Bitcoin Forum
August 17, 2018, 12:36:24 AM *
News: Latest stable version of Bitcoin Core: 0.16.2  [Torrent].
 
   Home   Help Search Donate Login Register  
Pages: [1] 2 »  All
  Print  
Author Topic: Imagine a bitcoin network of 1 computer. (The fake blockchain attack)  (Read 1715 times)
Skybuck
Full Member
***
Offline Offline

Activity: 230
Merit: 100


View Profile
November 27, 2013, 05:02:48 PM
 #1

Hello,

Imagine a bitcoin network of 1 computer for the past years of bitcoin's existence.

Theoretically and practically this 1 computer could calculate a blockchain that was just as long if not even 1 block longer than bitcoin's current blockchain. (By a group of computers recalculating this fake block chain incredibly fast in just a few days or so, perhaps even mere hours or minutes Wink).

Thus a "fake blockchain" could be constructed re-writing the history of bitcoin.

Currently bitcoin is protected with "checkpoints" against such an "easy" re-write of history.

What securities are in place in bitcoin to protect:

1. Current running nodes ?
2. New nodes ?

New nodes seem to be protected against downloading fake block chains by "checkpoints" hardcoded into the bitcoin source code.

Which other security mechanisms exist in bitcoin to protect against such fake block chains ?

Bye,
  Skybuck.
1534466184
Hero Member
*
Offline Offline

Posts: 1534466184

View Profile Personal Message (Offline)

Ignore
1534466184
Reply with quote  #2

1534466184
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
FenixRD
Sr. Member
****
Offline Offline

Activity: 364
Merit: 250


I am Citizenfive.


View Profile
November 27, 2013, 05:19:18 PM
 #2

Hello,

Imagine a bitcoin network of 1 computer for the past years of bitcoin's existence.

Theoretically and practically this 1 computer could calculate a blockchain that was just as long if not even 1 block longer than bitcoin's current blockchain. (By a group of computers recalculating this fake block chain incredibly fast in just a few days or so, perhaps even mere hours or minutes Wink).

Thus a "fake blockchain" could be constructed re-writing the history of bitcoin.

Currently bitcoin is protected with "checkpoints" against such an "easy" re-write of history.

What securities are in place in bitcoin to protect:

1. Current running nodes ?
2. New nodes ?

New nodes seem to be protected against downloading fake block chains by "checkpoints" hardcoded into the bitcoin source code.

Which other security mechanisms exist in bitcoin to protect against such fake block chains ?

Bye,
  Skybuck.

Running the QT client each block is a "checkpoint". There are no centralized checkpoints implemented in Bitcoin, though third-party clients sometimes make use of some form of it. You'll certainly have no one who can send or accept payments from you. And presumably you must have tweaked the client to keep it in this state, so really all you have done is created a fork at the point in time that transactions deviated from the majority network. So you have your own coin, let's call it FauxCoin, which nobody but you uses. Feel free to visit the Alt-coin board to attempt to change this.

Uberlurker. Been here since the Finney transaction. Please consider this before replying; there is a good chance I've heard it before.

-Citizenfive
pontiacg5
Sr. Member
****
Offline Offline

Activity: 364
Merit: 250



View Profile
November 27, 2013, 05:22:05 PM
 #3

If I'm not mistaken the client naturally goes with the chain with the longest proof of work. Seeing as how a single computer chain probably isn't running the same difficulty (or anywhere remotely near it) as the legit chain it should be ignored pretty easily.

Please DO NOT send me private messages asking for help setting up GPU miners. I will not respond!!!
Skybuck
Full Member
***
Offline Offline

Activity: 230
Merit: 100


View Profile
November 27, 2013, 07:51:26 PM
 #4

Hello,

Imagine a bitcoin network of 1 computer for the past years of bitcoin's existence.

Theoretically and practically this 1 computer could calculate a blockchain that was just as long if not even 1 block longer than bitcoin's current blockchain. (By a group of computers recalculating this fake block chain incredibly fast in just a few days or so, perhaps even mere hours or minutes Wink).

Thus a "fake blockchain" could be constructed re-writing the history of bitcoin.

Currently bitcoin is protected with "checkpoints" against such an "easy" re-write of history.

What securities are in place in bitcoin to protect:

1. Current running nodes ?
2. New nodes ?

New nodes seem to be protected against downloading fake block chains by "checkpoints" hardcoded into the bitcoin source code.

Which other security mechanisms exist in bitcoin to protect against such fake block chains ?

Bye,
  Skybuck.

Running the QT client each block is a "checkpoint". There are no centralized checkpoints implemented in Bitcoin, though third-party clients sometimes make use of some form of it. You'll certainly have no one who can send or accept payments from you. And presumably you must have tweaked the client to keep it in this state, so really all you have done is created a fork at the point in time that transactions deviated from the majority network. So you have your own coin, let's call it FauxCoin, which nobody but you uses. Feel free to visit the Alt-coin board to attempt to change this.

You are a fool.

https://github.com/bitcoin/bitcoin/blob/master/src/checkpoints.cpp

Perhaps all bitcoin users are fools.
Skybuck
Full Member
***
Offline Offline

Activity: 230
Merit: 100


View Profile
November 27, 2013, 07:56:05 PM
 #5

If I'm not mistaken the client naturally goes with the chain with the longest proof of work. Seeing as how a single computer chain probably isn't running the same difficulty (or anywhere remotely near it) as the legit chain it should be ignored pretty easily.

Which cpp file(s) is/are responsible for this ?  Perhaps this one:

https://github.com/bitcoin/bitcoin/blob/master/src/main.cpp

Examining it now.

SetBestChain looks promising.

Anyway so far as far as I know bitcoin selects the chain with the most blocks ? and not the chain with the thoughest difficulty ? Is what you are suggesting "thoughest difficulty" ? If so I want to see some prove of that in the source code.
yogi
Legendary
*
Offline Offline

Activity: 947
Merit: 1021


Hamster ate my bitcoin


View Profile
November 27, 2013, 07:58:34 PM
 #6

If I'm not mistaken the client naturally goes with the chain with the longest proof of work. Seeing as how a single computer chain probably isn't running the same difficulty (or anywhere remotely near it) as the legit chain it should be ignored pretty easily.

The client goes with the chain that took the most computational effort to create, not the longest.

chriswilmer
Legendary
*
Offline Offline

Activity: 1008
Merit: 1000


View Profile WWW
November 27, 2013, 07:59:25 PM
 #7

If I'm not mistaken the client naturally goes with the chain with the longest proof of work. Seeing as how a single computer chain probably isn't running the same difficulty (or anywhere remotely near it) as the legit chain it should be ignored pretty easily.

Could someone explain to me what "longest proof of work" means? I understand "proof of work" and I understand "longest blockchain"... but I'm not sure what these concepts mean when combined....
FenixRD
Sr. Member
****
Offline Offline

Activity: 364
Merit: 250


I am Citizenfive.


View Profile
November 27, 2013, 08:38:22 PM
 #8

Hello,

Imagine a bitcoin network of 1 computer for the past years of bitcoin's existence.

Theoretically and practically this 1 computer could calculate a blockchain that was just as long if not even 1 block longer than bitcoin's current blockchain. (By a group of computers recalculating this fake block chain incredibly fast in just a few days or so, perhaps even mere hours or minutes Wink).

Thus a "fake blockchain" could be constructed re-writing the history of bitcoin.

Currently bitcoin is protected with "checkpoints" against such an "easy" re-write of history.

What securities are in place in bitcoin to protect:

1. Current running nodes ?
2. New nodes ?

New nodes seem to be protected against downloading fake block chains by "checkpoints" hardcoded into the bitcoin source code.

Which other security mechanisms exist in bitcoin to protect against such fake block chains ?

Bye,
  Skybuck.

Running the QT client each block is a "checkpoint". There are no centralized checkpoints implemented in Bitcoin, though third-party clients sometimes make use of some form of it. You'll certainly have no one who can send or accept payments from you. And presumably you must have tweaked the client to keep it in this state, so really all you have done is created a fork at the point in time that transactions deviated from the majority network. So you have your own coin, let's call it FauxCoin, which nobody but you uses. Feel free to visit the Alt-coin board to attempt to change this.

You are a fool.

https://github.com/bitcoin/bitcoin/blob/master/src/checkpoints.cpp

Perhaps all bitcoin users are fools.

And you are rude, which presumably you're cool with 'cuz this is the web and assume our IRL and web identities will never knowingly meet. I dislike such personalities. The way one acts with guaranteed anonymity tells a lot about one's character.

What I assumed you meant, as will many readers I imagine, is the sort of checkpointing used by, say, PPCoin or alternative clients. Because I also assumed you were not so simple as to not have googled your query before asking such a question in the dev forum. Had you simply entered "bitcoin checkpointing" into the magic wizard's box, you would have seen this -- https://en.bitcoin.it/wiki/Checkpoint_Lockin -- which, for my google at least, is the top result.

That, young Skybuck, links you to all the information you could possibly need, in summary and detail, about how the "fake blockchain attack" is no attack at all.

All known vulnerabilities and attacks are listed and discussed inline and at links extensively here: https://en.bitcoin.it/wiki/Weaknesses

Perhaps the closest thing to your proposed attack is the "Rival/malicious client code" (https://en.bitcoin.it/wiki/Weaknesses#Rival.2Fmalicious_client_code) which, again, requires not only (1) that you fork the client to enforce this function of creating and sticking with a fake blockchain, but (2) that you convince people to download it, presumably with the belief that it is the real client.

You may also be thinking of this one, which is, as the wiki classifies it, definitely not a problem: https://en.bitcoin.it/wiki/Weaknesses#Generate_.22valid.22_blocks_with_a_lower_difficulty_than_normal

Uberlurker. Been here since the Finney transaction. Please consider this before replying; there is a good chance I've heard it before.

-Citizenfive
FenixRD
Sr. Member
****
Offline Offline

Activity: 364
Merit: 250


I am Citizenfive.


View Profile
November 27, 2013, 08:52:40 PM
 #9

If I'm not mistaken the client naturally goes with the chain with the longest proof of work. Seeing as how a single computer chain probably isn't running the same difficulty (or anywhere remotely near it) as the legit chain it should be ignored pretty easily.

Could someone explain to me what "longest proof of work" means? I understand "proof of work" and I understand "longest blockchain"... but I'm not sure what these concepts mean when combined....

You wrote only 45 seconds apart, so perhaps you hadn't been able to see this:

If I'm not mistaken the client naturally goes with the chain with the longest proof of work. Seeing as how a single computer chain probably isn't running the same difficulty (or anywhere remotely near it) as the legit chain it should be ignored pretty easily.

The client goes with the chain that took the most computational effort to create, not the longest.


Sections 4 and 11 of the original Satoshi whitepaper should interest you all in particular. If the details of the whitepaper (and then the relevant code sections if you are so inclined, in order to verify the functions have been properly represented) are beyond your grasp (which, as Bitcoin gains popularity outside the engineering and math community, is destined to be an ever-more-common phenomenon), you will always be somewhat relegated to someone else's assurances that the protocol is safe. For those people, my best advice would be to consider the amount of trust you put in the current banking and money transmission systems, which are more complex and difficult to understand, and opaque besides, meaning you cannot actually do the research in the first place. With Bitcoin, anyone may understand it, which is different from saying anyone can.

Uberlurker. Been here since the Finney transaction. Please consider this before replying; there is a good chance I've heard it before.

-Citizenfive
gmaxwell
Moderator
Legendary
*
qt
Offline Offline

Activity: 2478
Merit: 1383



View Profile
November 27, 2013, 10:17:47 PM
 #10

Imagine a bitcoin network of 1 computer for the past years of bitcoin's existence.
Theoretically and practically this 1 computer could calculate a blockchain that was just as long if not even 1 block longer than bitcoin's current blockchain.
You're confused by the definition of "longer". The chain selection is based on the sum of work, not the number of blocks. (The whitepaper was mostly written from the perspective of constant difficulty, under which the two are the same).

Bitcoin will not be compromised
chriswilmer
Legendary
*
Offline Offline

Activity: 1008
Merit: 1000


View Profile WWW
November 27, 2013, 10:22:11 PM
 #11

Imagine a bitcoin network of 1 computer for the past years of bitcoin's existence.
Theoretically and practically this 1 computer could calculate a blockchain that was just as long if not even 1 block longer than bitcoin's current blockchain.
You're confused by the definition of "longer". The chain selection is based on the sum of work, not the number of blocks. (The whitepaper was mostly written from the perspective of constant difficulty, under which the two are the same).

Is this literally the arithmetic sum of all of the work of each block in the chain? (as opposed to some other function)

(also, is it equivalent to sum up the difficulty associated with each block)
MoonShadow
Legendary
*
Offline Offline

Activity: 1708
Merit: 1000



View Profile
November 27, 2013, 10:29:04 PM
 #12

Imagine a bitcoin network of 1 computer for the past years of bitcoin's existence.
Theoretically and practically this 1 computer could calculate a blockchain that was just as long if not even 1 block longer than bitcoin's current blockchain.
You're confused by the definition of "longer". The chain selection is based on the sum of work, not the number of blocks. (The whitepaper was mostly written from the perspective of constant difficulty, under which the two are the same).

Is this literally the arithmetic sum of all of the work of each block in the chain? (as opposed to some other function)

(also, is it equivalent to sum up the difficulty associated with each block)

If I understand the statement correctly, yes.  The "longest" blockchain is the one that required the greatest amount of computational power to create, and that is determined by the client by suming up the difficulty of all the blocks created.  It's just a bit more complicated than that, as most things are, but that is a fine way to think about it.

EDIT:  BTW, the current bitcoin network is running at an estimated total computational power of just over 62,000 petaflops.  It's risen by about a thousand petaflops per day over the past week or so.  The fastest supercomputer on Earth (not classified) was benchmarked at 33 petaflops this past summer.  That computer system took three years to construct and sits on roughly 40 acres of land.  Bitcoin is way past the point that it's at risk from a falsified blockchain attack of any sort.

"The powers of financial capitalism had another far-reaching aim, nothing less than to create a world system of financial control in private hands able to dominate the political system of each country and the economy of the world as a whole. This system was to be controlled in a feudalist fashion by the central banks of the world acting in concert, by secret agreements arrived at in frequent meetings and conferences. The apex of the systems was to be the Bank for International Settlements in Basel, Switzerland, a private bank owned and controlled by the world's central banks which were themselves private corporations. Each central bank...sought to dominate its government by its ability to control Treasury loans, to manipulate foreign exchanges, to influence the level of economic activity in the country, and to influence cooperative politicians by subsequent economic rewards in the business world."

- Carroll Quigley, CFR member, mentor to Bill Clinton, from 'Tragedy And Hope'
chriswilmer
Legendary
*
Offline Offline

Activity: 1008
Merit: 1000


View Profile WWW
November 27, 2013, 10:48:01 PM
 #13

Imagine a bitcoin network of 1 computer for the past years of bitcoin's existence.
Theoretically and practically this 1 computer could calculate a blockchain that was just as long if not even 1 block longer than bitcoin's current blockchain.
You're confused by the definition of "longer". The chain selection is based on the sum of work, not the number of blocks. (The whitepaper was mostly written from the perspective of constant difficulty, under which the two are the same).

Is this literally the arithmetic sum of all of the work of each block in the chain? (as opposed to some other function)

(also, is it equivalent to sum up the difficulty associated with each block)

If I understand the statement correctly, yes.  The "longest" blockchain is the one that required the greatest amount of computational power to create, and that is determined by the client by suming up the difficulty of all the blocks created.  It's just a bit more complicated than that, as most things are, but that is a fine way to think about it.

EDIT:  BTW, the current bitcoin network is running at an estimated total computational power of just over 62,000 petaflops.  It's risen by about a thousand petaflops per day over the past week or so.  The fastest supercomputer on Earth (not classified) was benchmarked at 33 petaflops this past summer.  That computer system took three years to construct and sits on roughly 40 acres of land.  Bitcoin is way past the point that it's at risk from a falsified blockchain attack of any sort.

Could you elaborate on how it is more complicated?  I am interested in the precise way to calculate the proof of work of the chain.
gmaxwell
Moderator
Legendary
*
qt
Offline Offline

Activity: 2478
Merit: 1383



View Profile
November 27, 2013, 11:35:27 PM
 #14

Is this literally the arithmetic sum of all of the work of each block in the chain? (as opposed to some other function)
(also, is it equivalent to sum up the difficulty associated with each block)
Yes it's literally the arithmetic sum of all of the work of each block, and it's equivalent to the sum of the block difficulties upto rounding (difficulty is a floating point number presented for human friendliness).

EDIT:  BTW, the current bitcoin network is running at an estimated total computational power of just over 62,000 petaflops.  It's risen by about a thousand petaflops per day over the past week or so.  The fastest supercomputer on Earth (not classified) was benchmarked at 33 petaflops this past summer.  That computer system took three years to construct and sits on roughly 40 acres of land.  Bitcoin is way past the point that it's at risk from a falsified blockchain attack of any sort.
uh.  Bitcoin does no "flops" at all. Flop numbers are now bad projections from matching up what a GPU could do when it wasn't mining Bitcoin and they're now irrelevant.

The right metric is the cost of what it would cost you to actually perform the attack.  You can go order 2TH/s miners for $6000. The current network speed is ~5000 TH/s.  Building a farm to outpace the network at that price would cost $15 million. Of course, those are preorders and the network will be faster once they ship, but even if you compute vs hardware available to ship today you end up with numbers under $100m.   I don't think there is really any serious threat— there are cheaper ways to attack bitcoin— but saying "way past the point that it's at risk from a falsified blockchain attack" is a bit of an exaggeration our high hashrate now is the product of extreme improvements in the cost of mining— which benefit attackers too— more that massive increases in mining investment.

Bitcoin will not be compromised
MoonShadow
Legendary
*
Offline Offline

Activity: 1708
Merit: 1000



View Profile
November 27, 2013, 11:40:31 PM
 #15

Is this literally the arithmetic sum of all of the work of each block in the chain? (as opposed to some other function)
(also, is it equivalent to sum up the difficulty associated with each block)
Yes it's literally the arithmetic sum of all of the work of each block, and it's equivalent to the sum of the block difficulties upto rounding (difficulty is a floating point number presented for human friendliness).

EDIT:  BTW, the current bitcoin network is running at an estimated total computational power of just over 62,000 petaflops.  It's risen by about a thousand petaflops per day over the past week or so.  The fastest supercomputer on Earth (not classified) was benchmarked at 33 petaflops this past summer.  That computer system took three years to construct and sits on roughly 40 acres of land.  Bitcoin is way past the point that it's at risk from a falsified blockchain attack of any sort.
uh.  Bitcoin does no "flops" at all. Flop numbers are now bad projections from matching up what a GPU could do when it wasn't mining Bitcoin and they're now irrelevant.

While I agree that direct comparisons to standard computer metrics is fraught with error, I disagree that the metric is irrelevant.  It's an estimate of how fast a conventional computer would have to be to match the bitcoin network as is.  Granted, no one is going to use a conventional computer system to do this, but it also shows the futility of trying to even redirect existing hardware to the task. 

"The powers of financial capitalism had another far-reaching aim, nothing less than to create a world system of financial control in private hands able to dominate the political system of each country and the economy of the world as a whole. This system was to be controlled in a feudalist fashion by the central banks of the world acting in concert, by secret agreements arrived at in frequent meetings and conferences. The apex of the systems was to be the Bank for International Settlements in Basel, Switzerland, a private bank owned and controlled by the world's central banks which were themselves private corporations. Each central bank...sought to dominate its government by its ability to control Treasury loans, to manipulate foreign exchanges, to influence the level of economic activity in the country, and to influence cooperative politicians by subsequent economic rewards in the business world."

- Carroll Quigley, CFR member, mentor to Bill Clinton, from 'Tragedy And Hope'
MoonShadow
Legendary
*
Offline Offline

Activity: 1708
Merit: 1000



View Profile
November 27, 2013, 11:42:18 PM
 #16

Could you elaborate on how it is more complicated?  I am interested in the precise way to calculate the proof of work of the chain.

I'm not really the right person to elaborate.

"The powers of financial capitalism had another far-reaching aim, nothing less than to create a world system of financial control in private hands able to dominate the political system of each country and the economy of the world as a whole. This system was to be controlled in a feudalist fashion by the central banks of the world acting in concert, by secret agreements arrived at in frequent meetings and conferences. The apex of the systems was to be the Bank for International Settlements in Basel, Switzerland, a private bank owned and controlled by the world's central banks which were themselves private corporations. Each central bank...sought to dominate its government by its ability to control Treasury loans, to manipulate foreign exchanges, to influence the level of economic activity in the country, and to influence cooperative politicians by subsequent economic rewards in the business world."

- Carroll Quigley, CFR member, mentor to Bill Clinton, from 'Tragedy And Hope'
gmaxwell
Moderator
Legendary
*
qt
Offline Offline

Activity: 2478
Merit: 1383



View Profile
November 27, 2013, 11:50:04 PM
 #17

Could you elaborate on how it is more complicated?  I am interested in the precise way to calculate the proof of work of the chain.
Then go read the code.

Bitcoin will not be compromised
chriswilmer
Legendary
*
Offline Offline

Activity: 1008
Merit: 1000


View Profile WWW
November 28, 2013, 12:14:24 AM
 #18

Could you elaborate on how it is more complicated?  I am interested in the precise way to calculate the proof of work of the chain.
Then go read the code.

Sorry, I thought it might be possible to express as a formula in a forum post.

For example, if a blockchain has two blocks, then the total work T is equal the difficulty of block 1 + the difficulty of block 2

or perhaps if the work, W, is a function of the difficulty, d, then then the total work is:

T = W(d1) + W(d2)

where d1 and d2 are the difficulty of blocks 1 and 2
MoonShadow
Legendary
*
Offline Offline

Activity: 1708
Merit: 1000



View Profile
November 28, 2013, 12:24:32 AM
 #19

Could you elaborate on how it is more complicated?  I am interested in the precise way to calculate the proof of work of the chain.
Then go read the code.

Sorry, I thought it might be possible to express as a formula in a forum post.

For example, if a blockchain has two blocks, then the total work T is equal the difficulty of block 1 + the difficulty of block 2

or perhaps if the work, W, is a function of the difficulty, d, then then the total work is:

T = W(d1) + W(d2)

where d1 and d2 are the difficulty of blocks 1 and 2

Close, but you have to understand that the difficulty is a human friendly expression of what is going on, and isn't exactly how the clients handle it.  If you want to know, you really do need to understand how it's done by the client.

"The powers of financial capitalism had another far-reaching aim, nothing less than to create a world system of financial control in private hands able to dominate the political system of each country and the economy of the world as a whole. This system was to be controlled in a feudalist fashion by the central banks of the world acting in concert, by secret agreements arrived at in frequent meetings and conferences. The apex of the systems was to be the Bank for International Settlements in Basel, Switzerland, a private bank owned and controlled by the world's central banks which were themselves private corporations. Each central bank...sought to dominate its government by its ability to control Treasury loans, to manipulate foreign exchanges, to influence the level of economic activity in the country, and to influence cooperative politicians by subsequent economic rewards in the business world."

- Carroll Quigley, CFR member, mentor to Bill Clinton, from 'Tragedy And Hope'
chriswilmer
Legendary
*
Offline Offline

Activity: 1008
Merit: 1000


View Profile WWW
November 28, 2013, 12:30:12 AM
 #20

Could you elaborate on how it is more complicated?  I am interested in the precise way to calculate the proof of work of the chain.
Then go read the code.

Sorry, I thought it might be possible to express as a formula in a forum post.

For example, if a blockchain has two blocks, then the total work T is equal the difficulty of block 1 + the difficulty of block 2

or perhaps if the work, W, is a function of the difficulty, d, then then the total work is:

T = W(d1) + W(d2)

where d1 and d2 are the difficulty of blocks 1 and 2

Close, but you have to understand that the difficulty is a human friendly expression of what is going on, and isn't exactly how the clients handle it.  If you want to know, you really do need to understand how it's done by the client.

That's fine... I am a developer too, so I can read the code. If someone could give me a hint as to which file to look at that would be great, but I'm sure I'll find it eventually...
Pages: [1] 2 »  All
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!