croraf (OP)
Newbie
Offline
Activity: 10
Merit: 1
|
|
December 04, 2017, 02:06:34 PM |
|
Attack example:
1. Make several large transactions in block X and wait for N blocks. 2. Contact more than 50% of miners (for example large pools) and bribe them in real life to make a fork just before block X and to mine on that fork for N blocks. So the old branch becomes obsolete.
3. For a bribe you offer reward that is several times (let's say 3x) larger than the reward for N blocks.
------------------------------------------------------------ Conclusion: The parties you paid to in block X will be accept your payment (as you picked N as 15 for example), and after rewind you get your bitcoins back.
|
|
|
|
pebwindkraft
|
|
December 04, 2017, 05:38:45 PM |
|
I am asking myself, why this is the third question of this crazy construct within this week... coincidence?
So: why would the miners accept this? When they know, that afterwards the currency is out of value? They can't even use the remaining hardware to mine other coins, cause they know, that history shows, when bitcoin goes down, all other currencies go down - and vice versa. The incentive for the miners is not recognizable.
Besides that nobody knows, how many miners there are (yes, there are pools, but then what?), you would need +8billion to bribe the miners. 16 billion is the amount of newly generated bitcoins at a rate of 10.000 Euro/CHF/USD ... To whom would go the transactions of this size? To an exchange? to a bank? Who would be your counter party? Who is going to loose the large amount, if you take "your" transaction back with the miners after 15 blocks? I guess, nobody takes a risk, that is higher than everything else that have been seen before? An alien bank perhaps, that doesn't care, if they loose 16billion?
This is not an attack on bitcoin currency. This is an attack construction, which has no visible chance of getting realized. As such the headline and the word "attack" is highly misleading.
|
|
|
|
|
sigmabe
Newbie
Offline
Activity: 22
Merit: 0
|
|
December 04, 2017, 05:55:29 PM Last edit: December 04, 2017, 06:23:33 PM by sigmabe |
|
I think, I'm the one with the "crazy" attack construction, so I think I should answer... If it is crazy, why can't everybody give an easy logical reason, why it doesn't work. By the way, this here is less crazy than my construction and there are also papers dealing with this so called whale attack, look for example in https://www.cs.umd.edu/~gasarch/reupapers/bitcoin.pdf (suggested by Pieter Wuille on stackexchange) If it's obvious till "day 1" that we can do this attack, why isn't there anybody who does it?
|
|
|
|
DannyHamilton
Legendary
Offline
Activity: 3486
Merit: 4851
|
|
December 04, 2017, 06:26:56 PM |
|
I think, I'm the one with the "crazy" attack construction, so I think I should answer...
If it is crazy, why can't everybody give an easy logical reason, why it doesn't work.
It does work. It just isn't typically profitable. It is too difficult and expensive to gain control over enough hash power for a long enough amount of time to make the attack profitable. If you do have control over enough hash power to complete the attack, then in the majority of scenarios it is more profitable to engage cooperatively than maliciously. If it's obvious till "day 1" that we can do this attack, why isn't there anybody who does it?
Too expensive and difficult to accomplish. Less profitable than cooperative engagement.
|
|
|
|
croraf (OP)
Newbie
Offline
Activity: 10
Merit: 1
|
|
December 04, 2017, 06:29:44 PM |
|
Sorry. I posted this again as simgabe said his thread did not receive attention. But actually there are some replies there and a lot of views.
Well there is significant money in crypto-currencies and money will stay there. If an attack on bitcoin happens money and miners will migrate to other currencies that don't allow such attacks.
I think this attack shows 51% attack is much more affordable and easy to achieve.
|
|
|
|
croraf (OP)
Newbie
Offline
Activity: 10
Merit: 1
|
|
December 04, 2017, 06:36:17 PM |
|
I think, I'm the one with the "crazy" attack construction, so I think I should answer...
If it is crazy, why can't everybody give an easy logical reason, why it doesn't work.
It does work. It just isn't typically profitable. It is too difficult and expensive to gain control over enough hash power for a long enough amount of time to make the attack profitable. If you do have control over enough hash power to complete the attack, then in the majority of scenarios it is more profitable to engage cooperatively than maliciously. If it's obvious till "day 1" that we can do this attack, why isn't there anybody who does it?
Too expensive and difficult to accomplish. Less profitable than cooperative engagement. Well this attack shows that it IS more profitable for both miners and attacker to execute the attack rather than just cooperate. And that is easy to achieve (you just have to contact handful of top pools) and relatively inexpensive (to execute you pay let's say =N*3, where N is reward for N blocks, and you can take N as 15 for example).
|
|
|
|
Borilla
Jr. Member
Offline
Activity: 83
Merit: 1
|
|
December 04, 2017, 06:53:44 PM |
|
the bribe should be paid with fees if you want bribed miners to keep working on the whale-chain
that would be a visible attack, more like a an announced fork with a new whale coin and the original coin
so not much difference than a normal fork where devs and miners are bibred with premined shit coins and whatever , cheaper for Alice
i'm curious when that paper was written, seems very innocent
|
|
|
|
sigmabe
Newbie
Offline
Activity: 22
Merit: 0
|
|
December 04, 2017, 07:03:31 PM |
|
Sorry for doing discussion in two posts, it was my idea that croraf could ask with the simpler formulation because I had the hope for more understanding and there was only one post to my question till then. Maybe there's an moderator who can do the posts together.
Yes, in usual whale attack you bribe with fees, but why shouldn't you bribe them in real life? I think it's even better - and this is addition in my post - to do things together with shorts. So you can also bribe miners with shorts and so they are interested in destroying the coin. Maybe this is an old attack scenario, but maybe not. The question is how to realize the big short positions and this is much easier today, because with the hype on coins financial institutes start to offer shorts even leveraged 25x.
|
|
|
|
DannyHamilton
Legendary
Offline
Activity: 3486
Merit: 4851
|
|
December 04, 2017, 07:20:16 PM |
|
Maybe there's an moderator who can do the posts together.
Just lock one thread. You can do that yourself. In the future, avoid creating sockpuppet accounts, and posting the same thing multiple times. It's a good way to get yourself ignored by people that are interested in intelligent discussion, and you'll end up spending all your time taking to silly sig ad farmers. People have been talking about 51% attacks for nearly a decade now. Satoshi even laid out some of the math behind it in section 11 of the original whitepaper. There are thousands of posts, blocks, YouTube videos, maths papers, and articles written about it. You'll probably be better off doing some research and reading up on it than trying to find someone here that feels like going over all the same points for the X thousandth time. However, when I'm not too busy I'll stop in and take a look at what you've written and see if your maths adds up. Given the history of discussions, I'll be surprised if you discovered anything new, but I won't rule it out without giving it a bit of a look.
|
|
|
|
sigmabe
Newbie
Offline
Activity: 22
Merit: 0
|
|
December 04, 2017, 07:39:17 PM |
|
croraf is no sockpuppet account but a user of stackoverflow I don't know. I think there's no easy way to proof this, but just look at the discussion between my "sockpuppet" and me in https://bitcoin.stackexchange.com/questions/63914/egoistic-miners-combined-with-large-transactions-destroy-powa make you your own picture. There is a reason for the two posts beside to get more attention. I wasn't clear if we have the same points in argumentation and his argumentation is more humble, I can't say thinks so simple. Also I think call a real person sockpuppet isn't fine... I think both threads contain argumentation so it's not a good idea to lock one. Also you don't know how much I know about bitcoin, maybe I'm Satoshi, oh no my Enlish is to bad... But I've read and maybe understood the whitepaper and some other things... Possibly there is a simple fault in my argumentation, but then somebody can show it and the thing is done. Coming from math background, I don't like historical argumentation, you can't do a new step if you use this argumentation line. Thousands of years people don't know about sheafs and geometry, but this doesn't show that Grothendieck was a fool doing such new concepts. It would be very kind, if you take a look on argumentation line, when you are not too busy.
|
|
|
|
sigmabe
Newbie
Offline
Activity: 22
Merit: 0
|
|
December 04, 2017, 07:55:38 PM |
|
So: why would the miners accept this? When they know, that afterwards the currency is out of value?
For profit, the bribe should be high enough. I've they are bribed with shorts they are interested in a low value of currency Besides that nobody knows, how many miners there are (yes, there are pools, but then what?), you would need +8billion to bribe the miners. 16 billion is the amount of newly generated bitcoins at a rate of 10.000 Euro/CHF/USD ...
This is not an attack on bitcoin currency. This is an attack construction, which has no visible chance of getting realized. As such the headline and the word "attack" is highly misleading.
I've written some numbers in the other post. To whom would go the transactions of this size? To an exchange? to a bank? Who would be your counter party? Who is going to loose the large amount, if you take "your" transaction back with the miners after 15 blocks? I guess, nobody takes a risk, that is higher than everything else that have been seen before? An alien bank perhaps, that doesn't care, if they loose 16billion?
You can do many medium large transactions instead of one very big. In my version of argumentation in the other post you can do this over a long time (as long as you hold the short), so nobody sees very high transactions.
|
|
|
|
DannyHamilton
Legendary
Offline
Activity: 3486
Merit: 4851
|
|
December 04, 2017, 07:56:24 PM |
|
croraf is no sockpuppet account but a user of stackoverflow I don't know.
Perhaps. Perhaps not. Either way, the replication is annoying at best. Also I think call a real person sockpuppet isn't fine...
There are thousands of them around here. If it looks like a sockpuppet, and it sounds like a sockpuppet, it gets treated as a sockpuppet. The alternative is to waste hundreds of valuable hours reading and responding to nonsense. I think both threads contain argumentation so it's not a good idea to lock one.
Up to you, but I doubt any moderator will join them. Also you don't know how much I know about bitcoin, maybe I'm Satoshi,
Seems exceedingly unlikely given your willingness to repeat an age-old argument. oh no my Enlish is to bad... Your english doesn't matter to me. Where did I say that it did? But I've read and maybe understood the whitepaper and some other things...
Perhaps a bit more reading is in order? Possibly there is a simple fault in my argumentation, but then somebody can show it and the thing is done. Coming from math background, I don't like historical argumentation, you can't do a new step if you use this argumentation line.
I'm not saying that history is proof. Even mathematicians learn about the maths that has already been completed before them. That way they don't waste time on things that are already solved, and the don't waste time on things that are already proven. I'm not saying "it's been discussed, therefore you are wrong". I'm saying, "It's been discussed, so do some research and make sure that you aren't just repeating something that has already been answered. We are not your personal army, and I'm not here to do for you what you can do for yourself. I'll help you where I can and where I feel like it, but in the end you are responsible for your own education around here. It would be very kind, if you take a look on argumentation line, when you are not too busy.
I'll take a look. Just not right now.
|
|
|
|
Borilla
Jr. Member
Offline
Activity: 83
Merit: 1
|
|
December 04, 2017, 08:16:36 PM |
|
Yes, in usual whale attack you bribe with fees, but why shouldn't you bribe them in real life?
you ask for answers but you don't seem to take time to read or understand them. what's the purpose of the attack? a double spent? then you want the miners to keep mining your whale-chain if you want to benefit from it. And i don't think your whale-coin would be worth much until it becomes accepted. The short is an other problem i think. If you buy huge amont of shorts price should go down anyway? so your (2nd) idea is to buy some shorts and then attack the block chain to make it more efficient?
|
|
|
|
sigmabe
Newbie
Offline
Activity: 22
Merit: 0
|
|
December 04, 2017, 08:27:51 PM Last edit: December 04, 2017, 08:41:33 PM by sigmabe |
|
Sorry, if I haven't understood your comment.
I want to do double spending while holding a short position. I want the miners to destroy the coin. I think this version of the attack is stronger as the version of croraf. So I want that the coin isn't worth much. Profits are from the short and the double spending, so you get a factor 2 in calculation and we mustn't care about some comparable low fees that are somewhere around.
EDIT: Maybe I don't understand your comment till now. What is called the "whale-coin"? Is it the coin which stays after whale attack, as I interpreted it?
|
|
|
|
razzbee
Full Member
Offline
Activity: 182
Merit: 100
Transcodium - The Future of Transcoding
|
|
December 04, 2017, 08:30:03 PM |
|
well,the hack might work, but unless you are some drug baron, bribing >50% miners might need some huge cash and time
|
|
|
|
sigmabe
Newbie
Offline
Activity: 22
Merit: 0
|
|
December 04, 2017, 08:36:14 PM |
|
I've done some calculation in the other post, yes you need billions. But if argumentation is correct the big mining pools would be the first to try the attack together and so they have as costs only the fees of the short position, they own the hardware already. I estimated the cost for the fee of the short as about 2 billion. But big mining pools own hardware worth about 10 billion, so they should have possibilities to get the cash.
|
|
|
|
Borilla
Jr. Member
Offline
Activity: 83
Merit: 1
|
|
December 04, 2017, 08:56:49 PM |
|
Sorry, if I haven't understood your comment.
I want to do double spending while holding a short position. I want the miners to destroy the coin. I think this version of the attack is stronger as the version of croraf. So I want that the coin isn't worth much. Profits are from the short and the double spending, so you get a factor 2 in calculation and we mustn't care about some comparable low fees that are somewhere around.
EDIT: Maybe I don't understand your comment till now. What is called the "whale-coin"? Is it the coin which stays after whale attack, as I interpreted it?
so again, the proposed attack is a fork, bribed miners mine (whale coin) on what i call the whale-chain honest miners mine the original chain yeah you get a factor 2 because you're mixing 2 different things that should be looked at independently
|
|
|
|
sigmabe
Newbie
Offline
Activity: 22
Merit: 0
|
|
December 04, 2017, 09:11:14 PM |
|
Ok, but what is the question there? Yes, bribed miners, which are a majority, mine on the whale-chain, and when community notices that they are sucessful, the currency goes down. If currency isn't totally down after sucessful double spending, they use their mining power to do other strange things and when community notices there is a masacre now and you can trust nobody, they will all leave the coin and so the access is sucessful.
Why can't we do double spending and holding the short together? Is there a wrong assumption in scenario?
|
|
|
|
sigmabe
Newbie
Offline
Activity: 22
Merit: 0
|
|
December 05, 2017, 05:43:29 AM |
|
yeah you get a factor 2 because you're mixing 2 different things that should be looked at independently
After sleeping for a while I think I see your point. There is no factor 2. Using the short only bring down risks. If we lend X coins worth 10 billion $ to use in a majority attack as value of our double spending, we have double spend benefit of 10 billion $ if the attack is sucessful. We still hold the coins after the attack, because we have double spended them, and so we can give them back to the one who has offered the us the lending of the coins. So argumentation is independent from the worth of the coin after the attack. But we get the profit only ones and there is no factor 2. In argumention line of croraf, we use our own coins worth 10 billion $ for double spending in the majority attack. So if currency is down afterwards our double spended coins are worthless and so there is no profit. But if currency isn't completely down, say it has half the value from before, we still hold coins worth 5 billion $ and so we have a profit of 5 billion $. Do I see it correct now? Than I would cancel factor 2 from calculation. But there is still a huge profit from the attack and the profit is for free without any risk because majority attack is always sucessful if you really have majority of mining power and as I showed above profit is independent from worth of the coin after attacking.
|
|
|
|
|