Bitcoin Forum

http://www.quora.com/Can-you-refute-these-attacks-on-BitCoin

And while we're at it

http://www.quora.com/Are-there-economic-reasons-why-BitCoin-wont-work

Shocking:  he discovered the "> 50% power" attack.

I'm guessing this was at the beginning of Bitcoin...

but still 0.26 Thash isn't that much... Isn't that only 260 Gh/s? Say someone that has a little bit of tech and can find good value / Gh systems. Say about 1.75Mh/s/$ (or equivalent of buying a used 5970 and OCing it alot) BUT this includes system costs and wtv, it would take under 150000$ to take down a 5M$ economy. Now you are complaining I am using numbers that are unattainable by a normal user.

Let us factor in maximum costs.... 700$/6990 that does 700Mh/s (easily obtainable) lets be very generus with 200$ for the rest of a system... 900$/ 700 Mh/s  = 1.2857.... $/ Mh/s * 260 000 Mh/s = 334 000$ to kill bitcoins, a 5M$ economy

Not sure if I missed something, just trying to play the devils advocate :) maybe I missed a 0 but I doubt it and am too tired too care

A normal person could do that for 669 000 $ + electricity costs. I doubt it would take a year to kill bitcoins with this method. A smart person or a company with the right tech could probably do better

An attacker would obviously use a botnet in an attack, not build a new system. If it uses the node's GPUs as well, one of the larger botnets could probably easily overtake the bitcoin network.

What is their motivation to spend such amounts on hardware again?

They take down bitcoin, then what? Put 4000 5970's up for sale on Ebay? Doesn't make any sense.

@Grinder one of the larger botnets is also probably worth 3-4 million just of itself, which means it's still not worth it.

I've written a whole reply, but I can't create an account on Quora without a Facebook or Twitter one--WTF?  Anyways, here it is:  feel free to post it up there yourself.  The attached rtf has all the formatting in it--I'm too lazy to redo it here.  And I also had to call it a .doc due to filetype restrictions.  You can rename it if you want but it should open up just fine as is.  Wow.  It is not my day--it won't take the upload.  Well, if you really want formatting I can email it to you--just pm me.  And apparently the upload directory is full or something?  Just letting you know if any mods are reading this.

---------------------------------------------
All of Sebastiano's proposed attacks listed under "1)" are a usage of just one technical angle, that of overpowering the network through greater CPU power.  He gets this idea from the paper describing bitcoin, which has been publicly available from the very beginning of the project. So why isn't anyone else worried about this "attack"?

It is because they understand what "security" is.  Security in the real world is not a perfect immunity to assault because no such thing exists.  What it is is the ability to make attacks so expensive that they are not worthwhile.  Cryptography, for example, works this way.  The type of security that guards your internet banking could be easily cracked by a dedicated multibillion dollar computing facility.  But being able to break into one banking session isn't worth several billion dollars.  So in practice, your internet banking is technically safe.

Why is bitcoin technically secure?  Because this "simple" idea of overpowering it through a greater amount of computing would be completely prohibitively expensive.  There is no feasible way to create an attack by this method that would return more money than it would cost.  It's understandable that Sebastiano fails to realise this, because he estimates that one node on the bitcoin network is equivalent to one cpu.  In actual fact, a single node can represent up to 160 Billion hash operations per second of computing power (a high end CPU can probably muster 8 million hash operations per second, or 1/20,000th of that), such as the combined mining operation at mining.bitcoin.cz does.  Put simply, Sebastiano's proposed 4000 CPU's wouldn't even be noticed on the network.  A more accurate estimate of the computing power required would be around 600-800 Billion hash operations per second, or approximately 100,000 high-end CPU's.  This is more power than the world's largest supercomputer could muster, though it's also true that particular hardware is not optimised for the performance of hashing.  Why does this make a difference?  Well, there are currently only 5.7 million bitcoins in circulation.  Trading at .80 USD per bitcoin, that's a 5 million dollar total for the entire bitcoin economy.  And that's also roughly how much you'd have to spend to command the required level of computing tower for Sebastiano's attacks.  This balance isn't a mistake--the bitcoin network is carefully designed so that an increase in the value of bitcoins will result in an increase in the amount of computing power.  It can scale however high the value of bitcoins go--which means that if bitcoins continue to grow in popularity and value even supercomputing operations won't be able to bring it down.  Going back to our original definitions, that means bitcoin is "very secure".

Sebastiano also fails to realise that such a large scale attempt to manipulate the network for any significant gain would be quite obvious.  It wouldn't slip by under the cover of darkness because the signature of an attempted double-spend at this magnitude is incredibly distinct.  The bitcoin community knows to watch for it, and has already planned several potential mitigation strategies, all of which scale.

Since it's clearly not profitable, there's really only one other reason to attack bitcoin:  vandalism.  If someone is willing to spend massive amounts of resources with no return on their investment, then yes someone can vandalise bitcoin.  It's like a really inviting empty wall on a back alley, except the only spray paint that'll stick costs millions of dollars.  This really isn't a surprise--with a multimillion dollar budget to burn almost any internet technology could have been crippled shortly after launch.  But this doesn't really have anything to do with bitcoin--it applies equally to the vast majority of internet technologies we know and love.  Someone with massive resources trying to destroy something for no gain often can.  It's a fact of life.

Regarding the other listed attacks I'll only address them briefly since the bitcoin forums continually examine all of these issues in great detail.

2) Legal -Everyone learning about bitcoin should repeat this to themselves five times:  "Bitcoin is just like cash.  Bitcoin is just like cash.  Bitcoin is just like cash.  Bitcoin is just like cash.  Bitcoin is just like cash."  Cash isn't always traceable.  Cash can be moved around secretly.  Cash is sometimes used by bad guys for bad stuff, like money laundering or tax evasion.  If people don't declare it, than they are breaking the law.  Of course, they still have to explain how that yacht showed up.  Just like cash.  Bitcoin doesn't change this.  But it certainly doesn't "make the core business of a national government near to impossible."  Just like cash doesn't.  See the pattern?  But the benefits of cash outweigh these issues.  It is not "reasonable to assume that BTC will represent a deadly threat for a national state".  That's just plain ridiculous.  At worst it's heck of a lot more like p2p filesharing, where certain vested interests will rail against it but by and large it will prove useful to enough people that it's not worth going after.  And then people will build lots of cool things on top of it, like Blizzard does with World of Warcraft updates.

3) Competition -I'm only going to say this briefly, but the fact is while bitcoin started with no intrinsic value, the computed blockchain now provides genuine intrinsic value.  Why is this?  Because the security provided by "being the longest blockchain" cost a lot of computing power to produce, so if you were building a bitcoin competitor you would have to do just as much computing to make your own network as secure.  Which would cost a lot of money, if you were trying to step in and compete at the same level, so there is indeed a first-mover advantage here.  It's like if dollar bills had a full dollar's worth of security that went into producing them instead of just a few cents.  True, it's worthless for most non-currency purposes, but if you were launching another currency you have to do all that yourself.  End result?  If there is a clear improvement made over bitcoin, the bitcoin network itself will just switch to that methodology instead of being outcompeted--because the security of the existing blockchain makes that a better value proposition than starting from scratch.

which brings us to 4) Community -Sebastiano has misunderstood something about bitcoin being "open source".  Yes, the client is open source and people could theoretically (at great expense and with very sneaky ways since everyone can see what they're doing) vandalise the main client.  But the client isn't bitcoin.  Like BitTorrent, it's the protocol that is at the core of the system, and that can't just be changed from one location.  The way bitcoin works, if you create a client that doesn't follow the protocol, it just doesn't work.  It ends up in its own little network with no one else, because everybody else is in the network that follows the protocol.  There are already multiple implementations of the client by different people (a Google engineer released his own recently, vetted by Google's legal arm), and even just because of the existing clients any changes would be incompatible with everyone else.  They really only come into effect if everyone using the network voluntarily switches to running what is, in effect, a new protocol.  So this "attack" basically comes down to "convince everyone using bitcoin to use something else."  Yes, technically that would work.  But it would be pretty tough to do, and it's kind of a degenerate "attack", don't you think?

Just my .02 BTC.

The only price I have seen is $36 000 for a 100 000 node botnet. If done carefully most of the owners wouldn't notice that the client is running, so it can still be sold or used for something else when your done.

This is the reason attacking bitcoin would harm your botnet--running a botnet's cpus or gpus at full throttle is a good way to lose them.

That's why it wouldn't run full throttle all the time. With enough nodes there's no need to.

Assuming you're not going to run cpu's at full tilt, and you're somehow distributing the correct miner for the cpu type, then you'd need a massive amount of CPUs to pull off a 50% attack, IE millions if not a billion or more, given that the average botnet cpu is probably old and already loaded down by other crap.

he can sell bitcoins while he does it you know xD Probably also ways to bet on bitcoins downfall. ie: you can buy options to buy, you could probably buy options to sell. but I'm sure there are many othervery profitable ways

and a normal person with a lot of money will not live in their mom's basement, they will have their 5 car garage and 2000 sq. ft basement

Yes, I could refute his scenarios.  They are based upon assumptions he has made about how the protocol actually works, and in turn how a victim's client must work.  He doesn't take into account the possibility of 'watchdog' processes alerting vendors (or their clients) to suspicious activities on the network.  (which can exist, but as of yet do not)  All his attacks basicly combine the 50% attack with an assumption of victim ignorance, and some of them aren't remotely feasible even assuming that he could afford the 50% power from Amazon.  The 'slow motion' attack was downright laughable.

There are 24.2 MILLION millionaires in the world, 41% of which live in the US, where the majority of the bitcoin economy is. This is without counting companies, the majority of which can easily afford this as well. Most of the millionaires in the world probably have some $$ sense and could potentially find a way to make money out of killing bitcoins.

Now if the US GOVERNMENT didn't like bitcoins, they could definitively afford <700 000 $ to kill bitcoin and solve their problem of "collecting taxes" or whatnot

That's now. When the bitcoin economy become huge, it will become more difficult for millionaire or the US government to mount to an attack. Don't forget that the bitcoin network will probably have additional measure to deal with attacks.

Couldn't we use a "seed network" of known-good hosts to prevent this sort of attack entirely? In situations where there is some sort of conflict between chains, a majority of the seed nodes could override what the rest of the network is saying. Worst case, some transactions could end up being reversed - a good reason to put a cap on the value of a single transaction.

To avoid DDoS attacks on the seed nodes themselves, they could avoid being directly connected to the network, passively listening and sending their decisions through a broadcast channel such as USENET. It may be that there doesn't even need to be a network, just a group of people who decide by consensus which of a conflicting set of chains is correct, potentially being able to synthesize a new one to "reboot" the network if things get really bad.

I realize this returns us to the problem of trusted third parties, but since they can't impose any decision without its being accepted by enough Bitcoin users, it's not only far better than bank notes, it seems to be better than a "pure" p2p solution, which is potentially DoSable.

(BTW, I'm the Sean Lynch who posted this (http://undergroundeconomist.com/post/1528511369) and this (http://www.quora.com/Is-the-cryptocurrency-Bitcoin-a-good-idea/answer/Sean-Lynch-18469).)

eMansipater,

  We should probably go a little deeper into BTC for new people, other than tell them your #2 BTC is just like Cash, BTC is just like Cash, BTC is just like Cash, BTC is just like Cash, BTC is just like Cash.

Because once they have BTC, they find out, wait, BTC isn't just like Cash. Can't pay my rent with it, can pay the Power bill with it. And, it isn't as secretive as Cash. BTC records all transactions, Cash doesn't. My Wallet.Dat('s) has a history of my transactions, My IRL wallet, doesn't.

The reason #2 is labelled "legal" is that the cash analogy is directed only at questions of legality and potential abuse, where it is very nearly perfect.  But the threads I am working on here (http://bitcointalk.org/index.php?topic=7815.0) are definitely intended to explain BitCoin in general much more effectively.  If you'd like to support the work, feel free to help out and/or tip the linked post--number of tips especially (more than than the value of them) lets me know people are taking these efforts seriously and consider them worthwhile; it also helps me to (mildly) justify the amount of time I take away from my business to work on this.