unk
Member
Offline
Activity: 84
Merit: 10
|
|
June 06, 2011, 11:07:50 PM |
|
You could (temporarily) DoS all of Bitcoin for far less money than a million dollars. However, DoS attacks are illegal
one concern i've long had is that several kinds of 'attacks' or at least attempts at denying service to achieve external effects (like market manipulation) conform to bitcoin's network and functional protocol and thus are probably unlikely to be regulated. but it's a grey area. in any case, to give my own reply to the original question, i believe it's a true statement. even the most intuitive attack that requires no special knowledge (the 'overwhelm the hashing power of the network' attack) would cost only a few million dollars at present for permanent purchase of the necessary hardware, and far less for rental. there are many cleverer things that can be done, however. for example, analyses by bytecoin and "s" have explained similar attacks that require fewer resources. this isn't really a threat to the bitcoin technology as a whole. satoshi wasn't particularly concerned with it, as you can see from his last few messages at the forum. but as i and others have pointed out for a long time, it makes any individual block chain subject to more potential kinds of market manipulation that many speculators seem to suspect. bitcoin will likely continue, but the value in any particular block chain can at present be very easily 'attacked' through denial of service and similar mechanisms. that we haven't seen much more than a denial-of-service attack on mt gox and a few mining pools likely reflects nothing more than the still-relatively-small footprint of bitcoin and the fact that it is not presently easy to profit from falls in the price of a bitcoin at any significant scale.
|
|
|
|
n0m4d
Member
Offline
Activity: 70
Merit: 10
|
|
June 06, 2011, 11:40:19 PM |
|
Once somebody has more computing power than everybody else put together, they should go about 1,000 blocks back and try to build a new chain building off that, in secret. (This would take a week.) However their chain will not include any of the transactions from the last 1,000 legitimate blocks. Once it becomes longer than the existing chain, they publish it and instantaneously a whole week of transactions un-happen, i.e. they are reversed and the money (including mining fees) returns to the hands of the original owner, whereas the 50,000 BTC legitimately mined disappear, and the new 50,000 BTC generated are owned by one bitcoin address, the attacker's.
As I understand the code, clients running after the fork and before the merge won't pay any attention to that new block chain. Newly booting ones may have to decide which to believe, but no one is going to rewind past the last few blocks. I'd love to hear anyone that's deeper into the code than I correct me on that.
|
|
|
|
unk
Member
Offline
Activity: 84
Merit: 10
|
|
June 06, 2011, 11:48:53 PM |
|
you can't easily go back that far even with massive hashing power. satoshi's original paper shows this numerically.
|
|
|
|
n0m4d
Member
Offline
Activity: 70
Merit: 10
|
|
June 07, 2011, 03:41:39 AM |
|
you can't easily go back that far even with massive hashing power. satoshi's original paper shows this numerically.
i believe the whitepaper covers the case of trying to undo a transaction, whereas - as i understand it, trippy was speaking of maintaining a "shadow" fork that would suddenly emerge and attempt to usurp the block chain since the fork. perhaps the maths cover that case as well, and i'm ignorant of their full implications.
|
|
|
|
unk
Member
Offline
Activity: 84
Merit: 10
|
|
June 07, 2011, 04:17:10 AM |
|
oh, i misread. that is indeed possible, and it hasn't gotten enough attention. it's like an expanded version of the 'finney attack' and could be used quite strategically to significant negative effect. in some ways, it's a particular case of the sort of problem that ben laurie was warning us about at http://links.org. i don't believe anything in the code limits large reorganizations, except the hard-coded checkpointing of particular blocks at some releases. the network couldn't easily survive if newly downloaded clients disagreed with the old ones about the state of the network. they need to validate each proposed chain for themselves and accept the one with the greatest total proof of work. (that said, i haven't stayed current with each new release of the code, so i'm not sure if it has been modified in this respect. but unless very sophisticated, my belief is that such a change wouldn't make much sense.)
|
|
|
|
n0m4d
Member
Offline
Activity: 70
Merit: 10
|
|
June 07, 2011, 04:33:22 AM |
|
seems like a couple public write-once block databases would sew this up - in a total OMFG freak out the clients could go into quorum mode... freenet, maybe?
|
|
|
|
unk
Member
Offline
Activity: 84
Merit: 10
|
|
June 07, 2011, 04:51:30 AM |
|
right, it requires a redundancy that is not presently part of the bitcoin system. the problem is that it will never be clear, without a non-bitcoin mechanism for reaching meta-consensus, which block chain is the 'honest' one. as an example, it might not be the first; for all we know, the first was the attack, and the 1000 others were the remedy to the attack. (this once happened in response to an integer-overflow bug that led to a mended block chain at satoshi's direction with the help of powerful miners.)
"s" once outlined a detailed mechanism for redundancy, but he or she was apparently pushed away from the forum by extremist responses and deleted that post. but i recall a model similar to freenet as one robust anti-double-spending mechanism.
|
|
|
|
n0m4d
Member
Offline
Activity: 70
Merit: 10
|
|
June 07, 2011, 01:22:56 PM |
|
But if the attack were sprung right away like that, wouldn't it hit folk's radar pretty quick? As I understand it, you can't simultaneously wrest control of the network AND dodge the difficulty increase.
|
|
|
|
Mike Hearn
Legendary
Offline
Activity: 1526
Merit: 1134
|
|
June 07, 2011, 05:45:31 PM |
|
Nobody smart would attempt to DoS Bitcoin by outrunning the chain. That's not a threat worth worrying about. You can knock nodes offline without any expensive computation and because all nodes are discoverable that means you can take the network temporarily offline, until people upgrade to a new software version that is more DoS resistant.
|
|
|
|
MoonShadow
Legendary
Offline
Activity: 1708
Merit: 1010
|
|
June 07, 2011, 05:46:09 PM |
|
Nobody smart would attempt to DoS Bitcoin by outrunning the chain. That's not a threat worth worrying about. You can knock nodes offline without any expensive computation and because all nodes are discoverable that means you can take the network temporarily offline, until people upgrade to a new software version that is more DoS resistant.
Not all nodes are discoverable.
|
"The powers of financial capitalism had another far-reaching aim, nothing less than to create a world system of financial control in private hands able to dominate the political system of each country and the economy of the world as a whole. This system was to be controlled in a feudalist fashion by the central banks of the world acting in concert, by secret agreements arrived at in frequent meetings and conferences. The apex of the systems was to be the Bank for International Settlements in Basel, Switzerland, a private bank owned and controlled by the world's central banks which were themselves private corporations. Each central bank...sought to dominate its government by its ability to control Treasury loans, to manipulate foreign exchanges, to influence the level of economic activity in the country, and to influence cooperative politicians by subsequent economic rewards in the business world."
- Carroll Quigley, CFR member, mentor to Bill Clinton, from 'Tragedy And Hope'
|
|
|
Mike Hearn
Legendary
Offline
Activity: 1526
Merit: 1134
|
|
June 07, 2011, 05:56:31 PM |
|
If you mean non-listening nodes, they don't matter because to take the network offline all you need to do is take out the listening nodes.
|
|
|
|
MoonShadow
Legendary
Offline
Activity: 1708
Merit: 1010
|
|
June 07, 2011, 06:02:24 PM |
|
If you mean non-listening nodes, they don't matter because to take the network offline all you need to do is take out the listening nodes.
No, I don't mean non-listening nodes, but those would qualify also because they are intermittently listening. The network is a very fault tolerant, self-healing system.
|
"The powers of financial capitalism had another far-reaching aim, nothing less than to create a world system of financial control in private hands able to dominate the political system of each country and the economy of the world as a whole. This system was to be controlled in a feudalist fashion by the central banks of the world acting in concert, by secret agreements arrived at in frequent meetings and conferences. The apex of the systems was to be the Bank for International Settlements in Basel, Switzerland, a private bank owned and controlled by the world's central banks which were themselves private corporations. Each central bank...sought to dominate its government by its ability to control Treasury loans, to manipulate foreign exchanges, to influence the level of economic activity in the country, and to influence cooperative politicians by subsequent economic rewards in the business world."
- Carroll Quigley, CFR member, mentor to Bill Clinton, from 'Tragedy And Hope'
|
|
|
|