Is this statement True or False about Bitcoin

[unk]

You could (temporarily) DoS all of Bitcoin for far less money than a million dollars. However, DoS attacks are illegal

one concern i've long had is that several kinds of 'attacks' or at least attempts at denying service to achieve external effects (like market manipulation) conform to bitcoin's network and functional protocol and thus are probably unlikely to be regulated. but it's a grey area.

in any case, to give my own reply to the original question, i believe it's a true statement. even the most intuitive attack that requires no special knowledge (the 'overwhelm the hashing power of the network' attack) would cost only a few million dollars at present for permanent purchase of the necessary hardware, and far less for rental. there are many cleverer things that can be done, however. for example, analyses by bytecoin and "s" have explained similar attacks that require fewer resources.

this isn't really a threat to the bitcoin technology as a whole. satoshi wasn't particularly concerned with it, as you can see from his last few messages at the forum. but as i and others have pointed out for a long time, it makes any individual block chain subject to more potential kinds of market manipulation that many speculators seem to suspect.

bitcoin will likely continue, but the value in any particular block chain can at present be very easily 'attacked' through denial of service and similar mechanisms. that we haven't seen much more than a denial-of-service attack on mt gox and a few mining pools likely reflects nothing more than the still-relatively-small footprint of bitcoin and the fact that it is not presently easy to profit from falls in the price of a bitcoin at any significant scale.

[1715044434]

1715044434

[1715044434]

1715044434

[1715044434]

1715044434

[1715044434]

1715044434

[n0m4d]

Once somebody has more computing power than everybody else put together, they should go about 1,000 blocks back and try to build a new chain building off that, in secret. (This would take a week.) However their chain will not include any of the transactions from the last 1,000 legitimate blocks. Once it becomes longer than the existing chain, they publish it and instantaneously a whole week of transactions un-happen, i.e. they are reversed and the money (including mining fees) returns to the hands of the original owner, whereas the 50,000 BTC legitimately mined disappear, and the new 50,000 BTC generated are owned by one bitcoin address, the attacker's.

As I understand the code, clients running after the fork and before the merge won't pay any attention to that new block chain.  Newly booting ones may have to decide which to believe, but no one is going to rewind past the last few blocks.

I'd love to hear anyone that's deeper into the code than I correct me on that.

[unk]

you can't easily go back that far even with massive hashing power. satoshi's original paper shows this numerically.

[n0m4d]

you can't easily go back that far even with massive hashing power. satoshi's original paper shows this numerically.

i believe the whitepaper covers the case of trying to undo a transaction, whereas - as i understand it, trippy was speaking of maintaining a "shadow" fork that would suddenly emerge and attempt to usurp the block chain since the fork.

perhaps the maths cover that case as well, and i'm ignorant of their full implications.

[unk]

oh, i misread. that is indeed possible, and it hasn't gotten enough attention. it's like an expanded version of the 'finney attack' and could be used quite strategically to significant negative effect.

in some ways, it's a particular case of the sort of problem that ben laurie was warning us about at http://links.org.

i don't believe anything in the code limits large reorganizations, except the hard-coded checkpointing of particular blocks at some releases. the network couldn't easily survive if newly downloaded clients disagreed with the old ones about the state of the network. they need to validate each proposed chain for themselves and accept the one with the greatest total proof of work. (that said, i haven't stayed current with each new release of the code, so i'm not sure if it has been modified in this respect. but unless very sophisticated, my belief is that such a change wouldn't make much sense.)

[n0m4d]

seems like a couple public write-once block databases would sew this up - in a total OMFG freak out the clients could go into quorum mode...  freenet, maybe?

[unk]

right, it requires a redundancy that is not presently part of the bitcoin system. the problem is that it will never be clear, without a non-bitcoin mechanism for reaching meta-consensus, which block chain is the 'honest' one. as an example, it might not be the first; for all we know, the first was the attack, and the 1000 others were the remedy to the attack. (this once happened in response to an integer-overflow bug that led to a mended block chain at satoshi's direction with the help of powerful miners.)

"s" once outlined a detailed mechanism for redundancy, but he or she was apparently pushed away from the forum by extremist responses and deleted that post. but i recall a model similar to freenet as one robust anti-double-spending mechanism.

[n0m4d]

But if the attack were sprung right away like that, wouldn't it hit folk's radar pretty quick?  As I understand it, you can't simultaneously wrest control of the network AND dodge the difficulty increase.

[Mike Hearn]

Nobody smart would attempt to DoS Bitcoin by outrunning the chain. That's not a threat worth worrying about. You can knock nodes offline without any expensive computation and because all nodes are discoverable that means you can take the network temporarily offline, until people upgrade to a new software version that is more DoS resistant.

[MoonShadow]

Nobody smart would attempt to DoS Bitcoin by outrunning the chain. That's not a threat worth worrying about. You can knock nodes offline without any expensive computation and because all nodes are discoverable that means you can take the network temporarily offline, until people upgrade to a new software version that is more DoS resistant.

Not all nodes are discoverable.

[Mike Hearn]

If you mean non-listening nodes, they don't matter because to take the network offline all you need to do is take out the listening nodes.

[MoonShadow]

If you mean non-listening nodes, they don't matter because to take the network offline all you need to do is take out the listening nodes.

No, I don't mean non-listening nodes, but those would qualify also because they are intermittently listening.  The network is a very fault tolerant, self-healing system.