Bitcoin Forum
April 27, 2017, 07:28:57 AM *
News: If the forum does not load normally for you, please send me a traceroute.
 
   Home   Help Search Donate Login Register  
Pages: 1 2 3 4 5 6 7 [All]
  Print  
Author Topic: Cheap way to attack blockchain  (Read 23743 times)
amaclin
Legendary
*
Offline Offline

Activity: 1176


View Profile WWW
August 31, 2015, 07:58:03 AM
 #1

Seems to me that I know new way to attack & flood bitcoin network.

The last attacks were based on filling the blocks with transactions.
This is because of limit of block size. (Consensus rule that the blocksize is below 1mb)

But there are another limits for block which can not be changed without hard fork.

There is a limit of SIGOPS in transactions included to a block.

consensus.h
Code:
/** The maximum allowed size for a serialized block, in bytes (network rule) */
static const unsigned int MAX_BLOCK_SIZE = 1000000;
/** The maximum allowed number of signature check operations in a block (network rule) */
static const unsigned int MAX_BLOCK_SIGOPS = MAX_BLOCK_SIZE/50;

So, MAX_BLOCK_SIGOPS is 20000

How does the client calculate the number of SIGOPS? Let us look to the sources.

main.cpp
Code:
           if (fStrictPayToScriptHash)
            {
                // Add in sigops done by pay-to-script-hash inputs;
                // this is to prevent a "rogue miner" from creating
                // an incredibly-expensive-to-validate block.
                nSigOps += GetP2SHSigOpCount(tx, view);
                if (nSigOps > MAX_BLOCK_SIGOPS)
                    return state.DoS(100, error("ConnectBlock(): too many sigops"),
                                     REJECT_INVALID, "bad-blk-sigops");
            }

Miner node includes transactions to a block while the nSigOps not exceeds 20000.
The block with nSigOps > 20000 will be invalid (consensus rule) and will be rejected by all other nodes.

Now let us look the transaction
https://blockchain.info/tx/6766e75d6166a0a14bd814921d0f903285e15779e648d7ec52a4f7c0868ec07d
and calculate the number of SIGOPS in it

All input scripts are redeeming from p2sh-outputs with the inner scripts build on the same template:
Code:
OP_0
OP_IF
  OP_15
  OP_CHECKMULTISIG
OP_ENDIF
OP_SMALLINTEGER
The number of SIGOPS in this small script is 15 (this is maximum value to pass IsStandard)
And the total number of SIGOPS in 6766e75d6166a0a14bd814921d0f903285e15779e648d7ec52a4f7c0868ec07d is 15 * 15 = 225

So, the maximum number of such transactions in one block is only 88 (because floor ( 20000 / 225 ) = 88)
And inserting 88 such transactions in one block leaves only 200 SIGOPS for regular transactions.
Which leaves a room only for ~100 transactions in block for other persons

The attack vector should be:
1) create and fund a big number of such p2sh-utxo
2) redeem them to OP_RETURN or to regular output

Each such transaction costs 0.00045 for dishonest attacker (can be even less)
88 transactions (attack one block) will cost only 0.0396 BTC
Daily attack 5.7024 BTC - not a big deal

Wanna hire me for this dirty job?  Grin


Last night, at last, the Evil's spine was broken
It was impaled and quartered where it stood.
New day has dawned and people are awoken
By proudly marching, stinking, gory Good.
1493278137
Hero Member
*
Offline Offline

Posts: 1493278137

View Profile Personal Message (Offline)

Ignore
1493278137
Reply with quote  #2

1493278137
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
fairglu
Legendary
*
Offline Offline

Activity: 980


View Profile WWW
August 31, 2015, 08:17:44 AM
 #2

Each such transaction costs 0.00045 for dishonest attacker (can be even less)
88 transactions (attack one block) will cost only 0.0396 BTC
Daily attack 5.7024 BTC - not a big deal

Wanna hire me for this dirty job?  Grin

Main "weakness" for this attack is that miners could easily just ignore those transactions, without involving any hard fork.

Only the pools that accept those transactions *and* that do not prioritize transactions in a block by total fee would be impacted, pools that build their blocks based on max fee they can rack in a block would automatically eliminate them, they may just need to take the SIGOPS limit into their block optimization code, but that's all.

In practice only the "faucet pools", those that accept zero-fee tx and do not prioritize tx would likely feel the attack.

So the practical spamming would be limited to relaying and the mempool, so no biggy.

amaclin
Legendary
*
Offline Offline

Activity: 1176


View Profile WWW
August 31, 2015, 08:23:19 AM
 #3

Main "weakness" for this attack is that miners could easily just ignore those transactions, without involving any hard fork.
Yes. Miners can blacklist redeeming p2sh outputs with abnormal SIGOPS count.
Also they can mark these txs as low priority (need some coding)
What do you think about the currency with blacklisted addresses?

So the practical spamming would be limited to relaying and the mempool, so no biggy.
OK, lets combine this attack with old good spam Smiley

During the last "stress-test" the majority of miners decided to include spam transactions to their blocks.

Last night, at last, the Evil's spine was broken
It was impaled and quartered where it stood.
New day has dawned and people are awoken
By proudly marching, stinking, gory Good.
basil00
Member
**
Offline Offline

Activity: 60


View Profile
August 31, 2015, 10:49:53 AM
 #4

Yes this is a known attack.  I independently discovered it a few weeks ago:
[Consider the script "OP_0 OP_IF OP_15 OP_CHECKMULTISIG OP_ENDIF OP_1", e.g.
see 3PxwzLuPZtgHuz2J9ocg6ejNcci5WbtS3h

This script is 6 bytes and "consumes" 15 sigops if I am not mistaken.  An
attacker can use this to fill the block sigop limit of 20000.  E.g.  See
6766e75d6166a0a14bd814921d0f903285e15779e648d7ec52a4f7c0868ec07d (225 sigops
in ~740 bytes).  An attacker spends just 0.04BTC ($10.70) to "fill" a block
with high-fee transactions.

reddit.com/u/basil00

salt: 3md9smcjd7jkafh83mdlsjc9w,03m
]

Take the sha256 of everything between the square brackets [...] (including empty line at the end) and it will match this hash.  This is a version of the message I sent to Peter Todd to report the problem.  Peter informed me that it is a known problem.  I didn't release it publicly because it could be used for a very cheap and effective DoS attack (currently just $9USD to "fill" a block).
amaclin
Legendary
*
Offline Offline

Activity: 1176


View Profile WWW
August 31, 2015, 11:04:11 AM
 #5

 I didn't release it publicly because it could be used for a very cheap and effective DoS attack (currently just $9USD to "fill" a block).

You put it into blockchain  Grin
This was releasing the attack vector for everyone  Smiley

Last night, at last, the Evil's spine was broken
It was impaled and quartered where it stood.
New day has dawned and people are awoken
By proudly marching, stinking, gory Good.
basil00
Member
**
Offline Offline

Activity: 60


View Profile
August 31, 2015, 11:12:30 AM
 #6

Quote
You put it into blockchain  Grin
This was releasing the attack vector for everyone  Smiley

Hey...there's no connection between me an that alleged transaction Smiley.

Anyway, as Peter said, this is a known problem, meaning that I was not the first to figure it out.  If I figured it out then so will others.

I'm not sure what the fix is though.  That crappy sigop-counting code is consensus critical.  Probably we need a tightening of the IsStandard() rules...
amaclin
Legendary
*
Offline Offline

Activity: 1176


View Profile WWW
August 31, 2015, 11:22:11 AM
 #7

Hey...there's no connection between me an that alleged transaction.
Sorry.
So, there are at least 4 persons who has a knowledge how to attack blockchain  Grin
You, me, Peter Todd and the creator of that transaction  Smiley

Last night, at last, the Evil's spine was broken
It was impaled and quartered where it stood.
New day has dawned and people are awoken
By proudly marching, stinking, gory Good.
fairglu
Legendary
*
Offline Offline

Activity: 980


View Profile WWW
August 31, 2015, 01:17:09 PM
 #8

Yes. Miners can blacklist redeeming p2sh outputs with abnormal SIGOPS count.
Also they can mark these txs as low priority (need some coding)

Blacklisting would be the "cheap fix", on a fairly optimized pool, you can expect there will be some kind of optimizer that tries to optimize the pool blocks by maximizing the tx fee while minimizing block size (to minimize orphans from propagation delays).
Which such block optimizations, your SIGOPS-heavy tx would naturally be pushed back as they would prevent more fee-paying tx to get in the block.

The "reference" core implementation (as described in https://en.bitcoin.it/wiki/Transaction_fees#Including_in_Blocks) would be vulnerable, but I do not expect any major bitcoin pool to run on that implementation (unless they do it out of charity).

What do you think about the currency with blacklisted addresses?

You mean XT blacklist?

Services that provide taint info and services around it have already existed for years now, official blacklisting would just be acknowledging publicly what has been common knowledge less publicly. Heck, my explorers provide taint analysis information for 130+ cryptos, so it's really something you have to be aware of, and just "deal with it".

If you want better technological fungibility, DASH or XMR provide partial solutions, each with its own set of vulnerabilities and issues though, the perfect fungible crypto has not been invented yet IMHO.

During the last "stress-test" the majority of miners decided to include spam transactions to their blocks.

Yes, and that leaves only two possible explanations in my mind: either the pool operators are not good at maths or it was pushing an agenda in the direction they liked. I do not think they are not good at maths, so let the conspiracy theories begin Smiley

tommorisonwebdesign
Sr. Member
****
Offline Offline

Activity: 448



View Profile
September 01, 2015, 07:32:48 PM
 #9

Sounds like the best way to plug this loophole is to create the blacklist as suggested. Good to see developers catching this stuff before there is an attack on the whole network.

Signatures? How about learning a skill... I don't care either way. Everybody has to make a living somehow.
amaclin
Legendary
*
Offline Offline

Activity: 1176


View Profile WWW
September 01, 2015, 08:12:47 PM
 #10

Sounds like the best way to plug this loophole is to create the blacklist as suggested. Good to see developers catching this stuff before there is an attack on the whole network.
You can not create a blacklist before the attack start.
Because I can create and fund thousands such addresses

Code:
OP_DUP
OP_NOTIF
  OP_15
  OP_CHECKMULTISIG
  <push couple random bytes>
OP_ENDIF

is spendable by OP_1

Yes, it is possible to change the transaction priority algorithm

Last night, at last, the Evil's spine was broken
It was impaled and quartered where it stood.
New day has dawned and people are awoken
By proudly marching, stinking, gory Good.
basil00
Member
**
Offline Offline

Activity: 60


View Profile
September 02, 2015, 12:40:08 AM
 #11

Here is another hash (this time XT/BIP101 related):

Code:
d894bd6f1f8222ceb5101cc1d5d3f3eb326e04ce6b9567f74cca151bb2b7b927

You can not create a blacklist before the attack start.

Code:
OP_<smallInteger>
OP_<smallInteger>
OP_NOTIF
  OP_15
  [OP_CHECKMULTISIG | OP_CHECKMULTISIGVERIFY]
OP_ENDIF

There are a ~1000 6-byte variants.  For 7, 8, 9 byte, etc., there can be billions.  So a blacklist is not feasible.

Probably the correct way is to fix the sigop counting algorithm if there is a hardfork.
amaclin
Legendary
*
Offline Offline

Activity: 1176


View Profile WWW
September 02, 2015, 07:33:10 AM
 #12

Quoted. Just to prove for future use (forum allows to edit messages, so the date of message does not prove anything)
Here is another hash (this time XT/BIP101 related):
Code:
d894bd6f1f8222ceb5101cc1d5d3f3eb326e04ce6b9567f74cca151bb2b7b927

Last night, at last, the Evil's spine was broken
It was impaled and quartered where it stood.
New day has dawned and people are awoken
By proudly marching, stinking, gory Good.
basil00
Member
**
Offline Offline

Activity: 60


View Profile
September 02, 2015, 09:23:31 AM
 #13

Quoted. Just to prove for future use (forum allows to edit messages, so the date of message does not prove anything)

If only there were some kind of immutable public ledger I could store information on... Smiley

EDIT: evidently needed the "Smiley"
amaclin
Legendary
*
Offline Offline

Activity: 1176


View Profile WWW
September 02, 2015, 09:29:20 AM
 #14

Quoted. Just to prove for future use (forum allows to edit messages, so the date of message does not prove anything)

If only there were some kind of immutable public ledger I could store information on...
Bitcoin blockchain? OP_RETURN output?

Last night, at last, the Evil's spine was broken
It was impaled and quartered where it stood.
New day has dawned and people are awoken
By proudly marching, stinking, gory Good.
jl2012
Legendary
*
Offline Offline

Activity: 1596


View Profile
September 02, 2015, 09:39:58 AM
 #15

Quoted. Just to prove for future use (forum allows to edit messages, so the date of message does not prove anything)

If only there were some kind of immutable public ledger I could store information on...

Have you heard of a project called "Bitcoin"?

Donation address: 1CiZPrEJdN4FJcqdLdgVLzT8tgCXxT5ion
PGP: D3CC 1772 8600 5BB8 FF67 3294 C524 2A1A B393 6517
Bitcoin Wizards Wiki: https://8333.info/
amaclin
Legendary
*
Offline Offline

Activity: 1176


View Profile WWW
September 02, 2015, 10:15:03 AM
 #16

Have you heard of a project called "Bitcoin"?
  Grin Grin Grin
Today it is immutable. But nothing is permanent under the Moon

Last night, at last, the Evil's spine was broken
It was impaled and quartered where it stood.
New day has dawned and people are awoken
By proudly marching, stinking, gory Good.
speaktome
Sr. Member
****
Offline Offline

Activity: 294



View Profile
September 06, 2015, 07:43:42 PM
 #17

Wanna hire me for this dirty job?   Grin


More like to somebody Gonna touch your door. Grin                    Is joke of course.



amaclin
Legendary
*
Offline Offline

Activity: 1176


View Profile WWW
September 07, 2015, 03:16:35 PM
 #18

More like to somebody Gonna touch your door. Grin
Is joke of course.
For what? I can tell you my home address.
I do not break country laws.
And there are no "laws" in bitcoin protocol. Only math and current consensus.
I can flood the network because I am able to do it. Just for fun.
(In fact, I try not to spend my time for non-profitable things)

Last night, at last, the Evil's spine was broken
It was impaled and quartered where it stood.
New day has dawned and people are awoken
By proudly marching, stinking, gory Good.
defcon23
Legendary
*
Offline Offline

Activity: 1120


☯ DefCoins ☯


View Profile WWW
September 07, 2015, 04:29:25 PM
 #19

Wanna hire me for this dirty job?   Grin


More like to somebody Gonna touch your door. Grin                    Is joke of course.



pweee..  man ...

trout
Sr. Member
****
Offline Offline

Activity: 327


View Profile
September 12, 2015, 07:46:47 AM
 #20

to mitigate such an attack, how about introducing a fee policy (min relay fee etc.) that is based not only
on the size but also on the number of SIGOPS ?

that doesn't affect the  consensus, obviously.

I mean, if both the block size and the number of SIGOPS in it are a critical resource, then it's only natural to charge for using each of them.
dooglus
Legendary
*
Offline Offline

Activity: 2142



View Profile
September 16, 2015, 05:57:24 PM
 #21

Quoted. Just to prove for future use (forum allows to edit messages, so the date of message does not prove anything)
Here is another hash (this time XT/BIP101 related):
Code:
d894bd6f1f8222ceb5101cc1d5d3f3eb326e04ce6b9567f74cca151bb2b7b927

The date of a message becomes underlined if it is ever edited. If you don't edit a message, the timestamp is quite reliable. Someone with direct database access could have edited the message, but not a regular account owner.

Just-Dice                 ██             
          ██████████         
      ██████████████████     
  ██████████████████████████ 
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
    ██████████████████████   
        ██████████████       
            ██████           
   Play or Invest                 ██             
          ██████████         
      ██████████████████     
  ██████████████████████████ 
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
    ██████████████████████   
        ██████████████       
            ██████           
   1% House Edge
scriptman
Member
**
Offline Offline

Activity: 112


View Profile
September 20, 2015, 02:26:41 PM
 #22

You're not the first and you certainly won't be the last person concerning themselves with how to break the Bitcoin network.

You should use your knowledge and skills for productive means and help the community.

██████████    YoBit.net - Cryptocurrency Exchange - Over 350 coins
█████████    <<  ● $$$ - $$$ - $$$ - $$$ - $$$ - $$$ - $$$   >>
██████████    <<  ● Play DICE! Win 1-5 btc just for 5 mins!  >>
amaclin
Legendary
*
Offline Offline

Activity: 1176


View Profile WWW
September 21, 2015, 04:42:41 AM
 #23

You're not the first and you certainly won't be the last person concerning themselves with how to break the Bitcoin network.

You should use your knowledge and skills for productive means and help the community.
Why?

Last night, at last, the Evil's spine was broken
It was impaled and quartered where it stood.
New day has dawned and people are awoken
By proudly marching, stinking, gory Good.
Nancarrow
Hero Member
*****
Offline Offline

Activity: 492


View Profile
September 23, 2015, 10:12:30 PM
 #24

You're not the first and you certainly won't be the last person concerning themselves with how to break the Bitcoin network.

You should use your knowledge and skills for productive means and help the community.

What exactly do you think computer security professionals DO? Or cryptologists employed by three-letter agencies? Or military strategists?

A person who wants to strengthen the bitcoin network and isn't constantly thinking of ways to break it, isn't doing their job.


If I've said anything amusing and/or informative and you're feeling generous:
1GNJq39NYtf7cn2QFZZuP5vmC1mTs63rEW
scriptman
Member
**
Offline Offline

Activity: 112


View Profile
September 25, 2015, 02:09:31 PM
 #25

You're not the first and you certainly won't be the last person concerning themselves with how to break the Bitcoin network.

You should use your knowledge and skills for productive means and help the community.
Why?

Because building something is a lot more fun than knocking it down

██████████    YoBit.net - Cryptocurrency Exchange - Over 350 coins
█████████    <<  ● $$$ - $$$ - $$$ - $$$ - $$$ - $$$ - $$$   >>
██████████    <<  ● Play DICE! Win 1-5 btc just for 5 mins!  >>
basil00
Member
**
Offline Offline

Activity: 60


View Profile
September 25, 2015, 02:12:26 PM
 #26

Just noticed this transaction: 324456fe9ec97a380effba0a0205a226e380790b93e7366d39f2a416a44d2a34.

2000 sigOps!.
(each OP_CHECKMULTISIGVERIFY inside the unexecuted OP_IF will count as 20 SigOps).

Also, it appears that F2Pool will mine non-standard transactions (P2SH with >15 sigOps).  It only takes 10 of such transactions to completely "fill" a block.
amaclin
Legendary
*
Offline Offline

Activity: 1176


View Profile WWW
September 25, 2015, 02:13:44 PM
 #27

Because building something is a lot more fun than knocking it down
jedem das seine


Last night, at last, the Evil's spine was broken
It was impaled and quartered where it stood.
New day has dawned and people are awoken
By proudly marching, stinking, gory Good.
amaclin
Legendary
*
Offline Offline

Activity: 1176


View Profile WWW
September 25, 2015, 02:18:42 PM
 #28

Just noticed this transaction: 324456fe9ec97a380effba0a0205a226e380790b93e7366d39f2a416a44d2a34.
2000 sigOps!.
(each OP_CHECKMULTISIGVERIFY inside the unexecuted OP_IF will count as 20 SigOps).
Also, it appears that F2Pool will mine non-standard transactions (P2SH with >15 sigOps).  
It only takes 10 of such transactions to completely "fill" a block.
It was my transaction.
F2Pool confirms non-standard txs under some conditions.

Last night, at last, the Evil's spine was broken
It was impaled and quartered where it stood.
New day has dawned and people are awoken
By proudly marching, stinking, gory Good.
basil00
Member
**
Offline Offline

Activity: 60


View Profile
September 25, 2015, 02:21:32 PM
 #29

It was my transaction.

Yes I guessed from the 1aa... addresses. Smiley

Quote
F2Pool confirms non-standard txs under some conditions.

Interesting.  What conditions are these?
amaclin
Legendary
*
Offline Offline

Activity: 1176


View Profile WWW
September 25, 2015, 02:28:19 PM
 #30

Interesting.  What conditions are these?
Do not know. You should ask macbook-air

Last night, at last, the Evil's spine was broken
It was impaled and quartered where it stood.
New day has dawned and people are awoken
By proudly marching, stinking, gory Good.
basil00
Member
**
Offline Offline

Activity: 60


View Profile
September 26, 2015, 05:37:58 AM
 #31

Damn, looks like Amaclin's bot stole my BTC.  My tx even had a signature and everything Angry
Edit: I have a new version that uses at least one real sig Smiley  I can create an IsStandard tx that hashes >250MB, or in other words, only 5 tx to "fill" a XT 8MB block.  Lucky I'm out of bits to play with.
edric
Hero Member
*****
Offline Offline

Activity: 546



View Profile
September 26, 2015, 06:37:39 AM
 #32

Seems to me that I know new way to attack & flood bitcoin network.

The last attacks were based on filling the blocks with transactions.
This is because of limit of block size. (Consensus rule that the blocksize is below 1mb)

But there are another limits for block which can not be changed without hard fork.

There is a limit of SIGOPS in transactions included to a block.

consensus.h
Code:
/** The maximum allowed size for a serialized block, in bytes (network rule) */
static const unsigned int MAX_BLOCK_SIZE = 1000000;
/** The maximum allowed number of signature check operations in a block (network rule) */
static const unsigned int MAX_BLOCK_SIGOPS = MAX_BLOCK_SIZE/50;

So, MAX_BLOCK_SIGOPS is 20000

How does the client calculate the number of SIGOPS? Let us look to the sources.

main.cpp
Code:
           if (fStrictPayToScriptHash)
            {
                // Add in sigops done by pay-to-script-hash inputs;
                // this is to prevent a "rogue miner" from creating
                // an incredibly-expensive-to-validate block.
                nSigOps += GetP2SHSigOpCount(tx, view);
                if (nSigOps > MAX_BLOCK_SIGOPS)
                    return state.DoS(100, error("ConnectBlock(): too many sigops"),
                                     REJECT_INVALID, "bad-blk-sigops");
            }

Miner node includes transactions to a block while the nSigOps not exceeds 20000.
The block with nSigOps > 20000 will be invalid (consensus rule) and will be rejected by all other nodes.

Now let us look the transaction
https://blockchain.info/tx/6766e75d6166a0a14bd814921d0f903285e15779e648d7ec52a4f7c0868ec07d
and calculate the number of SIGOPS in it

All input scripts are redeeming from p2sh-outputs with the inner scripts build on the same template:
Code:
OP_0
OP_IF
  OP_15
  OP_CHECKMULTISIG
OP_ENDIF
OP_SMALLINTEGER
The number of SIGOPS in this small script is 15 (this is maximum value to pass IsStandard)
And the total number of SIGOPS in 6766e75d6166a0a14bd814921d0f903285e15779e648d7ec52a4f7c0868ec07d is 15 * 15 = 225

So, the maximum number of such transactions in one block is only 88 (because floor ( 20000 / 225 ) = 88)
And inserting 88 such transactions in one block leaves only 200 SIGOPS for regular transactions.
Which leaves a room only for ~100 transactions in block for other persons

The attack vector should be:
1) create and fund a big number of such p2sh-utxo
2) redeem them to OP_RETURN or to regular output

Each such transaction costs 0.00045 for dishonest attacker (can be even less)
88 transactions (attack one block) will cost only 0.0396 BTC
Daily attack 5.7024 BTC - not a big deal

Wanna hire me for this dirty job?  Grin



My name Boris.  I pay 10k USD and 100 barrels oil you do this.  I want you take down evil tool of Western intelligence!  We have deal?

edric
Hero Member
*****
Offline Offline

Activity: 546



View Profile
September 26, 2015, 06:40:18 AM
 #33

You're not the first and you certainly won't be the last person concerning themselves with how to break the Bitcoin network.

You should use your knowledge and skills for productive means and help the community.

What exactly do you think computer security professionals DO? Or cryptologists employed by three-letter agencies? Or military strategists?

A person who wants to strengthen the bitcoin network and isn't constantly thinking of ways to break it, isn't doing their job.



I agree. But one also has to ask themselves, if it is so easy to destroy, why hasn't the government taken out the bitcoin network yet?  Clearly there is an agenda behind letting it go forward.  I will let you figure that one out.

Syke
Legendary
*
Offline Offline

Activity: 2226


View Profile
September 27, 2015, 11:53:08 PM
 #34

The date of a message becomes underlined if it is ever edited. If you don't edit a message, the timestamp is quite reliable. Someone with direct database access could have edited the message, but not a regular account owner.

There's a small timeframe (5-10 min IIRC) where the msg can be edited without notice.

Edited.

Previous edit at 53:08.

Edit: Ok, so the original timestamp doesn't change, but the text of the msg can change.

Buy & Hold
amaclin
Legendary
*
Offline Offline

Activity: 1176


View Profile WWW
September 28, 2015, 05:11:14 AM
 #35

Damn, looks like Amaclin's bot stole my BTC.  My tx even had a signature and everything Angry
Edit: I have a new version that uses at least one real sig Smiley  I can create an IsStandard tx that hashes >250MB, or in other words, only 5 tx to "fill" a XT 8MB block.  Lucky I'm out of bits to play with.

This is a provocation.
This vile and filthy lie.
How can you prove that you did not send the funds to my address to blacken my name?  Grin

Note: these btc were not stolen. It is not possible to stole btc without a knowledge of private key.

Last night, at last, the Evil's spine was broken
It was impaled and quartered where it stood.
New day has dawned and people are awoken
By proudly marching, stinking, gory Good.
amaclin
Legendary
*
Offline Offline

Activity: 1176


View Profile WWW
September 28, 2015, 05:24:45 AM
 #36

I agree. But one also has to ask themselves, if it is so easy to destroy, why hasn't the
government taken out the bitcoin network yet?
Governments do not need to "destroy" bitcoin.
Because there is no danger from it.

Last night, at last, the Evil's spine was broken
It was impaled and quartered where it stood.
New day has dawned and people are awoken
By proudly marching, stinking, gory Good.
amaclin
Legendary
*
Offline Offline

Activity: 1176


View Profile WWW
September 28, 2015, 06:25:46 AM
 #37

My name Boris.  I pay 10k USD and 100 barrels oil you do this.  
I want you take down evil tool of Western intelligence!  We have deal?
Yes. PM me for details.  Grin

Last night, at last, the Evil's spine was broken
It was impaled and quartered where it stood.
New day has dawned and people are awoken
By proudly marching, stinking, gory Good.
letsplayagame
Sr. Member
****
Offline Offline

Activity: 307


View Profile
September 28, 2015, 08:47:31 AM
 #38

You're not the first and you certainly won't be the last person concerning themselves with how to break the Bitcoin network.

You should use your knowledge and skills for productive means and help the community.

What exactly do you think computer security professionals DO? Or cryptologists employed by three-letter agencies? Or military strategists?

A person who wants to strengthen the bitcoin network and isn't constantly thinking of ways to break it, isn't doing their job.



I wish more people understood this concept.  This type of testing is exactly what bitcoin needs to become stronger.  You have to think of different ways to attack bitcoin in order to develop better ways to defend it.

Chess, Bitcoin, Privacy and Freedom
Code:
Make BTC Donations via XMR.TO or Shapeshift XMR: 47nMGDMQxEB8CWpWT7QgBLDmTSxgjm9831dVeu24ebCeH8gNPG9RvZAYoPxW2JniKjeq5LXZafwdPWH7AmX2NVji3yYKy76
amaclin
Legendary
*
Offline Offline

Activity: 1176


View Profile WWW
September 28, 2015, 09:03:08 AM
 #39

I wish more people understood this concept.  
This type of testing is exactly what bitcoin needs to become stronger.  
You have to think of different ways to attack bitcoin in order to develop better ways to defend it.
What is the purpose to spend time to "defend a broken thing"?
Nobody will pay for it. Because this is bitcoin.
Nobody will fight to increase the value in your pocket.
You are in ponzi scheme. Right now you do not understand it.

Last night, at last, the Evil's spine was broken
It was impaled and quartered where it stood.
New day has dawned and people are awoken
By proudly marching, stinking, gory Good.
RealMalatesta
Legendary
*
Offline Offline

Activity: 826



View Profile
September 28, 2015, 09:05:48 AM
 #40

I agree. But one also has to ask themselves, if it is so easy to destroy, why hasn't the
government taken out the bitcoin network yet?
Governments do not need to "destroy" bitcoin.
Because there is no danger from it.

But there will be competitors who just wait for the right timing...
amaclin
Legendary
*
Offline Offline

Activity: 1176


View Profile WWW
September 28, 2015, 09:09:17 AM
 #41

But there will be competitors who just wait for the right timing...
Yes. There are many ways to get money from your purse.
Bitcoin is not the first... And unfortunately not the last  Grin

Last night, at last, the Evil's spine was broken
It was impaled and quartered where it stood.
New day has dawned and people are awoken
By proudly marching, stinking, gory Good.
RealMalatesta
Legendary
*
Offline Offline

Activity: 826



View Profile
September 28, 2015, 09:14:03 AM
 #42

Yes. There are many ways to get money from your purse.

For just one second, you gave me some hope. But then, I opened my purse and there still was no money in it someone could get  Wink
amaclin
Legendary
*
Offline Offline

Activity: 1176


View Profile WWW
September 28, 2015, 09:20:02 AM
 #43

For just one second, you gave me some hope.
But then, I opened my purse and there still was no money in it someone could get  Wink
Do you have any amount in any crypto? How and when you got it? Did you buy it paying fiat money?
Sorry, man. I am too late. Someone already got your money and sold you just digits and hope.

Last night, at last, the Evil's spine was broken
It was impaled and quartered where it stood.
New day has dawned and people are awoken
By proudly marching, stinking, gory Good.
RealMalatesta
Legendary
*
Offline Offline

Activity: 826



View Profile
September 28, 2015, 09:42:24 AM
 #44

Sorry, man. I am too late. Someone already got your money and sold you just digits and hope.

You mean... you really mean we all are part of one big digital church?  Cool
amaclin
Legendary
*
Offline Offline

Activity: 1176


View Profile WWW
September 28, 2015, 10:07:00 AM
 #45

You mean... you really mean we all are part of one big digital church?  Cool
1) Those are your words, not mine
2) If it looks like a duck, swims like a duck, and quacks like a duck, then it probably is a duck.

Last night, at last, the Evil's spine was broken
It was impaled and quartered where it stood.
New day has dawned and people are awoken
By proudly marching, stinking, gory Good.
RealMalatesta
Legendary
*
Offline Offline

Activity: 826



View Profile
September 28, 2015, 11:43:55 AM
 #46

You mean... you really mean we all are part of one big digital church?  Cool
1) Those are your words, not mine
2) If it looks like a duck, swims like a duck, and quacks like a duck, then it probably is a duck.

Well, I think Uncle Scrooge is a duck, too....
basil00
Member
**
Offline Offline

Activity: 60


View Profile
September 28, 2015, 01:31:43 PM
 #47

It is not possible to stole btc without a knowledge of private key.

My precious coins were protected by the script:
Code:
       OP_1,
        <pubKey>
        OP_DUP,
        OP_2DUP,
        OP_3DUP,
        OP_3DUP,
        OP_3DUP,
        OP_2DUP,
        OP_15,
        OP_CHECKMULTISIG,
        OP_NOT
To spend you need to find a signature that does not match the pubKey.  To be extra sure the script checks 15 times Smiley
OK, it is really really easy to find such a signature.  A 9 byte signature will do: 300602015202015301
The aim is to attack the 1.28GB bytes-hashed limit for XT.  This is reasonably easy using these kinds of scripts and tx sizes of a few KBs.

Quote
How can you prove that you did not send the funds to my address to blacken my name?

OK, consider it compensation for the coinwallet spam. Smiley
amaclin
Legendary
*
Offline Offline

Activity: 1176


View Profile WWW
September 28, 2015, 01:40:08 PM
 #48

The aim is to attack the 1.28GB bytes hashed limit for XT.  
This is reasonably easy using these kinds of scripts and tx sizes of a few KBs.
Do you want to switch stealing-bot off just for testing?
You see - I play this game with my cards open to everyone

Last night, at last, the Evil's spine was broken
It was impaled and quartered where it stood.
New day has dawned and people are awoken
By proudly marching, stinking, gory Good.
basil00
Member
**
Offline Offline

Activity: 60


View Profile
September 28, 2015, 01:43:09 PM
 #49

Nobody will pay for it. Because this is bitcoin.

Funny how some who deeply understand the protocol are not "true believers".
I am also not a "true believer".  I find it interesting, e.g. thinking of ways to attack it Smiley
basil00
Member
**
Offline Offline

Activity: 60


View Profile
September 28, 2015, 01:48:10 PM
 #50

Do you want to switch stealing-bot off just for testing?

Part of the test was to see if it would be stolen.  The answer was "yes".  That's OK, there was only 410bits ($0.10) in total.
Next test will protect each input with at least one real sig, so cannot be stolen.  It is not quite as efficient though.

BTW, do you know if the 60byte sigs (using the special K value) are inherently unsafe, or are only unsafe if used more than once per key (e.g. repeated R-value attack)?
amaclin
Legendary
*
Offline Offline

Activity: 1176


View Profile WWW
September 28, 2015, 01:51:57 PM
 #51

Funny how some who deeply understand the protocol are not "true believers".
I am also not a "true believer".  I find it interesting, e.g. thinking of ways to attack it Smiley
I told a lot of times that bitcoin network consumes ~$1mln daily only for electricity to process 100k transactions.
So the cost for processing and securing one transaction is several dollars!
This kind of processing system can not survive in long term.
Because it is inefficient and can not be scaled.

Last night, at last, the Evil's spine was broken
It was impaled and quartered where it stood.
New day has dawned and people are awoken
By proudly marching, stinking, gory Good.
amaclin
Legendary
*
Offline Offline

Activity: 1176


View Profile WWW
September 28, 2015, 02:01:46 PM
 #52

BTW, do you know if the 60byte sigs (using the special K value) are inherently unsafe, or are only unsafe if used more than once per key (e.g. repeated R-value attack)?

unsafe.
If I know <R,S> (parts of signature) Z (digest) and K (random) I can get your private key.
k = ( digest + r . privkey ) / s
k . s = digest + r . privkey
k . s - digest = r . privkey
(k . s - digest) / r = privkey

Code:
const MyKey32 MyKey32::getPrivateKey ( const MyKey32& r, const MyKey32& s, const MyKey32& k, const MyKey32& z, const MyKey20& addr )
{
  static MyKey20 addr1;
  static MyKey20 addr2;
  MyKey32 priv = mul ( sub ( mul ( s, k ), z ), inv ( r ) );
  priv.getKeys ( addr1, addr2 );
  if ( addr1 == addr || addr2 == addr )
    return priv;
  priv = mul ( sub ( mul ( s, sub ( order, k ) ), z ), inv ( r ) );
  priv.getKeys ( addr1, addr2 );
  if ( addr1 == addr || addr2 == addr )
    return priv;
  xassert ( false );
}

Last night, at last, the Evil's spine was broken
It was impaled and quartered where it stood.
New day has dawned and people are awoken
By proudly marching, stinking, gory Good.
basil00
Member
**
Offline Offline

Activity: 60


View Profile
September 28, 2015, 02:06:08 PM
 #53

I think I get it -- it's because K is known.
Nancarrow
Hero Member
*****
Offline Offline

Activity: 492


View Profile
October 02, 2015, 12:28:16 PM
 #54

I wish more people understood this concept.  
This type of testing is exactly what bitcoin needs to become stronger.  
You have to think of different ways to attack bitcoin in order to develop better ways to defend it.
What is the purpose to spend time to "defend a broken thing"?
Nobody will pay for it. Because this is bitcoin.
Nobody will fight to increase the value in your pocket.
You are in ponzi scheme. Right now you do not understand it.


So it now appears that my implicit defence of amaclin's character may have been premature.

No matter. Amaclin is still exposing shaky parts of the protocol, and doing so (so far) in an honest and transparent fashion, so regardless of the motivation, thanks!

If I've said anything amusing and/or informative and you're feeling generous:
1GNJq39NYtf7cn2QFZZuP5vmC1mTs63rEW
Zombier0
Sr. Member
****
Offline Offline

Activity: 435


View Profile
October 08, 2015, 08:14:46 PM
 #55

The day bitcoin starts blacklisting will be the end of it

amaclin
Legendary
*
Offline Offline

Activity: 1176


View Profile WWW
October 08, 2015, 08:24:39 PM
 #56

The day bitcoin starts blacklisting will be the end of it
Not so sure.
The main thesis is "Nobody cares".
What would you do if most of major pools blacklist an address and publish a note that address belongs to a killer?
You will do nothing. You even will not ask a proof for this statement.

Last night, at last, the Evil's spine was broken
It was impaled and quartered where it stood.
New day has dawned and people are awoken
By proudly marching, stinking, gory Good.
tommorisonwebdesign
Sr. Member
****
Offline Offline

Activity: 448



View Profile
October 08, 2015, 10:07:52 PM
 #57

If I were the OP if I wanted to steal somebody's Bitcoins I would look into learning more about programming and networking. Then, you could write a script to steal somebody's private keys. Otherwise There may not be a lot of exploits in the network. People try and get nowhere.

Signatures? How about learning a skill... I don't care either way. Everybody has to make a living somehow.
amaclin
Legendary
*
Offline Offline

Activity: 1176


View Profile WWW
October 09, 2015, 04:04:26 AM
 #58

If I were the OP if I wanted to steal somebody's Bitcoins I would look into learning more about programming and networking.
Why can not you do it whether you are not the OP?

Last night, at last, the Evil's spine was broken
It was impaled and quartered where it stood.
New day has dawned and people are awoken
By proudly marching, stinking, gory Good.
shorena
Legendary
*
Offline Offline

Activity: 1232


ALL escrow is signed! https://keybase.io/verify


View Profile WWW
October 09, 2015, 11:44:52 AM
 #59

The day bitcoin starts blacklisting will be the end of it

So its dead[1] already?

[1] look at the date http://www.coindesk.com/blacklist-debate-ok-meddle-bitcoins-code/

amaclin
Legendary
*
Offline Offline

Activity: 1176


View Profile WWW
October 09, 2015, 12:00:38 PM
 #60

So its dead[1] already?
[1] look at the date http://www.coindesk.com/blacklist-debate-ok-meddle-bitcoins-code/
Nobody cares.
Nobody even know that one pool today does not process transactions to/from some set of addresses.


Last night, at last, the Evil's spine was broken
It was impaled and quartered where it stood.
New day has dawned and people are awoken
By proudly marching, stinking, gory Good.
Zombier0
Sr. Member
****
Offline Offline

Activity: 435


View Profile
October 10, 2015, 09:58:22 AM
 #61

So its dead[1] already?
[1] look at the date http://www.coindesk.com/blacklist-debate-ok-meddle-bitcoins-code/
Nobody cares.
Nobody even know that one pool today does not process transactions to/from some set of addresses.



It was debate, thats i.

Bc is digital cash, cash is free to move.

Wh btc blaclists then i go full prO LTC

onemorexmr
Sr. Member
****
Offline Offline

Activity: 252



View Profile
October 10, 2015, 10:00:22 AM
 #62

So its dead[1] already?
[1] look at the date http://www.coindesk.com/blacklist-debate-ok-meddle-bitcoins-code/
Nobody cares.
Nobody even know that one pool today does not process transactions to/from some set of addresses.



It was debate, thats i.

Bc is digital cash, cash is free to move.

Wh btc blaclists then i go full prO LTC

LTC is the same as BTC.
if bitcoin ever goes with blacklisting (i dont think or hope so) LTC will be next shortly after

XMR || Monero || monerodice.net || xmr.to || mymonero.com || openalias.org || you think bitcoin is fungible? watch this
Zombier0
Sr. Member
****
Offline Offline

Activity: 435


View Profile
October 10, 2015, 03:04:59 PM
 #63

So its dead[1] already?
[1] look at the date http://www.coindesk.com/blacklist-debate-ok-meddle-bitcoins-code/
Nobody cares.
Nobody even know that one pool today does not process transactions to/from some set of addresses.



It was debate, thats i.

Bc is digital cash, cash is free to move.

Wh btc blaclists then i go full prO LTC

LTC is the same as BTC.
if bitcoin ever goes with blacklisting (i dont think or hope so) LTC will be next shortly after

Then we move to nxt and next Smiley

Bifta
Full Member
***
Offline Offline

Activity: 182


View Profile
October 19, 2015, 10:42:13 PM
 #64

I'm looking at the transaction referenced in the OP: https://blockchain.info/tx/6766e75d6166a0a14bd814921d0f903285e15779e648d7ec52a4f7c0868ec07d and I noticed that the input scripts don't seem to verify with the output script of their referenced outpoints. Can someone explain how this is considered valid?
basil00
Member
**
Offline Offline

Activity: 60


View Profile
October 31, 2015, 11:57:42 PM
 #65

It appears that someone launched a limited form of this attack using the address 3G83ox5zw7D6eySoSMCervh9cbhMXdA5t9.  The address corresponds to the script:

Code:
OP_IF
   0x451e75af
   OP_15
   OP_CHECKMULTISIG
OP_ENDIF
OP_1

The script is spent by push 0 in the sigScript.

The attacker only generated 960 such outputs, which corresponds to 14400 sigOps, which is not enough even to fill a block.  Furthermore the fee rate for the transactions was not very high (37sat/byte), meaning that most normal traffic would be unaffected anyway.  So overall this attack had no affect.  Maybe this was a test?
amaclin
Legendary
*
Offline Offline

Activity: 1176


View Profile WWW
November 01, 2015, 07:37:27 AM
 #66

It appears that someone launched a limited form of this attack

http://www.youtube.com/watch?v=0QtKDlZ7FKE

Last night, at last, the Evil's spine was broken
It was impaled and quartered where it stood.
New day has dawned and people are awoken
By proudly marching, stinking, gory Good.
Bifta
Full Member
***
Offline Offline

Activity: 182


View Profile
November 02, 2015, 12:26:23 AM
 #67

Blockchain have been providing some best wallet services for bitcoins. They're famous for their features, security and privacy, but now some cheap hackers Have tried some typical tricks for hacking the blockchain system. What they used were some fake proxy servers for gaining access to the wallets. They have been successful a few times. But, no longer now as blockchain made their system more secure and strong.
That is just not the right blockchain. Please stop confusing blockchain.info for that actual Bitcoin Blockchain. They are two different things. We are talking about the bitcoin blockchain here, and how to spam and perform a DoS attack against full nodes which download the entire blockchain. Also, please read the thread before posting, we don't want your spam here.
Decoded
Hero Member
*****
Online Online

Activity: 700


Crypto-News.net: News from Crypto World


View Profile WWW
November 04, 2015, 04:47:56 AM
 #68

What do people have against bitcoin? It's a revolutionary new currency, and people are trying to use it to hurt other bitcoiners.

You're advertising a service to ruin the experience for other bitcoiners, on the official forum where all the bitcoiners come.

Am I missing something?



              ▄▄▄██████▄▄▄
          ▄██████████████████▄
       ▄████████████████████████▄
 ▄▄  ▄████████████████████████████▄
███████████████████████████████████▄
 ▀▀█████████████████████████████████▄
   ██████████████████████████████████
   ██████████████████████████████████
   ██████████████████████████████████
   ██████████████████████████████████
   ▀████████████████████████████████▀
    ▀██████████████████████████████▀
     ▀▀██████████████████████████▀
        ▀██████████████████████▀
           ▀▀▀████████████▀▀▀
.
.....
.....
.....
.....
.....
.....





DuddlyDoRight
Sr. Member
****
Offline Offline

Activity: 298



View Profile WWW
November 04, 2015, 05:47:46 AM
 #69

Be thankful people are doing free security research.. The more they achieve the harder BTC is to hack because it leads to mitigations and patches even if they are blackhat..

Even a really complex algorithmic attack on the block-chain will reveal design flaws that can be fixed and someone will bankrupt a lot of tumblers trying to convert stolen coins.. There are probably companies and criminal groups all over the world with talented people looking for this right now; probably mostly in Russia and China..

I have faith that one day this forum will get threads where people won't just repeat their previous posts or what others have already stated in the same thread. Also that people will stop acting like BTC is toy-money and start holding vendors accountable. Naive? Maybe.
basil00
Member
**
Offline Offline

Activity: 60


View Profile
November 05, 2015, 01:21:44 AM
 #70

Looks like the attacker has successfully launched another attack.  This time using the address 3EgSUauJG5N27AUfQwiUfjAhHe6y9AKdVs corresponding to the script:

Code:
OP_IF 0x42412fb4 OP_15 OP_CHECKMULTISIG OP_ENDIF OP_1

This time the attacker managed to successfully fill the 20,000 sigOp limit for block #382053, where 1245x15 = 18675 are fake sigOps arising from the attack transactions.  This meant that no more transactions (legitimate or otherwise) could be included in the block, leading to an underfull block of ~288KB (of which ~68KB are the attack txs).  Note that the network is currently running at capacity, with 1MB or 750KB blocks the norm.

The new attack was limited to a single block.  Also the attacker used a low fee rate of ~18sat/byte.  A higher fee rate would have made the attack for effective (but more expensive).
erickimani
Jr. Member
*
Offline Offline

Activity: 42


View Profile
November 05, 2015, 08:40:31 PM
 #71

we can never be secure anywhere. will just depend on luck and other firms that offer cyber security to protect us from scams..Haha. especially from you guys who understand the language of programming. Be good.
amaclin
Legendary
*
Offline Offline

Activity: 1176


View Profile WWW
November 05, 2015, 08:50:23 PM
 #72

Be good.
It is not possible for humans alive creatures to be good for everyone.
Wolves can not be good for rabbits.

Last night, at last, the Evil's spine was broken
It was impaled and quartered where it stood.
New day has dawned and people are awoken
By proudly marching, stinking, gory Good.
DuddlyDoRight
Sr. Member
****
Offline Offline

Activity: 298



View Profile WWW
November 08, 2015, 12:33:28 AM
 #73

Looks like the attacker has successfully launched another attack.  This time using the address 3EgSUauJG5N27AUfQwiUfjAhHe6y9AKdVs corresponding to the script:

Code:
OP_IF 0x42412fb4 OP_15 OP_CHECKMULTISIG OP_ENDIF OP_1

This time the attacker managed to successfully fill the 20,000 sigOp limit for block #382053, where 1245x15 = 18675 are fake sigOps arising from the attack transactions.  This meant that no more transactions (legitimate or otherwise) could be included in the block, leading to an underfull block of ~288KB (of which ~68KB are the attack txs).  Note that the network is currently running at capacity, with 1MB or 750KB blocks the norm.

The new attack was limited to a single block.  Also the attacker used a low fee rate of ~18sat/byte.  A higher fee rate would have made the attack for effective (but more expensive).

Worse case scenerio: Buffer Overflow->Code Execution in poorly coded clients. I doubt this person would have the skill to do that espesiaclly since it requires brute forcing with weak hashes for shellcode which is next to impossible unless you have super-computers like a gov...

dos will just cause repo commits fixing the handler routines within 72 hours on popular clients..

EDIT: BTC Blockchain and core-implementation have a huge attack surface and design spec. I bet most wallets and miners don't even bounds check and have strict spec handling without error handling.

I have faith that one day this forum will get threads where people won't just repeat their previous posts or what others have already stated in the same thread. Also that people will stop acting like BTC is toy-money and start holding vendors accountable. Naive? Maybe.
basil00
Member
**
Offline Offline

Activity: 60


View Profile
November 08, 2015, 05:18:00 AM
 #74

Worse case scenerio: Buffer Overflow->Code Execution in poorly coded clients.

This is a specific DoS attack vector that has nothing to do with buffer overflows.

The worse case scenario is that no transactions are confirmed for a while until centralized mining intervenes.
kbtakbta
Newbie
*
Offline Offline

Activity: 1


View Profile
November 09, 2015, 11:51:09 AM
 #75

Hi,

im not a technical guy, but i would fear to use a system, running on a not a self-devloped op. system. Since Snowden we know, how the US try to keep up his superiority above the net. It is possible to defect some of the major op.systems, so large part of the Bitcon system can be compromised on the next op.system update. The Bitcoin Core only a program running above the op. system.
DuddlyDoRight
Sr. Member
****
Offline Offline

Activity: 298



View Profile WWW
November 09, 2015, 08:27:56 PM
 #76

Worse case scenerio: Buffer Overflow->Code Execution in poorly coded clients.

This is a specific DoS attack vector that has nothing to do with buffer overflows.

The worse case scenario is that no transactions are confirmed for a while until centralized mining intervenes.

It depends on what controls the allocation in code. If it's secure it puts x bytes in a x bytes buffer after a verified pointer in meta data with no parsing except after allocation of said buffer. Otherwise it can likely be exploited for code execution through malicious hashing&encoding.

Even if it's not the case here with the reference implementation, that doesn't mean it's not the case with other full clients.

If we're going to raise alerts over dos and block spamming I could easily post a python script that fork-spams the block-chain and bloats it with orphan blocks. I'm more interested in programming flaws though and not the genius currency design that changes hundredths at second intervals and has arbitrary fees..

EDIT: I only mention it because it's obvious that the reference implementation and all the clients based on it just blindly allocate and mine on the block-chain.. At some point malicious people will exploit it..

I have faith that one day this forum will get threads where people won't just repeat their previous posts or what others have already stated in the same thread. Also that people will stop acting like BTC is toy-money and start holding vendors accountable. Naive? Maybe.
StateOfAffairs
Newbie
*
Offline Offline

Activity: 16


View Profile
November 09, 2015, 09:03:24 PM
 #77

So are people actually trying to attack Blockchain? I thought it was fairly secure..
DuddlyDoRight
Sr. Member
****
Offline Offline

Activity: 298



View Profile WWW
November 09, 2015, 10:16:19 PM
 #78

So are people actually trying to attack Blockchain? I thought it was fairly secure..

The crypto is till quantum computers. The design and economics not so much. The currency itself changes hundredths in seconds and has arbitrary fees.. It wasn't well thought out and anyone who learned programming two years ago are writing tools and solutions for it because it's marketable..

It's trivial to spam and fork the blockchain for anyone with little research..

Governments and botnet industry will eventually start looking for way to exploit things.

I have faith that one day this forum will get threads where people won't just repeat their previous posts or what others have already stated in the same thread. Also that people will stop acting like BTC is toy-money and start holding vendors accountable. Naive? Maybe.
amaclin
Legendary
*
Offline Offline

Activity: 1176


View Profile WWW
November 22, 2015, 05:34:30 PM
 #79

https://statoshi.info/dashboard/db/transactions


Last night, at last, the Evil's spine was broken
It was impaled and quartered where it stood.
New day has dawned and people are awoken
By proudly marching, stinking, gory Good.
basil00
Member
**
Offline Offline

Activity: 60


View Profile
November 23, 2015, 02:19:38 PM
 #80


Another attack, this time block #384831's sigOp limit was hit.

Is this you amaclin?  I thought this would be against your policy of not spending money on attacks?

amaclin
Legendary
*
Offline Offline

Activity: 1176


View Profile WWW
November 23, 2015, 05:52:33 PM
 #81

I thought this would be against your policy of not spending money on attacks?
I changed my mind

Last night, at last, the Evil's spine was broken
It was impaled and quartered where it stood.
New day has dawned and people are awoken
By proudly marching, stinking, gory Good.
basil00
Member
**
Offline Offline

Activity: 60


View Profile
November 24, 2015, 01:02:10 AM
 #82

I changed my mind

At least the attack is proven to work in practice.
moneyart
Newbie
*
Offline Offline

Activity: 26


View Profile
November 24, 2015, 04:08:36 PM
 #83

Quote
Governments do not need to "destroy" bitcoin.
Because there is no danger from it.

Governments steal our money but because they have to pay so much interest on debt there is no money left for a bitcoin attack.

By the way, politicians still dont understand what Bitcoin is. Good for us, because when criminals dont understand something they dont want to steal it.
amaclin
Legendary
*
Offline Offline

Activity: 1176


View Profile WWW
November 24, 2015, 04:44:47 PM
 #84

By the way, politicians still dont understand what Bitcoin is.
You either dont understand what Bitcoin is  Grin

Last night, at last, the Evil's spine was broken
It was impaled and quartered where it stood.
New day has dawned and people are awoken
By proudly marching, stinking, gory Good.
junglist.massive
Hero Member
*****
Offline Offline

Activity: 531


internet 2.0


View Profile
November 24, 2015, 08:31:31 PM
 #85

that kind of spamming will be really popular in future. If you add some text to each transaction and send it, it will works same as email spam

Blockchain scaling trust. Lets do something with that
amaclin
Legendary
*
Offline Offline

Activity: 1176


View Profile WWW
November 25, 2015, 06:47:49 AM
 #86

that kind of spamming will be really popular in future.
doubt
Quote
If you add some text to each transaction and send it, it will works same as email spam
Are you sure that you really understand me? and the point of SIGOPs "block fulling" attack?
Have a look:
https://bitcointalk.org/index.php?topic=1023190.0
http://webbtc.com/tx/300503d19fb80a083723ccfb43d54278f2555838595c3443907156bc9889aeec (stored today)
https://github.com/petertodd/python-bitcoinlib/blob/master/examples/publish-text.py

Last night, at last, the Evil's spine was broken
It was impaled and quartered where it stood.
New day has dawned and people are awoken
By proudly marching, stinking, gory Good.
hetecon
Full Member
***
Offline Offline

Activity: 182


Best Coder


View Profile
November 27, 2015, 05:44:18 AM
 #87

Why would you want to spam the blockchain.
amaclin
Legendary
*
Offline Offline

Activity: 1176


View Profile WWW
November 27, 2015, 05:51:26 AM
 #88

Why would you want to spam the blockchain.
Because I have a right

Last night, at last, the Evil's spine was broken
It was impaled and quartered where it stood.
New day has dawned and people are awoken
By proudly marching, stinking, gory Good.
achow101
Moderator
Legendary
*
Offline Offline

Activity: 1022


16mT7jrpkjnJBD7a3TM2awyxHub58H6r6Z


View Profile WWW
November 27, 2015, 06:54:59 AM
 #89

Why would you want to spam the blockchain.
Because I have a right
No, it is not your right to spam the blockchain, you simply have the ability. Just because I have the ability to rob a store does not make it my right to do so. Same applies here.

amaclin
Legendary
*
Offline Offline

Activity: 1176


View Profile WWW
November 27, 2015, 07:38:09 AM
 #90

No, it is not your right to spam the blockchain, you simply have the ability.
Just because I have the ability to rob a store does not make it my right to do so. Same applies here.
There is no law, no punishment for doing this.
There are only consensus rules and mining policy in bitcoin.
So, in this case right=ability. These are different apples.  Grin

Last night, at last, the Evil's spine was broken
It was impaled and quartered where it stood.
New day has dawned and people are awoken
By proudly marching, stinking, gory Good.
YarkoL
Hero Member
*****
Offline Offline

Activity: 882



View Profile
November 27, 2015, 05:01:59 PM
 #91


You guys ought to be grateful for amaclin for doing security
testing and even paying for it out of his own pockets.
amaclin
Legendary
*
Offline Offline

Activity: 1176


View Profile WWW
November 27, 2015, 09:11:53 PM
 #92

https://github.com/bitcoin/bitcoin/pull/7081

Last night, at last, the Evil's spine was broken
It was impaled and quartered where it stood.
New day has dawned and people are awoken
By proudly marching, stinking, gory Good.
enthus
Full Member
***
Offline Offline

Activity: 140


View Profile
November 28, 2015, 02:36:02 AM
 #93

Each such transaction costs 0.00045 for dishonest attacker (can be even less)
88 transactions (attack one block) will cost only 0.0396 BTC
Daily attack 5.7024 BTC - not a big deal

Wanna hire me for this dirty job?  Grin

Main "weakness" for this attack is that miners could easily just ignore those transactions, without involving any hard fork.

Only the pools that accept those transactions *and* that do not prioritize transactions in a block by total fee would be impacted, pools that build their blocks based on max fee they can rack in a block would automatically eliminate them, they may just need to take the SIGOPS limit into their block optimization code, but that's all.

In practice only the "faucet pools", those that accept zero-fee tx and do not prioritize tx would likely feel the attack.

So the practical spamming would be limited to relaying and the mempool, so no biggy.
Yes this is right...once problem is identified it is easy for miners to ignore and fix the attack.
moneyart
Newbie
*
Offline Offline

Activity: 26


View Profile
November 28, 2015, 11:57:58 AM
 #94

Quote
You either dont understand what Bitcoin is  Grin

I wrote my Bachelor Thesis about Bitcoin and developed a Paper Wallet site: moneyart.info
I know a lot about Bitcoin.
amaclin
Legendary
*
Offline Offline

Activity: 1176


View Profile WWW
November 28, 2015, 12:25:47 PM
 #95

Quote
You either dont understand what Bitcoin is  Grin

I wrote my Bachelor Thesis about Bitcoin and developed a Paper Wallet site: moneyart.info
I know a lot about Bitcoin.


Last night, at last, the Evil's spine was broken
It was impaled and quartered where it stood.
New day has dawned and people are awoken
By proudly marching, stinking, gory Good.
hetecon
Full Member
***
Offline Offline

Activity: 182


Best Coder


View Profile
November 29, 2015, 01:53:29 AM
 #96

Why would you want to spam the blockchain.
Because I have a right

But why does that make you want to do it? Maybe for attention???
lama-hunter
Sr. Member
****
Offline Offline

Activity: 252


★YoBit.Net★ 350+ Coins Exchange & Dice


View Profile
November 29, 2015, 02:24:39 AM
 #97

Is it really a atack of the Blockchain  Cheesy or simply a slowment/decrease of included tx?
I just know back in Time hwen an transaction took about 14 Days out from Coinbase Cheesy:D that was akward lol

regards
lama-hunter
BurtW
Legendary
*
Offline Offline

Activity: 1932

All paid signature campaigns should be banned.


View Profile WWW
November 29, 2015, 02:27:46 AM
 #98

I would like to thank those that have (re)discovered this attack and shown it to be a viable attack using their own money to prove it.

Is anyone planning a large scale attack using this method?  That would be interesting.

How much would it take to fund a sustained attack, for example a 24 hour period?

Our family was terrorized by Homeland Security.  Read all about it here:  http://www.jmwagner.com/ and http://www.burtw.com/  Any donations to help us recover from the $300,000 in legal fees and forced donations to the Federal Asset Forfeiture slush fund are greatly appreciated!
hetecon
Full Member
***
Offline Offline

Activity: 182


Best Coder


View Profile
November 29, 2015, 02:51:52 AM
 #99

I would like to thank those that have (re)discovered this attack and shown it to be a viable attack using their own money to prove it.

Is anyone planning a large scale attack using this method?  That would be interesting.

How much would it take to fund a sustained attack, for example a 24 hour period?

I think it is not ethical to do this attack, but also interested to know these answers for security purpose.
RealBitcoin
Hero Member
*****
Offline Offline

Activity: 728

Bitcoin is Money!


View Profile WWW
November 29, 2015, 04:44:07 AM
 #100

Shit, the devs shoud fix this asap before the word gets out and FUD-ers start screaming the price down.

Centralization will be the Death of Bitcoin
achow101
Moderator
Legendary
*
Offline Offline

Activity: 1022


16mT7jrpkjnJBD7a3TM2awyxHub58H6r6Z


View Profile WWW
November 29, 2015, 05:18:08 AM
 #101

Shit, the devs shoud fix this asap before the word gets out and FUD-ers start screaming the price down.
This is not something that can be easily fixed. The sig op limit is to prevent spamming blocks full of transactions that take a lot of time to process. Yet increasing the limit would mean that more transaction could go in that delay processing even more and a lower limit means that fewer other transactions can make it into the block. I don't think there really is a fix for this.

USB-S
Sr. Member
****
Offline Offline

Activity: 322


Find cover!


View Profile
November 29, 2015, 06:39:09 AM
 #102

Shit, the devs shoud fix this asap before the word gets out and FUD-ers start screaming the price down.
This is not something that can be easily fixed. The sig op limit is to prevent spamming blocks full of transactions that take a lot of time to process. Yet increasing the limit would mean that more transaction could go in that delay processing even more and a lower limit means that fewer other transactions can make it into the block. I don't think there really is a fix for this.
We'll if you're afraid of confirmation times you could just increase the transaction fee?

However when bitcoin increases in price the said attack wouldn't really be that cost efficient, when people could just mitigate this by increasing their trasaction fee. However couldn't we just implement burn fees if this said spam attack gets way out of hand. You know, just to make the spammers profitable for the rest of us?
basil00
Member
**
Offline Offline

Activity: 60


View Profile
November 29, 2015, 03:40:05 PM
 #103

Another attack...last 6 blocks (edit: and counting) have been hit.

Example: #385910 with 19125 fake sigOps.  The block is only 200KB despite a 5MB backlog (according to tradeblock).  It seems this attack is very effective.

Edit:
#385911 unaffected (enough high-fee legit txs)
#385912 = 18990 fake sigOps, 280KB.
#385913 = 18945 fake sigOps, 281KB.
#385914 = 17325 fake sigOps, 470KB.
...etc.
YarkoL
Hero Member
*****
Offline Offline

Activity: 882



View Profile
November 29, 2015, 04:25:43 PM
 #104

I don't think there really is a fix for this.

Lower priority of P2SH transactions with multiple sig ops?
And/or make them cost more.
hetecon
Full Member
***
Offline Offline

Activity: 182


Best Coder


View Profile
November 29, 2015, 08:12:29 PM
 #105

Another attack...last 6 blocks (edit: and counting) have been hit.

Example: #385910 with 19125 fake sigOps.  The block is only 200KB despite a 5MB backlog (according to tradeblock).  It seems this attack is very effective.

Edit:
#385911 unaffected (enough high-fee legit txs)
#385912 = 18990 fake sigOps, 280KB.
#385913 = 18945 fake sigOps, 281KB.
#385914 = 17325 fake sigOps, 470KB.
...etc.

Wow this is bad news. Any pull requests on githbu to fix this yet?
trout
Sr. Member
****
Offline Offline

Activity: 327


View Profile
November 29, 2015, 09:38:16 PM
 #106

the fix seems trivial - calculate the min relay fee (and all the rest of the fee thresholds) based on the size and the number of  sigops, rather than the size only. I don't get why it's not in the latest release.
Am I missing something?
amaclin
Legendary
*
Offline Offline

Activity: 1176


View Profile WWW
November 29, 2015, 10:52:49 PM
 #107

Am I missing something?
1) You are missing that miners are interested in fees. They have a right to include/exclude any transaction.

2) You are missing that it is almost impossible to upgrade relay policy on thousands of nodes.

BTW. This is funny test.
Miners just raised the minimum fee, leaving a lot of unconfirmed transactions and screaming users.
Blocks are not filled.
Right now mempool on https://tradeblock.com/bitcoin/ is 12mb (note: transactions with a fee less than 5 satoshi per byte are ignored)

https://en.wikipedia.org/wiki/Tragedy_of_the_commons

Edit:
3) Since the start of this stress test the price on exchanges rized up. Everybody likes it  Grin
Are you sure that you really want to fix this issue? A lot of people would vote against  Grin

Last night, at last, the Evil's spine was broken
It was impaled and quartered where it stood.
New day has dawned and people are awoken
By proudly marching, stinking, gory Good.
hetecon
Full Member
***
Offline Offline

Activity: 182


Best Coder


View Profile
November 30, 2015, 03:46:00 AM
 #108

Am I missing something?
1) You are missing that miners are interested in fees. They have a right to include/exclude any transaction.

2) You are missing that it is almost impossible to upgrade relay policy on thousands of nodes.

BTW. This is funny test.
Miners just raised the minimum fee, leaving a lot of unconfirmed transactions and screaming users.
Blocks are not filled.
Right now mempool on https://tradeblock.com/bitcoin/ is 12mb (note: transactions with a fee less than 5 satoshi per byte are ignored)

https://en.wikipedia.org/wiki/Tragedy_of_the_commons

Edit:
3) Since the start of this stress test the price on exchanges rized up. Everybody likes it  Grin
Are you sure that you really want to fix this issue? A lot of people would vote against  Grin

Did they raise min because of this speicif attack?
amaclin
Legendary
*
Offline Offline

Activity: 1176


View Profile WWW
November 30, 2015, 05:57:16 AM
 #109

Did they raise min because of this speicif attack?
I can non prove it. Of course, this is a joke. May be with truth in it

Last night, at last, the Evil's spine was broken
It was impaled and quartered where it stood.
New day has dawned and people are awoken
By proudly marching, stinking, gory Good.
worhiper_-_
Hero Member
*****
Offline Offline

Activity: 700


View Profile
November 30, 2015, 03:49:17 PM
 #110

I would like to thank those that have (re)discovered this attack and shown it to be a viable attack using their own money to prove it.

Is anyone planning a large scale attack using this method?  That would be interesting.

How much would it take to fund a sustained attack, for example a 24 hour period?

Daily attack 5.7024 BTC - not a big deal
keystroke
Hero Member
*****
Offline Offline

Activity: 833


advocate of a cryptographic attack on the globe


View Profile
November 30, 2015, 04:18:13 PM
 #111

Nice security research. Can this attack be made profitable, or is it just DoS?

"The difference between a castle and a prison is only a question of who holds the keys."
trout
Sr. Member
****
Offline Offline

Activity: 327


View Profile
November 30, 2015, 04:26:03 PM
 #112

Am I missing something?
1) You are missing that miners are interested in fees. They have a right to include/exclude any transaction.

2) You are missing that it is almost impossible to upgrade relay policy on thousands of nodes.

BTW. This is funny test.
Miners just raised the minimum fee, leaving a lot of unconfirmed transactions and screaming users.
Blocks are not filled.
Right now mempool on https://tradeblock.com/bitcoin/ is 12mb (note: transactions with a fee less than 5 satoshi per byte are ignored)

https://en.wikipedia.org/wiki/Tragedy_of_the_commons

Edit:
3) Since the start of this stress test the price on exchanges rized up. Everybody likes it  Grin
Are you sure that you really want to fix this issue? A lot of people would vote against  Grin

I've been just speaking about the default policy in the "Core" client.
In this sense, fixing the issue is trivial.
After such an update  miners/ relay nodes are of course still free to run any code they like -
nobody forces them to update their policy

Edit: All I'm saying is that it is easy to make this kind of attack as expensive as the "traditional" block-size-filling spam attack. I'm surprised this is not done yet.
hetecon
Full Member
***
Offline Offline

Activity: 182


Best Coder


View Profile
November 30, 2015, 04:39:36 PM
 #113

Is fixing of this issue requiring a full 'hard forking'
mezzomix
Legendary
*
Online Online

Activity: 1750


View Profile
November 30, 2015, 04:59:04 PM
 #114

Nice security research. Can this attack be made profitable, or is it just DoS?

This "attack" is a nuisance just like the HighS malleability.

Is fixing of this issue requiring a full 'hard forking'

No. As trout already wrote the miners can just take a higher fee for transactions with a large number of SIGOPS.

1) You are missing that miners are interested in fees. They have a right to include/exclude any transaction.

They might be interested in the BTC value, too. So it's interesting for them to include all transactions to preserve the value of their BTC.
amaclin
Legendary
*
Offline Offline

Activity: 1176


View Profile WWW
November 30, 2015, 04:59:42 PM
 #115

Nice security research. Can this attack be made profitable, or is it just DoS?
yes

Last night, at last, the Evil's spine was broken
It was impaled and quartered where it stood.
New day has dawned and people are awoken
By proudly marching, stinking, gory Good.
keystroke
Hero Member
*****
Offline Offline

Activity: 833


advocate of a cryptographic attack on the globe


View Profile
November 30, 2015, 05:04:09 PM
 #116

Nice security research. Can this attack be made profitable, or is it just DoS?
yes
Aside from someone paying you to DoS. Wink

"The difference between a castle and a prison is only a question of who holds the keys."
hetecon
Full Member
***
Offline Offline

Activity: 182


Best Coder


View Profile
November 30, 2015, 09:23:31 PM
 #117

Nice security research. Can this attack be made profitable, or is it just DoS?

This "attack" is a nuisance just like the HighS malleability.

Is fixing of this issue requiring a full 'hard forking'

No. As trout already wrote the miners can just take a higher fee for transactions with a large number of SIGOPS.

1) You are missing that miners are interested in fees. They have a right to include/exclude any transaction.

They might be interested in the BTC value, too. So it's interesting for them to include all transactions to preserve the value of their BTC.


So this will be able to have a fix but requires convincing of the largest pools.
basil00
Member
**
Offline Offline

Activity: 60


View Profile
December 01, 2015, 03:23:47 AM
 #118

Is fixing of this issue requiring a full 'hard forking'

Fixing the broken sigOp counting method is indeed a hardfork.  It can be fixed when (if?) there is a block-size hardfork, e.g. this is one proposal.

This specific attack can also be mitigated by enforcing a bytes-per-sigop limit (policy change), as was merged into 0.12.0.  Any miner that does not adopt this policy will still be vulnerable.
Syke
Legendary
*
Offline Offline

Activity: 2226


View Profile
December 01, 2015, 05:02:19 AM
 #119

This specific attack can also be mitigated by enforcing a bytes-per-sigop limit (policy change), as was merged into 0.12.0.  Any miner that does not adopt this policy will still be vulnerable.

A fee per sigop sounds like a good plan too.

Buy & Hold
mezzomix
Legendary
*
Online Online

Activity: 1750


View Profile
December 01, 2015, 06:51:52 AM
 #120

So this will be able to have a fix but requires convincing of the largest pools.

Yes. Miners are able to immediately require higher fees for these transactions or to ignore these transactions when they create blocks.
hetecon
Full Member
***
Offline Offline

Activity: 182


Best Coder


View Profile
December 01, 2015, 04:29:47 PM
 #121

So this will be able to have a fix but requires convincing of the largest pools.

Yes. Miners are able to immediately require higher fees for these transactions or to ignore these transactions when they create blocks.

To me this means it is not a problem with bitcoin concept, but a problem with certain versions of the wallet/mining wallet systems.
mezzomix
Legendary
*
Online Online

Activity: 1750


View Profile
December 01, 2015, 05:45:31 PM
 #122

It's not limited to the miners. I operate several relay nodes and patched my nodes to reject those transactions before they are stored in the mempool. With this change my nodes no longer forward transactions with a high number of SIGOPS.

With a mining node I would not reject those transactions but require a high fee.
hetecon
Full Member
***
Offline Offline

Activity: 182


Best Coder


View Profile
December 01, 2015, 05:47:44 PM
 #123

It's not limited to the miners. I operate several relay nodes and patched my nodes to reject those transactions before they are stored in the mempool. With this change my nodes no longer forward transactions with a high number of SIGOPS.

With a mining node I would not reject those transactions but require a high fee.


Do you have a github commit for me to look at?
amaclin
Legendary
*
Offline Offline

Activity: 1176


View Profile WWW
December 01, 2015, 06:21:22 PM
 #124

Do you have a github commit for me to look at?
this link have been posted a number of times in this topic
https://github.com/bitcoin/bitcoin/pull/7081

Last night, at last, the Evil's spine was broken
It was impaled and quartered where it stood.
New day has dawned and people are awoken
By proudly marching, stinking, gory Good.
hetecon
Full Member
***
Offline Offline

Activity: 182


Best Coder


View Profile
December 01, 2015, 06:35:32 PM
 #125

Do you have a github commit for me to look at?
this link have been posted a number of times in this topic
https://github.com/bitcoin/bitcoin/pull/7081

much simpler then expected :0
mezzomix
Legendary
*
Online Online

Activity: 1750


View Profile
December 01, 2015, 10:18:59 PM
 #126

Do you have a github commit for me to look at?
this link have been posted a number of times in this topic
https://github.com/bitcoin/bitcoin/pull/7081

I use a hard coded limit but this pull request will be more flexible.
basil00
Member
**
Offline Offline

Activity: 60


View Profile
December 02, 2015, 04:03:04 AM
 #127

This attack can be made more effective by exploiting this.  That is, instead of a vanilla OP_RETURN you use the script:

Code:
   OP_RETURN OP_CHECKMULTISIG

This counts as a extra 20 sigOps.  This bug is fixed in 0.12.0 (by making this script non-standard).
hetecon
Full Member
***
Offline Offline

Activity: 182


Best Coder


View Profile
December 04, 2015, 06:19:51 AM
 #128

This attack can be made more effective by exploiting this.  That is, instead of a vanilla OP_RETURN you use the script:

Code:
   OP_RETURN OP_CHECKMULTISIG

This counts as a extra 20 sigOps.  This bug is fixed in 0.12.0 (by making this script non-standard).

interesting thing to see here. i trying to get this script lang down lol
DuddlyDoRight
Sr. Member
****
Offline Offline

Activity: 298



View Profile WWW
December 16, 2015, 02:58:58 AM
 #129

Problem is fees are already arbritrary creating usability issues.. Add more add more problems..

Oh cool I just put my savings in to bitcoin!! Hey what happen to 0.005% of it or why does it get no confirmations.. No refunds wtf?

Bitcoin is suppose to be a currency not a quick-profit-scheme for people who buy the hardware or learn the internals..

I have faith that one day this forum will get threads where people won't just repeat their previous posts or what others have already stated in the same thread. Also that people will stop acting like BTC is toy-money and start holding vendors accountable. Naive? Maybe.
sidwaltdo
Newbie
*
Offline Offline

Activity: 1

MMM Global is a perfect financial community.


View Profile WWW
December 17, 2015, 03:00:01 AM
 #130

WOW,The day bitcoin starts blacklisting will be the end.

MMM Extra program help you get 100% a month
DuddlyDoRight
Sr. Member
****
Offline Offline

Activity: 298



View Profile WWW
December 20, 2015, 01:17:01 AM
 #131

WOW,The day bitcoin starts blacklisting will be the end.

Never blacklist. Just whitelist. I'm not sure why basic reputation scares people here so bad..

There is nothing built in to the block-chain that says a bank is a bank and again, BTC is a currency not a profit system..

I have faith that one day this forum will get threads where people won't just repeat their previous posts or what others have already stated in the same thread. Also that people will stop acting like BTC is toy-money and start holding vendors accountable. Naive? Maybe.
amaclin
Legendary
*
Offline Offline

Activity: 1176


View Profile WWW
December 20, 2015, 01:24:06 AM
 #132

WOW,The day bitcoin starts blacklisting will be the end.

https://gitlab.com/bitcoin/luke-jr-bitcoin/commit/5f8e7180c4b34d5f46c61a6dd2242f4249b5f79a

Last night, at last, the Evil's spine was broken
It was impaled and quartered where it stood.
New day has dawned and people are awoken
By proudly marching, stinking, gory Good.
oakpacific
Hero Member
*****
Offline Offline

Activity: 798


View Profile
January 26, 2016, 10:25:29 PM
 #133

Isn't transaction selection already a NP-hard knapsack problem? What kind of a beast it will become if we throw....computational complexity itself into the mix? "Hmmm, let me  estimate  if I am gonna spend more time processing these transactions or more time doing the estimation..." Roll Eyes

https://tlsnotary.org/ Fraud proofing decentralized fiat-Bitcoin trading.
BlockSense
Newbie
*
Offline Offline

Activity: 14


View Profile
January 31, 2016, 01:27:25 PM
 #134

This attack can be made more effective by exploiting this.  That is, instead of a vanilla OP_RETURN you use the script:

Code:
   OP_RETURN OP_CHECKMULTISIG

This counts as a extra 20 sigOps.  This bug is fixed in 0.12.0 (by making this script non-standard).

Will have a read of this.
Pages: 1 2 3 4 5 6 7 [All]
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!