Bitcoin Forum

Hello.

What will happen if a node announces a block whose timestamp is false (i.e. earlier or later than the real creation time)? AFAIK, the difficulty is affected by the timestamps. If so, isn't it possible for an attacker to manipulate the difficulty if the network accepts such block?

Thank you.

there are certain timestamp validity checks:
https://en.bitcoin.it/wiki/Block_timestamp

Thank you. I forgot to check the wiki.

Difficulty is based on the number of blocks created, and is adjusted every 2016 blocks.

no, difficulty is based on the number of blocks created /per unit of time/.

Thanks for the correction. However, I'm going to add a trivial correction to your correction :D  Difficulty is based on how long it takes to generate the 2016 blocks. If it takes longer than expected (two weeks), the difficulty is reduced. If it takes less than two weeks, then the difficulty is increased.

Without the constraints, though, if an attacker mined the 2016th block and put a timestamp a year in the future and that somehow got accepted, the difficulty would drop really low. Next thing to happen: the following 2016 blocks would be mined within a couple of hours and the difficulty would readjust to previous value after that.

In the end I'm not saying that would be  a huge problem in that it would basically just jump us ahead 2 weeks but how possible is that for someone to pull off? It seems like a pretty good sized vulnerability. Especially if a couple large miners all decided to do it.

Doesn't seem simple to pull off:


So to set a block's time considerably into the future one would have to control quite a portion of the network (>50%?), it seems. On the other hand, you don't seem to need to have a lot of compute power, if any.

Unfortunately for the attacker:


So it seems quite impossible to pull off setting a block's timestamp into the future considerably.

Good, it seems like everytime I get a little worried there's a fix built in to the system.

Yeah, same here. The more I learn about bitcoin, the more brilliant I think it is.

Yeah it still worries me a little because I feel like it's impossible to have thought of everything.

A Multi-Terra hash miner entering the market while the difficulty is low and taking all the blocks until the difficulty rises then leaving until it falls again. rinse and repeat.

Doesn't seem worth it to me like that.

It would shake out small miners and keep the difficulty lower in the long run than if you ran 24/7/365.
and if you where taking a majority of the blocks while online it would be more than worth it.

Even if this were a realistic exploit, the difficulty has an adjustment rule that prohibits an adjustment of greater than a factor of four in either direction.  So the difficulty couldn't be cut down to less than a quarter of the prior difficulty.  It's still something to consider, as this is one attack avenue I don't think that I've seen discussed on this forum before.  But before we consider how difficult the attack vector may be, we need to determine what the goal would be.  If the goal is simply to spoof the difficulty calculations in order to make it easier to capture some blocks in a short period of time, (perhaps someone decided to buy a couple of hours of mining capacity on Amazon's cloud?) then really no great harm done, and if such things were to become an ongoing thing, a tighter difficulty adjustment parameter could undercut such activities.  However, if the goal was to actually harm the network in some fashion, the impracticality of the attack may not be a great defense.  How might this harm the network. or introduce another fraud vector?  thoughts?

Remember the Mystery Miner?


Well, there's that double-spend vector that keeps getting kicked about. Also...


...which could lead to a person eventually taking control of over 50% of the network with computing power equal to a value less than 50% of the network's power at the time of the attack's commencement.

Are you implying that the 'Mystery Miner' was such an exploit? 

Okay, so how would this attack vector aid in a double spend fraud? 


How?

Imagine Google can summon 5.4 TH/s of power. The current hashrate is .6 TH/s. For the sake of simplicity let's say difficulty adjusts every 2000 blocks.

Blocks 1-10000: Business as usual; network ends at .6 TH/s.
Block 10001: Difficulty resets. Google turns on their network; starts hashing.
Blocks 10001-12000: Google finds these blocks approximately 10 times faster than they should, or, approximately one per minute.
Block 12001: Difficulty spikes to approximately 10 times the last difficulty. Google shuts off their network; hashrates are now .6 TH/s again.
Block 12001-14000: The network finds these blocks approximately 10 times slower than they should; or, approximately, one block per hour. Instead of taking two weeks, the next difficulty reset takes five months.

Except that can't work.  As I mentioned earlier, there is a difficulty adjustment parameter rule that prohibits the difficulty from adjusting up or down by more than a factor of four.  So the max that can be expected is that the Google can do is move the difficulty by that factor of four, which may or may not actually be worthwhile, but if the attack cannot be repeated in consecutive cycles (maybe, but I would say that it would be very unlikely to work out that way) then it's probably not a worthwhile means of manipulation for profit motives alone.  What kind of harm to the system itself could such an attack cause?

Hah. Awesome. I missed that

Not at all. I just thought I remembered seeing this exploit being kicked around a bit during that period, that's all. The Mystery Miner does, however, show that it is possible (however unlikely) for a single, determined user to manipulate the network's difficulty.


Those last two are kinda two sides to the same coin. If a person were to procure enough computing power to single-handedly alter the difficulty level, they can essentially control how profitable mining is for everyone else, at least to a degree. If they managed to up the difficulty such that mining ceased to be profitable for anyone else, other miners would start dropping out. The network's total computing power would wane as a result, with an ever greater percentage of it being composed of the attacker's machines. If the attacker had made up less than half the network when they began upping the difficulty, it's possible that with other miners dropping out they would eventually come to own a majority share (so to speak.)

I think the Mystery Miner predates me. Got a link to discussions on it/him/her?

Where did you find that figure? I've been thinking about analyzing the P2P network's combined hash power, but if someone else has already done it I won't bother.

http://bitcoinwatch.com/

It's near the bottom on the left column.

Not really, it was just a spike and follow-up drop in the hashrate a couple of weeks ago.  Someone just referred to it as our "mystery miner" and it just stuck.  We don't have any evidence that it was a single entity, or several with bad timing.  My best guess about the whole thing is that someone tried renting out the cloud to mine for a bit, before having the facepalm moment when they finally realize that it's going to be hard for them to pay rent five times higher than the value of the bitcoins and make it up on volume.  Another credible possibility was that someone with a botnet was benchmarking their network.  The truth is that it is actually impossible for us to ever know any details, so we are all just guessing.

Motive questions moved aside.

The factor four thing wont really help, I think, because google could just do the attack for 2 consecutive difficulty adjustment periods and raise the difficulty by up to a factor of 16.

Also, in such a scenario, it should be possible for the majority of nodes to decide to change the rules to somehow adjust the difficulty more quick. This might bring up some trustworthiness issues, since we keep saying the rules cannot be changed easily, but I think in such a case a majority could form. On the other hand: we've got quite a few coins in circulation, doesn't really hurt to have mining slowed for half a year, does it?

For the attack to work once, it already requires that the attacker have control of at least one of the blocks wherein the difficulty is adjusted (perhaps both) that buffet a 2016 block set.  To do this attack twice in a row requires that the attacker be able to reliablely control at least two of these critical blocks in succession.  If the attacker has that kind of processing power at hand, then the 50% takeover issue is probably within reach.

The majority rules cannot be changed in such a fashion.  The only way that the protocol rules can be changed is if the majority of the potential generating userbase (which is larger than that actuall generating base) we to agree to change the rules, and vote by downloading a new client that repected those rules.  It couldn't just happen during a relatively short time frame, because once that attack ended, which it must eventually, the entire network would revert to the existing protocol stack, and any temporary changes made by the attacker by brute force would simply be undone, and all of the attacker's new blocks rejected.  Resulting in the atacker gaining nothing for his efforts.

Honestly, it probably woulnd't harm the Bitcoin network at this point, but in the future it might make getting honest tranasctions into the blockchain difficult, which could impact further adoption.

If someone had access to 100 tera hashes per second... they could user 10 for the first 2016 blocks, 25 for the next, 50 for the next, and 100 for the next 2016 blocks... and then leave... placing us in a predicament that takes more than a few hours to allow a transaction through the network...

Seems like it's a big part of it is motivation and the goal. It's going to be a lot easier to damage bitcoin than rip it off. Just like it's easier to break the windows on a bank than it is to rob it.
With the expensive of damaging it though I don't see anyone out side of governments or maybe a competing currency if google started one that would go to that effort.
Obviously if it were super villain that just did evil things you could explain it but I doubt anyone with that power just throws it around.

This sounds like the old joke, "I always give 100% of my efforts at work!  10% on Mondays, 25% on Tuesdays, 50% on Wendsdays...."

Tell me this, if any single entity had access to the kind of hashing power to make this work, why bother with such a complex attack vector?  Why not just simply dominate the network?

Hypothetically if they had that much power and were trying to destroy not just manipulate the btc economy they could easily right? Obviously it can come back etc but they could cause some serious problems.

True, but Bitcoin is subject to overwelming computations anyway.  Which is why the system is designed to encourage participation in the hashing that keeps the blockchain strong.