Topic: Sabotaging Mining Pools (Read 5459 times)

Use these?

But saboteur earns more than he loses. This is often the case with sabotage. Think of an exaggerated scenario, where the saboteur simply takes 50% of the pool's revenue for herself. Although she loses a bit of her own revenue, she gains enough to make up for it.

It hurts all miners indirectly, including the one doing the sabotage.  Imagine you are doing this and manage to bankrupt a pool because its fees don't cover its expenses. Imagine it's a big pool like slush - confidence in bitcoin will drop and might even make other pools decide to quit the business. Price of bitcoin goes down... saboteur loses too.  

Not if the pools begin increasing fees to compensate, which they inevitably will.

I'd like to remind everyone that block withholding can be used for a profitable attack against non-PPS pools, called "Lie in wait". I estimate the max profit can be achieved from it to be multiplying the rewards by (1 + h/(4H)), where h is the attacker's hashrate and H is the network's total hashrate. And, if block withholding ever becomes a problem one solution is to modify the protocol to allow oblivious shares.

Almost. If the difficulty / share_difficulty is D, then by doing this they lose 1/D, and assuming everyone's hashrate stays the same, they difficulty drops by h/H meaning they get h/H, so this is indeed profitable if (h/H)>(1/D).

But if the difficulty goes down, mining becomes more profitable and people will add more hashrate. So the difference between the old and new equilibrium will not be as large as h/H, maybe it will be h/(2H). With this assumption you'd need twice as much hashrate to make this profitable.

This attack has the advantage of keeping the difficulty artificially low.  It is economically advantageous to the attacker if they control > (share_difficulty / difficulty) of the network.

or a proxy pool just simply switches to another PPS pool to kill it and pay the surpases. this could be really nasty

Indeed, but they could easily redirect shares to a PPS should they feel malicious.

but only if the proxy pool is using PPS, otherwise it wouldnt harm much. i wonder if anyone already created some patches for miners to do this...

Certainly this is a real danger with a proxy pool...

there is only one goal where it could be usefull, if a pool owner wants to take down a others pool and only if the others pool is PPS. Prop isnt worth it since u lose too.

You could definitely do a withholding attack, but why on earth would you do it? It doesn't benefit you, you just make the pool poorer that you mine with, and unless you have ultramegahashes to waste, your effect of withholding a block solve will be insignificant to the final outcome. There is nothing suspect about not returning a share from any work gathered from a pool, and a block solve is no different to returning a share. There is no way to check if a miner is returning all the shares it's "supposed to" as there is no such metric. Pools never send the same work item out to two different miners, so they'd have to have some reason to suspect this is the case, so unless you mine with a pool and after 10x difficulty submission of shares you still haven't sent a block solve, then they'd have to start investigating. Even then, bad luck alone is enough for even 10x difficulty and no block solve to occur. So at current difficulty, for example, a pool operator would have to get suspicious only after you had sent 30 million shares without a block solve. That's a heck of a lot of work you're doing just to withhold one block. So unless you personally have something like >1% of the total bitcoin network hashrate, this is a futile exercise.

On the other hand, if you get enough people running the same malicious mining software you could achieve this. But to what end? It doesn't benefit you directly in any way. Luckily all the source code for my mining software (along with most other mining software) is free and open and anyone can audit it to ensure it's not doing this.

source code or it didnt happen

This seems like a pretty unlikely scenario from a practical standpoint. Most likely, you'd just wind up helping them because unless you actually mine a block, you are indistinguishable from a legitimate miner. Someone would have to dedicate huge amounts of hashing power to do this, and the most likely outcome is that they would just enrich the person they are trying to get in trouble.

However, it is definitely worth thinking about.

Many pools do not require a password. If a malignant individual mines on someone else's account, they could possibly get them into trouble.

Yes, but nobody's that smart yet.

I think you could withhold for just 4 seconds and still get a pretty good idea. This would incur about a .7% chance of losing the block, with an expected cost of about $3.

You do not need a large percentage. Just slightly more than the fee. So 5%.
And you still get paid for mining there! So if you had a mining set up that was 5% (i.e. 50-75 Ghash for the 2nd tier pools) you just need to point it at them as pps and withhold the blocks and the attack really costs you nothing.

+1.  Nice solution.

Now, couldn't a smart withholding attack check to see if the block already exists in the block chain, and only then send it up to the pool server?

I suppose you could hold back releasing the block to the Bitcoin network for 30 secs while you wait for all your workers to prove themselves, but you risk another miner finding a block in the mean time.

When a pool does mine a block, it can immediately assign that same work unit to many miners. Any that pull a new work unit and don't mine the block are highly suspect.

You can.
But you can't change the payout address of the block after it was solved or you have to solve it again if you change it which is why you can't keep it for yourself.