Thanks, ByteCoin - that is pretty much the sort of scenario I was considering. It sounds like it would be very hard to do, but it is possible. However, this would assume that:

1. The transaction was of a large enough value to make it all worth doing.
2. That the merchant does insufficient checking, considering the large value of the transaction.
3. That the attacker nodes can swamp the network sufficiently, that there would be no doubt that the attacker nodes appear to be the honest nodes.

I would say that 1 and 2 should be mutually exclusive - any large transfers would surely be checked thoroughly by the merchant. I would say that 3 would also be very difficult to do, without raising suspicion/alarm from the rest of the honest network*.

* This in itself is perhaps a DoS vulnerability - if honest nodes have a mechanism to flag an alarm if they fear the network is under attack, this could be mimicked by attack nodes as a denial of service attempt. It would only result in people refusing to transact during this period, which would surely not be worth the CPU power to do this, but still.

I think I'm sufficiently convinced in the theory, so it will be interesting to see how the system develops. I would imagine that while the system is small, but growing, such attacks may only be a matter of time away. We will then see how well the system copes, but I think it will do admirably well.

Anyone have a good answer for the above? It would complete my knowledge on how it all hangs together and it would give me confidence in the system.

Ah, that sorted it! Thanks! I guess the default has changed between the versions.

FYI, 0.3.2 on Linux (Ubunu 10.04) the task bar icon no longer appears. It seems to run fine though.

I just realised that my point 2 has already been considered of in the PDF too:


Another question, which I had forgot to ask: Could attacker nodes create new coins to spend? If a huge amount of CPU power was maintained, presumably the bad nodes could validate invalid Bitcoins (their own, cheaply minted)? Or would this be impossible, as even a thin client (the 'Simplified Payment Verification' clients, which haven't been programmed yet) would flag such coins as invalid?

Thanks again!

Thanks, Dete - some good detail there, especially in regard to my first question.

It's good to confirm that coins can only be 'unspent' by such actions, which limits the scope of such an attack. As you say, if you had to turn 50%+ CPU resources on reverting a payment, the payment would have to be worth an awful lot of Bitcoins - that CPU power would probably be better put to actually minting new Bitcoins (or processing them, with a fee). With this in mind, I agree that it would be a sort of DoS or a general attempt at undermining of the system, rather than a way to gain financially.

With the above in mind, I can also see why a small processing fee should be levied, once Bitcoin minting loses its incentive, as it removes the incentive to try to hack the system. This is very clever, as a bit of carrot is always preferable than the stick. By helping to make the current system run smoothly, they will gain much more than attempting to game it. This, in itself, should encourage CPU power to be turned toward the greater good, with faster hardware generating more income for the fair nodes.

That said, I still think an early warning system would be a good idea. Would I be correct in thinking that several, random, nodes are queried to ensure that there is chain consensus? If so, it would be good to raise a flag if it appears that there is a substantial disagreement.

The more I learn about the system, the more I am convinced that it is well thought out. It's all rather ingenious and if it scales well, I can see it flourishing. I have a feeling that the bankers and their governmental buddies will be watching on nervously, but IMO, this is something they will need to embrace in the long term.

P.S. Going OT, but I think the value of the currency will continue to come from the destruction of regular currencies. A bout of hyperinflation in one of the main fiat currencies could be just the sort of Bitcoin incentive people need. Of course, there are many other documented advantages too.

May I suggest 'bump'?

If it's good enough for PayPal, then it should be good enough for Bitcoins. You just bump (well, wiggle) you phone near another and it can start a transfer process.

It works on the iPhone and Android, currently.

Hi,

Firstly, I'd just like to say that Bitcoins are a great concept. I'm impressed with the distributed nature, as well as the incentive to create coins.

My only concern, is one of security. I have read the PDF and it seems convincing from a software engineer's perspective, but I am concerned/confused as to what happens if attack nodes become the majority. Hopefully, someone hear can clear the below questions up:

1. If over 50% of the CPU power is coming from attack nodes, what is the damage they can do? Could they just make phantom payments between consenting parties or could they make up completely fictitious payments? From the PDF, I think it is only the former (as the process requires the receivers' key) and it would be difficult to maintain. Could someone explain this further, as it seems to be the main potential chink in the armour I can see.
 
2. Would it be possible to have a 'stability rating' of some sort, which shows the (rough) percentage of disagreeing nodes? If there is a 45/55% split, people would likely be cautious when receiving payments. While this would hopefully be a rare occurrence, it would be good to know if, and to what degree, nodes are in disagreement.

3. If attackers create hardware to process the code very quickly (rather than generic CPUs running the code), would the 50%+ attacker scenario be more easily exploited? What sort of precautions could be put in place to prevent this from being a problem?

I'm keen to learn more about this project and I've already started generating coins with the Linux client (good to see support there so soon!). I the world is crying out for a reliable, distributed money and while governments may fear it, they may be glad of it if the current fiat structures continue their collapse.