Bitcoin Forum

From https://en.bitcoin.it/wiki/Attacks#Attacker_has_a_lot_of_computing_power:


That's almost correct, but it doesn't take into account orphaned blocks. Each orphaned block is wasted hashpower. An attacker won't have orphaned blocks at all, coz they don't need to distribute found blocks to other peers. When the time comes, the attacker will distribute the whole fork at once. So instead of "51%" we should read "49%" or even less. After the 15th of May, when blocks become bigger, the rate of orphaned blocks will increase. This means that instead of "49%" we'll get "45%" or less.

I created this thread to attract attention to the following issue:

Increasing the blocksize limit we increase odds of a successful forking attack.

https://i.imgur.com/zmqfzTX.png

i'm not seeing much of a problem.

Ostrich policy?

Two things:

1. The May 15 update does not increase the block size limit. Blocks at the maximum possible size can already be mined and will already be accepted. Only blocks with too many inputs and outputs are affected.
2. A larger block does not necessarily cause an increase in orphaned blocks rate. Block time, at 10 minutes, is more than enough to download a block.

OK. But the issue is still there.



Common sense tells me that a larger block has higher odds to become orphaned, coz Bob can send a new block to Carol only after he downloaded it from Alice. Is this correct?
10 min is enough to download a block, but it's AVERAGE time.


EDIT: I found charts related to the discussion - https://bitcointalk.org/index.php?topic=88302.msg984376#msg984376.

Yes, it is correct. However, this issue can be solved by applying a patch to the code (as Bob can verify block header veracity and send to Carol simultaneously as he is downloading from Alice). BitTorrent uses the same solution.

Consequently, the issue, once it becomes important, can be solved.

Everything can be solved. But it should be solved BEFORE someone makes a successful attack.

There is a bigger issue in a similar vein that isn't even a block propagation issue. An attacker with say, 30% of the network's power could stomp down the blocks of others by putting out mini-chains that beat the real chain temporarily, but replace previous blocks. Every time he gets one, he waits a bit and if a second comes quickly, he can invalidate a block created before his 1st or 2nd. He can choose not to increase the total hashing power of the network while reducing the profitability of honest pools--and potentially causing miners to quit. A naive presumption on the 51% attack is that if the network has an honest 10TH/s, an attacker needs 10TH/s+, but he really only needs 5TH/s or potentially a lot less if he can get that honest 10TH/s down by forcing people on the border of profitability to quit.

I don't get what you're saying.  If he's releasing valid blocks then it's to the benefit of the network.  Sure he'll create some orphans. But create orphans is all he can do. Do you really think if someone had the resources to intentionally create orphans that it would really disrupt the network?

Is centralizing the network to the network's benefit? The attacker is denying legitimate people payment for securing the network. Those people are, in effect, completely wasting their time. Of course averages would say that everyone would take a pay cut fairly equally, but that would cause the least profitable of miners to stop mining, for the most part. It then becomes easier for the attacker to produce more blocks that deny payment to honest miners for the same amount of hash power, and cause more people to quit, and so on.

Depending on how much the attacker is in it for the "long haul", this attack could be performed by amounts as small as 10-20% of the total honest hashing power to cause a serious dent in the security of the network. A pattern of orphaned blocks would probably emerge though, and there could be ways to reduce the attack's viability, but it might come at a cost of causing potential hard forks and lots of confusion.

I think someone should test this, just for arguments sake, it would be good info to check other Bitcoin clones to see if anyone has made a succesful attack using this method. loading the block chain with junk could work too.

How?

Excellent observation. But the principle extends even further than that.

By increasing the blocksize limit miners spend more money the overhead of handling those blocks, like expensive VPS servers at datacenters, and less money on actually mining. Gavin for instance thinks we'll very soon see it impossible to run a validating node without spending around $100/month on a fast rented server in a datacenter. That's money I could have spent on my mining rig defending Bitcoin against an attacker.

Of course that isn't going to magically make fees low either. All that fancy equipment has to be paid for someone, and you'll soon find you can't even access the Bitcoin network without paying access fees:

https://bitcointalk.org/index.php?topic=197169.0

wow, that is a serious problem J.

I'm also thinking what if someone did a regional attack? simply started gaining access to the fastest routes on the network and could in effect propagate invalid blocks faster, each node that took the transaction would bloom creating a fork, ... is there any way to map this? Can we observe the bitcoin network through it's nodes? watch visually which bits of data are traveling faster than others or visualize unconfirmed transactions through the network?

What if we can map the flow of data geographically? mapping the fiber optic cable lines; this could be a game changer.

Right now that's really hard to do. People run Bitcoin over Tor and mine over Tor all the time.

But with big blocksizes it'll be very easy to governments to figure out where Bitcoin nodes are just by watching for the huge burst of traffic every time a block is created as Bitcoin miners madly rush to send their block all over the world. All you have to do is block those bursts of traffic, or even just slow down traffic at the right moments for the right servers, and a 51% attack turns into a %10 attack.

Unfortunately Bitcoin is *really* susceptable to traffic analysis because of how new blocks need to be propagated around the world instantly.

Yes that's what I'm worried about, someone or something, gaining control of central propagation routes, a p2p distributed attack at key points, There are data centers that monitor all traffic at key points, the super fast nodes that are located at major geographical areas, the network still propagates from other lines... slowly, but the\ose lanes could pummel legitimate traffic that is propagating slower through distributed channels effectively creating a buffer zone of control, what about satellites? they can propagate key data very quickly at the speed of light! across the planet! who has control of these hubs?

http://www.rimage.com/blog/wp-content/uploads/2011/11/cable-capacity1.jpg

I don't know. U should ask Satoshi Gavin.

That is correct.
This assertion is completely obscure. Orphaned blocks are not belonging to the attacker or to anybody. They are just not included blocks in the main chain.
If the attacker makes a double spending then one of his transactions will be always orphaned even if he has success with his attack, by success he have just done a cashout from his transaction in the orphaned block.
There is always a probability of success even if the hash power is lower than 51% even by a very small block size.
If the number of included transactions/block is higher than is always a higher rate of orphaned blocks no matter what is the date. Supposed than the other network parameters and attack rate/transactions probability remain the same.
I cannot follow how you calculated so exactly and I cannot discover any logical connection to the former points.


This is also not evident from the former argumentation. There only seems to be a connection between the number of transactions(which is influenced by the number of transactions/block) and the number of orphaned blocks. But why should be a direct connection between the number of orphaned blocks and the probability of successful attacks ?

Source?

You guys realize that even though the network power is 90th/s as of now and will increase rapidly as Asics come online, if a 10% or 51% attack is possible, someone will gain enough control to do it, regardless of whether or not they abuse their power. A company will realize the profits  a lot and purchase a ton of Asics to gain full control of the network.

You can also make a double spend with 1% of hashrate if you are really lucky,

It has never really been 51%,

This is all good and well - even if we maintain an insurmountable hash rate (to a 51% attacker) we are wasting massive resources.

I have read the "51% attack" referred to as a "democracy." The key difference is that in a true democracy, a single individual or organization cannot buy votes.

In all actuality, succeeding with a 51% attack will reap exponential returns provided the attack is not immediately detected and does not cause an exodus from Bitcoin.

Executed correctly, a 51% attack will reap greater returns than directing that 51% of hashing power to mining.

Ok, let's clarify one thing.

This claim that getting a miner having 10% of the hashing capacity to be able to reject transactions is referring only to being able to get six blocks in a row.    This is no different than coin flip trials ... yes eventually you will get six tails in a row.  Eventually you will get sixteen tails in a row.    Eventually you will get six thousand tails in a row (though chances are none of us would live long enough to see it happen).

Now, because there is a financial penalty for each failed attempt (as you are using expensive hardware and consuming elecricity, but not earning any bitcoins on the failed attempts) then there is less and less chances that you will make this attempt.  The logic is, if you have 10% of mining capacity you might as well mine and earn 10% of the bitcoins issued.

Next, let's say that someone does take their million dollars worth of ASICs and do this to prove a point.  OK, so they try for an entire month and do actually get six blocks in a row.   They won't get seven though.  Not with only 10%.  So at best, this attack will cause double spending to occur for transactions in the first block for each side of the blockchain fork.     But the attacker is going for an entire month of trials, not knowing which block will be the one that the attacker follows by mining five more in succession.  

So sure, you might get six blocks in a row.  But you aren't going to be causing much financial harm as a result.  Every exchange has AML policies requiring identity for any significant amounts of funds (e.g., amounts over $1K USD per day withdrawal).   You might be able to get a withdrawal out.  It won't be a significant amount though.

So yes, an evil miner with 51% attack with 51% of the hashing power would be terrible for bitcoin.  

But an evil miner with 10% of the hashing power and a good string of luck would simply be providing a learning lesson (e.g., for an exchange/E-Wallet provider to start requiring more than six confirmations for larger transfer amounts ...  something one might realize might have already been put in-place. if you have your ear to the ground.)

For a 51% attack to be successful at double spending the attacker needs to hold solved blocks and then broadcast them all at once and overtake the longest chain in which confirmed transactions (6 blocks) are double spent.  How do you do that and it not be immediately detected?

Where there is a will there is a way - 51% hashing power and distributed clients/nodes create many profitable options besides simple double spending attacks. Granted, you will probably be detected immediately with a double spend and could really only gain from arbitrage prior to and after the fallout.

My main problem with the 51% vulnerability is not only the aftermath of such an attack, but the wasteful, preventive measures we have to take because the vulnerability exists.

Out of curiosity, what's the longest trail of blocks being mined by a single entity, after the network achieved a significant size?

10 more minutes of wait and it costs you three times more in electricity to double-spend me, not bad indeed. At 9 confirmations, you will need to run your mining farm for 3 years with millions of dollars spent in electricity(assuming you are using the most sophisticated ASICs), not to say the cost in buying mining rigs to keep up with the growth of the network,  hmmm...I guess for anything over $10,000 I can wait for another half an hour. ;D

I suspect u r wrong.
https://bitcointalk.org/index.php?topic=202804.msg2130008#msg2130008

This is what a few of us have been trying to point out in the Block Size thread, a too-large block size increases the barrier to entry to mine when you need a minimum of gigabit connections to mine competitively and encourages centralised pool mining and makes decentralised solutions like p2pool unattractive due to "unproductive" non-hashing setup costs. For every second wasted for a block to propogate, the miner who found the current block gets a headstart on finding the next block while the rest of the network sits idle downloading the block.

But we have our fair share of Krugmans who claim that "block size does not matter, terabyte disks and terabit connections are already here and Moore's Law will take care of the future growth".

According to Satoshi's paper, it's not how the probability is calculated.

No. I just mentioned a common mistake others do when calculate probability to find a block during 51% attack.

So why was I wrong? The Poissonian summing tells you that for mining power not close to 50% of the total hashrate, the chance of you get n+1 blocks in a row is about 1/4 of n blocks in a row. I didn't mean your OP is probelmatic, I was talking about someone else's idea of "10% attack".

Wouldnt it be more profitable for the attacker to be notionally short BTC?

Block size does matter, regardless of how fast your connection is, everyone becomes equal when they can easily transfer that amount over a cellphone network. :)

Speed! vs Size

A small block size guarantees that someone over a slow dial up can still connect using the old infrastructure, like little gateways that behave in unpredictable ways, and cell phones Boom! they travel at the speed of light(more or less depends on radio propagation,protocol, etc ;)

I`m thinking this 500K limit we have now is guaranteeing it is a level playing field, takes so long to confirm a hash, being faster than the hash confirmation is key. Different elements working.

But hey what if someone floods the network with 1 dollar fees on 1kb transactions, They could do a denial of service attack to good nodes over a specific corridor using a high speed vpn network; Propagate simultaneously and begin a double spend attack from the origin of the vendor in question or if they are transferring to another wallet, lets not assume they`ll try to defraud someone else, they`ll defraud themselves! :) over a perimeter.

guarantee your block gets in the next chain, propagate to your network over a metropolitan area using high speed fiber optics connections or lasers if you`ve got line of sight. have them cycle 1388 the maximum transactions per block at .36kb/transaction. begin analyzing the network to see where there are gaps in defence, plug them nearby with a node, develop a zone of control and begin the double spend attack.

Your only attacking yourself, so you never have to worry about losing a dime!

The further you progress the closer you get to creating the perimeter necessary for the perfect network.


I bet you we can simulate this on one computer, just make an insane amount of threads like 600 of them over a random area inside a virtual Network and start seeing if a small group of 60 nodes in an area could effectively create a double spend attack on a target within it's perimeter. vary the block size, speed of nodes and see what causes a succesful attack and once the attack stops does the rest of the network recover?