Topic: Taking Down Bitcoin - page 2. (Read 8575 times)

Why would nobody accept those BTC?

The new block chain honors all BTCs mined in the old block chain. However, it offers more attractive conditions to every miner which adopts the new block chain. Therefore there is a clear incentive to switch to the new block chain. Even worse: If you stay in the old chain, under the assumptions of the attack made above, the old chain will lose 99% of its hash power and will be V-E-R-Y slow.

I agree, that this will not happen in reality, since (1) the assumptions on which this attack is based are unrealistic and (2) miners will not base their decisions only on maximizing their profit, but also on a social consensus on how Bitcoin should work. This is good news.

The thought experiments of  a theoretician often sound silly from a practical point of view :-).

 

Plus electricity during the attack, plus manpower to set up all those rigs and defend against any retaliations.

Yeah well that's probably because "subvert" doesn't mean anything close to "own." Now you only need 99x the current mining power to pull off this attack.


The payoffs are 0 when nobody accepts those BTC. This is getting silly.

In the logic of the attack I would not mind when they notice. Since I have 99% percent of mining power I do not care what the remaining 1% of the mining power does.

I suppose we have a misunderstanding with regard to the phrase "subvert 99% of the mining power" as it was used in an earlier posting. I understand it as "I own 99% of the mining power". It looks like you understand it as "99% of the miners are in my pool and they might also leave my pool".

I agree completely: If "my" 99% of mining power just is derived from miners in "my" pool - the miners might notice and might leave my pool. And still, even in this situation: Would they do so if they realize that their payoffs are larger in my version of the algorithm? They are getting 51 BTC (or 500 BTC) in my version. Is it tempting to move from a 500 BTC per block operation to a 50 BTC per block operation? ;-)

Forp, you are making an assumption that is impossible to suspend disbelief. Even if you manage to subvert 99% of the mining power to another chain, there is absolutely no way in hell you will be able to keep that a secret. Miners are going to notice. And they are going to find another pool that isn't subverted, or use P2Pool which isn't possible to subvert. Why would they just stick around?

This is an interesting issue. However, I do not yet fully understand your line of reasoning.

Assume I subvert 99% of the mining power and use it to mine an incompatible block chain. The effect is that the "old" chain speed will drop to 1% (rendering it essentially useless - and staying useless during at least several difficulty adjustment periods) whereas "my" chain will continue mining at more or less full speed.

Now a social effect kicks in. Numerous other users will notice that their clients cannot get any transaction done (since chain speed is too slow). On my website they will read this dossier about the Bitcoin 2.0 protocol. They will checkout Bitcoin 2.0 block explorer and will witness how the new chain is working (remember, I have 99% of hash performance, so I will of course also generate a lot of transactional traffic between all kinds of new bitcoin addresses). Quite soon users will be convinced that Bitcoin 2.0 is the arena where the show goes on and that "old" chain no longer is attractive nor active. So, more and more users will use my Bitcoin 2.0 client and will be happy.

You are, of course, perfectly free to stay with your Bitoin 1.0 client and with a chain, which not only lacks hashing power but also rapidly uses users. You also can fight back by writing forum articles that I am a bad guy and all kinds of stuff - and of course you will be right with that. However: I will claim that you are just trying to ruin Bitcoin 2.0 - and my proof will be a nicely working block chain 2.0 with lots of transactions going on.

Maybe there is a flaw in my thoughts. I would be happy if you pointed it out.

In my understanding of system security, trust in a system is increased with the number of (virtual ie. thought experiment, as well as real) attacks on a system which the system successfully survives (either by a good counterargument or by real life defense). So all this effort is increasing the security of Bitcoin.

It's worth remembering that a 51% attack with different rules isn't sufficient to bring down bitcoin.  Miners are not the only bitcoin clients in the network.

The goal of miners is not to get transactions into a block chain, it's to get them into a block chain that bitcoin clients of intended receivers will accept.

Let's say I am a merchant, and you use your nefarious powers to subvert 99% of the mining power.  You still cannot force my client to accept your block with bad rules and therefore my client will never say "received 1000 coins from..." so you can't spend them even if you do get them in a chain.

51% attacks only work if the bitcoin rules that the non-miners look for are still obeyed.

But our fork would never be overwritten by their fork, because we consider their blocks to be invalid regardless of the embedded difficulty.

But, if such nodes will be less than half of network, the prevailing (so considered true) blockchain will skip our blocks. As a result, the blockchain will be hard forked with all our "sane" blocks scheduled soon or less to be completely overwritten.

I still suppose that the rules are the same for all, regardless for bad or good boys. There are just majority or minority boys left. (No pun intended).

Not all, no.  Just enough, which is tricky to define.  If the bulk of the exchanges (which really means just Mtgox right now, but that is an accident of history and not a rule) were on the new rules, that fork would be the most useful fork.  Nodes would gravitate to it, as users that wanted to cash out, or pay people that wanted to cash out, or pay people that wanted to pay people that wanted to cash out, etc, etc, would have a strong incentive to get on.

The nice thing about doing it early would be that it would make a whole class of potential 51% attacks pointless.

Perhaps that should be a little bit less far down on the TODO list after all.


No, because the attack blocks would be invalid, and thus not in competition for the regular blocks, at least with the nodes that have adopted the new rules.

Why all the effort to take bitcoin down when fear mongering works just fine for 99% of the people.

1) Slowly start buying up all the bitcoins
2a) At some point there'll be so little liquidity left because the attacker and everyone else would be hoarding
and / or:
2b) The price would have been pushed so high compared to the size of the market / number of users, it would be folly to buy any.
   (especially considering the risk of the attacker suddenly dumping)
3) The usage of bitcoins outside of speculation would drop to make it virtually dead.
4) Possibly causing a collapse in price, allowing the attacker to get a commanding share of the 21 mill bitcoins.

And no, 21 mill times 5$ or even 10$ or 20$ is not a lot for, say, any government or bank or corporation or billionaire wanting it dead.

Pardon my ignorance, but if the attacker has stable 51%, even if we all change our clients to support the new suggested rules, all our blocks will be still rejected, won't they?

I have not tried out the encrypted version yet, but I imagine a passphrase must be entered when trying to send something.

So further refinements to attack:

0. Upload modified bitcoin client executable to blockchain. (Could also be a small binary patch/difference to keep size down).
2.5 Exploit for buffer overrun reconstructs client from blockchain.
3.5 Modified client waits patiently for user to send coins and intercepts passphrase and stores it.
5. To avoid early detection the user gets false information, the non existing account number could also be used by the modified client to display fake information from blockchain for other infected users to make them believe all is well.
6. After some set time, this false information is stopped, suddenly showing the true nature of the blockchain to the horrors of all infected

good thing it'll only take you about 3,500 radeons at less than 1 mil

Given that the network is ~11 TH, you'll need 12TH to over power it, equivalent to 480 Mini-Rigs. At $16000 each, that's $7,680,000

So as of this writing, an attack on the network would cost as little as $7,680,000

This is assuming you could get 480 MiniRigs delivered (which BFL wont/cant do), and do it before anyone else gets to power theirs up which would raise the "legit" network hashing power.

Gavin, I am sure that there are MANY more important things on the TODO list. My personal understanding of this (and several similar) threads is about theoretical aspects. The block chain is now running for some time...that's the best proof of its success. But until we have better formal and simulation tools for discussing all the if's could's and probably's some of the community will keep trying to work on Bitcoin theory. :-)

For my taste, there are way too many "what if"-s in this thread. What if there was a working attack on bitcoin and something to win by doing so, etc...

At this point, many countries' jurisdictions don't even recognize bitcoins as finance, so if anyone would find a solution for all these "what if"-s, it would be rather straightforward (in addition to being interesting and maybe even profitable) to start a venture somewhere with the goal to take down bitcoin.

So, if this thread is to be regarded as more than fiction, it should probably be moved to "Project Development"...

Gavin, your solution would need a change in protocol though and would mean every user in the network has to update their (potentially 3rd party) client, right?