|
Title: Fork After Withholding (FAW) Attack on Bitcoin Post by: yujin_k on September 01, 2017, 12:13:41 PM The BWH attack is shown to have Miner’s dilemma by Eyal in 2015.
Selfish mining is shown to be impractical. Fork After Withholding (FAW) attack, on the other hand, overcomes both problems. In other words, in FAW attack, a larger pool can always beat smaller pool, when two pools attack each other. For more details, please refer our paper accepted to ACM CCS 2017. Camera-ready version: https://syssec.kaist.ac.kr/pub/2017/kwon_ccs_2017.pdf Longer version at Arxiv: https://arxiv.org/abs/1708.09790 P.S. I sent an email to Bitcoin Core team 3 days ago, but I have not heard anything from them yet. Title: Re: Fork After Withholding (FAW) Attack on Bitcoin Post by: aleksej996 on September 01, 2017, 12:28:24 PM Well, thanks for the information about this new attack, if it turns out to be valid.
I would like to ask you to spare us the worrying and tell us if there is an economical incentive for large mining pools not to cooperate with the rest of the network in mining or something similar, since possible attack isn't always the profitable attack. Title: Re: Fork After Withholding (FAW) Attack on Bitcoin Post by: yujin_k on September 01, 2017, 12:48:14 PM Well, thanks for the information about this new attack, if it turns out to be valid. I would like to ask you to spare us the worrying and tell us if there is an economical incentive for large mining pools not to cooperate with the rest of the network in mining or something similar, since possible attack isn't always the profitable attack. We report to this forum, as there is no proper mechanism for vulnerability disclosure process in Bitcoin. As long as I know, the attack has not been used in practice. The attack is always profitable unlike selfish mining. The attack is stealthy. The victim may notice that it is being attacked maybe due to higher fork rate, but it is hard to pinpoint the attacking pool or miner. Title: Re: Fork After Withholding (FAW) Attack on Bitcoin Post by: cr1776 on September 01, 2017, 01:13:45 PM Well, thanks for the information about this new attack, if it turns out to be valid. I would like to ask you to spare us the worrying and tell us if there is an economical incentive for large mining pools not to cooperate with the rest of the network in mining or something similar, since possible attack isn't always the profitable attack. We report to this forum, as there is no proper mechanism for vulnerability disclosure process in Bitcoin. As long as I know, the attack has not been used in practice. The attack is always profitable unlike selfish mining. The attack is stealthy. The victim may notice that it is being attacked maybe due to higher fork rate, but it is hard to pinpoint the attacking pool or miner. See: Step 1. https://bitcoin.org/en/bitcoin-core/contribute/issues#disclosure which leads to: Step 2. https://bitcoincore.org/en/contact/ which is what you may have done - but there is a proper mechanism for people who look at this later. Title: Re: Fork After Withholding (FAW) Attack on Bitcoin Post by: yujin_k on September 01, 2017, 01:16:07 PM Well, thanks for the information about this new attack, if it turns out to be valid. I would like to ask you to spare us the worrying and tell us if there is an economical incentive for large mining pools not to cooperate with the rest of the network in mining or something similar, since possible attack isn't always the profitable attack. We report to this forum, as there is no proper mechanism for vulnerability disclosure process in Bitcoin. As long as I know, the attack has not been used in practice. The attack is always profitable unlike selfish mining. The attack is stealthy. The victim may notice that it is being attacked maybe due to higher fork rate, but it is hard to pinpoint the attacking pool or miner. See: Step 1. https://bitcoin.org/en/bitcoin-core/contribute/issues#disclosure which leads to: Step 2. https://bitcoincore.org/en/contact/ which is what you may have done - but there is a proper mechanism for people who look at this later. Yes, I sent email to security@bitcoincore.org. |