Bitcoin Forum
December 15, 2017, 10:35:16 AM *
News: Latest stable version of Bitcoin Core: 0.15.1  [Torrent].
 
   Home   Help Search Donate Login Register  
Pages: « 1 [2] 3 4 5 6 7 »  All
  Print  
Author Topic: Cheap way to attack blockchain  (Read 27915 times)
dooglus
Legendary
*
Offline Offline

Activity: 2366



View Profile
September 16, 2015, 05:57:24 PM
 #21

Quoted. Just to prove for future use (forum allows to edit messages, so the date of message does not prove anything)
Here is another hash (this time XT/BIP101 related):
Code:
d894bd6f1f8222ceb5101cc1d5d3f3eb326e04ce6b9567f74cca151bb2b7b927

The date of a message becomes underlined if it is ever edited. If you don't edit a message, the timestamp is quite reliable. Someone with direct database access could have edited the message, but not a regular account owner.

Just-Dice                 ██             
          ██████████         
      ██████████████████     
  ██████████████████████████ 
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
    ██████████████████████   
        ██████████████       
            ██████           
   Play or Invest                 ██             
          ██████████         
      ██████████████████     
  ██████████████████████████ 
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
    ██████████████████████   
        ██████████████       
            ██████           
   1% House Edge
1513334116
Hero Member
*
Offline Offline

Posts: 1513334116

View Profile Personal Message (Offline)

Ignore
1513334116
Reply with quote  #2

1513334116
Report to moderator
1513334116
Hero Member
*
Offline Offline

Posts: 1513334116

View Profile Personal Message (Offline)

Ignore
1513334116
Reply with quote  #2

1513334116
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1513334116
Hero Member
*
Offline Offline

Posts: 1513334116

View Profile Personal Message (Offline)

Ignore
1513334116
Reply with quote  #2

1513334116
Report to moderator
1513334116
Hero Member
*
Offline Offline

Posts: 1513334116

View Profile Personal Message (Offline)

Ignore
1513334116
Reply with quote  #2

1513334116
Report to moderator
1513334116
Hero Member
*
Offline Offline

Posts: 1513334116

View Profile Personal Message (Offline)

Ignore
1513334116
Reply with quote  #2

1513334116
Report to moderator
scriptman
Member
**
Offline Offline

Activity: 112


View Profile
September 20, 2015, 02:26:41 PM
 #22

You're not the first and you certainly won't be the last person concerning themselves with how to break the Bitcoin network.

You should use your knowledge and skills for productive means and help the community.

██████████    YoBit.net - Cryptocurrency Exchange - Over 350 coins
█████████    <<  ● $$$ - $$$ - $$$ - $$$ - $$$ - $$$ - $$$   >>
██████████    <<  ● Play DICE! Win 1-5 btc just for 5 mins!  >>
amaclin
Legendary
*
Offline Offline

Activity: 1260


View Profile
September 21, 2015, 04:42:41 AM
 #23

You're not the first and you certainly won't be the last person concerning themselves with how to break the Bitcoin network.

You should use your knowledge and skills for productive means and help the community.
Why?
Nancarrow
Hero Member
*****
Offline Offline

Activity: 494


View Profile
September 23, 2015, 10:12:30 PM
 #24

You're not the first and you certainly won't be the last person concerning themselves with how to break the Bitcoin network.

You should use your knowledge and skills for productive means and help the community.

What exactly do you think computer security professionals DO? Or cryptologists employed by three-letter agencies? Or military strategists?

A person who wants to strengthen the bitcoin network and isn't constantly thinking of ways to break it, isn't doing their job.


If I've said anything amusing and/or informative and you're feeling generous:
1GNJq39NYtf7cn2QFZZuP5vmC1mTs63rEW
scriptman
Member
**
Offline Offline

Activity: 112


View Profile
September 25, 2015, 02:09:31 PM
 #25

You're not the first and you certainly won't be the last person concerning themselves with how to break the Bitcoin network.

You should use your knowledge and skills for productive means and help the community.
Why?

Because building something is a lot more fun than knocking it down

██████████    YoBit.net - Cryptocurrency Exchange - Over 350 coins
█████████    <<  ● $$$ - $$$ - $$$ - $$$ - $$$ - $$$ - $$$   >>
██████████    <<  ● Play DICE! Win 1-5 btc just for 5 mins!  >>
basil00
Member
**
Offline Offline

Activity: 60


View Profile
September 25, 2015, 02:12:26 PM
 #26

Just noticed this transaction: 324456fe9ec97a380effba0a0205a226e380790b93e7366d39f2a416a44d2a34.

2000 sigOps!.
(each OP_CHECKMULTISIGVERIFY inside the unexecuted OP_IF will count as 20 SigOps).

Also, it appears that F2Pool will mine non-standard transactions (P2SH with >15 sigOps).  It only takes 10 of such transactions to completely "fill" a block.
amaclin
Legendary
*
Offline Offline

Activity: 1260


View Profile
September 25, 2015, 02:13:44 PM
 #27

Because building something is a lot more fun than knocking it down
jedem das seine

amaclin
Legendary
*
Offline Offline

Activity: 1260


View Profile
September 25, 2015, 02:18:42 PM
 #28

Just noticed this transaction: 324456fe9ec97a380effba0a0205a226e380790b93e7366d39f2a416a44d2a34.
2000 sigOps!.
(each OP_CHECKMULTISIGVERIFY inside the unexecuted OP_IF will count as 20 SigOps).
Also, it appears that F2Pool will mine non-standard transactions (P2SH with >15 sigOps).  
It only takes 10 of such transactions to completely "fill" a block.
It was my transaction.
F2Pool confirms non-standard txs under some conditions.
basil00
Member
**
Offline Offline

Activity: 60


View Profile
September 25, 2015, 02:21:32 PM
 #29

It was my transaction.

Yes I guessed from the 1aa... addresses. Smiley

Quote
F2Pool confirms non-standard txs under some conditions.

Interesting.  What conditions are these?
amaclin
Legendary
*
Offline Offline

Activity: 1260


View Profile
September 25, 2015, 02:28:19 PM
 #30

Interesting.  What conditions are these?
Do not know. You should ask macbook-air
basil00
Member
**
Offline Offline

Activity: 60


View Profile
September 26, 2015, 05:37:58 AM
 #31

Damn, looks like Amaclin's bot stole my BTC.  My tx even had a signature and everything Angry
Edit: I have a new version that uses at least one real sig Smiley  I can create an IsStandard tx that hashes >250MB, or in other words, only 5 tx to "fill" a XT 8MB block.  Lucky I'm out of bits to play with.
edric
Hero Member
*****
Offline Offline

Activity: 546



View Profile
September 26, 2015, 06:37:39 AM
 #32

Seems to me that I know new way to attack & flood bitcoin network.

The last attacks were based on filling the blocks with transactions.
This is because of limit of block size. (Consensus rule that the blocksize is below 1mb)

But there are another limits for block which can not be changed without hard fork.

There is a limit of SIGOPS in transactions included to a block.

consensus.h
Code:
/** The maximum allowed size for a serialized block, in bytes (network rule) */
static const unsigned int MAX_BLOCK_SIZE = 1000000;
/** The maximum allowed number of signature check operations in a block (network rule) */
static const unsigned int MAX_BLOCK_SIGOPS = MAX_BLOCK_SIZE/50;

So, MAX_BLOCK_SIGOPS is 20000

How does the client calculate the number of SIGOPS? Let us look to the sources.

main.cpp
Code:
           if (fStrictPayToScriptHash)
            {
                // Add in sigops done by pay-to-script-hash inputs;
                // this is to prevent a "rogue miner" from creating
                // an incredibly-expensive-to-validate block.
                nSigOps += GetP2SHSigOpCount(tx, view);
                if (nSigOps > MAX_BLOCK_SIGOPS)
                    return state.DoS(100, error("ConnectBlock(): too many sigops"),
                                     REJECT_INVALID, "bad-blk-sigops");
            }

Miner node includes transactions to a block while the nSigOps not exceeds 20000.
The block with nSigOps > 20000 will be invalid (consensus rule) and will be rejected by all other nodes.

Now let us look the transaction
https://blockchain.info/tx/6766e75d6166a0a14bd814921d0f903285e15779e648d7ec52a4f7c0868ec07d
and calculate the number of SIGOPS in it

All input scripts are redeeming from p2sh-outputs with the inner scripts build on the same template:
Code:
OP_0
OP_IF
  OP_15
  OP_CHECKMULTISIG
OP_ENDIF
OP_SMALLINTEGER
The number of SIGOPS in this small script is 15 (this is maximum value to pass IsStandard)
And the total number of SIGOPS in 6766e75d6166a0a14bd814921d0f903285e15779e648d7ec52a4f7c0868ec07d is 15 * 15 = 225

So, the maximum number of such transactions in one block is only 88 (because floor ( 20000 / 225 ) = 88)
And inserting 88 such transactions in one block leaves only 200 SIGOPS for regular transactions.
Which leaves a room only for ~100 transactions in block for other persons

The attack vector should be:
1) create and fund a big number of such p2sh-utxo
2) redeem them to OP_RETURN or to regular output

Each such transaction costs 0.00045 for dishonest attacker (can be even less)
88 transactions (attack one block) will cost only 0.0396 BTC
Daily attack 5.7024 BTC - not a big deal

Wanna hire me for this dirty job?  Grin



My name Boris.  I pay 10k USD and 100 barrels oil you do this.  I want you take down evil tool of Western intelligence!  We have deal?

edric
Hero Member
*****
Offline Offline

Activity: 546



View Profile
September 26, 2015, 06:40:18 AM
 #33

You're not the first and you certainly won't be the last person concerning themselves with how to break the Bitcoin network.

You should use your knowledge and skills for productive means and help the community.

What exactly do you think computer security professionals DO? Or cryptologists employed by three-letter agencies? Or military strategists?

A person who wants to strengthen the bitcoin network and isn't constantly thinking of ways to break it, isn't doing their job.



I agree. But one also has to ask themselves, if it is so easy to destroy, why hasn't the government taken out the bitcoin network yet?  Clearly there is an agenda behind letting it go forward.  I will let you figure that one out.

Syke
Legendary
*
Offline Offline

Activity: 2464


View Profile
September 27, 2015, 11:53:08 PM
 #34

The date of a message becomes underlined if it is ever edited. If you don't edit a message, the timestamp is quite reliable. Someone with direct database access could have edited the message, but not a regular account owner.

There's a small timeframe (5-10 min IIRC) where the msg can be edited without notice.

Edited.

Previous edit at 53:08.

Edit: Ok, so the original timestamp doesn't change, but the text of the msg can change.

Buy & Hold
amaclin
Legendary
*
Offline Offline

Activity: 1260


View Profile
September 28, 2015, 05:11:14 AM
 #35

Damn, looks like Amaclin's bot stole my BTC.  My tx even had a signature and everything Angry
Edit: I have a new version that uses at least one real sig Smiley  I can create an IsStandard tx that hashes >250MB, or in other words, only 5 tx to "fill" a XT 8MB block.  Lucky I'm out of bits to play with.

This is a provocation.
This vile and filthy lie.
How can you prove that you did not send the funds to my address to blacken my name?  Grin

Note: these btc were not stolen. It is not possible to stole btc without a knowledge of private key.
amaclin
Legendary
*
Offline Offline

Activity: 1260


View Profile
September 28, 2015, 05:24:45 AM
 #36

I agree. But one also has to ask themselves, if it is so easy to destroy, why hasn't the
government taken out the bitcoin network yet?
Governments do not need to "destroy" bitcoin.
Because there is no danger from it.
amaclin
Legendary
*
Offline Offline

Activity: 1260


View Profile
September 28, 2015, 06:25:46 AM
 #37

My name Boris.  I pay 10k USD and 100 barrels oil you do this.  
I want you take down evil tool of Western intelligence!  We have deal?
Yes. PM me for details.  Grin
letsplayagame
Sr. Member
****
Offline Offline

Activity: 308


View Profile
September 28, 2015, 08:47:31 AM
 #38

You're not the first and you certainly won't be the last person concerning themselves with how to break the Bitcoin network.

You should use your knowledge and skills for productive means and help the community.

What exactly do you think computer security professionals DO? Or cryptologists employed by three-letter agencies? Or military strategists?

A person who wants to strengthen the bitcoin network and isn't constantly thinking of ways to break it, isn't doing their job.



I wish more people understood this concept.  This type of testing is exactly what bitcoin needs to become stronger.  You have to think of different ways to attack bitcoin in order to develop better ways to defend it.

Chess, Bitcoin, Privacy and Freedom
Code:
Make BTC Donations via XMR.TO or Shapeshift XMR: 47nMGDMQxEB8CWpWT7QgBLDmTSxgjm9831dVeu24ebCeH8gNPG9RvZAYoPxW2JniKjeq5LXZafwdPWH7AmX2NVji3yYKy76
amaclin
Legendary
*
Offline Offline

Activity: 1260


View Profile
September 28, 2015, 09:03:08 AM
 #39

I wish more people understood this concept.  
This type of testing is exactly what bitcoin needs to become stronger.  
You have to think of different ways to attack bitcoin in order to develop better ways to defend it.
What is the purpose to spend time to "defend a broken thing"?
Nobody will pay for it. Because this is bitcoin.
Nobody will fight to increase the value in your pocket.
You are in ponzi scheme. Right now you do not understand it.
RealMalatesta
Legendary
*
Offline Offline

Activity: 826



View Profile
September 28, 2015, 09:05:48 AM
 #40

I agree. But one also has to ask themselves, if it is so easy to destroy, why hasn't the
government taken out the bitcoin network yet?
Governments do not need to "destroy" bitcoin.
Because there is no danger from it.

But there will be competitors who just wait for the right timing...
Pages: « 1 [2] 3 4 5 6 7 »  All
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!