Hostile action against the bitcoin infrastracture

[bitcool]

I think the best way to strengthen Bitcoin against attacks is for it to become a more useful medium of exchange.  Namely, to be accepted for payment for a wider selection of goods and services.  We have a long way to go, but if Bitcoin were accepted as widely as PayPal, there would be substantial pressure against shutting down the entire network.  Too many jobs and businesses would depend on it.
PayPal processed donations for WikiLeaks, but the Feds didn't shut down the entire payment processor.  Certainly governments will pressure exchanges and other centralized components of the bitcoin community, but peer to peer means new components will spring up to replace them.

Broader acceptance of Bitcoin as payment also strengthens the infrastructure.  It means more network peers, more mining, more exchanges, more smart developers improving infrastructure.  I keep coming back to the first answer to the FAQ, "How to help Bitcoin?": "offer Bitcoin as a payment option at your web shop or service."

agree, winning the hearts of populace should be high on the list of priorities for bitcoin proponents when planning the roadmap.

[1713976270]

1713976270

[1713976270]

1713976270

[bitcool]

I'm consistently surprised that there is some newbie every week who brings this stuff up as if it is some kind of unique revelation.

Yes, we are aware of the spamming issue.

No, it's not really a problem.

come on, everyone starts as a newbie and not everyone read the whole manual

[bitcool]

I don't think Bitcoin is the ultimate solution. It will eventually disappear and be replaced by a new system. But I still stick to it, because now (and in the near future) it has value. Should a new, better, system be developed I'm sure the two will coexist for a certain time and allow people to transition to the new system, a few will stick to the old system which will lose value while the new one gathers momentum.

We cannot foresee the future, but we can express our trust to the current system by investing in it.

Right now Bitcoin availability for new Users and Services accepting Bitcoins are IMHO the major limiting factors. Acknowledging about the problem certainly the first step to solving it, so keep the brainstorming up ^^

whether bitcoin will be an "ultimate solution or not, we probably need to look back human history for some reference, since it is such a revolutionary and disruptive idea. non-fiat honest money system (i.e. commodity currencies) went thru seashells, clay, bronze.... before it settled on gold/silver. I'd also agree that there will be gradual transition periods from one to another.

[Stephen Gornick]

I am opening this thread to explore possible scenarios of hostile action by the US government against the bitcoin infrastructure.

Certainly there's a patent or two that shares a concept with something that Bitcoin does?  I could see the state try to interject on behalf of the patent holder.

[FreeMoney]

I am opening this thread to explore possible scenarios of hostile action by the US government against the bitcoin infrastructure.

Certainly there's a patent that shares a concept or two with something that Bitcoin does?  I could see the state try to interject on behalf of the patent holder.

I doubt something of that strength will matter much at all. Bittorrent is used over and over and over to distributed works that are 100% copywritten with no ambiguity, but there hasn't been much success shutting that down.

[nowhereman]

I have decided to give this another shot. This is mainly because I love hypotheticals and working out worst case scenarios. (I actually have plans worked out in case aliens ever attack, nuclear war occurs, or a hyper-powerful and vicious government decides to dominate us, and those are only a few of what my overactive imagination has come up with!) Of course I have only taken a few looks at the white paper so if I am missing something, feel free to mention it to me.

From the description of the system, it seems that attacking through the front door via creating a counter-stack would be resource consuming and, quite frankly unrealistic. Indeed it seems that as the blocks build up into large and larger stack, it really would be harder to defeat this system (barring some sort of 'break' of the SHA-256 system if it makes sense to say anything like that). However it also seems obvious that the stack would be easier to overcome if the stack was small and the attackers were given some sort of 'head start' in creating a new one.

Defeating the system in this way would be immensely difficult as the blocks are spread around to each and every node in a distributed and non-centralized manner. Suppose that this really powerful government agency really did decide to set its sights upon bitcoin for summary destruction. If a sufficiently powerful agency were to create a worm with a rootkit and logic bomb payload, then a government or an enterprising techno-mafia could destroy the stack simultaneously (the fact that this is simultaneous cannot be overstated for this plot to work). Once all copies of the stack have been destroyed, any stack could be used to replace it. After all, in this hypothetical situation the stack with the most proof is the stack that has been created from thin air. Also unlike a normal stack attack as mentioned in the white paper, the actions the attacker could do are not limited to returning his own bitcoin to him self. Of course such a situation would probably be highly visible to the world and I doubt much could be done to profit from bitcoins pilfered in this way, but this system could also be used to reduce the total bitcoin to 0 or to place all bitcoins in wallets that no one has the key for.

The most obvious defense against this is to have some sort of back-up system, though how this system could be implemented and yet not be centralized is beyond me (for now).

Let the criticism come.

[MoonShadow]

Pretty good.

Of course, this (unlikely) scenario is part of the motivation for regular blockchain benchmarks being encoded into the source code of new releases.  So your attacker would still have to come up with a fake blockchain that not only matched those benchmarks precisely without violating any of the other valid block rules on any of his fake blocks and have such a blockchain ready that was at least as long as the benchmark shipped in the latest version before the standing network would receive it.

And if any copy of the real blockchain were to be reintroduced to the network before the fake one could develop a greater total proof-of-work, the real blockchain would force a network split that would eventually destroy the fake one.

[MoonShadow]

(barring some sort of 'break' of the SHA-256 system if it makes sense to say anything like that).

Even if someone were to come up with some way to 'break' the security of sha-256 itself (not unrealistic, really) that wouldn't actually result in a compromise of the bitcoin blockchain itself.  Only if this break remained unknown while an attacker tried to build up a fake chain, or attempt a double spend, would a broken sha-256 be a problem.  And even then the problem would be limited to those addresses who had recently done business with the attacker (in the case of double spend attacks).  I consider the difficulties of building a fake blockchain that satisfies all of the various transaction, block and benchmark rules to be so high as to not be a problem even if sha-256 were suddenly easily processed by some kind of shortcut.

If the break were widely known, the part of the system for which sha-256 is used is modular, and can be benchmarked and swapped for something else comparable fairly quickly.  Also, even this wouldn't expose the security of the address keypair system, which is also modular.  If one is broken, the network can agree to suspend processing of transactions until it is fixed, but even that isn't likely to be neccessary.  Both being  broken at the same time, known only to the same attacker; then we are screwed.

[casascius]

A lot of the "fantasy" ways of bringing down Bitcoin I can dream of, could be solved with one simple feature: the ability for Satoshi and perhaps a few others to cryptographically vouch for the soundness of any future revisions of the Bitcoin software, and a way for users to easily confirm the soundness of their client.

Many of the denial-of-service threats to Bitcoin are of the type that could be remedied by pushing out an upgrade to the software.  The fact that the software MUST be upgraded in the future (e.g. to start breaking BTC into smaller decimals) is a sweet non-technical vulnerability that could be exploited by an adversary.

A coordinated effort to damage Bitcoin need only be a huge FUD campaign as to which is the true and correct client.

I suppose we may already have that in a roundabout sort of way: IIRC there is a Satoshi "message" feature based on a keypair owned by Satoshi, that could informally be used to say, "The good client's SHA1 hash is xxxx"... but all the better if the client could retrieve the "best" client via https and confirm its hash so its average user doesn't have to know what a SHA1 is.

[MoonShadow]

A lot of the "fantasy" ways of bringing down Bitcoin I can dream of, could be solved with one simple feature: the ability for Satoshi and perhaps a few others to cryptographically vouch for the soundness of any future revisions of the Bitcoin software, and a way for users to easily confirm the soundness of their client.

Many of the denial-of-service threats to Bitcoin are of the type that could be remedied by pushing out an upgrade to the software.  The fact that the software MUST be upgraded in the future (e.g. to start breaking BTC into smaller decimals) is a sweet non-technical vulnerability that could be exploited by an adversary.

A coordinated effort to damage Bitcoin need only be a huge FUD campaign as to which is the true and correct client.

I suppose we may already have that in a roundabout sort of way: IIRC there is a Satoshi "message" feature based on a keypair owned by Satoshi, that could informally be used to say, "The good client's SHA1 hash is xxxx"... but all the better if the client could retrieve the "best" client via https and confirm its hash so its average user doesn't have to know what a SHA1 is.

No.  Doing this would open up a new attack vector, by hacking into Satoshi's own systems to capture that keypair.  As it is, that keypair isn't so valuable to an attacker.

[casascius]

No.  Doing this would open up a new attack vector, by hacking into Satoshi's own systems to capture that keypair.  As it is, that keypair isn't so valuable to an attacker.

How are they gonna hack it off his system if he keeps it offline, encrypted, and physically secure?

That's a standard best practice for any powerful key like that.

[MoonShadow]

No.  Doing this would open up a new attack vector, by hacking into Satoshi's own systems to capture that keypair.  As it is, that keypair isn't so valuable to an attacker.

How are they gonna hack it off his system if he keeps it offline, encrypted, and physically secure?

That's a standard best practice for any powerful key like that.

How do you, as a user downloading a program from someone on the Internet, know that you are talking to the real server for Satoshi's Bitcoin?  If the vanilla client were able to do such a thing, no one would question why any other such a client couldn't do such a thing.  Furthermore, how much trust are you willing to put into Satoshi, even if you can be certain that you are using the proper client?  Satoshi might not be using best practices, or might be waylaid by some statist prosecuter and forced to divulge his secret key, or any number of other possibilites.

[casascius]

No.  Doing this would open up a new attack vector, by hacking into Satoshi's own systems to capture that keypair.  As it is, that keypair isn't so valuable to an attacker.

How are they gonna hack it off his system if he keeps it offline, encrypted, and physically secure?

That's a standard best practice for any powerful key like that.

How do you, as a user downloading a program from someone on the Internet, know that you are talking to the real server for Satoshi's Bitcoin?  If the vanilla client were able to do such a thing, no one would question why any other such a client couldn't do such a thing.  Furthermore, how much trust are you willing to put into Satoshi, even if you can be certain that you are using the proper client?  Satoshi might not be using best practices, or might be waylaid by some statist prosecuter and forced to divulge his secret key, or any number of other possibilites.

Satoshi would generate a certificate with the private key - one time - for each binary he wanted to certify as giving him warm fuzzies.  That certificate, he could publish it any way he saw fit.  It would not require persistent online access to the private key.  Example, when you download a Windows update, your machine can validate all the downloads as genuine via the certificates they're sent with, without needing to knock on anyone's private key anywhere.  The public key is all that's needed for validating certs.  The private key is needed for making the certificate & nothing more.

as for whether I trust Satoshi, if he is being subject to "rubber hose cryptanalysis" for a key like that, it means Bitcoin is already suffering the very attack I envisioned, at which point Bitcoin has already got bigger problems by then.  Hopefully, communications from the early bitcoin community (including yourself) have some way to be reliably differentiated from the noise so you can speak on his behalf, that's exactly what publishing a public key now would enable down the road.

[casascius]

Further, instead of Satoshi alone, how about a keypair for every Hero Member of the board as of today, January 2011?  If a binary came accompanied with certificates from at least 50% (or some other reasonable percentage) of such individuals, it could be deemed good.  Those Feds would have to do a lot more rubber hosing to succeed.

The notion I'm suggesting now, is that the bitcoin community at this very moment is probably as trustworthy as it's ever going to get.  May as well add some protections to benefit from that.

[MoonShadow]

Further, instead of Satoshi alone, how about a keypair for every Hero Member of the board as of today, January 2011?  If a binary came accompanied with certificates from at least 50% (or some other reasonable percentage) of such individuals, it could be deemed good.  Those Feds would have to do a lot more rubber hosing to succeed.

The notion I'm suggesting now, is that the bitcoin community at this very moment is probably as trustworthy as it's ever going to get.  May as well add some protections to benefit from that.

Interesting idea, but this doesn't consider the possibility that hero members that may (or may not be) trustworthy today aren't corrupted or compelled in the future.  Trust me, the feds aren't concerned about the number of those on their list once they get the go-ahead; they can hire as many Alabama-Lie-Detectors as they may need.

This also doesn't consider the possibility that hero members may not be willing to carry the burden of security.

[kiba]

If you get it from bitcoin.org, properly secured, than it's ok?

[theymos]

If you get it from bitcoin.org, properly secured, than it's ok?

Maybe it's OK now, but your ISP could force you to download a modified version because Sourceforge doesn't support HTTPS. Or someone could infiltrate bitcoin.org/Sourceforge. Satoshi should sign the releases.

The only really safe method is to keep a local version of the source, check the code changes for every release, and compile from that checked code.

[FreddyFender]

The original Shareaza was taken over by ner' do-wells and the new product on sourceforge was full of malware. I remember switching BT clients immediately, and many unsuspecting people did an update which was "recommended" by the client almost immediately! It was like zer0day in reverse. We have to eventually use distributed methods to ensure validity of the client for bitcoin, possibly tying it to the same procedure as tx validations.

[Luke-Jr]

In fact, if we go with SI prefixes let's just hash it out right now.

How about not. SI sucks. 1 TBC = 0.00065536 BTC. Enjoy.

[Innomen]

Then people using bitcoin will simply switch to Linux, or have a separate Linux partition just for bitcoin.
If you use Linux only with software from signed repositories, it is virtually impossible to catch a virus.

You are thinking of the traditional garage made or botnet data thief virus that gets instantly detected and patched. You might want to brush up on the reality of actual state-level cybercrime or cyberwarfare.

I explained myself more fully in the other thread.

http://bitcointalk.org/index.php?topic=111.msg39486#msg39486

Stuxnet is a weaponized virus. Its a scary example of what can be achieved against a countries infrastructure.

Luckily bitcoin is not a country   

Fascinating. And a fine example of what I was talking about in the other thread. Thank you for your research. That is exactly the kind of attack I am speaking of. A well funded well organized intelligence community backed scorched earth attack on the bitcoins themselves. They'd only have to do it once and it would permanently wound the very notion of cryptocurrency despite the reality of any subsequent situation in much the same way as Chernobyl slaughtered nuclear power despite it over all being infinitely better for humanity than burning fossil fuels for power.

We have to do it right, and we have to do it right the first time or it will be the last time.

I actually think what Innomen is saying makes a lot of sense. Switching to Linux will not be possible for people who can barely operate Windows. It is not us, the technical people that need to worry about this, but since we try to convince more and more people to start using Bitcoin (for example I got a few of my friends into using Bitcoin, but most of them have no idea how it all works and I doubt they encrypt their wallet with TrueCrypt after every transaction and copy it to five different places), they will be the ones affected by the viruses. Once virus' authors realize there is money in it, they will save no effort to get to one's wallet.

Another VERY important aspect of this is that people need to be aware of the fact that after they copy their wallet into a safe place they should start using a new one. Why? Because most people make backup copies after a new transaction (I personally do that after a big transaction). Now, if an attacker or a virus manages to transfer coins from your account - your backup copy is useless. It's actually better if the virus corrupts your wallet instead of using it (if you have a backup). And, since the wallet is not encrypted, I suppose this is not impossible? Please correct me if I am wrong.

This. (And thank you.)

agree, winning the hearts of populace should be high on the list of priorities for bitcoin proponents when planning the roadmap.

Exactly, and to do that all reasonable concerns must be addressed and the demands/realities of non technical end-users must be considered reasonable, especially at this stage.