A lot of people have making threads about deepbit becoming too powerful and that they could theoretically take over. So far, everything is just talking about the theory of an attack. Deepbit/Tycho haven't actually done anything bad yet. I'm kind of annoyed that people are pointing fingers and blaming Tycho for something he hasn't done.
I purpose someone build a piece of software or a website, that can detect an actual attack. Here's a short list of ideas to detect an attack on the security of bitcoins.
- Examine the block chain. Check for branches that already exist. This won't tell us who is attacking it, but it would tell us if an attack is happening. Of course you would want to ignore branches that only last 1 block because those can happen accidentally.
- Perform a getWork request from all major pools.
- Throw up a warning if they're asking you to work on an old block.
- Throw up a warning if they're asking you to work on a block not in the chain.
For a 6 block confirmation attack, at the current block rate, with 50% hashing power, it would take 1.6-2 hours to double spend your coins. This may not sound like much time, but I think it would be enough if a lot of the big players used it. I'm sure sites like http://bitcoinwatch.com/
wouldn't mind having having another tool on the site to report when one pool is being evil.
I'm kind of poor bitcoin-wise, otherwise I would totally put a bounty on this. Please keep this thread about building a detection scheme and less about the QQ of deepbit/tycho being evil or whatever.
And for reference to why 50% hashing power could be a problem, here's a link to the wiki.https://en.bitcoin.it/wiki/Weaknesses#Attacker_has_a_lot_of_computing_power