Pages:
Author

Topic: Majority is not Enough: Bitcoin Mining is Vulnerable - page 9. (Read 51057 times)

donator
Activity: 980
Merit: 1004
felonious vagrancy, personified
This is a statistical fallacy. Two blocks will always be equally difficult when they were mined with the same target.

This is a definitional fallacy.


What you mean to say is that clients prefer to choose the block with the least block hash.

What you mean is the most difficulty, which is not the same as the numerical block hash.  The natural numbers less than 2^256 are a total order, but difficulty is a partial order on block hashes.

For any target, blocks with these two hashes both meet that target.  Therefore two blocks with these two hashes are of equal difficulty even though the first one has the numerically least block hash:

Code:
  0xffffffffffffffffffff0000
  0x000000000000000000000000000f0000
sr. member
Activity: 336
Merit: 250
legendary
Activity: 1400
Merit: 1013
"Difficulty" and "target" are actual technical terms with precise definitions in the block protocol.
That is true.

However, since virtually everyone says "difficulty" when they really mean "target", and since the wiki uses "work" to refer to difficulty, using the most common convention will prevent a lot of confusion.
legendary
Activity: 1120
Merit: 1160
your blocks ends up increasing the risk that you get orphaned since nodes prefer the first block they heard.

I think this assumption of theirs is the flaw.

Successful pools do not build on the first block they hear; they build on the most difficult block they hear.

You're wrong: nobody does that and doing so puts the miner at a disadvantage because the block you hear about first is the one most likely to have propagated to a majority of the network. It is however a possible way to mitigate this attack and in an email to bitcoin-development one of the authors specifically stated they thought of that idea and left it out of their paper due to space constraints:

Quote
Here is a solution we did not put in the paper due to space constraints
that should alleviate your concern:

Instead of locally choosing a block at random, have a deterministic
pseudo-random mechanism for choosing between competing chains. E.g., take
the one whose last block hash is smaller. This way all miners choose the
same chain, and the guarantees of our solution hold.

I'm working on analyzing a stronger version of this solution that would make the choice to mine the smaller block hash be short-term economically rational for miners.
sr. member
Activity: 336
Merit: 250
Umm WTF are you talking about? Try reading it again, only this time whilst not high on Bitcrack. Maths + human nature= a selfish mining future and the end of Cultcoin. In a sense the popularity you so longed Bitcoin to have has destroyed it as peer review is demonstrating just how architecturally boken Bitcoin is.

Do you have a specific criticism?

You are welcome to set up a selfish mining rig and prove me wrong.  Unless you have sufficient hash power to be mining blocks very frequently, no one is even going to notice you exist.

This is an academic exercise with very tiny practical implications, and in any case, a very small threat on the long list of threats.




Umm, well apart from the fact that the cost for any rogue government or bank to bring down Bitcoin has now decreased dramatically, I think you are naive to think that selfish mining won't become the norm. For all the phoney idealism, allI see and hear from Bitcoin cultists is a desire to get rich quick, for easy money made riding a speculative bubble. All profess their sincere belief in Bitcoin as a currency, and yet strangely that nasty old state fiat they claim to hate is what they can;t wait to get their hands on.

In other words, your community is comprised of speculators and get rick quick wannabes, it is laughably naive to believe they won' game the system, if only because so many others will to refraim would be hugely disadvantageous.
legendary
Activity: 1078
Merit: 1006
100 satoshis -> ISO code
Google news is showing a number of articles which amount to FUD, and are multiplying like gremlins.
Perhaps the Bitcoin Foundation should put up a short rebuttal / press release encapsulating some of the information in this thread. While the Eyal paper has some merit - it is certainly not a situation of "'Bitcoin Is Broken' And Could Collapse"

Bitcoin flaw could let group take control of currency
CNNMoney - ‎3 hours ago‎
The flaw is due to the nature of how bitcoins are created -- people "mine" them by solving a complex puzzle with their computers. If used correctly, the system is set up so that someone guesses correctly every 10 minutes, and the winner gets 25 bitcoins.
http://money.cnn.com/2013/11/04/technology/bitcoin-flaw/

Bitcoin Researchers: You Can Game the System
Mashable - ‎10 hours ago‎
Computer science researchers at Cornell University claim to have found a way to subvert the system driving production of the digital currency Bitcoin. The researchers call their technique “selfish mining,” through which individuals or groups of Bitcoin miners ...
http://mashable.com/2013/11/04/bitcoin-cornell-researchers/

Researchers Say 'Bitcoin Is Broken' And Could Collapse
Yahoo!7 News - ‎1 hour ago‎
The problem is with how people "mine" bitcoins. Mining is how bitcoins are created. Most people don't mine bitcoins anymore. They buy them or take them as payment. But some people are in the business of mining coins with special bitcoin-mining computers ...
http://au.finance.yahoo.com/news/researchers-bitcoin-broken-could-collapse-014448102.html

Cornell Researchers Found a Way to Game Bitcoin
RYOT - ‎2 hours ago‎
It's entirely likely and understandable, despite our better efforts to bombard you with Bitcoin stories recently, that you still don't know what Bitcoin is. (To be honest, 92 articles about it later we still don't fully grasp it.) But all you need to know is that it's digital ...
Bitcoin open to takeover, researchers discover with new algorithm
http://www.ryot.org/cornell-researchers-claim-able-game-bitcoin/456361

Science Daily (press release) - ‎58 minutes ago‎
Nov. 4, 2013 — A major flaw that has gone unrealized until now leaves the $1.5 billion Bitcoin market open to manipulation and a potential takeover, according to a new study by two Cornell University computer scientists.
http://www.sciencedaily.com/releases/2013/11/131104112234.htm
legendary
Activity: 1246
Merit: 1077
The minimum difficulty required for a block to be valid is the thing that stays the same.  Within that 2016-block window the actual difficulty of various blocks varies above that threshold.

It would be less ambiguous if you said, "Successful pools do not build on the first block they hear; they build on the block with the highest work they hear."

Well, we're splitting hairs here, but technically I might have gotten lucky and not worked very hard to find a block whose hash, in binary, ends with 250 zeroes in a row (outrageously high difficulty).

But yeah we're talking about the same thing.

This is a statistical fallacy. Two blocks will always be equally difficult when they were mined with the same target.

What you mean to say is that clients prefer to choose the block with the least block hash. This is effectively a deterministic pseudo-random algorithm for choosing which block to build on. I do not remember this being the case, but it is possible this has changed recently.
donator
Activity: 980
Merit: 1004
felonious vagrancy, personified
This is an academic exercise

It isn't even that; arxiv is not peer reviewed.
full member
Activity: 327
Merit: 124
Umm WTF are you talking about? Try reading it again, only this time whilst not high on Bitcrack. Maths + human nature= a selfish mining future and the end of Cultcoin. In a sense the popularity you so longed Bitcoin to have has destroyed it as peer review is demonstrating just how architecturally boken Bitcoin is.

Do you have a specific criticism?

You are welcome to set up a selfish mining rig and prove me wrong.  Unless you have sufficient hash power to be mining blocks very frequently, no one is even going to notice you exist.

This is an academic exercise with very tiny practical implications, and in any case, a very small threat on the long list of threats.

donator
Activity: 980
Merit: 1004
felonious vagrancy, personified
The minimum difficulty required for a block to be valid is the thing that stays the same.  Within that 2016-block window the actual difficulty of various blocks varies above that threshold.

It would be less ambiguous if you said, "Successful pools do not build on the first block they hear; they build on the block with the highest work they hear."

Well, we're splitting hairs here, but technically I might have gotten lucky and not worked very hard to find a block whose hash, in binary, ends with 250 zeroes in a row (outrageously high difficulty).  "Difficulty" and "target" are actual technical terms with precise definitions in the block protocol.

But yeah we're talking about the same thing.
legendary
Activity: 1400
Merit: 1013
Blocks that are not near a difficulty change will always have the same difficulty.

No, the difficulty of a block is binomially distributed.

The minimum difficulty required for a block to be valid is the thing that stays the same.  Within that 2016-block window the actual difficulty of various blocks varies above that threshold.
It would be less ambiguous if you said, "Successful pools do not build on the first block they hear; they build on the block with the highest work they hear."
donator
Activity: 980
Merit: 1004
felonious vagrancy, personified
Blocks that are not near a difficulty change will always have the same difficulty.

No, the difficulty of a block is binomially distributed.

The minimum difficulty required for a block to be valid is the thing that stays the same.  Within that 2016-block window the actual difficulty of various blocks varies above that threshold.
legendary
Activity: 1246
Merit: 1077
your blocks ends up increasing the risk that you get orphaned since nodes prefer the first block they heard.

I think this assumption of theirs is the flaw.

Successful pools do not build on the first block they hear; they build on the most difficult block they hear.

If you rerun their calculations under that assumption, the cost of losing the work done on their second block in the private two-block chain swamps out any possible benefit.

If the end-user bitcoin-qt client is using the "first block heard" rather than "most difficult block heard", then it's a bug, and one that is already fixed on the network nodes that matter most for security (the mining pools and large solo miners).


Blocks that are not near a difficulty change will always have the same difficulty.
donator
Activity: 980
Merit: 1004
felonious vagrancy, personified
your blocks ends up increasing the risk that you get orphaned since nodes prefer the first block they heard.

I think this assumption of theirs is the flaw.

Successful pools do not build on the first block they hear; they build on the most difficult block they hear.

If you rerun their calculations under that assumption, the cost of losing the work done on their second block in the private two-block chain swamps out any possible benefit.

If the end-user bitcoin-qt client is using the "first block heard" rather than "most difficult block heard", then it's a bug, and one that is already fixed on the network nodes that matter most for security (the mining pools and large solo miners).

Here is where they acknowledge introducing this bug in their simulation:

Quote
In the case of two branches of the same length, we artificially divide the non-pool miners such that a ratio of γ of them mine on the pool’s branch and the rest mine on the other branch.
legendary
Activity: 1120
Merit: 1160
My ELI5 explanation that I posed to bitcoin-development might help people understand the attack:

Alice is a miner with some amount of hashing power. She has the ability to detect new blocks on the network extremely effectively because she has controls a lot of nodes with low-latency, high-bandwidth connections; in short she has unusually good knowledge of the state of the network. She is also very good at publishing her blocks and getting them to the majority of hashing power in very little time; she has unusually good connectivity to all miners. (again low-latency and high bandwidth)

She's so good at this that when she finds a new block, she keeps it a secret! She can get away with this because she knows that the moment any other miner, like Bob, finds a block, she can immediately broadcast it to the rest of the network before the other block propagates. Instead of building on Bob's blocks, almost everyone builds on Alice's block, having seen it first, depriving Bob of the revenue. Gradually Alice gets more and more miners because all the other pools don't pay out as much as Alice's pool does. This eventually leads to Alice having a majority of hashing power, or if not that due to social pressure, a majority of the mining revenue.
sr. member
Activity: 336
Merit: 250
I just printed out the paper and read it.

Since the algorithm for "Selfish Mining" is now public, all miners have an opportunity to employ it if they feel it gives them an advantage.  So the notion that there is only a single pool of colluding miners growing as other miners join it to reap its advantages is moot.

Initially the colluding pool is a small fraction of total hashrate, and therefore has a vanishingly small probability of being able to mine consecutive blocks on its private chain.  So the only thing it can do is force other people to waste time by delaying publication when it mines a block, and some fraction of the time, its block wins over the public block, and people who have attempted to append to that block lose their work.

This seems to me to be such a small epsilon in the hashing activity that no one is really going to care, and no one is going to bother to do Selfish Mining.  The work to reward ratio here is pretty large.

So basically, "Nothing to See Here," and no modification to the Bitcoin protocol is needed.








Umm WTF are you talking about? Try reading it again, only this time whilst not high on Bitcrack. Maths + human nature= a selfish mining future and the end of Cultcoin. In a sense the popularity you so longed Bitcoin to have has destroyed it as peer review is demonstrating just how architecturally boken Bitcoin is.
sr. member
Activity: 336
Merit: 250
b) increased transaction rates mean more money spent on overhead, rather than the hashing power that keeps bitcoin secure
Yeah, well there's a huge amount of room for optimization there that currently isn't being done.

Either the transaction rate goes up high enough to pay for all this mining infrastructure or else Bitcoin dies.


And if you'd read and understood the paper you would know it is the latter; maths and human nature= bye bye Bitcoin. But fear not cryptocurrency cultists there are already a few hundred alternative ponzi scheme for you to get involved in.
legendary
Activity: 1400
Merit: 1013
b) increased transaction rates mean more money spent on overhead, rather than the hashing power that keeps bitcoin secure
Yeah, well there's a huge amount of room for optimization there that currently isn't being done.

Either the transaction rate goes up high enough to pay for all this mining infrastructure or else Bitcoin dies.
legendary
Activity: 1120
Merit: 1160
something we may need some time in the future as the profit margins in mining become lower.
Profit margins will go up when the transaction rate gets high enough to generate significant transaction fees compared to the block subsidy.

a) mining is a zero-sum game

b) increased transaction rates mean more money spent on overhead, rather than the hashing power that keeps bitcoin secure
legendary
Activity: 1400
Merit: 1013
something we may need some time in the future as the profit margins in mining become lower.
Profit margins will go up when the transaction rate gets high enough to generate significant transaction fees compared to the block subsidy.
Pages:
Jump to: