Did Trail of Bits go full retard in a way that should demolish their reputation? Or should Tech Republic fire Ray Fernandez for gross incompetence in tech reporting?
Whenever you hear the term DHT what you should be hearing is "total farce of attack resistance failure"—
^^^ Read this long post better to understand some of the reasons for Bitcoin’s network design. But note that this post is from 2014; Core has made many improvements to Bitcoin since then, especially to Bitcoin’s attack resistance on the P2P network.Does anyone else here remember when XT supporters tried to Sybil the network with thousands of nodes “easily deployed using an inexpensive cloud server”? IIRC, various other bigblockers tried the same thing. It is boring. Bitcoin doesn’t even notice.
Eclipse attacks are a different matter. They are not simply Sybil attacks; they are a special type of Sybil that corrupts your view of the network, much more sophisticated than simply running a large number of malicious nodes. Core has been following the research on eclipse attacks—sometimes advancing it themselves; and they have been implementing countermeasures. In the past few years, you may have noticed that some upgrades to Core made obvious, visible changes to your node’s connection handling; that was specifically to protect against eclipse attacks. There have also been relevant changes deep in the internals of the connection manager, where you would not notice. Altcoins based on codeforks from Bitcoin tend not to have those changes, even the very few alts with non-idiot dev teams who do sometimes cherry-pick from upstream Bitcoin Core; for example, Zcash (based on Bitcoin Core v0.12) has cherry-picked many patches, but it does not have the recent protections against eclipse attacks.
(And this is why support for Bitcoin Core development is an issue that has long concerned me. They do good and necessary work to secure your money. Excepting the big flashy upgrades like Segwit and Taproot, most of their work is thankless and unrecognized.)
By the by, I note that Blockstream Satellite would make for a good belt-and-suspenders protection against eclipse attacks—especially against attacks by an AS-level adversary who can control and manipulate your whole view of the Internet (one of my own worries about Bitcoin). I am not sure of exactly how to set this up the right way; but in theory, it can definitely be done: Use Blockstream Satellite, and use the ordinary Bitcoin P2P network. That way, Blockstream does not have any centralized authority over your view of the network—but to fool you about the state of the blockchain, an eclipse attacker would need simultaneously to eclipse both you and Blockstream; I think that at worst, then an attacker could cause your view of the blockchain to hardfork in a way that you should configure to set off alarm bells. Also and separately: I should make a feature suggestion that Blockstream should also broadcast some P2P node addresses, specifically to help build/bolster defenses against eclipse attacks. (Credit for the idea: death_wish.)
It is not a new thought. I have been intending for years to try using Satellite for this purpose. (vapourminer, you are not the only “lazy” one.
)Bitcoin’s support of multiple overlay networks also helps: Bitcoin natively has out-of-the-box support for Tor onions (not merely using Tor through exits!), I2P SAM, and CJDNS. I think that an eclipse attacker would find it extremely difficult, probably infeasible to gain control over your view of the network if you gossip with peers over multiple different overlay networks.
All that is only improvement. I consider eclipse attacks to be one of the most serious threats on the Bitcoin P2P network—and that shows how secure Bitcoin is: Eclipse attacks are generally quite difficult. There is no low-hanging fruit here, except when people do dumb things like running Bitcoin behind Tor exits with no other network connection. The article mentions something about that. BadExit attacks on Bitcoin have been known since 2014, and they are not a threat to Bitcoin users who don’t do that. Yawn.
The import of this backwards compatibility is driven home by experience with blockchains where a centralized dev team can effectually force upgrades; there are even some chains where you can lose your money if you fail to upgrade timely. In Bitcoin, your money is safe even if you don’t upgrade to the latest Core; and the Bitcoin Core developers deliberately make sure that they do not have the power to coerce nodes to upgrade.
* Maybe Trail of Bits got confused because they are POSheads? Or maybe Fernandez failed, and Tech Republic is trash? Someone here does not understand how Bitcoin works.
This was the signal issue of the Fork Wars. Bcashers contradicted what I said; their attempted “flippening” was based on the fallacy that miners have some sort of dominant role on the network, economically and otherwise. Their theory failed. And my theory, set forth above, was proved in practice.
If I were wrong about this, then we would all be using Bcash or S2X as the “real Bitcoin” now.
A related key point: The security of consensus validation in Bitcoin is independent of miners, for all purposes except for transaction ordering. Miners have a sharply limited function in Bitcoin: BFT agreement on transaction ordering, to prevent double-spend attacks. All other security is provided by the Bitcoin Core node you have running at home on a Raspberry Pi, consuming 10W of electricity at negligible cost.
This is not the case on POS networks. On POS networks, so-called “validators” with high capital stake have total control of the blockchain.
If I were wrong about this, then we would all be using Bcash or S2X as the “real Bitcoin” now.
A related key point: The security of consensus validation in Bitcoin is independent of miners, for all purposes except for transaction ordering. Miners have a sharply limited function in Bitcoin: BFT agreement on transaction ordering, to prevent double-spend attacks. All other security is provided by the Bitcoin Core node you have running at home on a Raspberry Pi, consuming 10W of electricity at negligible cost.
This is not the case on POS networks. On POS networks, so-called “validators” with high capital stake have total control of the blockchain.
