In the following months Butterfly Labs (
http://www.butterflylabs.com/) will be introducing a new ASIC miner product.
This will increase the MHash/s/$ approximately 30 times. Other vendors such as
http://www.btcfpga.com are building competing products.
Let's take the "BitForce Single SC" (BF) as reference:
- 40GH/s
- $1,299
Although at a first glance this look like a huge benefit for the network, there are new vulnerabilities we must face:
1. There will be a window of time where new vulnerabilities will be exposed to a government or anyone willing to invest 1M USD to temporarily (1 week?) disrupt Bitcoin and generate a rush to the coin (a big price fall). An attacker can exhaust the bandwidth of all the connections in the Bitcoin network.
The attacked needs a 820 BF (1M USD) to achieve 32800 GH/s (or 2^45 hash/s).
The attacker chooses the root block at index 193000 (which has an PoW of 2^53 hashes (53 zero bits)).
From checkpoints.cpp: (193000, uint256("0x000000000000059f452a5f7340de6682a977387c17010ff6e6c3bd83ca8b1317"))
Since block 193000 was issued at date 2012-08-09, the attacker waits 4 months so ComputeMinWork() allows the acceptance of
PoW of 4 bits less. (This lowers the money required 16 times)
He can reach 2^53 hashes in 53-4-45=16 seconds. Then he starts creating a branch from block 193000, each block being 1 Megabyte long, with current (not past) block time, and having a single coinbase transaction, and extending the chain of the previous created block.
Sending 1 block every 16 seconds.
All nodes start spreading these past blocks, possibly filling the entire network bandwidth and blocking normal blocks for as long as most of the nodes upgrade.
Also the attacker will be filling 5.4 GB of hard disk every day, and the blockchain on disk will need to be manually pruned to cut the offending branch so it is compacted to its normal size.
The only way to recover from these attacks is by downloading a new version of the client with a new checkpoint with a much
higher block difficulty. I can't think of any other possible patch. Maybe the interval between new releases
during the transition from GPUs to ASICs could be decreased.
2. What would happen if miners switch ALL to this cheap 30X ASIC solution and this vendor has build-in a backdoor in the chip to:
- Stop working after block height N
- Hide some private information (e.g. part of the private key) in the nonce (as a side channel attack)
In the first case, the network will suddenly stop and, because of a higher difficulty reached, there will one block every 5 hours during a
period of 14*30 days=420 days !!
This will destroy Bitcoin for a long while and will require a manual adjustment in the difficulty.
In the second case, an attacker may compromise the wallets of all miners!
People should use open source mining solutions....
Best regards,
Sergio.