Theoretical Attack on Bitcoin

[byt411]

So I just came up with an idea, but a very rough idea, as to how an attacker can carry out a 51%-attack-like attack.

 
Basically, as far as I understand, the Bitcoin Network knows its time based on what the nodes relay, and it takes an average out of it.
Well, an attacker could create their own fork of the blockchain when it is 1 block away from difficulty change, with a small number of nodes that only he controls, and change the time of the nodes. This would make the network "think" that a lot of time has passed since the next block was found, and all they have to do is find that single block. Once it is found, difficulty would dramatically decrease on their fork of the chain, since a lot of time had passed before blocks were found. Then all he needs to do is continue mining until his chain is 1 block away from difficulty change, and repeat the process. He can make his chain longer than the main one easily, and then broadcast it. This would effectively make the "official" blockchain fork.

I have no idea if this will work, since I'm not that into the tech of bitcoin, and I hope this isn't possible, and for someone to explain why.

[Erdogan]

So I just came up with an idea, but a very rough idea, as to how an attacker can carry out a 51%-attack-like attack.

 
Basically, as far as I understand, the Bitcoin Network knows its time based on what the nodes relay, and it takes an average out of it.
Well, an attacker could create their own fork of the blockchain when it is 1 block away from difficulty change, with a small number of nodes that only he controls, and change the time of the nodes. This would make the network "think" that a lot of time has passed since the next block was found, and all they have to do is find that single block. Once it is found, difficulty would dramatically decrease on their fork of the chain, since a lot of time had passed before blocks were found. Then all he needs to do is continue mining until his chain is 1 block away from difficulty change, and repeat the process. He can make his chain longer than the main one easily, and then broadcast it. This would effectively make the "official" blockchain fork.

I have no idea if this will work, since I'm not that into the tech of bitcoin, and I hope this isn't possible, and for someone to explain why.

Difficulty is part of the calculation of the length of the chain, so the fork would eventually be abandoned.

[byt411]

So I just came up with an idea, but a very rough idea, as to how an attacker can carry out a 51%-attack-like attack.

 
Basically, as far as I understand, the Bitcoin Network knows its time based on what the nodes relay, and it takes an average out of it.
Well, an attacker could create their own fork of the blockchain when it is 1 block away from difficulty change, with a small number of nodes that only he controls, and change the time of the nodes. This would make the network "think" that a lot of time has passed since the next block was found, and all they have to do is find that single block. Once it is found, difficulty would dramatically decrease on their fork of the chain, since a lot of time had passed before blocks were found. Then all he needs to do is continue mining until his chain is 1 block away from difficulty change, and repeat the process. He can make his chain longer than the main one easily, and then broadcast it. This would effectively make the "official" blockchain fork.

I have no idea if this will work, since I'm not that into the tech of bitcoin, and I hope this isn't possible, and for someone to explain why.

Difficulty is part of the calculation of the length of the chain, so the fork would eventually be abandoned.

I don't understand what you mean, please expand on it.

[franky1]

what the OP is trying to say is that knowing difficulty is changed every 2100 blocks.

he will set up a private network of 2 PC's and at block 2098 he will set both computers time to be year 2100, thus as mining 2 more blocks. in this closed network. then the protocol in his theory will see that the blockchain has not mined blocks for 85 years and then give him super easy difficulty..

now the reality. when he rejoins the network he wil be all alone on his fork and everyone else will mine as usual not realising he exists, his coins from those 2 blocks would show as invalid and unspendable (wont confirm if he tried to send them) and he will get on with his life.

OP you also have to realise that you trying to (in basic principle) solo mine block 2098 and 2099, would be still at an extremely high difficulty before the change, which unless you had a asic farm, would take you not 20 minutes.. but days or weeks if lucky..

so dont waste your time on this. many thousands of people have been there, done that.

so heres the T-shirt



the other theory is to gather soooo much hash power to rival Ghash.oi etc. that if lucky he is the one that mines the critical block 2099 and it shows a timestamp of the year 2100..

goodluck, have you got over $10mill of equipment to try?

[byt411]

what the OP is trying to say is that knowing difficulty is changed every 2100 blocks.

he will set up a private network of 2 PC's and at block 2098 he will set both computers time to be year 2100, thus as mining 2 more blocks. in this closed network. then the protocol in his theory will see that the blockchain has not mined blocks for 85 years and then give him super easy difficulty..

now the reality. when he rejoins the network he wil be all alone on his fork and everyone else will mine as usual not realising he exists, his coins from those 2 blocks would show as invalid and unspendable (wont confirm if he tried to send them) and he will get on with his life.

OP you also have to realise that you trying to (in basic principle) solo mine block 2098 and 2099, would be still at an extremely high difficulty before the change, which unless you had a asic farm, would take you not 20 minutes.. but days or weeks if lucky..

so dont waste your time on this. many thousands of people have been there, done that.

so heres the T-shirt



the other theory is to gather soooo much hash power to rival Ghash.oi etc. that if lucky he is the one that mines the critical block 2099 and it shows a timestamp of the year 2100..

goodluck, have you got over $10mill of equipment to try?

Of course, a regular person wouldn't be able to do so, but Even a small pool like Bitminter, or Bitmaintech's AntPool, or KnC's "Testing Facility" could easily accomplish this without controlling 51% of the network. After they find that one block, which wouldn't take long, they would be able to start the cycle.
I think this deserves a bit more attention.

[Ron~Popeil]

what the OP is trying to say is that knowing difficulty is changed every 2100 blocks.

he will set up a private network of 2 PC's and at block 2098 he will set both computers time to be year 2100, thus as mining 2 more blocks. in this closed network. then the protocol in his theory will see that the blockchain has not mined blocks for 85 years and then give him super easy difficulty..

now the reality. when he rejoins the network he wil be all alone on his fork and everyone else will mine as usual not realising he exists, his coins from those 2 blocks would show as invalid and unspendable (wont confirm if he tried to send them) and he will get on with his life.

OP you also have to realise that you trying to (in basic principle) solo mine block 2098 and 2099, would be still at an extremely high difficulty before the change, which unless you had a asic farm, would take you not 20 minutes.. but days or weeks if lucky..

so dont waste your time on this. many thousands of people have been there, done that.

so heres the T-shirt



the other theory is to gather soooo much hash power to rival Ghash.oi etc. that if lucky he is the one that mines the critical block 2099 and it shows a timestamp of the year 2100..

goodluck, have you got over $10mill of equipment to try?

Of course, a regular person wouldn't be able to do so, but Even a small pool like Bitminter, or Bitmaintech's AntPool, or KnC's "Testing Facility" could easily accomplish this without controlling 51% of the network. After they find that one block, which wouldn't take long, they would be able to start the cycle.
I think this deserves a bit more attention.

I don't pretend to know enough to comment on the specifics of such an idea. I do think as an academic exercise it is good to be aware of this kind of stuff in order to stay ahead of people that would try to game the system. I don't believe most such attacks would succeed in getting a bunch of coins, but they can cause chaos and fear which does affect our wealth. 

[byt411]

what the OP is trying to say is that knowing difficulty is changed every 2100 blocks.

he will set up a private network of 2 PC's and at block 2098 he will set both computers time to be year 2100, thus as mining 2 more blocks. in this closed network. then the protocol in his theory will see that the blockchain has not mined blocks for 85 years and then give him super easy difficulty..

now the reality. when he rejoins the network he wil be all alone on his fork and everyone else will mine as usual not realising he exists, his coins from those 2 blocks would show as invalid and unspendable (wont confirm if he tried to send them) and he will get on with his life.

OP you also have to realise that you trying to (in basic principle) solo mine block 2098 and 2099, would be still at an extremely high difficulty before the change, which unless you had a asic farm, would take you not 20 minutes.. but days or weeks if lucky..

so dont waste your time on this. many thousands of people have been there, done that.

so heres the T-shirt



the other theory is to gather soooo much hash power to rival Ghash.oi etc. that if lucky he is the one that mines the critical block 2099 and it shows a timestamp of the year 2100..

goodluck, have you got over $10mill of equipment to try?

Of course, a regular person wouldn't be able to do so, but Even a small pool like Bitminter, or Bitmaintech's AntPool, or KnC's "Testing Facility" could easily accomplish this without controlling 51% of the network. After they find that one block, which wouldn't take long, they would be able to start the cycle.
I think this deserves a bit more attention.

I don't pretend to know enough to comment on the specifics of such an idea. I do think as an academic exercise it is good to be aware of this kind of stuff in order to stay ahead of people that would try to game the system. I don't believe most such attacks would succeed in getting a bunch of coins, but they can cause chaos and fear which does affect our wealth. 

If no countermeasure is put in place, the attackers will just grab all block rewards with very little effort, and all coins will get mined in very little time, so it is a bunch of coins.

[jonald_fyookball]

That attack won't work because there are validity checks
on the timestamps.

https://en.bitcoin.it/wiki/Block_timestamp

[jook]

Of course, a regular person wouldn't be able to do so, but Even a small pool like Bitminter, or Bitmaintech's AntPool, or KnC's "Testing Facility" could easily accomplish this without controlling 51% of the network. After they find that one block, which wouldn't take long, they would be able to start the cycle.
I think this deserves a bit more attention.

No, it doesn't deserve attention because you're misunderstanding how Bitcoin works. The length of the blockchain is not measured in number-of-blocks, but in the amount of work done, i.e. blocks multiplied by difficulty. If someone managed to set up the scheme you describe, the manipulated chain would not be accepted as the longest. Its higher block count multiplied with the fake low difficulty makes it shorter than the real one.

[jonald_fyookball]

Of course, a regular person wouldn't be able to do so, but Even a small pool like Bitminter, or Bitmaintech's AntPool, or KnC's "Testing Facility" could easily accomplish this without controlling 51% of the network. After they find that one block, which wouldn't take long, they would be able to start the cycle.
I think this deserves a bit more attention.

No, it doesn't deserve attention because you're misunderstanding how Bitcoin works. The length of the blockchain is not measured in number-of-blocks, but in the amount of work done, i.e. blocks multiplied by difficulty. If someone managed to set up the scheme you describe, the manipulated chain would not be accepted as the longest. Its higher block count multiplied with the fake low difficulty makes it shorter than the real one.

you misunderstood the OP, he is talking about manipulation via difficulty adjustment , but that won't work because the timestamps are validated.

[jook]

you misunderstood the OP, he is talking about manipulation via difficulty adjustment , but that won't work because the timestamps are validated.

I don't think I misunderstood the OP. The argument is that even if timestamps were not validated, it still wouldn't work, because the fake chain won't be accepted as the longest. So there are at least two reasons why this is not an actual problem.

[jonald_fyookball]

you misunderstood the OP, he is talking about manipulation via difficulty adjustment , but that won't work because the timestamps are validated.

I don't think I misunderstood the OP. The argument is that even if timestamps were not validated, it still wouldn't work, because the fake chain won't be accepted as the longest. So there are at least two reasons why this is not an actual problem.

If timestamps were not validated, I think it actually would be a problem because attacker could build a very long chain very quickly and broadcast that whole chain.

[jook]

If timestamps were not validated, I think it actually would be a problem because attacker could build a very long chain very quickly and broadcast that whole chain.

No, the attacker cannot build a longer chain. Re-read my first post, I don't know how to make it any clearer.

[jonald_fyookball]

If timestamps were not validated, I think it actually would be a problem because attacker could build a very long chain very quickly and broadcast that whole chain.

No, the attacker cannot build a longer chain. Re-read my first post, I don't know how to make it any clearer.

I see your point now, sorry... but still I think there could still be problems.
Why wouldn't the network build on top of your long chain since you were the first to broadcast it?
Also, it would be a very chaotic situation if you had miners trying to solve at different
difficulty levels.  A lot of reorgs.  And a distinct possibility someone would come out with
X number of cheap blocks.  Such chaos would be very bad for Bitcoin.

[franky1]

That attack won't work because there are validity checks
on the timestamps.

https://en.bitcoin.it/wiki/Block_timestamp

darn it, you spoiled it for me.. i wanted to see how far down the rabbit hole of fantasy bitcoin attack theory byt411 would go, either deeper down to pretend there was a threat or would come back with an acceptable argument that no one has realised..

but you had to put the deathnail into his fantasy theory..

some of these new people need to realise bitcoin has been tried and tested by hackers and whitehackers for 5 years. and bitcoins is still here, so most theories of attack are already preventable. i just wanted to see if he was the acception that knew something we didnt



im having a comedy day today. chillin in the sun dont mind me

[jonald_fyookball]

That attack won't work because there are validity checks
on the timestamps.

https://en.bitcoin.it/wiki/Block_timestamp

darn it, you spoiled it for me.. i wanted to see how far down the rabbit hole of fantasy bitcoin attack theory byt411 would go, either deeper down to pretend there was a threat or would come back with an acceptable argument that no one has realised..

but you had to put the deathnail into his fantasy theory..

some of these new people need to realise bitcoin has been tried and tested by hackers and whitehackers for 5 years. and bitcoins is still here, so most theories of attack are already preventable. i just wanted to see if he was the acception that knew something we didnt



im having a comedy day today. chillin in the sun dont mind me

Well, I think people should try to keep thinking of ways to attack Bitcoin.
A new idea can come from any mind.

That said, I agree, the devs are very smart people and have had
a lot of Bitcoin experience.  They are usually several steps ahead
of the crowd.

[franky1]

Well, I think people should try to keep thinking of ways to attack Bitcoin.
A new idea can come from any mind.

That said, I agree, the devs are very smart people and have had
a lot of Bitcoin experience.  They are usually several steps ahead
of the crowd.

i know thats why i didnt want him to totally give up, i wanted to see where it lead to and find out if he actually done much research and found a flaw. turns out he was a standard worry-wort.

[byt411]

Well, I think people should try to keep thinking of ways to attack Bitcoin.
A new idea can come from any mind.

That said, I agree, the devs are very smart people and have had
a lot of Bitcoin experience.  They are usually several steps ahead
of the crowd.

i know thats why i didnt want him to totally give up, i wanted to see where it lead to and find out if he actually done much research and found a flaw. turns out he was a standard worry-wort.

I didn't do a lot of research, it's just something I came up with.

Can someone expand on how the timestamps are validated?

[jonald_fyookball]

Well, I think people should try to keep thinking of ways to attack Bitcoin.
A new idea can come from any mind.

That said, I agree, the devs are very smart people and have had
a lot of Bitcoin experience.  They are usually several steps ahead
of the crowd.

i know thats why i didnt want him to totally give up, i wanted to see where it lead to and find out if he actually done much research and found a flaw. turns out he was a standard worry-wort.

I didn't do a lot of research, it's just something I came up with.

Can someone expand on how the timestamps are validated?

Please read the wiki page, it is not long

In the case of trying to spoof a timestamp
far in the future, the block would be instantly rejected
by other nodes because is is not within 2 hours
of the network time.

[hollowframe]

Well, I think people should try to keep thinking of ways to attack Bitcoin.
A new idea can come from any mind.

That said, I agree, the devs are very smart people and have had
a lot of Bitcoin experience.  They are usually several steps ahead
of the crowd.

i know thats why i didnt want him to totally give up, i wanted to see where it lead to and find out if he actually done much research and found a flaw. turns out he was a standard worry-wort.

I didn't do a lot of research, it's just something I came up with.

Can someone expand on how the timestamps are validated?

A timestamp will only be accepted if it is no more then 2 hours greater then the average of the time of all the nodes that you connect to. In other words the most you can manipulate the time is to make it 2 hours in the future. You would not wish to do this for found blocks, as the first block found is generally the one accepted to the blockchain assuming both chains are the same length.