Bitcoin Forum
November 09, 2024, 11:09:02 AM *
News: Latest Bitcoin Core release: 28.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: [1]
  Print  
Author Topic: Security  (Read 9998 times)
Bitcoiner (OP)
Member
**
Offline Offline

Activity: 70
Merit: 11


View Profile
July 07, 2010, 02:53:00 PM
 #1

Has there been a concerted effort to attack, subvert, or break Bitcoin? One way to test that it is secure from attack would be to actually try to undermine it, by double-spending coins, creating fake coins, posting false transactions, etc... and if flaws are found, better that they are found now than later, when the bitcoin economy is potentially larger and there is more to lose.

Want to thank me for this post? Donate here! Flip your coins over to: 13Cq8AmdrqewatRxEyU2xNuMvegbaLCvEe  Smiley
Gavin Andresen
Legendary
*
qt
Offline Offline

Activity: 1652
Merit: 2301


Chief Scientist


View Profile WWW
July 09, 2010, 06:11:27 PM
Merited by bones261 (1)
 #2

It's a bad idea to try to break the "in-production" bitcoin network.

If anybody is starting serious work on either extending Bitcoin or developing compatible implementations or trying to break it by creating bad transactions, I think creating a "parallel universe" test network with its own block chain, data directory, etc makes sense.

Satoshi:  would you be open to a --testnetwork (or something) flag to bitcoin that swapped to an alternate genesis block, data directory, listen port and IRC channel?  Maybe with a really short average block generation time, too (like once per minute instead of once per 10 minutes) so everything happens ten times a fast to make testing quicker.
 

How often do you get the chance to work on a potentially world-changing project?
llama
Member
**
Offline Offline

Activity: 103
Merit: 61


View Profile
July 09, 2010, 08:13:27 PM
 #3


Satoshi:  would you be open to a --testnetwork (or something) flag to bitcoin that swapped to an alternate genesis block, data directory, listen port and IRC channel?  Maybe with a really short average block generation time, too (like once per minute instead of once per 10 minutes) so everything happens ten times a fast to make testing quicker.
 

I second this, however I don't think block generation time should be changed.  I think it should be identical to the production network.  This, for example, would allow testers to try to subvert the system by creating nodes with particularly low latency, and keep the results applicable to the real network.

Great idea Gavin!

satoshi
Founder
Sr. Member
*
qt
Offline Offline

Activity: 364
Merit: 7243


View Profile
July 10, 2010, 12:58:02 PM
Merited by bones261 (1)
 #4

I'll start thinking about how to do this.

At the moment, you can kind of use -connect.  You can use -connect to make it connect to local computers on your LAN, like -connect=192.168.0.100.  If you start it out blank and don't let it connect to the main network, the difficulty is still at the original low difficulty.  If you've port-forwarded though, then outside nodes might still connect inward to you.

With -connect it still uses IRC, do you think it shouldn't get on IRC when you're telling it to only connect to specific nodes with -connect?  The main scenario for -connect is where you have a server farm, with two connected to the network and the rest connected to the first two.  In that case, you wouldn't want the -connect computers on IRC.

void ThreadIRCSeed(void* parg)
{
    if (mapArgs.count("-connect"))
        return;
laszlo
Full Member
***
Offline Offline

Activity: 199
Merit: 2384


View Profile
July 10, 2010, 04:33:06 PM
 #5

It really only makes sense for nodes with the port forwarded to remain on the IRC channel, right?  Maybe it could just ping a php script or another node randomly (this might be a better idea) which tells it YES/NO on whether the connect-back is working, and then just terminate the IRC thread if it's not needed anymore.  It could re-probe every 6 hours or so in case the user changes their port forwarding settings, or it could just be an option even..

BC: 157fRrqAKrDyGHr1Bx3yDxeMv8Rh45aUet
lachesis
Full Member
***
Offline Offline

Activity: 210
Merit: 105


View Profile
July 10, 2010, 05:35:10 PM
 #6

Oh I like that idea a lot Laszlo. There's no reason for a non-forwarded client to idle in the IRC.

Bitcoin Calculator | Scallion | GPG Key | WoT Rating | 1QGacAtYA7E8V3BAiM7sgvLg7PZHk5WnYc
Stone Man
Newbie
*
Offline Offline

Activity: 28
Merit: 10


View Profile
July 14, 2010, 07:10:51 AM
 #7

Has there been a concerted effort to attack, subvert, or break Bitcoin? One way to test that it is secure from attack would be to actually try to undermine it, by double-spending coins, creating fake coins, posting false transactions, etc... and if flaws are found, better that they are found now than later, when the bitcoin economy is potentially larger and there is more to lose.

I agree. We the software needs to be vetted.

For one thing, I just ran across some rates to rent time on a supercomputer:
http://news.softpedia.com/news/Rent-Your-Own-Supercomputer-for-2-77-per-Hour-82166.shtml
$2.77 / core / hr

I don't know a lot about breaking secure encryption and out hashing a proof-of-work, but Satoshi said in his paper that as long as no more than half of the network was owned by an attacker it could not be broken.

I wonder if someone could rent this super-computer or one bigger and theoretically undermine bitcoin for only the cost of renting the machine for an hour.

Based on my rough calculations, if 2200 machines like my duel core were owned by an attacker he could theoretically take down the network for only about $12,000 USD.

I hope I am wrong. Someone who is more knowledgeable should comment here.
bdonlan
Full Member
***
Offline Offline

Activity: 221
Merit: 102


View Profile
July 14, 2010, 08:12:47 PM
 #8

Has there been a concerted effort to attack, subvert, or break Bitcoin? One way to test that it is secure from attack would be to actually try to undermine it, by double-spending coins, creating fake coins, posting false transactions, etc... and if flaws are found, better that they are found now than later, when the bitcoin economy is potentially larger and there is more to lose.

I agree. We the software needs to be vetted.

For one thing, I just ran across some rates to rent time on a supercomputer:
http://news.softpedia.com/news/Rent-Your-Own-Supercomputer-for-2-77-per-Hour-82166.shtml
$2.77 / core / hr

I would think EC2 would be a better option - $0.17/hr for two cores (using a high-cpu medium instance) that way.
Insti
Sr. Member
****
Offline Offline

Activity: 294
Merit: 252


Firstbits: 1duzy


View Profile
July 14, 2010, 08:23:16 PM
 #9

Isn't just changing the genesis node enough?
Each branch would just ignore the others 'invalid' blocks and transactions.

(although it would probably be polite to try and construct a different network.)
sirius
Bitcoiner
Sr. Member
****
Offline Offline

Activity: 429
Merit: 1002



View Profile
July 14, 2010, 10:27:42 PM
 #10

A possible attack against the system was suggested on the IRC: an organization that controls an overwhelming amount of CPU power could start generating coins, and then stop generating when the proof-of-work difficulty gets very high after the next 2000 blocks. Normally it should take 2 weeks to generate 2000 blocks. If an attacker with 10 times more CPU power than the rest of the network were to increase the proof-of-work difficulty and then stop, the total block generation would become 10 times slower and the next difficulty readjustment would be after 20 weeks.

By the time when Bitcoin is big enough to threaten the established currencies, hopefully there'll be no single party that has enough CPU power to do an attack like this.

Iris — for better social networks
I'm not a forum admin - please contact theymos instead.
Insti
Sr. Member
****
Offline Offline

Activity: 294
Merit: 252


Firstbits: 1duzy


View Profile
July 14, 2010, 10:36:00 PM
 #11

A possible attack against the system was suggested on the IRC: an organization that controls an overwhelming amount of CPU power could start generating coins, and then stop generating when the proof-of-work difficulty gets very high after the next 2000 blocks. Normally it should take 2 weeks to generate 2000 blocks. If an attacker with 10 times more CPU power than the rest of the network were to increase the proof-of-work difficulty and then stop, the total block generation would become 10 times slower and the next difficulty readjustment would be after 20 weeks.

By the time when Bitcoin is big enough to threaten the established currencies, hopefully there'll be no single party that has enough CPU power to do an attack like this.

This could be solved with a software patch to modify the difficulty, as long as it could be distributed to 50% of the nodes...
FreeMoney
Legendary
*
Offline Offline

Activity: 1246
Merit: 1016


Strength in numbers


View Profile WWW
July 15, 2010, 09:42:37 AM
 #12

Is it true that the difficulty can be changed with a patch accepted by 50% of nodes? Doesn't this mean that an attacker only needs to set up a bunch of nodes and not actually have a majority of cpu power? How hard would it be to do an attack like that? What does it take to have a node? A 2880 bps modem and a Pentium 386? Can a computer hold multiple nodes?

Play Bitcoin Poker at sealswithclubs.eu. We're active and open to everyone.
Insti
Sr. Member
****
Offline Offline

Activity: 294
Merit: 252


Firstbits: 1duzy


View Profile
July 15, 2010, 10:14:28 AM
 #13

Is it true that the difficulty can be changed with a patch accepted by 50% of nodes? Doesn't this mean that an attacker only needs to set up a bunch of nodes and not actually have a majority of cpu power? How hard would it be to do an attack like that? What does it take to have a node? A 2880 bps modem and a Pentium 386? Can a computer hold multiple nodes?

Majority of the cpu power is probably more technically correct than 50% of the nodes.
As long as the patched nodes are generating blocks faster than the unpatched nodes they will 'win'.
Svick
Newbie
*
Offline Offline

Activity: 10
Merit: 0


View Profile
July 15, 2010, 11:04:32 AM
 #14

Is it true that the difficulty can be changed with a patch accepted by 50% of nodes? Doesn't this mean that an attacker only needs to set up a bunch of nodes and not actually have a majority of cpu power? How hard would it be to do an attack like that? What does it take to have a node? A 2880 bps modem and a Pentium 386? Can a computer hold multiple nodes?
I don't think so. I think that if you created a block with lower difficulty than what I think is the current difficulty, I wouldn't accept it. That means I wouldn't accept any coins that originated in a block with this lower difficulty. This would effectively split the network in two.
sirius
Bitcoiner
Sr. Member
****
Offline Offline

Activity: 429
Merit: 1002



View Profile
July 15, 2010, 12:16:44 PM
 #15

I don't think so. I think that if you created a block with lower difficulty than what I think is the current difficulty, I wouldn't accept it. That means I wouldn't accept any coins that originated in a block with this lower difficulty. This would effectively split the network in two.

That's right.

Iris — for better social networks
I'm not a forum admin - please contact theymos instead.
Pages: [1]
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!