Rant in haste, disorganized jumble of info, but too important to ignore due to
ENOTIME for proper writeup:
Did Trail of Bits go full retard in a way that should demolish their reputation? Or should
Tech Republic fire Ray Fernandez for gross incompetence in tech reporting?
by Ray Fernandez in Security
on June 28, 2022, 3:08 PM PDT
[...]
Trail of Bits warns that nodes used by crypto miners can be easily deployed using an inexpensive cloud server. These can be used to flood the network in what is known as a Sybil attack. Sybil attacks can execute an eclipse attack, where a malicious actor seeks to isolate users by denying access to the nodes.
That “nodes used by crypto miners” is bog standard Bcash/BSV stupidity. It is not how Bitcoin works. This has been proved empirically, when hostile miners tried to flip Bitcoin in 2017. See below.
*Portions highlighted in pink are abuse of jargon by someone who doesn’t understand it. (Either TOB or Fernandez/TR; pick your poison.)
Sybil attacks are a well-known threat. That is the reason why Bitcoin does not use a DHT. That is the reason why suggestions of a DHT reveal a n00b.
Re: Using a DHT to reduce the resource requirements of full nodes.
Whenever you hear the term DHT what you should be hearing is "total farce of attack resistance failure"—
^^^ Read this long post better to understand some of the reasons for Bitcoin’s network design. But note that this post is from 2014; Core has made many improvements to Bitcoin since then, especially to Bitcoin’s attack resistance on the P2P network.
Does anyone else here remember when XT supporters tried to Sybil the network with thousands of nodes “easily deployed using an inexpensive cloud server”? IIRC, various other bigblockers tried the same thing. It is boring.
Bitcoin doesn’t even notice.Eclipse attacks are a different matter. They are not simply Sybil attacks; they are a special type of Sybil that corrupts your view of the network, much more sophisticated than simply running a large number of malicious nodes. Core has been following the research on eclipse attacks—sometimes advancing it themselves; and they have been implementing countermeasures. In the past few years, you may have noticed that some upgrades to Core made obvious, visible changes to your node’s connection handling; that was specifically to protect against eclipse attacks. There have also been relevant changes deep in the internals of the connection manager, where you would not notice. Altcoins based on codeforks from Bitcoin tend not to have those changes, even the very few alts with non-idiot dev teams who
do sometimes cherry-pick from upstream Bitcoin Core; for example, Zcash (based on Bitcoin Core v0.12) has cherry-picked many patches, but it does not have the recent protections against eclipse attacks.
(And this is why
support for Bitcoin Core development is an issue that has
long concerned me. They do good and necessary work
to secure your money. Excepting the big flashy upgrades like Segwit and Taproot, most of their work is thankless and unrecognized.)
By the by, I note that
Blockstream Satellite would make for a good belt-and-suspenders protection against eclipse attacks—
especially against attacks by an AS-level adversary who can control and manipulate your whole view of the Internet (one of my own worries about Bitcoin). I am not sure of exactly how to set this up the right way; but in theory, it can definitely be done: Use Blockstream Satellite,
and use the ordinary Bitcoin P2P network. That way, Blockstream does not have any centralized authority over your view of the network—but to fool you about the state of the blockchain, an eclipse attacker would need simultaneously to eclipse both you
and Blockstream; I think that at worst, then an attacker could cause your view of the blockchain to hardfork in a way that you should configure to set off alarm bells. Also and separately:
I should make a feature suggestion that Blockstream should also broadcast some P2P node addresses, specifically to help build/bolster defenses against eclipse attacks. (Credit for the idea:
death_wish.)
It is not a new thought. I have been intending for years to try using Satellite for this purpose. (vapourminer, you are not the only “lazy” one.
)
Bitcoin’s support of multiple overlay networks also helps: Bitcoin natively has out-of-the-box support for Tor onions (
not merely using Tor through exits!), I2P SAM, and CJDNS. I think that an eclipse attacker would find it extremely difficult, probably infeasible to gain control over your view of the network if you gossip with peers over multiple different overlay networks.
All that is only improvement. I consider eclipse attacks to be one of the most serious threats on the Bitcoin P2P network—and that shows how secure Bitcoin is: Eclipse attacks are generally quite difficult. There is no low-hanging fruit here, except when people do dumb things like running Bitcoin behind Tor exits with no other network connection. The article mentions something about that. BadExit attacks on Bitcoin have been known since 2014, and they are not a threat to Bitcoin users who don’t do that.
Yawn.Additionally, software errors and bugs are also a main security concern in the blockchain. Ideally, all nodes should operate under the same latest version of the software but that is not the case. Software bugs have already caused blockchain errors in Ethereum and 21% of Bitcoin nodes are running an older version of the Bitcoin Core client, known to be vulnerable, Trail of Bits says.
People’s ability to run old nodes is a feature, not a bug. To hell with TOB’s attempt to keep people on the patch treadmill, like their native shitcoin Ethereum. In Ethereum, the development philosophy is “move fast and break things”. In Bitcoin Core, the development philosophy is DTRT (“Do The Right Thing”) and “it’s done when it’s done”. Bitcoin is fine with old, non-updated nodes.
@Trail of Bits, you may offer to pay me for consulting to help you learn how Bitcoin works.For some of the items here, it is not unlikely that Fernandez is an incompetent fool whose reporting just made TOB look bad. For others, TOB clearly fails—such as with that complaint about people running old versions of Core. I would need to look up the TOB report itself, but who has time for such a thing?
The import of this backwards compatibility is driven home by experience with blockchains where a centralized dev team can effectually force upgrades; there are even some chains where you can lose your money if you fail to upgrade timely. In Bitcoin, your money is safe even if you don’t upgrade to the latest Core; and the Bitcoin Core developers deliberately make sure that they do not have the power to coerce nodes to upgrade.
* Maybe Trail of Bits got confused because they are POSheads? Or maybe Fernandez failed, and
Tech Republic is trash? Someone here does not understand how Bitcoin works.
This was the signal issue of the Fork Wars. Bcashers contradicted what I said; their attempted “flippening” was based on the fallacy that miners have some sort of dominant role on the network, economically and otherwise. Their theory failed. And my theory, set forth above, was proved in practice.
If I were wrong about this, then we would all be using Bcash or S2X as the “real Bitcoin” now.
A related key point: The security of consensus validation in Bitcoin is independent of miners, for all purposes except for transaction ordering. Miners have a sharply limited function in Bitcoin: BFT agreement on transaction ordering, to prevent double-spend attacks. All other security is provided by the Bitcoin Core node you have running at home on a Raspberry Pi, consuming 10W of electricity at negligible cost.
This is not the case on POS networks. On POS networks, so-called “validators” with high capital stake have total control of the blockchain.