Bitcoin Forum

Look at the following scenario:

I send 1'000 BTC to an exchange. After 6 confirmations my account is credited and I buy 1'000 BTC worth of altcoins and withdraw them. Then I create a double-spending transaction that sends 50% of those bitcoins to another my address and 50% as the transaction fee.

What will rational miners do? Depends on the amount of the fee and number of confirmations I think. It would be interesting to see the formula that tells what values are enough to convince 51% of the miners to re-mine the last blocks...

Could work. But after mining that orphan block the miner has to make a new transaction from that double spend with a mining fee greater than 25 BTC * 6. That would incentivize the other miners to continue mining on his fork.

Ok a 1000 BTC Transactions has 6 confirmations and is double spent with a fee of 500 BTC.

First of all, the transaction has to actually propagate to the miners or be directly sent to them. An easy task.
Sencond, the miner has to actually accept the Tx in his memory. This depends on the miner itself. He has to actually consider re-mining and building on top of a double spend transaction that already has 6 confirmations. Fair enough. Lets say we find a miner that does this. It them depends on how much hashpower he (or his pool) has.

Let's say it's a really big pool with 30% of the total hash power.
The chance for the miner to find each block is 30% so in the long run, he will always lose.

With the total hashrate being split into 70% (the guys working on the current chain) and 30% (the miner who performs the attack), an average block time of party 1 (the 70% mainchain hashers) will be ~14,29 minutes while the average block time of party 2 (the 30% hasrate attacking miner) is ~33,33 minutes.

Therefore even if party 2 finds blocks at double the speed it is supposed to (through sheer luck), if would still find block slower than party 1.
Party 2 would have to find blocks 2.33 times as fast as party 1 just to not fall behind more than the 6 blocks. Thats an insane amount of luck needed and it still wont make the attack successful. So they would need to find blocks 2.33 times as fast as party 1 (this is all relative to their hash rate ofc) in order to eventually, some day, catch party 1. However, this would go over a lot more blocks than just the 6 initial confirmations.

There is the option of multiple pools becoming greedy and pulling out of the main chain to mine the Tx. However, this would not lead anywhere since once one of those pools would be the Tx re-confirmed, the others would not build on their chain.
If most pools drop out of the main chain to do this, the main chain would be left with almost no hash power and therefore the fastest pool could eventually take over if they all keep being greedy and mine for themselves.
However, they would have to know others are dropping out of the main chain and not return in before they do so themselves, else they's waste hash power.
So it's a matter of who does it first. If a 30% pool drops out, then a 40% pool could drop out as well and mine for itself because that would leave it with the most hashpower (30% on the first pool and 30% left on main chain, with 40% on the 2nd pool).
However, that would motivate pool 1 to rejoin the main chain because else it would not get anything (because it's blocks would be orphaned by pool 2).

This is how incentivized mining works.

The only problem I see is a 51% attack. However, a 51% attack would probably lead to bitcoin losing a lot of value and therefore the 500 BTC would be worth a lot less, so the risk doing this cannot be calculated.
Well, pools could also cooperate to rake in the 500 BTC and split the money. If most pool participate, the mainchain would get almost no more blocks and the fork would be over soon. This could be an attack thats actually worth is for pools, because it seems like there is a consensus in the network and only a few miners are on "the wrong" chain.
However, even with this you don't know what it might cause to teh price, it's just the attack that is most likely to succeed without destroying the value of the fee.

what is a double-spending ?

the ability to propagate to the network, a false information.


if you hit a node with the "good" blockchain, you can't do that.


in reality ... in the bitcoin network ... you can't double-spend because of the nodes first ... and the miner, secondary.

DO you ever succeeded?
As far as I know, most of exchange only demand 1 confirmation.

I haven't even tried. With my current balance of 0 BTC it's quite hard.

Is it really works?  Any one have experience/experiment with it?

Great idea...but does it work? Anyone? Unless I need to try this first.

You could always try it with a smaller amount. And welcome to bitcointalk forums ;)

Could break btc-e if it work.

A rational miner would not process a transaction with a 500 BTC fee. It just stinks. You think right away that there's something wrong.

Assuming that you mine using software what rule/boundary does your software use to determine a non-stinking fee?

For BTC-e even 3 confirms would be enough...

1 confirmation is enough. I havent seen anyone having problems like double spending, like in ever.

Wait, but even if you were to offer a high fees, do double sends get 3 confirms on the blockchain ?
I heard the possibility of that happening was negligible.

First I get 6 (3) confirmations and then force majority of miners to abandon this branch. In this case the 2nd transaction will be included into the blockchain forever.

This. 

Without a 51% attack, it is a non issue.  I won't rehash what he said, but whomever tried a 51% attack - in this scenario or any other one - would be destroying what they are trying to steal.  And a pool that was complicit in it would lose their composite miners quite quickly and probably put themselves out of business.  It isn't as simple as it seems.

+1

We don't need virtuous miners, we just need a mining community that is not completely boneheaded and idiotic. Who would be complicit in such a scheme for a small short-term gain, which would create a major breach of trust and destroy confidence in bitcoin, causing the value of BTC to tank? Major bitcoin miners (such as would need to be involved here to have any chance of success) have millions of $ invested in hardware, which would all be wasted if the proceeds of their mining became worthless because of scheming like this.

What about cloud mining contracts? Should we start worrying about my scenario after total cloud mining power exceeds 50%?

This will not happen. People think that it is easy to trick the network, well it is not.
You're making inexperienced people fear Bitcoin for no valid reason..

While I agree with your first statement that no "rational" miner will sabotage Bitcoin for a short term gain, I don't agree that such an event will necessarily sabotage Bitcoin. After all, only the victim loses. Nobody else is materially affected, and most people won't even notice.

Anyway, back to the original thesis:

Yes, 6 confirmations is not necessarily enough. The number of confirmations depends on the amount of the transaction (or the amount of the fee in your specific attack). 6 confirmations has always been just a rule of thumb.

Explain why this won't work when cloud mining dominates?

Because no current cloud mining allows you to choose what transactions get included in blocks. You just buy a certain percentage of their hashrate. Some allow you to choose a pool and so you could create your own malicious pool, but those are nowhere near the 50% you'd want.

Keep in mind there's not any alt's out there (even all combined) where you can buy up 1000BTC in one shot without destroying the market and way overpaying. You'll never be able to get 1000BTC worth of alt's and withdraw them. The other large technical hurdle would be that you need to have 50% of the hashing power lined up ahead of time for your attack. As soon as it hits 6 confirmations the majority would have to start reorging the blockchain. If you hadn't notified them ahead of time, or they had rules in place to examine potentially lucrative double spends, it might be several times longer than 6 blocks by the time the majority of miners even noticed the possibility of the double spend was there.

So Bitcoin is protected as long as the mentioned upthread assumptions regarding cloud mining are actual. Got it.

This isn't an attack on Bitcoin, it's an attack on whatever exchange you're trying to defraud.

I stand corrected.

And you are correct in that for certain transactions, more than 6 transactions might be prudent. I might accept a $1M payment in BTC from a known entity that I have had business dealing with before and have a legal means of pursuing if something goes wrong. If it was an anonymous entity over the internet, waiting more than an hour might be wise.

Interesting theory, time will tell if anyone tries anything like this. Exchanges watch out!!! lol

I think a negative 6 confirmations would be better.   ;D

I've seen my friend has 92 confirmed, still - red

Why 6? I think more than 2 is overkill, even for large value transactions. How probable is that 2 or more blocks get orphaned? Or has it happened before?

6 for a round number (1 hour).

^ Yes, I agree.

While Come-from-Beyond's OP may be a valid question, it also seems to be an effort try to pick apart and undermine Bitcoin. I believe this is because of vested interests in NXT.

Here's why:

I remember over a year ago when I was talking in the NXT thread and Come-from-Beyond posted replies to all questions and was basically acting in charge. This was very early on, when there was only one NXT exchange (dgex.com) (and it didn't look like it does now-- it was a very new and rough design). He may be one of the Devs for NXT. And I feel fairly certain he is an early bag holder for NXT. So whatever his position, rest assured he very much wants NXT to succeed.

So based on his OP attempting to pick apart bitcoin, that leads me to believe Come-from-Beyond has a desire to see bitcoin fail for the reason of his own potential future economic gain in NXT if bitcoin were to be crippled or fail.

Two questions for Come-from-Beyond:

1.) Are you a developer for NXT, or have you ever been?
2.) Are you in possession of NXT?

1) No, yes.
2) Yes.

Now my turn.
I suspect that you possess a substantial amount of bitcoins and are trying to hide facts that show that Bitcoin is flawed.

Two questions for colinistheman:

1.) Are you a developer for BTC, or have you ever been?
2.) Are you in possession of BTC?

There is no "6 confirmations" rule. It does not exist in the system. It is a suggested general convention that absolutely nobody is forced to use.

Why not just rob a bank/steal a car/extort rich person/etc? Much more straightforward, and in either case, the counterparty will come after you.

Sure

1.) I'm not a developer for BTC, nor have I ever been.
2.) And yes I possess BTC.
As a bonus answer, I also possess NXT.

You also earlier claimed to own 0 btc in this thread. Just another interesting fact:





The difference between us is I'm not trying to pick apart NXT or BTC. But you are.

You just confirmed that you have been a NXT developer in the past and you posses NXT (my pure guess would be a very large amount, based on how early you were involved in NXT and the fact that you were a dev).

So my claims have been even more substantiated by your confirmations.

So please stop trying to spread FUD.



TL/DR:  Come-from-Beyond states he was a NXT dev and currently holds NXT. He currently holds no BTC and is trying to pick apart bitcoin. The motives seem pretty clear-cut to me.

Cloud mining will never dominate, experienced users don't use cloud mining as they know it's useless and unprofitable.

Care to share some current numbers/quotas?
(Because my gut tells me otherwise)

It's a wrong TL;DR. You assume that only a holder of bitcoins is eligible to question Bitcoin internals which is obviously a fallacy (http://en.wikipedia.org/wiki/Fallacy).

PS: I wouldn't trust to reasonings of colinistheman because he is biased:

What happens when the hardware is already worthless (doesn't mine enough to cover electricity costs)?

No and I think you know that.
Your statement that a hashrate provider would not do anything underhanded when the value of their equipment is at stake is being questioned by the fact that said equipment might already be worthless.  At that point the "rational" thing to do would be to maximize the value of it.  So no they wouldn't be extremely stupid.

The exchanges can easily change the rule to wait for number of confirmations according to the value transferred. For 1000 BTC, they can require 15 confirmations for example. And for 10000 BTC, maybe 30 confirmation

Right. This is what I asked.

That's a more complicated question than you are implying. It's more like asking what the dollar value of a car has to be before someone taking it for a test drive will steal it rather than return it.

6 confirmations take around 1 hour on average, as a customer i don't want to wait 1 hour to be confirmed..

Bitcoin transactions take too long already, don't say 6 confirmations is not enough.

However i would like to see a succesfull attack, but i think that will never happen, wouldn't it happened before by now then?

6 confirmations is astronomical. You only need 1 confirmation, and even then, there are techniques to accept unconfirmed transactions with almost zero risk (so you won't need to wait 10 minutes to buy your coffee).

You're right. For example greenAddress allows the tx between two wallets GA with an instant confirm (there isn't needed to wait no confirmation).

GA= greenAddress.

no it doesn't.  unless you control majority of hash.

This is a question that can never be calculated because it needs to account for the underlying motivations of the miners which also include many motivations outside of immediate profit. They are concerned with the longterm viability of Bitcoin for sustainable profitability and most have ethical motivations which prevent them from attacking the network.



quote mining out of context now?

Wouldn't limiting Fees to a small amount de incentivise this possibility.

This

However even if you were to ignore the above you need to look at the probability of a miner being able to mine 6 consecutive blocks, which is very small for the entire network as it stands now, so any miner attempting this would be giving up a guaranteed block reward in exchange for a very low chance of a 500 BTC block reward

While the attacking pool trys to mine 6 block to reverse the transaction, the main chain is also mining. The attacking pool needs double the hash rate of the main chain to achieve this attack Or be very lucky. Too risky for any pool to try.

But when two entities could join up to instantly get 50% of the network and some creative criminals may lead to some elaborate scheme where they 1) take a short position 2) scam to get instant profit 3) which causes BTC to crash, giving extra profit from the short position and if planned properly provides 4) a way out for BTC through some new entity that they control.

Put on your tinfoil hats. If the potential reward is big enough someone will get corrupted enough to do it.

I think he got 3 NXT from a faucet.

No, because an attacker may create 1000 transactions with 0.5 BTC fee each.

Even you success do that, i'm sure soon after that everyone will afraid that will happen again.
Than everyone sell their bitcoin & your bitcoin will be useless

This case could destory bitcoin price

Good advice. Once I get the 500 BTC back I'll send them to another exchange and withdraw in XRP.

Do you use the ripple to offset some of the losses on the $30M worth of mining hardware you used in your attack that has now lost the majority of its value?

No, according to the scenario, I just bribe miners.

So you believe a rational miner would accept the 500BTC in fees in place of the (150BTC/2) in block rewards in order to attack an exchange for a $93,500 profit, irregardless of the potential damage it might cause to the valuation of the $30-50M worth of equipment they need to use to help you with the attack?

As another scenario, if you actually could get 50+% of miners to agree to a scheme like this, why wouldn't you just have them start mining their own blocks and not including any blocks from other miners? They could maintain the longest chain at no cost to themselves, and once the difficulty drops substantially due to the blocks from the other 45% or so of miners not being included they would effectively be almost doubling their income (in BTC) at no cost. That would give them massively more than a couple hundred BTC.

I believe that at some level of fee the majority of miners will help to double-spend, it's no necessarily could be 500 BTC.

Interesting. Any ideas why we don't observe this right now?

But remember the premise of the attack is that you need to be able to immediately convert the 1000BTC to other crypto (or some other store of value) that you can withdraw immediately, and then attempt the double spend. Unless the market cap of other crypto changes relative to Bitcoin in the near future, even converting 1000BTC to alts and withdrawing it with no delay is going to be a challenge. If you need to send a 5000BTC fee and use 10kBTC in your attack, you'd never be able to buy enough alts and get them off target exchange.


If you were actually to plan this, why would you try and send the 500BTC as a fee anyway? Even a (likely unsuccessful) attempt at something like this would require a lot of planning with the mining parties involved. Unless they were anticipating just such a scenario, no miner would have the custom software in place to scan for new possible double spends many blocks back and make a realtime determination on whether it should aide in the attack. It would be a lot easier to just double spend the 1000BTC to yourself and bribe the miners in a separate transaction.

It's a correct TL;DR.


I never said that, nor do I think that.

You slyly use the word "question" but I think you are not doing it for the best interests in bitcoin, but to try to find a weakness for your own personal gain, as stated in the logic of my previous post. If I thought you were trying to help strengthen bitcoin then I would not have even posted in this thread. At this point all you can do is deny my claims and all I can do is state what I believe are your motives. My job is done there, so carry on if you wish. I just wanted to share with others my reasoning behind the motives of your picking-apart techniques, because to me it seems alterior-motive driven, not anything helpful or constructive.



You are slipperly like an eel with your selective answers. You left out that I stated I also own NXT. And I did not obtain them from a faucet. I own much more than 1000 NXT (I won't say exactly how much however).

Haha, I just used the same trick as you had done.

No, you manipulate the conversation. You also over-use the tactic of trying to reverse everything said to you.

I expected that you won't reply...

whether the magnitude of the confirmation number, depending on the magnitude of the number of shipment?

lmao

My god, 1 is enough!
Unless you are buying something like a car, you dont even need to be paranoid about confirmation times imo. its just bullshit. pay, look on the blockchain.info if the payment went through and as soon as 1 confirmation happens then you can be safe. Even with 0 confirmations i wouldn't care to leave a shop after paying. Or are we supossed to wait? this should be instant like cash and credit cards, otherwise no one will use it because its a waste of time having to wait for confirmations to happen in the middle of a shoop creating big ass waiting lines.

1 is not enough because of Finney attack.

How much for avoiding the double spend . Are 2 confirmations enough to  be certain about avoiding a double spend ?

Depends how much you have for bribery I think.

I think only 1 confirmation is enough, controling the mining is almost impossible

In the early days of bitcoin an attack like this would have been trivial. CPU and gpu miners have nothing to lose if bitcoin goes under so they would be happy to pick up a bribery.

Because of asics on the market, people now need special hardware in order to mine bitcoin. Because the have an investment directly to the success of bitcoin, (if transactions are double spent, bitcoin becomes less valuable and asic miners become junk) they will follow the honest road and not try to rewrite the history.

So bitcoins increasing centralization is a reason for safety in this situation, oops.

We just need a few altcoins with SHA256 mining algo to solve this issue.

If the alt coins were able to pick up the slack from all the asics and be profitable enough for miners to take the bribe on bitcoin, then yes, there is a problem there.

Bitcoins core security relies on the fact that mining hardware can pretty much only be used for bitcoin, if anyone can think of a good use for trillions of sha256 hashes, then bitcoins security would go down greatly.

Seems weird that bitcoins security relies on buying miners that only work for bitcoin, PoS just simplifies the process from a mining device investment to an investment in the currency itself, but that's a little off topic

An alt coin? In my conspiracy theory there is a prepared plan to fork BTC to include some method for full nodes (or other miners) to veto some malicious mined blocks and possibly include a reward for running a full node somehow. After crashing BTC hard all holders will jump on board of a plan that may recover their loss.

BTC would recover, just like it (has not yet) recovered from mtgox. Because people are too invested to let it go.

I don't think anyone answered this

Most altcoins refuse to use SHA256 to be different, its a gimmick really, all these stupid different algos are just a fad.

Because a couple large players effectively strong-arming anyone else out of the mining business would effectively destroy the value of Bitcoin. This is not just a hypothetical attack, LukeJr did just such an attack on an alt coin by merge-mining it with Bitcoin but not including any other blocks and not including any transactions. It killed the target altcoin. The difference there was that there was effectively no cost to kill CLC, as it was possible to do so without expending any resources. Eligius mined only Bitcoin and Namecoin, and Luke was able to simply use the results of those hashes to attack CLC without causing any economic cost to the users of Eligius. He essentially had a free supermajority of the CLC hashing power.

To attack Bitcoin directly in that way, you would need to directly use the majority of Bitcoin hashing power, the difference that it has a cost of hundreds of millions of dollars and no real use outside of performing Bitcoin-style double-SHA. If you did this you would effectively be betting that going from ~BTC1800/day to BTC3600/day by forcing out your rivals more than offsets the depreciation in your equipment and the decline in the value of each bitcoin you mine. The attacking group would effectively be making a hundred+ million dollar bet that no one cares they've taken exclusive control of Bitcoin transaction processing. To date, there hasn't been an entity that is both that rich and that stupid.

If BTC adopts multiple algorithms like Digibyte, will it become more secure?