Fragmentation attack

[DeepCryptoanalist3]

Just few questions to clarify:

1) every active client (miner) need to store address even if its balance is 1 satoshi?
2) how much disk space do one address require? 32bytes or more?
3) one bitcoin can be splitted to form transactions to 100,000,000 addresses which will occupy 3GB of space? (yes I know that confirmation will be slow)

[empoweoqwj]

Just few questions to clarify:

1) every active client (miner) need to store address even if its balance is 1 satoshi?
2) how much disk space do one address require? 32bytes or more?
3) one bitcoin can be splitted to form transactions to 100,000,000 addresses which will occupy 3GB of space? (yes I know that confirmation will be slow)

1) What's an "address"?
2) What's a fragmentation attack?

[DeathAndTaxes]

Bitcoin doesn't work on the concept of address balances.  An output needs to be stored until spent regardless of which address it is sent to.  So sending 1 million outputs to a single address takes as much space in the UXTO as sending 1 output to a million addresses.

To avoid spam attacks (the word fragmentation doesn't apply here), the network makes dust outputs smaller than 5430 satoshis non-standard.  Miners limit free space and min fee to be relayed for low priority txs is 0.1 mBTC per KB.  So there is no such attack, at least not a credible one which doesn't cost the attacker a small fortune.

[DeepCryptoanalist3]

sending 1 million outputs to a single address

The idea was to send 100 million outputs per BTC to different addresses of course. That is the point. To populate DB with this useless addresses/outputs with small balances.

the network makes dust outputs smaller than 5430 satoshis non-standard

Yes. I found a function IsDust. Ok... then while most miners use this code it will not success.

[DeathAndTaxes]

The idea was to send 100 million outputs per BTC to different addresses of course.

Which is no different than sending 100 million outputs to the same address.  The number of unique addresses is irrelivent.

Still even before IsDust this attack wouldn't work.  Low priority tx are not relayed unless they pay a fee and that fee would cost you 0.1 mBTC per KB.  So sure you can add 1 GB to the blockchain, no problem.  It just will cost you 100 BTC minimum in fees per GB plus the cost of the value of the tx themselves.  Also given that miners priority tx by fee amount and/or priority your low priority tx would simply gain the unused space in the blocks and thus it might take months or years to bloat the blockchain an extra GB (and this cost you a huge sum).

So IsDust is simply a secondary line of defense (it actually is intended to prevent another type of resource hog), the attack wasn't viable even before IsDust.

[DeepCryptoanalist3]

The idea was to send 100 million outputs per BTC to different addresses of course.

Which is no different than sending 100 million outputs to the same address.  The number of unique addresses is irrelivent.

But it could be compressed in that case. It couldn't if addresses are different.

Still even before IsDust this attack wouldn't work.  Low priority tx are not relayed unless they pay a fee and that fee would cost you 0.1 mBTC per KB.  So sure you can add 1 GB to the blockchain, no problem.  It just will cost you 100 BTC minimum in fees per GB plus the cost of the value of the tx themselves.  

What if you are a big miner, a pool owner for example, in this case you aren't depend from relay and you can produce such block with such transaction by your own will? This block will be declined by others only because of IsDust function.

[DeathAndTaxes]

But it could be compressed in that case. It couldn't if addresses are different.

Not in any meaningful way.

Still even before IsDust this attack wouldn't work.  Low priority tx are not relayed unless they pay a fee and that fee would cost you 0.1 mBTC per KB.  So sure you can add 1 GB to the blockchain, no problem.  It just will cost you 100 BTC minimum in fees per GB plus the cost of the value of the tx themselves. 

What if you are a big miner, a pool owner for example, and you can produce such block with such transaction by you own will? This block will be declined by others only because of IsDust function.
[/quote]

No it won't be denied.  It isn't illegal, just non-standard.  However the block limit still applies and larger blocks (but smaller than 1MB or current limit) are more likely to be orphaned.  Of course running a massive hashing farm with a significant fraction of the network is a non-trivial cost as well.   If you are a public pool, your attack is very public so I would imagine miners simply leave for other pools very quickly.  If you are looking to build a private multi-PH pool plus continually upgrading to keep up with network growth I hope you have tens of millions of USD handy.   

Then again average block is currently 250KB so you could add maybe 750KB to the blockchain per solved block.  With 10% of the network it would only take you 100 or so days assuming 0% orphan rate.

[DeepCryptoanalist3]

No it won't be denied.  It isn't illegal, just non-standard.  However the block limit still applies and larger blocks (but smaller than 1MB or current limit) are more likely to be orphaned.  Of course running a massive hashing farm with a significant fraction of the network is a non-trivial cost as well.   If you are a public pool, your attack is very public so I would imagine miners simply leave for other pools very quickly.  If you are looking to build a private multi-PH pool plus continually upgrading to keep up with network growth I hope you have tens of millions of USD handy.   

Then again average block is currently 250KB so you could add maybe 750KB to the blockchain per solved block.  With 10% of the network it would only take you 100 or so days assuming 0% orphan rate.

ELIGIUS is free from any fee. Ok then the final frontier is the current block size limit. If there were possible to form a block larger than 1MB say 100MB it will be possible to eligius to populate blockchain with a few spam gigs through the day, fragmenting only a few btc.

[DeathAndTaxes]

Eligius is not free from any fee.

Will include transactions in its blocks if the sender pays a fee of at least 0.1 TBC (0.00004096 BTC) per 512 bytes.

http://eligius.st/~gateway/faq-page

Of course like I said using a public pool would be short lived.  If Eligius made massive, spammy blocks which took excessively long time to confirm the miners would simply leave.  Some would leave because they woudl view it as an attack on Bitcoin, others would leave simply because orphaned blocks are in effect lost revenue.  Why mine at Eligius (in this hypothetical scenario) and lose 5% of gross revenue when you could mine just about anywhere else and lose less?

[DeepCryptoanalist3]

Eligius is not free from any fee.

Fee to miners I mean... fraction of a mined coins which pool grabs. It doesn't matter anyway in context of attack.

If Eligius made massive, spammy blocks which took excessively long time to confirm the miners would simply leave.

Why It will took excessively long time to confirm if massive blocks were standard?

[DeathAndTaxes]

Eligius is not free from any fee.

Fee to miners I mean... fraction of a mined coins which pool grabs. It doesn't matter anyway in context of attack.

Of course it matters in the context of an attack.  It will cost you at least 0.08192 per MB added to the blockchain in fees to miners excluding any value sent to outputs.

If Eligius made massive, spammy blocks which took excessively long time to confirm the miners would simply leave.

Why It will took excessively long time to confirm if massive blocks were standard?

Larger blocks take longer to relay and confirm.   Orphan rates depends on relative differences in block size.  If the average block is 10 GB then making a 1 GB spam block is just pissing in the wind.  It would be like trying to take down the internet by emailing everyone you know.  

Spam is only an attack if it is large relative to genuine traffic.  If Eligius was making 1 GB blocks and the other miners were making 0.5 MB blocks Elgius would have a much higher propagation time and thus would lose a much higher % of revenue to orphans.  Net revenue (after orphan losses) would plummet, miners would leave in droves (if only to protect their own bottom line) and the power of the attack would be greatly reduced.

[DeepCryptoanalist3]

Fee to miners I mean... fraction of a mined coins which pool grabs. It doesn't matter anyway in context of attack.

Of course it matters in the context of an attack.  It will cost you at least 0.08192 per MB added to the blockchain in fees to miners excluding any value sent to outputs.

Why it will cost me something if I add spam data to the block? If there is no transaction with good enough fee in the network. But it looks like I miss something. Propagation time. Reading next...

Larger blocks take longer to relay and confirm.   Orphan rates depends on relative differences in block size.

I thought that at least biggest miners have a rather good internet connection and will download this huge block in a minute or two. Also the size of a block shouldn't be a problem for such a long lived peer nodes in a network. It is a big surprise to me that the size of a block related to the speed of its adoption as a previous block by other big miners.

[Meizirkki]

As DeathAndTaxes said it would take a small fortune for anyone to successfully include a gigantic transaction into a block. If you tried to send 1Gb transaction without any fee it'd get rejected by every standard node in the network.

[DeepCryptoanalist3]

As DeathAndTaxes said it would take a small fortune for anyone to successfully include a gigantic transaction into a block. If you tried to send 1Gb transaction without any fee it'd get rejected by every standard node in the network.

We already discussed this and now are discussing scenario in which you are an admin of a mining pool and you can just add some spam data to the block you are forming. This spam data shouldn't prevent others from using your block as a previous in a chain. Its just a business. If your block is ending the longest chain others will adopt it no matter how big it is.

[Meizirkki]

As DeathAndTaxes said it would take a small fortune for anyone to successfully include a gigantic transaction into a block. If you tried to send 1Gb transaction without any fee it'd get rejected by every standard node in the network.

We already discussed this and now are discussing scenario in which you are an admin of a mining pool and you can just add some spam data to the block you are forming. This spam data shouldn't prevent others from using your block as a previous in a chain. Its just a business. If your block is ending the longest chain others will adopt it no matter how big it is.

ah, got it  

[Meizirkki]

Afaik the block would still get rejected, if it surpasses the hard limit of 1Mb

[DeepCryptoanalist3]

Afaik the block would still get rejected, if it surpasses the hard limit of 1Mb

Yes this limit ruined all my evil plans 

[Meizirkki]

Afaik the block would still get rejected, if it surpasses the hard limit of 1Mb

Yes this limit ruined all my evil plans 

Were you going to set up an evil pool?

[empoweoqwj]

Afaik the block would still get rejected, if it surpasses the hard limit of 1Mb

Yes this limit ruined all my evil plans 

I think any attack on the bitcoin network that works would have happened by now. How many have their been?

[DeepCryptoanalist3]

I think any attack on the bitcoin network that works would have happened by now. How many have their been?

Why would it be? For now only just for fun hacks are possible. Who may be interested to spend money on this attack now? BitCoin is not adopted in any country. There is no wealthy bitcoin hater at this point.