Topic: Mining client capable of automated hash withholding to prevent 51% attacks? (Read 1041 times)

That's the realization that I've come to.  Without something built into the network to force block finders to correctly identify themselves, this will never work automatically.

That would require the ability to identify the producers of the blocks and I don't think will be feasible.

Because that requires miner intervention.  Ideally the network itself would be able to enforce it.

Instead of withholding work, why not just switch pools?

You're absolutely right, I don't have all the answers.  I'm trying to foster discussion about what can be done about it from a technical perspective, just because we don't have the solution yet doesn't mean that we should just stop trying and forget about it.

You seem to prefer to let it happen and try again.  What I'm saying is that if Bitcoin goes down in flames (if another crypto comes along and unseats Bitcoin due to technical superiority or better marketing, that's a different story) we may not get a second chance at this, not as a worldwide phenomenon.  We're just now gaining credibility and people are paying attention and realizing that we're really onto something here.  Like it or not, public opinion matters.  A lot.

Yep - got to 40%+ and the problem was corrected by the community. that's what happens.

The thing is, you don't offer a viable solution. Nobody ever does. This thread is yet another (of 1000) "I'm scare of a 51% attack" threads. What's the point of rehashing the same topic over and over?

If bitcoin really is this "risky" then it deserves to fail and get replaced by a different crypto that doesn't allow for a 51% attack.

I think you're being completely unrealistic.  How could the average Joe trust crypto when a 10 billion dollar market cap was obliterated nearly overnight?  I'm a strong supporter of crypto, but even I would have a hard time jumping ship to something else after seeing something like that happen.  If I would be a bit reluctant I can only image what Joe plumber is going to think about this whole crazy internet money thing that he doesn't even really understand anyway.  Would we all jump to Litecoin(which I do hold, but that's not the point)?  What happens when said government does it again 6 months later?  How many times do they play whackamole before the moles just stop popping up?

Why don't we just nip this part of the problem in the bud as a community and work to get away from centralized mining?  We saw how quickly things can happen when ghash.io had 40+% recently, but we seem to have lost steam and everyone has quickly forgotten...

If a government paid the pools a billion dollars to perform a 51% attack a different crypto would take its place within a week. Taxpayers money down the drain.

Why do you think that it will never play out?  The other worry that I have(which this doesn't address, even if we could come up with a way to make it work) is a malicious government or corporate entity with incredibly deep pockets building their own ASIC and overpowering the network.  But I don't know what(if anything) we could do about that.  Of course, this becomes less likely by the day as hashrate continues to increase...

But suppose that previously mentioned malicious organization decides to instead take a shortcut and offers the the 3 largest pool operators $200mm USD each to behave badly and destroy confidence in the network.  If only two accept, that's enough.  Do you think they'd all turn it down?  Are you sure?  Really sure?  Really really sure?  What if it was $500mm?  1 billion?  There's some vested interests out there with potentially trillions to lose if Bitcoin really gets off the ground.  Do you think they'll take this lying down?

In my opinion, centralized pools are our biggest threat, second only to crippling regulation in the countries with the largest Bitcoin participation rates.  This is intended to be decentralized to prevent the few from bringing the whole thing down, centralized mining pools fly in the face of the whole idea of cryptocurrency in my opinion.

I've got an idea. Stop creating solutions (that turn out never to work), to a problem that will never play out.

That's exactly the sort of thing that I was hoping that there might be a way to circumvent.

The more that I think about this, the more that I think that increased P2Pool adoption is the only real answer...

What's to stop them from creating pool management software that spawns a clone with a new wallet when it recognizes that it is at a set percentage of the total mining operations. Once the clone is spun up, then the pool management software can load balance the miners without their even knowing that it's happening.

Or, just make all mining pool management software load balance to three wallets as a default and even a single pool can't make a 51% attack.

So at this point, we all know what sort of damage a 51% attack could do to our credibility, right?

What all of us may not know is, there's a potential solution that doesn't rely on morals or ethics(if we can make it that way, I'll explain in a moment).

It's possible for miners to negatively impact a pool's overall income by withholding valid hashes.  See here for details: http://coinbits.com/2014/01/22/how-you-can-stop-a-51-attack/

Now the problem with this is, a client capable of performing the attack isn't enough because it depends on the miners to decide when to execute it.

I'm of the opinion that one should never craft a moral solution to a technical problem...what if we were able to create a client that could intelligently determine when a single pool was over XX% of network hashrate and invoke the attack all on its own?

The problem that I'm having here is figuring out how to decentralize the information that the miners use to determine if the next round is an attack round or not.  The block chain seems the logical place to go, but we currently depend on the pools to be honest about which pool published the block, right?

I'm beginning to think that a solution of this nature is going to require buy in from Bitcoin core dev.  Perhaps the pools would have some required way to sign blocks so that the miners could look at the signatures for the last XX hours and determine if a single signature published too many?  But then how do you deal with variance due to luck, you don't want to punish a pool/miners for being lucky, right?

Then how do you keep a pool under a single person's control from masquerading as multiple pools with multiple signatures?  Obviously we can't create a centralized signature authority.

I'm thinking that once the PoC has been demonstrated that the threat alone would be enough to cause pools to self-regulate and this hopefully wouldn't kick in very often.

Anyone have any other ideas?