Bitcoin Forum
November 19, 2017, 12:28:40 PM *
News: Latest stable version of Bitcoin Core: 0.15.1  [Torrent].
 
   Home   Help Search Donate Login Register  
Pages: [1] 2 »  All
  Print  
Author Topic: Major flaw of Bitcoin found  (Read 4377 times)
ronaldlee0917
Full Member
***
Offline Offline

Activity: 238



View Profile
November 05, 2013, 02:20:02 AM
 #1

http://www.sciencedaily.com/releases/2013/11/131104112234.htm

But post-doctoral fellow Ittay Eyal and Prof. Emin Gün Sirer have discovered that the conventional wisdom is wrong. In a paper that was released on ArXiv today, they describe a mining strategy they call Selfish-Mine, which allows a group of colluding miners, known as a mining pool, to earn more than its fair share of compensation. Moreover, large mining pools can use this strategy to increase their revenue even more, at the expense of honest miners.

The implications of this result are devastating for the system, say Eyal and Sirer. Once a selfish mining pool forms, other miners will want to join that pool to increase their revenue. This process could lead to a takeover, where the selfish miners become a majority, control the global Bitcoin ledger, and the decentralized nature of the currency collapses.

Donation:    18zXsfnSvGjQFJ6pEiKMg2uWGcxUCfJLzu
Mastercoin - A new protocol layer built on top of Bitcoin
1511094520
Hero Member
*
Offline Offline

Posts: 1511094520

View Profile Personal Message (Offline)

Ignore
1511094520
Reply with quote  #2

1511094520
Report to moderator
Join ICO Now A blockchain platform for effective freelancing
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
tbcoin
Legendary
*
Offline Offline

Activity: 994



View Profile WWW
November 05, 2013, 02:21:35 AM
 #2

https://bitcointalk.org/index.php?topic=324413.0

Sorry for my bad english Wink
Bitcoin card for deposit and payment + Little POS
Donations:1N65efiNUhH6sEQg7Z6oUC76kJS9Yhevyf
wobber
Legendary
*
Offline Offline

Activity: 1064


View Profile
November 05, 2013, 02:22:25 AM
 #3

Panic seeds! Never trust a person named Eyal.

If you hate me, you can spam me here: 19wdQNKjnATkgXvpzmSrkSYhJtuJWb8mKs
goxed
Legendary
*
Offline Offline

Activity: 1694


Mining hardware dev and reviewer.


View Profile
November 05, 2013, 02:29:11 AM
 #4

Panic button! (:sarcasm:)

Looking to review Bitcoin / Crypto mining Hardware.
goxed
Legendary
*
Offline Offline

Activity: 1694


Mining hardware dev and reviewer.


View Profile
November 05, 2013, 02:29:38 AM
 #5

Panic seeds! Never trust a person named Eyal.

What's with Eyal?

Looking to review Bitcoin / Crypto mining Hardware.
SheHadMANHands
Legendary
*
Offline Offline

Activity: 952


View Profile
November 05, 2013, 02:34:50 AM
 #6

So this is really nothing new...   ok.
dree12
Legendary
*
Offline Offline

Activity: 1246



View Profile
November 05, 2013, 02:41:57 AM
 #7

Has anyone actually read the study? It seems like a legitimate problem from a cursory glance. Bitcoin miners should take steps to prevent selfish mining.

As the paper points out, what we thought was a 51% attack looks to be a 26% attack.
TERA
Hero Member
*****
Offline Offline

Activity: 546



View Profile
November 05, 2013, 02:44:27 AM
 #8

I don't think anyone who is buying bitcoin would even care about anything to do mining as long as their own coins weren't affected and the network still worked.
Elwar
Legendary
*
Offline Offline

Activity: 2282


www.bitpools.com


View Profile WWW
November 05, 2013, 02:48:13 AM
 #9

Wow, not even a jitter in the Bitcoin price with this coming out. This is quite the stable rise.

http://www.bitpools.com
Pool your bitcoins with others. Vote on solutions using the Bitcoin blockchain. Keep your bitcoins in your cold storage until you find a solution you like.
Links and Reviews of useful every day places to spend bitcoins: https://bitcointalk.org/index.php?topic=943143.0
TERA
Hero Member
*****
Offline Offline

Activity: 546



View Profile
November 05, 2013, 02:51:47 AM
 #10

Yeah much more stronger than when "the debt ceiling didn't pass" dropped it by 14%
dree12
Legendary
*
Offline Offline

Activity: 1246



View Profile
November 05, 2013, 02:55:08 AM
 #11

Bitcoin miners should take steps to prevent selfish mining.

Yes, miners should be using P2Pool. Developers should integrate P2Pool into the default client to encourage this.

There hasn't been much of a reason for them (miners) to do so yet. If they (miners) find their source of income dwindling because of a potential threat, that may (or may not) change.

Is there evidence that P2Pool would alleviate the situation? So long as P2Pool is honest, it seems the selfish mining strategy still gives an advantage. The real way to solve this is a change to the consensus algorithm.
notme
Legendary
*
Offline Offline

Activity: 1848


View Profile
November 05, 2013, 02:58:42 AM
 #12

Has anyone actually read the study? It seems like a legitimate problem from a cursory glance. Bitcoin miners should take steps to prevent selfish mining.

As the paper points out, what we thought was a 51% attack looks to be a 26% attack.

I just read it.  They misunderstand one key thing:
Quote
Currently, when there are two branches of equal length, the choice of each miner is arbitrary, effectively determined by the network topology and latency. Our change explicitly randomizes this arbitrary choice, and therefore does not introduce new vulnerabilities.

The choice is not arbitrary.  Miners work on the first block they see.

The "attack" is to withold a found block until someone else publishes a block.  Then you publish your block and split the miners.  Except, you didn't broadcast until you saw the other block.  And by that time, probably half of the network had seen it too.  So that leaves you, a single broadcast node competing against the broadcast power of half the nodes in the network for the remaining portion the mining power.

Their "fix" is to randomize the choice any time a node sees a different fork than the one they see.  Not only does this require you to track each fork (so they don't spam you with the same one, eventually you would "randomly" choose it), but it allows their attack a chance to work.  Without their proposed fix, they would be pissing into the wind.

https://www.bitcoin.org/bitcoin.pdf
While no idea is perfect, some ideas are useful.
12jh3odyAAaR2XedPKZNCR4X4sebuotQzN
BitcoinAshley
Sr. Member
****
Offline Offline

Activity: 448



View Profile
November 05, 2013, 03:01:56 AM
 #13

EDIT: This is basically what notme said above, except with more words. Paper is fail. Flaw is not "major" and proposed fix in some way makes the exploit easier. TL;DR is the parts that I bolded. Gmaxwell to the rescue:

[...]
We've (or, at least, I have, see also Bytecoin's analysis in 2010) evaluated this general attack before but the simplest version of it just doesn't work out (in theory, or in simulation): Without significant hash-rate delaying your blocks ends up increasing the risk that you get orphaned since nodes prefer the first block they heard. The contribution of the paper (to my thinking, at least) is to assume that an attacker can also sybil attack the network, and in doing so can run nodes which will release blocks produced by the attacking miners in response to hearing a new block from the honest miners. So where the sybil attack is successful the delay does not confer a disadvantage and then the attack works (with increasing effectiveness the more effective the sybiling is and the more hashrate the attacker has).

Their proposed solution, which is offered without extensive analysis, is to relay all blocks, even late ones, and then choose the preferred block in ties at random. Ignoring collateral vulnerabilities which a hasty implementations of forward-all might create, I believe this proposal has a problem in that it creates a selfishness advantage even without any sybil attack at all, so long as the selfish miner has enough hashrate.  I believe this is a bad tradeoff because the degree of sybil vulnerability between mining nodes is likely much lower than assumed (many miners pin up connections to well known nodes and each other), and because we already have pools large enough to take advantage of the tradeoff vulnerability this creates.

Perhaps more importantly:  There are much worse vulnerabilities for us if attackers can perform successful large scale sybil attacks against miners.  In particular, if they're able to do that they could partition the network into two 50/50 hashrate groups and then drop blocks between them and hand conflicting transactions to each group and produce many-confirmed double-spends without having any hashrate at all.

As I've posted several times of Bitcointalk: beyond the cryptographic assumptions Bitcoin makes _two_ additional security assumptions: That an attacker doesn't control a majority of the hashrate and, quoting Satoshi, "the nature of information being easy to spread but hard to stifle", effectively— that an attacker can't substantially isolate or partition the honest participants.

With this in mind, rather than rushing in any changes in the consensus algorithm I recommend we take the following actions:

(0) Make a new concerted manual anti-sybil effort to ensure that all large miners are well connected to strong relaying nodes, including a mixture of public and non-public nodes (non-public for DOS resistance), in order to make partitioning miners infeasible.
(1) Evaluate our sybil resistance more generally and consider what measures and automation we could add to make sybil attacks harder (including supporting authenticated peering, or measures like including addr messages in coinbase txns to jam addr message manipulation).
(2) Build better stats collection for monitoring network wide orphaning.
(3) Improve node scalability (e.g. make it possible to support nodes with larger numbers of connections)

(Maybe it would also be useful to instrument miner software to detect block delaying, in the same way bfgminer will detect a pool issuing work that conflicts its own prior work)

It may ultimately make sense to change the consensus preference for _very_ near ties (e.g. ones which arrive with time differences comparable in scale to the difference in latency between your peers), but I think we need to be very careful that we don't trade a potentially irrelevant problem (because its either infeasible or if its not infeasible we have much worse problems) for a practically exploitable one. Making our infrastructure stronger against sybils has many benefits and has been on and off the radar for a long time, and AFAICT if we prevent miner from being partitioned/intermediated by sybils we close the concerns here.
goxed
Legendary
*
Offline Offline

Activity: 1694


Mining hardware dev and reviewer.


View Profile
November 05, 2013, 03:42:01 AM
 #14

The author Explained with Donald Duck cartoons Smiley Academics is a joke these days. http://hackingdistributed.com/2013/11/04/bitcoin-is-broken/








Looking to review Bitcoin / Crypto mining Hardware.
Elwar
Legendary
*
Offline Offline

Activity: 2282


www.bitpools.com


View Profile WWW
November 05, 2013, 03:49:51 AM
 #15

I find it interesting that the old methods of attack do not even get a blink out of Bitcoin users.

University professors take it on, politicians try to stop it.

I fully expect a public attack by George Clooney at any moment which will be seen as the final nail in the coffin of this whole "Bitcoin" idea to be followed shortly thereafter by a rise in the price of Bitcoin. And the establishment will be flaberghasted that people are not dropping it left and right.

http://www.bitpools.com
Pool your bitcoins with others. Vote on solutions using the Bitcoin blockchain. Keep your bitcoins in your cold storage until you find a solution you like.
Links and Reviews of useful every day places to spend bitcoins: https://bitcointalk.org/index.php?topic=943143.0
TERA
Hero Member
*****
Offline Offline

Activity: 546



View Profile
November 05, 2013, 04:22:53 AM
 #16

The Chinese probably know nothing about bitcoin, other than that it's going up and making them money.
Shallow
Sr. Member
****
Offline Offline

Activity: 280


View Profile
November 05, 2013, 05:07:47 AM
 #17

FUD  Grin

BarkinTree
Full Member
***
Offline Offline

Activity: 204



View Profile
November 05, 2013, 05:10:21 AM
 #18

Wow, not even a jitter in the Bitcoin price with this coming out. This is quite the stable rise.
i don't think bad news can really affect a bull market like this. this rally wont stop till the bubble is ready to pop.  Cool
crazy_rabbit
Legendary
*
Offline Offline

Activity: 1176


RUM AND CARROTS: A PIRATE LIFE FOR ME


View Profile
November 05, 2013, 09:47:47 AM
 #19

Wow, not even a jitter in the Bitcoin price with this coming out. This is quite the stable rise.

Because this 'major flaw' isn't relevant to bitcoin as it is right now.

more or less retired.
Erdogan
Hero Member
*****
Offline Offline

Activity: 812


View Profile
November 05, 2013, 01:15:00 PM
 #20

I find it interesting that the old methods of attack do not even get a blink out of Bitcoin users.

University professors take it on, politicians try to stop it.

I fully expect a public attack by George Clooney at any moment which will be seen as the final nail in the coffin of this whole "Bitcoin" idea to be followed shortly thereafter by a rise in the price of Bitcoin. And the establishment will be flaberghasted that people are not dropping it left and right.

We don't blink, because we know more. It is they who will be hit. They are like wandering zombies, and when bitcoin hits, they will never know what it is before it is too late.

Pages: [1] 2 »  All
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!