Bitcoin Forum
August 21, 2018, 07:25:55 AM *
News: Latest stable version of Bitcoin Core: 0.16.2  [Torrent].
 
   Home   Help Search Donate Login Register  
Pages: [1] 2 3 4 5 6 7 8 9 10 11 12 13 14 »  All
  Print  
Author Topic: Transactions Withholding Attack  (Read 27317 times)
AnonyMint
Hero Member
*****
Offline Offline

Activity: 518
Merit: 500


View Profile
November 17, 2013, 07:22:44 AM
 #1

I have been mentioning this postulated attack on Bitcoin for months in various posts of mine. I figured it was time to give it a thread, so we can discuss it.

I think it is an economic attack, so I place it in the Economics forum. Also because I don't get good reception from Bitcoin developers when I try to post in the developers forums. Lets see if they ignore this thread or come post to refute it. I doubt they will.

Once Bitcoin's coin rewards decline to less than can pay for the miner's costs, e.g. <1% per annum debasement by 2033 and <0.2% by 2040, then transaction fees are supposed to fund miners. The following attack applies whether transactions are voluntary, variable, fixed, or mandatory-- it makes no difference.

But a cartel (e.g. Amazon.com) could for example harvest transactions from its vast network and keep them without forwarding them to other miners. Then put them on the blocks found by its own mining servers. This would starve the rest of the network of funding and eventually the cartel would be doing all the mining. They could even offer 0% transaction fees (even refund mandatory tx fees) to entice more of the masses to process through their servers.

That is the same as turning Bitcoin into a centralized currency, and thus eventually controlled by the government and thus back to fiat again.

Note this postulated attack wouldn't be possible for 20 years or so, so this is a long-term issue. The problem is if we wait, it will be too late to undo and revert, because we only get one chance to create a digital currency that the masses adopt. Once they adopt one, they will stay with that one due to inertia and network effects.

Thus I see Bitcoin is doomed and it is not a solution to anything long-term, although short-term it shows us what might be possible with decentralized currencies if we were to improve them.

http://hackingdistributed.com/2013/11/08/fairweather-mining/#comment-1126378553

Quote from: AnonyMint
Quote from: cunicula
1) declining block reward and constant gains from monopoly fees

I believe I am the first person to raise that in my Bitcoin : The Digital Kill Switch article? I am naming it the "transactions withholding attack" since it means not forwarding transactions in order to monopolize transaction fees, as coin rewards diminish.

Do you know of any prior art to mine? Do you know of any discussion on this attack other myself constantly mentioning it and no one seemingly willing to discuss it? (because the only solution I see is to change Bitcoin's diminishing coin rewards supply curve)

Other recent discussion:

https://bitcointalk.org/index.php?topic=318001.msg3607709#msg3607709



Related. I have shown there is no economic advantage to a money supply that is constant:

https://bitcointalk.org/index.php?topic=13035.msg3609132#msg3609132
https://bitcointalk.org/index.php?topic=222998.msg3607535#msg3607535

unheresy.com - Prodigiously Elucidating the Profoundly ObtuseTHIS FORUM ACCOUNT IS NO LONGER ACTIVE
1534836355
Hero Member
*
Offline Offline

Posts: 1534836355

View Profile Personal Message (Offline)

Ignore
1534836355
Reply with quote  #2

1534836355
Report to moderator
1534836355
Hero Member
*
Offline Offline

Posts: 1534836355

View Profile Personal Message (Offline)

Ignore
1534836355
Reply with quote  #2

1534836355
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1534836355
Hero Member
*
Offline Offline

Posts: 1534836355

View Profile Personal Message (Offline)

Ignore
1534836355
Reply with quote  #2

1534836355
Report to moderator
1534836355
Hero Member
*
Offline Offline

Posts: 1534836355

View Profile Personal Message (Offline)

Ignore
1534836355
Reply with quote  #2

1534836355
Report to moderator
1534836355
Hero Member
*
Offline Offline

Posts: 1534836355

View Profile Personal Message (Offline)

Ignore
1534836355
Reply with quote  #2

1534836355
Report to moderator
Foxpup
Legendary
*
Offline Offline

Activity: 2282
Merit: 1107



View Profile
November 17, 2013, 07:43:19 AM
 #2

Damn. If only there was a way the originator of a transaction could directly connect to multiple mining pools of his own choosing and send his transaction to all of them simultaneously. Oh wait, there is a way: the way I just said. Roll Eyes

Will pretend to do unverifiable things (while actually eating an enchilada-style burrito) for bitcoins: 1K6d1EviQKX3SVKjPYmJGyWBb1avbmCFM4
AnonyMint
Hero Member
*****
Offline Offline

Activity: 518
Merit: 500


View Profile
November 17, 2013, 07:46:37 AM
 #3

Damn. If only there was a way the originator of a transaction could directly connect to multiple mining pools of his own choosing and send his transaction to all of them simultaneously. Oh wait, there is a way: the way I just said. Roll Eyes

I think you missed my point. That is why I had linked to discussion where I had already refuted this.

The masses don't see that in this attack. They see Amazon.com's website (or partner network) and click a button to buy.

You assume the masses are smart and concerned enough to demand their clicks on Amazon.com go to multiple miners. Sorry that is not the way the masses behave. I have much experience in marketing on the internet. Users click and and want to be done it. They just want their damn pizza. They don't get a rat's ass about your technological nirvana.

(take your rolly eyes smartass attitude and shove it up your ignorant ass. I am much more intelligent than you know and much more well studied on these issues. Beware)

unheresy.com - Prodigiously Elucidating the Profoundly ObtuseTHIS FORUM ACCOUNT IS NO LONGER ACTIVE
jipper3691
Newbie
*
Offline Offline

Activity: 26
Merit: 0



View Profile
November 17, 2013, 07:47:13 AM
 #4

gavin andresen is hugely keen to get as much constructive criticism as possible and the first step i believe is to have your theory peer reviewed before the developer team would consider looking at it or wether an action would be required. this is fair as only today i read a theory on twitter that bitcoin price rise was a short squeeze and reprinted by several msm pundits on twitter. they need to have theories filtered at a fairly high level or else its just unwanted noise

Do not donate to this address 184hrB9GNJpQaLr5yqwxyZAjZWtB3t88Ek
the last thing i need right now is sympathy
Chaz
Member
**
Offline Offline

Activity: 71
Merit: 10


View Profile
November 17, 2013, 07:48:38 AM
 #5

Damn. If only there was a way the originator of a transaction could directly connect to multiple mining pools of his own choosing and send his transaction to all of them simultaneously. Oh wait, there is a way: the way I just said. Roll Eyes

I think you missed my point. That is why I had linked to discussion where I had already refuted this.

The masses don't see that in this attack. They see Amazon.com's website (or partner network) and click a button to buy.

You assume the masses are smart and concerned enough to demand their clicks on Amazon.com go to multiple miners. Sorry that is not the way the masses behave. I have much experience in marketing on the internet. Users click and and want to be done it. They just want their damn pizza. They don't get a rat's ass about your technological nirvana.

(take your rolly eyes smartass attitude and shove it up your ignorant ass. I am much more intelligent than you know and much more well studied on these issues. Beware)

How do Amazon get to say how my transaction is sent from blockchain.info when I click their buy button (or any other wallet for that matter)?

1FsQJtY4vbvbkJj4Pd869rDcbFmu11RHge
AnonyMint
Hero Member
*****
Offline Offline

Activity: 518
Merit: 500


View Profile
November 17, 2013, 07:50:49 AM
 #6

gavin andresen is hugely keen to get as much constructive criticism as possible and the first step i believe is to have your theory peer reviewed before the developer team would consider looking at it or wether an action would be required. this is fair as only today i read a theory on twitter that bitcoin price rise was a short squeeze and reprinted by several msm pundits on twitter. they need to have theories filtered at a fairly high level or else its just unwanted noise

My Bitcoin : The Digital Kill Switch article was published at marketoracle many months ago and I have a thread on this bitcointalk.org for that article with 100s of posts. How much more peer review does it need.

unheresy.com - Prodigiously Elucidating the Profoundly ObtuseTHIS FORUM ACCOUNT IS NO LONGER ACTIVE
AnonyMint
Hero Member
*****
Offline Offline

Activity: 518
Merit: 500


View Profile
November 17, 2013, 07:53:00 AM
 #7

How do Amazon get to say how my transaction is sent from blockchain.info when I click their buy button (or any other wallet for that matter)?

Read the link I provided in my OP. I will quote from it for you.

All transactions get propagated through the entire network of bitcoin users, with miners eventually also hearing them. So if you suggest that a mining cartel can somehow keep transactions from being broadcast, and keep other competing miners from hearing about them and mining them too, you are mistaken.

You are incorrect. If Amazon offers a downloadable client (or even one that runs from their website), which sends the transactions to their server, they have no obligation to forward the transactions to other miners.

So, if you are using an Amazon wallet app, and I am using some other wallet app, and you try to send me coins, how will I know whether you sent them if you only send them to Amazon's servers? It would essentially cut everyone using Amazon clients off from the rest of the bitcoin network. Why would anyone want to use such an app? Bitcoin transactions primarily work because they are propagated P2P through the network from person to person. Miners just sit on the perifere catching these transactions as they pass by and adding them to blocks.

Fact:

You are conflating the publication of block solutions with the propagation of transactions before the fact.

You don't understand well the way Bitcoin works.

unheresy.com - Prodigiously Elucidating the Profoundly ObtuseTHIS FORUM ACCOUNT IS NO LONGER ACTIVE
Chaz
Member
**
Offline Offline

Activity: 71
Merit: 10


View Profile
November 17, 2013, 07:57:57 AM
 #8

Thanks for the link, but I must be dumb, I can't work out whether that answers my question. Explain like I'm 5 please... How do Amazon control my blockchain.info wallet, I'm not using Amazon's downloadable wallet.

1FsQJtY4vbvbkJj4Pd869rDcbFmu11RHge
AnonyMint
Hero Member
*****
Offline Offline

Activity: 518
Merit: 500


View Profile
November 17, 2013, 08:08:04 AM
 #9

Thanks for the link, but I must be dumb, I can't work out whether that answers my question. Explain like I'm 5 please... How do Amazon control my blockchain.info wallet, I'm not using Amazon's downloadable wallet.

Okay I apologize. I need to remember I speak to different audiences with different expertise.

A miner collects transactions then calculates a mathematical hash of them, then proceeds to search for a solution to the proof-of-work puzzle for that hash. If the miner finds the solution first, the miner publishes it to (other miners and eventually it is published to) the blockchain.info.

So the blockchain.info only records transactions that are in already solved blocks.

Normally miners share transactions and pass them around to each other, so that which ever miner solves the next block, those transactions will be included.

But it doesn't have to be that way.  A miner could decide to not share his transactions with other miners, thus if the other miners solve the next block, the withheld transactions won't be that block.

So you might say then that Amazon.com customers would be angry if Amazon withheld, because transactions would be slower (they would wait until one of Amazon's miners solved a block). But I have several rebuttals to such a rebuttal.

unheresy.com - Prodigiously Elucidating the Profoundly ObtuseTHIS FORUM ACCOUNT IS NO LONGER ACTIVE
Foxpup
Legendary
*
Offline Offline

Activity: 2282
Merit: 1107



View Profile
November 17, 2013, 08:12:39 AM
 #10

Oh, I see, so you envision a world in which everyone uses Amazon.com's wallet app. "The masses" may be stupid, but they're not so stupid that they'll use a wallet service that takes far longer than every other wallet service for their transactions to get confirmed.

take your rolly eyes smartass attitude and shove it up your ignorant ass.
How can my ass be both smart and ignorant at the same time? Huh

I am much more intelligent than you know and much more well studied on these issues. Beware
Beware of what? Unlike you, I am not afraid of knowledge.

A miner collects transactions then calculates a mathematical hash of them, then proceeds to search for a solution to the proof-of-work puzzle for that hash. If the miner finds the solution, the miner publishes it to (other miners and eventually it is published to) the blockchain.info.

So the blockchain.info only records transactions that have in already solved blocks.
Blockchain.info is a web service, and is unrelated to the Bitcoin blockchain except in name. Maybe you need to well study it some more.

Will pretend to do unverifiable things (while actually eating an enchilada-style burrito) for bitcoins: 1K6d1EviQKX3SVKjPYmJGyWBb1avbmCFM4
AnonyMint
Hero Member
*****
Offline Offline

Activity: 518
Merit: 500


View Profile
November 17, 2013, 08:13:08 AM
 #11

So you might say then that Amazon.com customers would be angry if Amazon withheld, because transactions would be slower (they would wait until one of Amazon's miners solved a block). But I have several rebuttals to such a rebuttal.

Main rebuttal is Amazon could accept 0-confirmation transaction and let the withheld data sit on its own miners until they win a block solution. The customer wouldn't notice.

I have other possible scenarios for how the attack could be done.

unheresy.com - Prodigiously Elucidating the Profoundly ObtuseTHIS FORUM ACCOUNT IS NO LONGER ACTIVE
AnonyMint
Hero Member
*****
Offline Offline

Activity: 518
Merit: 500


View Profile
November 17, 2013, 08:17:47 AM
 #12

Oh, I see, so you envision a world in which everyone uses Amazon.com's wallet app. "The masses" may be stupid, but they're not so stupid that they'll use a wallet service that takes far longer than every other wallet service for their transactions to get confirmed.

Already rebutted in my immediately prior post where I mentioned Amazon accepting 0-confirmation transaction.

How can my ass be both smart and ignorant at the same time? Huh

It is your problem, not mine. Talk to your ass. Don't waste our time here.

I am much more intelligent than you know and much more well studied on these issues. Beware
Beware of what? Unlike you, I am not afraid of knowledge.

What "knowledge"?

A miner collects transactions then calculates a mathematical hash of them, then proceeds to search for a solution to the proof-of-work puzzle for that hash. If the miner finds the solution, the miner publishes it to (other miners and eventually it is published to) the blockchain.info.

So the blockchain.info only records transactions that have in already solved blocks.
Blockchain.info is a web service, and is unrelated to the Bitcoin blockchain except in name. Maybe you need to well study it some more.

I know that dufus. I was simplifying it for him, because he is a novice.

The point remains that the blockchain (either the decentralized protocol one or the web service copy of it) does not receive the withheld transactions until a block is solved by the miners withholding.

You are just making noise. You haven't made any point yet. Typical pompous idiot.

(I would have respected you, if you had respected me)

unheresy.com - Prodigiously Elucidating the Profoundly ObtuseTHIS FORUM ACCOUNT IS NO LONGER ACTIVE
Chaz
Member
**
Offline Offline

Activity: 71
Merit: 10


View Profile
November 17, 2013, 08:24:54 AM
 #13

So the blockchain.info only records transactions that are in already solved blocks.

Normally miners share transactions and pass them around to each other, so that which ever miner solves the next block, those transactions will be included.

But it doesn't have to be that way.  A miner could decide to not share his transactions with other miners, thus if the other miners solve the next block, the withheld transactions won't be that block.

When I send a transaction from blockchain.info, you're saying it's not getting propagated to all the nodes on the network and put in their mempool?

1FsQJtY4vbvbkJj4Pd869rDcbFmu11RHge
AnonyMint
Hero Member
*****
Offline Offline

Activity: 518
Merit: 500


View Profile
November 17, 2013, 08:28:17 AM
 #14

So the blockchain.info only records transactions that are in already solved blocks.

Normally miners share transactions and pass them around to each other, so that which ever miner solves the next block, those transactions will be included.

But it doesn't have to be that way.  A miner could decide to not share his transactions with other miners, thus if the other miners solve the next block, the withheld transactions won't be that block.

When I send a transaction from blockchain.info, you're saying it's not getting propagated to all the nodes on the network and put in their mempool?

The attack is applied for transactions from customers of the cartel, not for transactions from customers of blockchain.info website although they are affected eventually as explained below.

If you are a very widespread cartel such as Amazon.com, joined with McDonalds, WalMart, etc, then you may control a majority of transactions. They could chose to not propagate them to other miners as I stated.

What is the benefit? Well for one motivation, stomping their competition. If their competition will gradually lose hashrate because other miners go bankrupt, then everyone who doesn't send through the cartel ends up with very slow confirmations, eventually hours and days as the cartel gains more and more control.

unheresy.com - Prodigiously Elucidating the Profoundly ObtuseTHIS FORUM ACCOUNT IS NO LONGER ACTIVE
Chaz
Member
**
Offline Offline

Activity: 71
Merit: 10


View Profile
November 17, 2013, 08:31:15 AM
 #15

Oh so I have to be using Amazon's wallet.

1FsQJtY4vbvbkJj4Pd869rDcbFmu11RHge
AnonyMint
Hero Member
*****
Offline Offline

Activity: 518
Merit: 500


View Profile
November 17, 2013, 08:35:01 AM
 #16

Oh so I have to be using Amazon's wallet.

Not really. It will affect you eventually no matter which wallet you use as I explained in my prior post.

Customers of the cartel naturally transact at the cartel's website or retail POS terminals. So the cartel can control these transactions and starve the Bitcoin network of these revenues. Eventually this drives the Bitcoin mining network bankrupt, except for the cartel's mining servers which continue to function. Thus the mining network becomes asymptotically 100% controlled by the cartel. So then it affects you no matter which wallet you send from. The customers of the cartel will be happy, but you won't be if you don't also become a customer of the cartel.

Once the cartel controls the mining network, they control Bitcoin. Then the government can regulate the cartel, so the government controls Bitcoin. So then they do whatever they want, including printing as many new coins as they want to.

unheresy.com - Prodigiously Elucidating the Profoundly ObtuseTHIS FORUM ACCOUNT IS NO LONGER ACTIVE
JoelKatz
Legendary
*
Offline Offline

Activity: 1582
Merit: 1004


Democracy is vulnerable to a 51% attack.


View Profile WWW
November 17, 2013, 08:36:15 AM
 #17

Why would they bother though? If so many people are using their wallet and paying them, why not just keep the payments off the block chain entirely? Yes, they capture their own transaction fees, but only for cases where they could avoid a transaction fee entirely anyway.

I am an employee of Ripple. Follow me on Twitter @JoelKatz
1Joe1Katzci1rFcsr9HH7SLuHVnDy2aihZ BM-NBM3FRExVJSJJamV9ccgyWvQfratUHgN
AnonyMint
Hero Member
*****
Offline Offline

Activity: 518
Merit: 500


View Profile
November 17, 2013, 08:38:38 AM
 #18

Why would they bother though? If so many people are using their wallet and paying them, why not just keep the payments off the block chain entirely? Yes, they capture their own transaction fees, but only for cases where they could avoid a transaction fee entirely anyway.

Clever reply. I expect as much from you. Kudos.

Because offchain would not be protected against double-spend.

You are describing another way the attack could be done, to destroy the Bitcoin network by forking it, but it would probably be safer (less chaotic) to dominate the Bitcoin network instead as I have explained.

I envision the attack being invisible to the "dumb masses" customers, so you wouldn't want to be offchain then, because you lose interoperability for the customers on their coins and coin change.

Also the cartel would ramp this up over time, and not dominate initially so it is easier to insideously cancer the network than to fork, because fork requires dominating force from the start.

unheresy.com - Prodigiously Elucidating the Profoundly ObtuseTHIS FORUM ACCOUNT IS NO LONGER ACTIVE
Chaz
Member
**
Offline Offline

Activity: 71
Merit: 10


View Profile
November 17, 2013, 08:42:37 AM
 #19

Because offchain would not be protected against double-spend.

So now we are using their central servers to process transactions off chain, why is their system vulnerable to double spends?

1FsQJtY4vbvbkJj4Pd869rDcbFmu11RHge
DeathAndTaxes
Donator
Legendary
*
Offline Offline

Activity: 1218
Merit: 1005


Gerald Davis


View Profile
November 17, 2013, 08:48:21 AM
 #20

Because offchain would not be protected against double-spend.

So now we are using their central servers to process transactions off chain, why is their system vulnerable to double spends?

This off blockchain server supports sending payments to every single user, merchant, service provider on the planet?

Wow that is both amazing and never going to happen.   If EvilCorp has 20% of the network hashrate then sending a payment to anyone not using their centralized servers will take 50 FRAGGIN minutes for first conifrmation due to witholding the the tx from the other 80% of miners.

Yeah I see that service being "super popular".  Even if people don't care about the network security they certainly don't want massively delayed txs just so evilcorp can rule the blockchain.
Pages: [1] 2 3 4 5 6 7 8 9 10 11 12 13 14 »  All
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!