Author

Topic: The game of selective temporary block chain splits (Read 1782 times)

newbie
Activity: 39
Merit: 0

Just noting that this now well known paper explains the exact attack I discussed here.

http://bitcoinmagazine.com/7953/selfish-mining-a-25-attack-against-the-bitcoin-network/?utm_source=twitterfeed&utm_medium=twitter
sr. member
Activity: 403
Merit: 251

I can see several seemingly profitable temporary attacks.  These are essentially variations of timing attacks on when and in what order to release information to the rest of the network.

But how is this possible? If someone finds a block and is now 1 block ahead of other miners,
either this someone is confident of being able to outmine everyone else at least short term,
or not releasing information (in order to get 2 blocks ahead) just means (50%+ probability) someone
else will find and release information for the 1 block. Now you are behind and lost block reward  Huh
newbie
Activity: 39
Merit: 0
What you describe is the reason for the eventually consistent chain.  What I am looking for is a reason for not temporary splitting the block chain.

I can see several seemingly profitable temporary attacks.  These are essentially variations of timing attacks on when and in what order to release information to the rest of the network.
sr. member
Activity: 359
Merit: 250
If a pool started holding out when they found a block they'd risk the majority of the network (i.e., everyone else) finding blocks faster than them thus invalidating the reward from their block as soon as they decided to connect to the rest of the network.  In the case they never decide to sync with the rest of the network then their mined coins would be invalid for most people, essentially creating an alt-coin.  This would probably make all the miners on that pool leave and go elsewhere as their coins would be invalid on the majority of the Bitcoin network.

The "correct" blockchain is the longest one, and will be created by whoever solves blocks at the fastest rate.  A pool that holds out its blocks and continues to mine will end up creating a separate blockchain that will be shorter than the chain everyone else is working on, assuming the malicious pool solves blocks slower than the rest of the network.  Everyone else will simply ignore this separate chain once the malicious pool tries to broadcast it.

If one malicious pool (or miner) has more hashpower than everyone else combined (i.e., the infamous 51% attack) then they could in theory do what you propose and make every other miner's blocks invalid by privately solving blocks faster than the rest of the network and broadcasting these private blocks once their private chain is longer than the currently accepted main chain.

But if anyone had this much hash power it would probably be in their best economic interest to just mine for the network (relay their blocks immediately) rather than against it, since mining against the network would probably cause the exchange rate of fiat/BTC to drop, reducing the value of their mined coins.  Of course this doesn't account for a malicious entity with no direct financial interest from mining. (e.g., a government trying to shut down Bitcoin)

Not really a thorough analysis, sorry. Wink

Also check this out: https://en.bitcoin.it/wiki/Weaknesses#Attacker_has_a_lot_of_computing_power
newbie
Activity: 39
Merit: 0
One reason why blocks are mined with 10 minute intervals in bitcoin is to reduce the wasted mining time spent on blocks that are not the "correct" - i.e. ultimately winning, block chain.

Spending some time flooding the network with this information on average every 10 minutes is not a problem.

However, if the interval between blocks is significantly reduced, the time wasted mining can become significant, which again gives miners that are in the know about the best block chain an unfair advantage over those that do not know.


Assume for a while that miners do not communicate about new block solutions at all.  Imagine that there are several solutions to the block in the network.

The dominant strategy in this situation is *not* necessarily to let as many people know about the solution.  The winning strategy is rather to ensure that enough miners collude to hide the solution to give just enough hashrate to win over the other solutions that exist in the system.

Can someone point to a thorough analysis of this?  It seems to me that a pool could have the incentive to hold on to solutions to ensure other miners waste time and thus increase their own chance of winning in the future.
Jump to: