Mining Protocol Vulnerability | Bitcointalksearch.org

bee7

hero member

Activity: 574

Merit: 523

Quote from: el_rlee on November 11, 2013, 10:07:20 AM

Solution here: https://bitcointalksearch.org/topic/a-block-withholding-miner-267181

It's possible to harm the pool, it's impossible to gain yourself - that's how I read it, if I'm wrong please correct me.

Yes, so, my recall was correct.

el_rlee

legendary

Activity: 1600

Merit: 1014

Solution here: https://bitcointalksearch.org/topic/a-block-withholding-miner-267181

It's possible to harm the pool, it's impossible to gain yourself - that's how I read it, if I'm wrong please correct me.

bee7

hero member

Activity: 574

Merit: 523

Quote from: el_rlee on November 11, 2013, 09:19:22 AM

I might be wrong, but wouldn't this basically mean that you have to know which transactions the pool will mine into the block and which time stamp it uses?
Is there some literature about this attack?

I am a little astonished that basically all the pools shall be vulnerable. This attack would double the evil miners income, hard to believe that it's not more commonly done.

Thanks for you answers.

the getblocktemplate protocol allows you to get a work that usually has 2^64 nonce-space (the original nonce and extra-nonce that is a part of coinbase txn)
Then you split this gob into several ones between some of your miners, for example by submitting to 256 miners the getblocktemplate response that allows 2^56 nonces to be tested. The shares found by miners you pass over to the victim pool except ones that solve the block at current target.

Edit: As far as I remember, the information you receive with getblocktemplate is not enough to submit a block to the network yourself. So, you can make a damage to the victim, but can't get immediate profit from submitting a block. I may be wrong though.

el_rlee

legendary

Activity: 1600

Merit: 1014

I might be wrong, but wouldn't this basically mean that you have to know which transactions the pool will mine into the block and which time stamp it uses?
Is there some literature about this attack?

I am a little astonished that basically all the pools shall be vulnerable. This attack would double the evil miners income, hard to believe that it's not more commonly done.

Thanks for you answers.

gmaxwell

staff

Activity: 4172

Merit: 8419

Thats describing a block withholding attack. The idea is that you mine normally but happen to throw out any block solutions. Because this pool is PPS you get almost exactly your normal pay anyways since block solutions are rare, but the pool goes bankrupt.

It's basically undetectable if performed in a sufficiently advanced way, but it's only a cheap attack to perform if you're attacking a PPS pool. On any kind of pool where the miners take the risk of low luck the attacker also loses a lot of coin this way. Any pool is vulnerable to this if the attacker is willing to pay to put a pool out of business, though some (like p2pool for example) give the finder of a block a slight bonus which further disincentives it (because you can't get your full income without sometimes getting those bonuses).

The only absolute defense against it is solo-mining.

os2sam

legendary

Activity: 3578

Merit: 1090

Think for yourself

It's called a block withholding attack. It has been talked about allot. PPS pools are especially susceptible to it. And individuals can do it, if they modify their miner.

el_rlee

legendary

Activity: 1600

Merit: 1014

From here: https://50btc.com/news/status_28_10_en

Quote

When miner formally connects to the evilpool it actually goes to the 50BTC through a proxy to get a job, and after that evilpool proxies all shares except of winning ones back to 50BTC.

How can that be possible? If it actually is, then why can't an individual miner do that?

Topic: Mining Protocol Vulnerability (Read 1525 times)