Alright, thank you for the confirmation. 

The command "getchaintips" results currently in:


667021 is the current best tip. Hence, 666833 and 665005 are stale blocks?

Based on this statement I assume that the result of "getchaintips" is a little different for each node?

It might happen that two miners find a new block at almost the same time. Due to the latency in the network some nodes receive block A first, while some other nodes receive block B first.

Assuming that more future blocks are refer to A as a predecessor, A will be part of the longest chain, while B is referred to as an orphan block. I was trying to figure out how often such a scenario takes place.
I found this graph on blockchain.com: https://www.blockchain.com/charts/n-orphaned-blocks (select All Time and Raw Values)


I have multiple questions:

• Can someone verify the correctness of this chart?
• If it is correct, why do such micro forks only occur between 2014-2018?
• I thought such a scenario would happen way more often.. Why not?
• I'm operating a full node. Can I verify the numer of orphan blocks by myself? (Are they stored by my node)?
• Are there any good references on this topic?

Thanks for your answers in advance!
Cheers Tym

I think I got a little missunderstood there.

Lets say the current block is at height 648,940. An actor of the network (no full node, no light node, even smaller than a light node) who does not store a chain of blocks neither a chain of block headers (like spv-clients does). This actor wants to verify the existence and correctness of a block by checking the finality.

For example: He requests the block header of block 600,000 and 6 finality headers to make sure that this block is correct. If the responding node is able to provide 6 (or even more) finality headers, the actor can be very sure that this block is correct and part of the actual Bitcoin blockchain.

Attack scenario: An attacker modifys block 600,000 (removes or adds a tx) - to prove the actor that this block is correct, the attacker has to provide 6 finality headers. He's not competing with anyone - he's secretly mining his chain of fake-blocks. But he should better be fast, because the actor won't wait too long for a response.


Now back to the original question: Its very expensive for an attacker to put his mining power into mining such a chain of fake-blocks. So if the actor wants to verify a transaction worth of $100,000 that is part of block 600,000 it might be worth it for an attacker trying to manipulate that block and deliver a chain of fake-blocks so that the actor verifies a wrong block. But this is only worth it up to the amount the attacker has to pay for this attack.

Up to which amount of $ can the actor trust the result of the server? (As long as the transaction is smaller than the costs for this attack the actor can pretty sure that the sever delivers a correct block + correct finality headers).

Therefore: How expensive is it for an attacker to create such a chain of fake-blocks?
(Modify block 600,000 and provide 6 finality headers - since the client does not store the whole chain, he cannot check against other information - so he would trust the wrong result).


Thank you for further responses!

I think my scenario is realistic. I don't know exactly what you mean to be honest. Maybe you can explain it in more detail.



@NotATether
Thank you for you feedback! I will take you suggestions into account (that I'm missing the transaction fees, the story with Ghash.io, and the lower price for the Antminer as well).

I'm still wondering if someone is able to give a function to calculate the estimated costs for creating a chain of n fake-blocks. Or maybe a similar calculation that I've shown - with different assumptions/approaches. This would help to get a better idea on how much it actually costs by taking different calculations into account (to possibly form the average).

Hello there,

I created a calculation for the "security (in terms of $) of 6 finality headers". I wanted to ask for some feedback/thoughts - and I'd love to read suggestions or maybe different approaches on this topic ("how secure are n finality headers").

The goal is to point out a certain amount of $ that an attacker has to pay to create a chain of fake-blocks (so that block X final). The scenario: Be sure that block X is part of the actual bitcoin blockchain without knowing every block header - but only checking the finality of block X with a certain amount of finality headers.

Imagine we want to change a transaction of block X and prove that this block is correct (even though it is not). An attacker has to calculate a chain of fake-blocks (block X and 6 finality). This results in a total of 7 fake-blocks to mine. The calculation is based on assumptions and averages.

Assume that the attacker has 10% of the total mining power. This would mean he needs around 100 minutes to mine 1 block (average block time of Bitcoin is 10 minutes) and around 700 minutes to mine 7 blocks. While mining fake-blocks, the attacker loses his chance of earning block rewards. Assuming that we would have been able to mine 7 blocks, with a current block reward of 6.25 BTC and $11,400 per Bitcoin at the time of writing:

7 * 6.25 BTC = 43.75 BTC

43.75 BTC * ($11,400 / 1 BTC) = $498,750

Furthermore, the attacker needs to achieve 10% of the mining power. With a current total hash rate of 120 EH/s, this would mean 12 EH/s. There are two options: buying the hardware or renting the mining power from others. A new Antminer S9 with 14 TH/s can be bought for $3,000.(https://www.buybitcoinworldwide.com/mining/hardware/) This would mean an attacker has to pay $2,568,000,000 to buy so many of these miners to reach 12 EH/s. The costs for electricity, storage room and cooling still needs to be added.


Hashing power can also be rented online. Obviously nobody is offering to lend 12 EH/s of hashing power – but for this calculation we assume that an attacker is still able to rent this amount of hashing power. The website https://www.nicehash.com/marketplace is offering 1 PH/s for 0.0098 BTC (for 24 hours).

1 PH/s = 0.0098 BTC

12 EH/s = 117.6 BTC

Assuming it is possible to rent it for 700 minutes only (which would be 48.6% of one day).

117.6 BTC * 0.486 = 57.15 BTC

57.15 BTC * ($11,400 / 1 BTC) = $651,510

Total: $498,750 + $651,510 = $1,150,260


Therefore, 6 finality headers provide a security of estimated $1,150,260 in total. Meaning that I can trust the information that a server gave me about my transaction, in case the transaction that is part of a block with 6 finality headers and where the transfered $ is less than 1,150,260. If the amount was greater than that, it would be worth it for an attacker to mine a chain of fake-blocks to manipulate block X (and for example fake-include my transaction).


Thank you for your attention!
Tym

After going through everything I've some open questions in my mind:


Where are these numbers 1.17, 0.2 and 0.93 coming from?


And I'm curious how to insert the formula mentioned by @d5000 into the formula of NAC (net attack cost).


Thanks 

Thank you very much for your responses! Especially @aliashraf and @d5000. You're helping me a lot with these formulas!

Actually I wanted to ask a similar question but suddenly I saw this post so I wanted to add my question here.

I read an article from Vitalik Buterin where I found this:

Source: https://blog.ethereum.org/2015/01/10/light-clients-proof-stake/

In fact, I belive what Buterin is saying/writing but I'm looking for a mathematical proof to add it to my thesis.

Maybe someone knows a good link or is able to explain (in a mathematical way) why creating such a chain is as expensive as a 51% attack.

I'd love to read your answers! Thank you!

Thank you so much @pooya87!
Appreciate it!

Hello pooya87,

I just read your answer.
You said: "then decode its signature script to get the height"

Would you mind explaining this step more detailed to me?

I'd love to read your answer! Thanks!
Tym

Thanks! Thats what i was looking for

Hello,

compared to Ethereum there is no field "blocknumber" in a bitcoin-header. Only full nodes can verify a blocknumber since they know the whole chain.

My question: Is there some kind of an agreement out there (i.e. a BIP) which tells that the blocknumber should be stored for example in the "extra data"-field within the coinbase transaction?

I want to verify the blocknumber as a client which doesn't have full access to the chain.

I would love to read your answers.

Thanks,
Tym

What I just found is the following:

(Source: https://en.bitcoin.it/wiki/Thin_Client_Security)

To improve my question from above: How is the Client able to verify the correctness of these blocks?

Hello there,

according to the documentation an Electrum wallet is able to verify transactions by its own using the SPV technique. https://electrum.readthedocs.io/en/latest/spv.html#spv

SPV makes it pretty easy for my wallet to make sure that my transaction is included in the Bitcoin blockchain. That's because my wallet knows all block headers of the entire chain (right?).

My Question: Is there a way for my wallet to verify that a block (header) is part of the Bitcoin blockchain. If so, how does it work?

My thoughts: If I want to verify a block I need to check if the hash fulfillfs the conditions of the target. To check that I need to know the correct target. Is there any way to proof (or to be very sure) that a target is correct (e.g. taking a look at blocks in the past, ...)

My aim: I want to proof that a target is correct at any time for one of my projects (kind of a SPV-Client). I was trying to find some approaches in the documentation of electrum (how they do it). But I didn't.


I'd love to read your answers. :-) Many thanks to everyone reading my question.
Tym