Topic: Proposal: Pre-emptive measures against 51% attacks (Read 6404 times)

Why would the network be more vulnerable to a 51% attack by botnets then "legit miners"?  Hashing power is hashing power.  Botnet operators profit (unethical or not) be keeping the network secure.

He doesn't see that. The proof of stake idea is no more secure than the proof of work system. This has boiled down to a philosophical argument about *who* should be responsible for the integrity of the Bitcoin Network. Should it be the elitist technocrats or the the unwashed masses?

It's like the employer that sees his employees as assets that are worthless without his money. In fact, employees are actually talented contractors willing to take less pay for not having to deal with capital management. This analogy applies to Bitcoin, because we the people must take responsibility for managing not only our own bank, but the banking system itself. Satoshi gave us an easy way to do this and we should recognise the significance of this. We are all bankers, with better hours.

Furthermore, if we give up our responsibility to run this easy-peas network for a little extra security, then we don't deserve Bitcoin.

I have some thoughts on the 51% (even >>50%) attack problem which may be of interest to those following this thread. Rather than duplicate them here I'll just give an intra-forum link: Proof of stake - done right - is maybe, just maybe, the way to eliminate 51% (even 90%!) attack worries altogether! https://bitcointalksearch.org/topic/m.920853

(Note that it's not, yet, a specific technically detailed proposal. It's more the launching of a new paradigm for how to design proposal(s) for standing up to attacks that go over the 50% mark. I hope it's of some interest to someone!)

This is a good idea

No

So if I bet 49 BTC on my block it should win?

Proof of stake can be gamed as well - the block hashing ITSELF is proof of stake; you need to stake your computer.


Casacious idea would protect the chain against sudden reversal, but NOT transaction blocking.


The ONLY defense against 51% attack is blocking certain IPs - ALL of them except a few trusted parties if necessary.

If you want to be preemptive about it, build it into the client, a block/allow list simply. Let the wallet owners decide who is spewing crap chains.

Asking again because I think this is very important, especially because of the 25 BTC change at the end of the year, many legit miners will leave and the bots will remain, thus making Bitcoin vulnerable to a 51 % attack.  Gavin and others, any progress or information on this?

Any progress on this proposal?

Both of the proposed implementations of PoS (Cunicula's and Meni's) are combined with PoW. In Cunicula's system, difficulty is adjusted by stake, such that a miner with a higher stake gets to use a lower difficulty for PoW. Meni's system uses straight PoW, but PoS is used independently to verify certain checkpoint blocks that the whole network can fall back on in case of a dispute.

The main disadvantage of Cunicula's system is that only a single miner signs each block, which makes it hard/impossible for decentralized pools to contribute. Also, the way his system weighs stake doesn't allow for the "trustworthiness" of signatures to be gauged based on how many blocks they have contributed or any other relevant figures. It also has the unintended side effect that having a larger stake leads to a higher chance of generating a block (and thus collecting the coins from it).

The main disadvantage of Meni's system is that signature blocks can be signed by anyone with a stake, so each checkpoint block might end up with millions of signatures. This also makes it hard to provide any incentive for signing.

I had the idea to have the contributors of each pool sign the blocks it creates, and then only signatures that appear on previous blocks can be used on checkpoint blocks, each weighted by, say, the number of blocks the sig appears on and the amount of BTC in the signing account. That would prevent a 51% attack unless the attacker both had 51% of the computing power and a huge stake, and it would take a considerable amount of time for their signatures to gain the weight needed to overthrow the main blockchain. The main problem is figuring out how to keep the size of signatures down as in Meni's system.

Another thing that occurs to me is that, in the thread on tx replacement, it was briefly mentioned that a new protocol rule could be included that would invalidate any block containing a double spend attempt. If there is any conceivable way that a 51% or other forking attack could be used to effect a (very large) double spend, then a protocol rule would invalidate that chain automatically even if it does happen to be longer. They would be limited to DoS, or they would have to put most of the other miners out of business before the network would accept their attack (if at all). In that case, the network (and bitcoin) would probably be destroyed (if the clients still throw flags) before a double spend would succeed. As long as there's some contingency for a major DoS attack, it shouldn't be a major issue, however.

Very interesting.

Would it be possible to shift the entire mining process to a system similar to p2pool that would include a signature based on it's own tree?  Then just accept blocks that are also signed by THE decentralized mining pool so everyone has to use it.  I guess it's a "one true way" approach.

I'm loosely thinking about something like what p2pmining.com is attempting to do.  Perhaps existing pools would submit blocks through the main p2p pool where they would be signed, maybe paying a small fee that is distributed to miners in the process.  Basically all miners/the masses would work together in a single p2p mining pool as gatekeepers to the actual blockchain.  External pools could still exist but would need to still submit blocks through the main p2p mining pool and pay a small fee of each blockreward to be signed and accepted.  I know there would be a lot of complexities to work out, I'm just thinking out loud and wondering if it would even be possible and what the potential problems would be.

Is there a BIP or wiki to describe this? I think I misunderstood this post from Gavin, but it looks to me like a reconciliation for forks?

Any update on this, will this get implemented in the near future (less than a couple of months)?

As already mentioned you can relay your block through a proxy but that's actually not necessary because every node is a proxy already. Let's say I create lots of blocks. They probably don't go directly to you because it's pretty unlikely that we have a connection to each other. I send the blocks to the nodes im connected to and they send them further until they reach you. So you will only know the IP of the node you got the block from and not the IP of the creator of the block (me).

Yeah you are right, nvm then  

Sorry, I didn't answer your previous question: running two nodes with 26% is the same as one with 52%. The important part is that they're controlled by the same malicious party - an organized group could still coordinate a 51% attack.

Suddenly solo miners would constitute previously unknown IP's, so their blocks would be ignored.

As soon as he reaches 51% he'd start breaking my first rule and get ignored. DDoSing pools does nothing since miners connecting to pools still have the option to solo mine.

Could a potential 51% attacker start out at half power to be recognized as legit, and then switch to full power?

Could an attacker DDOS the major pools, forcing more than 51% of the hashing power to get new IP's at once and granting a temporary oligopoly to the remaining pools?

I'd be most worried about both at once, a "set, spike" attack where even everyone honest mining at a loss (for network defense) isn't enough to stop a 26% attack.

Right after I wrote my post I thought of that too but then I wasn't sure if it is actually the same if you have two clients with 26% of hashing power running the same malicious rules as having 1 with 52%?

So? All someone mining more than 50% needs to do then is implement two IP addresses, certainly less difficult for the miner than the validation through the network. I see no benefit in that idea.