:58:13 AM
#66
Quote from: justusranvier on November 05, 2013, 12:53:43 AM
Quote from: jl2012 on November 05, 2013, 12:52:02 AM
All ASIC will be broken so basically no one will follow this hardfork.
All ASICs get replaced after a few months anyway, so it would be no problem to define it 6-12 months in the future before implementing it.

The arm-race won't last indefinitely and it will eventually slow down. I don't see any chance to change the format of the 80bytes header unless absolutely needed, e.g. SHA256 weakened or timestamp overflow in the far future
justusranvier
legendary
Activity: 1400
Merit: 1009
Re: Majority is not Enough: Bitcoin Mining is Vulnerable
November 05, 2013, 12:53:43 AM
#65
Quote from: jl2012 on November 05, 2013, 12:52:02 AM
All ASIC will be broken so basically no one will follow this hardfork.
All ASICs get replaced after a few months anyway, so it would be no problem to define it 6-12 months in the future before implementing it.
jl2012
legendary
Activity: 1792
Merit: 1111
Re: Majority is not Enough: Bitcoin Mining is Vulnerable
November 05, 2013, 12:52:02 AM
#64
Quote from: justusranvier on November 05, 2013, 12:42:52 AM
1) Make the nonce long enough that the extraNonce field is no longer needed in the coinbase transaction.



All ASIC will be broken so basically no one will follow this hardfork.

This could be accomplished by the aux-block softfork I proposed earlier: https://bitcointalksearch.org/topic/auxiliary-block-increasing-max-block-size-with-softfork-283746
Peter Todd
legendary
Activity: 1120
Merit: 1152
Re: Majority is not Enough: Bitcoin Mining is Vulnerable
November 05, 2013, 12:50:53 AM
#63
Quote from: jl2012 on November 05, 2013, 12:41:39 AM
We only need a majority of miners to change. Any fix would be completely transparent to users.

Maybe, maybe not.

One of the fixes I'm looking into would require a hard-fork, but it may prove to be a more effective fix than any solution.

We'll see.
dree12
legendary
Activity: 1246
Merit: 1077
Re: Majority is not Enough: Bitcoin Mining is Vulnerable
November 05, 2013, 12:50:19 AM
#62
Quote from: eldentyrell on November 04, 2013, 11:59:06 PM
Quote from: dree12 on November 04, 2013, 11:50:02 PM
Quote from: eldentyrell on November 04, 2013, 11:34:42 PM
What you mean is the most difficulty, which is not the same as the numerical block hash.  The natural numbers less than 2^256 are a total order, but difficulty is a partial order on block hashes.

What are you talking about?

You deleted my example; that may be the source of your confusion…

Here, look at it in fixed-width font, with some emphasis:


  0xffffffffffffffffffffffffffff0000
  0x000000000000000000000000000f0000


See how they have the same number of trailing zeroes?  For any target you choose, either both will match it or neither will.  Yet these two numbers are not equal.  Therefore difficulty is creates a partial order on block hashes.  On the other hand "less than" is a total order on block hashes.

Your example would be easier to understand if you wrote it in big endian, but now I see your point.
chriswilmer
legendary
Activity: 1008
Merit: 1000
Re: Majority is not Enough: Bitcoin Mining is Vulnerable
November 05, 2013, 12:45:17 AM
#61
Hey guys,

Could one of you be so nice as to test my understanding of a nuance of the Selfish-Miner attack?

I THINK I understand how, if information about blocks isn't stifled, then the selfish mining strategy wouldn't work (because you couldn't reveal your privately found block quickly enough to orphan the block found by honest miners). However, and I am just asking out of intellectual curiosity... if you have already found TWO blocks privately (for whatever reason)... then it would ALWAYS be better to continue mining in private, right? Because as soon as the network finds one block, you can reveal your two... and if you find three, then you can keep going and only reveal your hand when the network finds n-1 blocks. Am I thinking correctly?
justusranvier
legendary
Activity: 1400
Merit: 1009
Re: Majority is not Enough: Bitcoin Mining is Vulnerable
November 05, 2013, 12:42:52 AM
#60
Quote from: acoindr on November 05, 2013, 12:28:55 AM
This problem as I see it is non-existent. As I've talked about before Mining Block References (MBRs) can tremendously reduce latency which would squash this attack.
1) Make the nonce long enough that the extraNonce field is no longer needed in the coinbase transaction.

2) Now it's possible for miners to broadcast their Merkle tree as soon as they start hashing (10 minutes on average before they finish)

3) When they find a valid hash, now they only need to broadcast the block header because the rest of the network has (usually) already received and validated the Merkle tree.

4) Block header propagation is very fast and not dependent of the size of the blocks.
jl2012
legendary
Activity: 1792
Merit: 1111
Re: Majority is not Enough: Bitcoin Mining is Vulnerable
November 05, 2013, 12:41:39 AM
#59
Quote from: Peter Todd on November 04, 2013, 11:41:12 PM
Quote from: revans on November 04, 2013, 11:30:35 PM
That is an accurate headline. Bitcoin is fundamentally broken per these findings, and significant exploitation of these findings (which given human nature and financial incentives is inevitable) Bitcoin will collapse. Bitcoiners can issue all the press releases attempting to debunk this reality as they like, it won't change a damn thing. The only question is how quickly this exploitation happens, and how rapidly it poisons the whole network

Your view assumes Bitcoin is a static thing; Bitcoin can be changed in response to this attack

What the Bitcoin Foundation should be doing is releasing a press release welcoming the Cornell researchers competent analysis of the flaws in the system, while pointing out that one of the strengths of Bitcoin is that flaws can be corrected if a clear majority of Bitcoin users choose to change the software they run.

We only need a majority of miners to change. Any fix would be completely transparent to users.

Selfish-mining won't be successful without a low latency connection and/or Sybil attack.

Low latency connection itself is expensive, and we can nullify its advantage by relaying unverified block headers. People will always assume a block header is valid unless it is proven otherwise, and always mine on top of the first seen header. (I think creating invalid block header is very expensive and no one is trying to do this. Any stats for this?)

On the other hand, we can make a Sybil attack expensive: non-p2p alternative block broadcasting channels, certified nodes and miners, full nodes on TPM, restricting number of peers from the same ip range or the same country

With all these optimizations, I don't think selfish-mining is profitable
eldentyrell
donator
Activity: 980
Merit: 1004
felonious vagrancy, personified
Re: Majority is not Enough: Bitcoin Mining is Vulnerable
November 05, 2013, 12:38:02 AM
#58
Quote from: Enochian on November 05, 2013, 12:33:48 AM
By now, the Bitcoin market has priced in this information.  Bitcoin is at $239 on Mt. Gox.


^^ best post in thread
Enochian
full member
Activity: 327
Merit: 124
Re: Majority is not Enough: Bitcoin Mining is Vulnerable
November 05, 2013, 12:33:48 AM
#57
Quote from: revans on November 04, 2013, 11:59:57 PM
Well so far the Bitcoin community of cultists have done little but accuse the researchers of being part of a government plot to destroy Bitcoin, and some idiot has even put a Bitcoin bounty on their heads.

As to changing client software, it will ameliorate the problem, but it cannot fix it.

By now, the Bitcoin market has priced in this information.  Bitcoin is at $239 on Mt. Gox.  Bitcoin doesn't care, and neither should you.



acoindr
legendary
Activity: 1050
Merit: 1002
Re: Majority is not Enough: Bitcoin Mining is Vulnerable
November 05, 2013, 12:28:55 AM
#56
Quote from: solex on November 04, 2013, 11:24:56 PM
Google news is showing a number of articles which amount to FUD, and are multiplying like gremlins.
Perhaps the Bitcoin Foundation should put up a short rebuttal / press release encapsulating some of the information in this thread. While the Eyal paper has some merit - it is certainly not a situation of "'Bitcoin Is Broken' And Could Collapse"
...

I agree it would be nice for Bitcoin Foundation to try and get a boot on this.

This problem as I see it is nonexistent. As I've talked about before Mining Block References (MBRs) can tremendously reduce or eliminate latency which would squash this attack.

To conceptualize how this works imagine a group passing a glass of wine to share. It takes a while for the wine to "propagate" to each person's mouth because it's passed one by one. It would be more efficient to place the glass at front and connect several straws from it to every person. Propagation is then basically instant. All a (voluntary) MBR does is serve as a reference point for finding and informing about found blocks, which reduces latency tremendously.
jl2012
legendary
Activity: 1792
Merit: 1111
Re: Majority is not Enough: Bitcoin Mining is Vulnerable
November 05, 2013, 12:11:29 AM
#55
Quote from: Peter Todd on November 04, 2013, 11:03:45 PM
My ELI5 explanation that I posed to bitcoin-development might help people understand the attack:

Alice is a miner with some amount of hashing power. She has the ability to detect new blocks on the network extremely effectively because she has controls a lot of nodes with low-latency, high-bandwidth connections; in short she has unusually good knowledge of the state of the network. She is also very good at publishing her blocks and getting them to the majority of hashing power in very little time; she has unusually good connectivity to all miners. (again low-latency and high bandwidth)

She's so good at this that when she finds a new block, she keeps it a secret! She can get away with this because she knows that the moment any other miner, like Bob, finds a block, she can immediately broadcast it to the rest of the network before the other block propagates. Instead of building on Bob's blocks, almost everyone builds on Alice's block, having seen it first, depriving Bob of the revenue. Gradually Alice gets more and more miners because all the other pools don't pay out as much as Alice's pool does. This eventually leads to Alice having a majority of hashing power, or if not that due to social pressure, a majority of the mining revenue.

"low-latency and high bandwidth" is not free. Unless the extra revenue can cover the cost, it is still economically prohibitive to do this
revans
sr. member
Activity: 336
Merit: 250
Re: Majority is not Enough: Bitcoin Mining is Vulnerable
November 04, 2013, 11:59:57 PM
#54
Quote from: Peter Todd on November 04, 2013, 11:41:12 PM
Quote from: revans on November 04, 2013, 11:30:35 PM
That is an accurate headline. Bitcoin is fundamentally broken per these findings, and significant exploitation of these findings (which given human nature and financial incentives is inevitable) Bitcoin will collapse. Bitcoiners can issue all the press releases attempting to debunk this reality as they like, it won't change a damn thing. The only question is how quickly this exploitation happens, and how rapidly it poisons the whole network

Your view assumes Bitcoin is a static thing; Bitcoin can be changed in response to this attack

What the Bitcoin Foundation should be doing is releasing a press release welcoming the Cornell researchers competent analysis of the flaws in the system, while pointing out that one of the strengths of Bitcoin is that flaws can be corrected if a clear majority of Bitcoin users choose to change the software they run.

Well so far the Bitcoin community of cultists have done little but accuse the researchers of being part of a government plot to destroy Bitcoin, and some idiot has even put a Bitcoin bounty on their heads.

As to changing client software, it will ameliorate the problem, but it cannot fix it.
eldentyrell
donator
Activity: 980
Merit: 1004
felonious vagrancy, personified
Re: Majority is not Enough: Bitcoin Mining is Vulnerable
November 04, 2013, 11:59:06 PM
#53
Quote from: dree12 on November 04, 2013, 11:50:02 PM
Quote from: eldentyrell on November 04, 2013, 11:34:42 PM
What you mean is the most difficulty, which is not the same as the numerical block hash.  The natural numbers less than 2^256 are a total order, but difficulty is a partial order on block hashes.

What are you talking about?

You deleted my example; that may be the source of your confusion…

Here, look at it in fixed-width font, with some emphasis:


  0xffffffffffffffffffffffffffff0000
  0x000000000000000000000000000f0000


See how they have the same number of trailing zeroes?  For any target you choose, either both will match it or neither will.  Yet these two numbers are not equal.  Therefore difficulty is creates a partial order on block hashes.  On the other hand "less than" is a total order on block hashes.
revans
sr. member
Activity: 336
Merit: 250
Re: Majority is not Enough: Bitcoin Mining is Vulnerable
November 04, 2013, 11:57:29 PM
#52
Quote from: Enochian on November 04, 2013, 11:37:15 PM
Quote from: revans on November 04, 2013, 11:30:35 PM
That is an accurate headline. Bitcoin is fundamentally broken per these findings, and significant exploitation of these findings (which given human nature and financial incentives is inevitable) Bitcoin will collapse. Bitcoiners can issue all the press releases attempting to debunk this reality as they like, it won't change a damn thing. The only question is how quickly this exploitation happens, and how rapidly it poisons the whole network

Fun times ahead.

You can't seriously think that a mining pool waiting to announce its blocks until they invalidate the maximum amount of other peoples' computation is going to significantly perturb the network unless that mining pool already has a non-trivial fraction of the total hashrate.

The network is hardly in any danger of being poisoned.

 


As things stand that is exactly what I think. Client patches can ameliorate the issue, but not fix it.
dree12
legendary
Activity: 1246
Merit: 1077
Re: Majority is not Enough: Bitcoin Mining is Vulnerable
November 04, 2013, 11:50:02 PM
#51
Quote from: eldentyrell on November 04, 2013, 11:34:42 PM
Quote from: dree12 on November 04, 2013, 11:23:32 PM
This is a statistical fallacy. Two blocks will always be equally difficult when they were mined with the same target.

This is a definitional fallacy.


Quote from: dree12 on November 04, 2013, 11:23:32 PM
What you mean to say is that clients prefer to choose the block with the least block hash.

What you mean is the most difficulty, which is not the same as the numerical block hash.  The natural numbers less than 2^256 are a total order, but difficulty is a partial order on block hashes.

What are you talking about?

Let's say I have two hashes: 0xF000 and 0xEFFF. Target is 0xFF00. Then:
  • The two hashes have the same difficulty.
  • The second hash is numerically less than the first.
eldentyrell
donator
Activity: 980
Merit: 1004
felonious vagrancy, personified
Re: Majority is not Enough: Bitcoin Mining is Vulnerable
November 04, 2013, 11:43:21 PM
#50
Quote from: Peter Todd on November 04, 2013, 11:29:38 PM
You're wrong: nobody does that

I think you mean you don't do that.



Quote
E.g., take
the one whose last block hash is smaller. This way all miners choose the
same chain, and the guarantees of our solution hold.

This is not a new idea at all.  As far as public postings, it's been on this page on the bitcoin wiki for at least six months, and there was definitely a mention of it on bitcoin-dev about a year ago (I will post the reference when I find it).  And, as I've mentioned, it's pervasive in the modified clients used by large mining operations, although those are not public so you're welcome to shout "liar liar pants on fire" all you like and I won't get upset Smiley



I think the people who wrote this paper took Satoshi's original whitepaper too literally:

Quote
Nodes always consider the longest chain to be the correct one and will keep working on extending it. If two nodes broadcast different versions of the next block simultaneously, some nodes may receive one or the other first. In that case, they work on the first one they received, but save the other branch in case it becomes longer. The tie will be broken when the next proof- of-work is found and one branch becomes longer; the nodes that were working on the other branch will then switch to the longer one.

Mining strategy has evolved and adapted, as it must in any incentive-driven system.  For example, Satoshi's whitepaper predicted that transaction fees would be a meaningful incentive, and it's pretty obvious it hasn't turned out that way.
Peter Todd
legendary
Activity: 1120
Merit: 1152
Re: Majority is not Enough: Bitcoin Mining is Vulnerable
November 04, 2013, 11:41:12 PM
#49
Quote from: revans on November 04, 2013, 11:30:35 PM
That is an accurate headline. Bitcoin is fundamentally broken per these findings, and significant exploitation of these findings (which given human nature and financial incentives is inevitable) Bitcoin will collapse. Bitcoiners can issue all the press releases attempting to debunk this reality as they like, it won't change a damn thing. The only question is how quickly this exploitation happens, and how rapidly it poisons the whole network

Your view assumes Bitcoin is a static thing; Bitcoin can be changed in response to this attack

What the Bitcoin Foundation should be doing is releasing a press release welcoming the Cornell researchers competent analysis of the flaws in the system, while pointing out that one of the strengths of Bitcoin is that flaws can be corrected if a clear majority of Bitcoin users choose to change the software they run.
justusranvier
legendary
Activity: 1400
Merit: 1009
Re: Majority is not Enough: Bitcoin Mining is Vulnerable
November 04, 2013, 11:38:50 PM
#48
Quote from: Enochian on November 04, 2013, 11:37:15 PM
You can't seriously think
It's just trolling and market manipulation.
Enochian
full member
Activity: 327
Merit: 124
Re: Majority is not Enough: Bitcoin Mining is Vulnerable
November 04, 2013, 11:37:15 PM
#47
Quote from: revans on November 04, 2013, 11:30:35 PM
That is an accurate headline. Bitcoin is fundamentally broken per these findings, and significant exploitation of these findings (which given human nature and financial incentives is inevitable) Bitcoin will collapse. Bitcoiners can issue all the press releases attempting to debunk this reality as they like, it won't change a damn thing. The only question is how quickly this exploitation happens, and how rapidly it poisons the whole network

Fun times ahead.

You can't seriously think that a mining pool waiting to announce its blocks until they invalidate the maximum amount of other peoples' computation is going to significantly perturb the network unless that mining pool already has a non-trivial fraction of the total hashrate.

The network is hardly in any danger of being poisoned.

 
Pages:
Bitcoin Forum>Bitcoin>Development & Technical Discussion
Jump to: