wizkid057 (OP)
Legendary
Offline
Activity: 1223
Merit: 1006
|
|
July 07, 2014, 12:06:03 AM |
|
the attacker does not gain any direct benefit by performing the attack
Hi guys, It is NOT true that the attacker cannot benefit from such an attack! In our paper published 6 months ago we explain how to make block withholding attacks PROFITABLE. It is very very simple and gains can be quite substantial in practice, see: http://arxiv.org/abs/1402.1718Well, the first assumption under the block withholding section of that paper is already wrong. We assume that all miners mine in pools, small and large. Miners in one pool mine with the public key of the pool manager which later re-distributes the gains. Both Eligius and P2Pool do not use this method. We assume that the pool managers are perfectly neutral and do not try to detect or prevent any unusual behavior. Also untrue, at least in the case of Eligius, as made obvious previously. While I'm just going to stop there, since some of your initial assumptions are just wrong, I must assume the balance of the section is equally so. Skimming it looks like you assume the withholding miner has some 20% of the network hash rate... then go on to say they can have greater returns by withholding than legitimate miners somehow. Magic I guess.
|
|
|
|
baddw
|
|
July 07, 2014, 06:01:58 AM |
|
the attacker does not gain any direct benefit by performing the attack
Hi guys, It is NOT true that the attacker cannot benefit from such an attack! In our paper published 6 months ago we explain how to make block withholding attacks PROFITABLE. It is very very simple and gains can be quite substantial in practice, see: http://arxiv.org/abs/1402.1718Well, the first assumption under the block withholding section of that paper is already wrong. We assume that all miners mine in pools, small and large. Miners in one pool mine with the public key of the pool manager which later re-distributes the gains. Both Eligius and P2Pool do not use this method. Not to speak for the authors, but I believe that this doesn't change anything. We assume that the pool managers are perfectly neutral and do not try to detect or prevent any unusual behavior. Also untrue, at least in the case of Eligius, as made obvious previously. While I'm just going to stop there, since some of your initial assumptions are just wrong, I must assume the balance of the section is equally so. Skimming it looks like you assume the withholding miner has some 20% of the network hash rate... then go on to say they can have greater returns by withholding than legitimate miners somehow. Magic I guess. They make several assumptions at the beginning, just to allow the result to follow cleanly. This is done all the time in economics and the sciences. See "Assume a spherical cow." It is known to the authors that these assumptions may be unrealistic, but if they hold even partially then the result can hold even partially. Once an interesting result comes out, it is the job of the authors' peers and the public at large to debate the assumptions, and to what extent they are true. Which is obviously what you are doing, but don't use the assumption to as an excuse to write the authors off as idiots and discard the entire argument. Ultimately, though, the paper has a major logic fail. The paper takes the example that the attacker has a large amount of hashrate (20% of the network), splits it into two (10% and 10%) and puts 10% in a pool, and 10% solo-mining. They do some math that basically tries to show that by withholding the blocks from the pool, the pool has its apparent luck reduced, while everybody else has their apparent luck increased. (See the logic fail already?) They claim that the increase in luck for the non-pool 10% is a net gain, besides getting fairly paid for the pool 10%. The fatal flaw is the (understandable, to naïve Bitcoiners) assumption that the apparent luck of a given pool/miner going down, equates to an increase in the apparent luck of everybody else on the network. This is a gross misunderstanding of the stochastic nature of Bitcoin mining. The paper treats Bitcoin mining like a lottery with 500 tickets, distributed among 500 miners, so that when 50 miners are removed from the room, then the other miners have an increased chance of winning (1/450 instead of 1/500). Rather, it is like having 500 miners set up at tables, each of them rolling 10 dice constantly, and every time they roll 10 6's, they get paid. Removing 50 miners from the room would not affect the chances of any of the remaining 450 rolling 10 6's (although it would slow down the overall rate of miners rolling 10 6's..... if 500 people produced this result on average once an hour, 450 people would produce the result on average once every 1.11 hours, to do some simple math -- which may not be entirely appropriate (stats was never my strong suit) but it illustrates the point.). Naïvely, yes, each block now has a chance of being found by only 450 people, not 500. However, the mining income per unit of time by each miner does not change. Each miner (assuming they all roll the dice at the same rate) maintains the same income per hour/day/month. Looking at results "per block" instead of "per unit time" will lead to silly results like the ones in this paper. There are an infinite amount of blocks; while they do only come one at a time, they are not exactly a scarce commodity. Like Whack-a-Mole, each time a block is solved, another block pops up in its place. Yes, mining is a "race" for every block, and the first to find the block gets the reward; but there is always a new block to start on. There could be some very complex and relatively subtle effects in the network, due to block propagation and that kind of thing, but the paper doesn't even start to think about that... and I think it would mostly be noise, with some positives for those on low-latency Internet connections, which all pools and presumably any large solo-miner would be sure to have. Ignoring network delays, every miner (and mining pool) has an equal and independent chance of mining a block, based solely on their hashrate. Eligius' luck does not impact the luck of Ghash.io. Everybody's luck is calculated against the Bitcoin difficulty, not against any other miner's luck. The overall luck of the entire Bitcoin network does not add up to 100%; in fact, it is for this reason that the difficulty adjustment occurs in the first place. The only impact that such an attack would have is to try to ruin the pool, or to earn BTC without impacting the difficulty. (Which, granted, could be goals of an attacker.) But the attacker could not *gain* anything by such an attack. Their 10% would earn just as much BTC by solo mining as they get in the pool; and the other 10% would not earn any more or less. It is alarming that a PhD who studies and teaches cryptography would make such a mistake. BTW, thinking through all of this made me realize how important it is that Eligius kept the BTC from that miner who was doing block withholding. The bad actor must have something at risk by withholding blocks; if they are found out and the payment is withheld, they have wasted that hashpower (electricity costs, + time value of miners) for no reward, where they could have found blocks and gained the rewards from solo-mining (or mining with the pool, but not withholding blocks). It is critical that all pools keep up this kind of vigilance, and leave no question that any discovered block withholders will in turn have their funds withheld. So they will have nothing to gain, and something to lose.
|
BTC/XCP 11596GYYq5WzVHoHTmYZg4RufxxzAGEGBX DRK XvFhRFQwvBAmFkaii6Kafmu6oXrH4dSkVF Eligius Payouts/CPPSRB Explained I am not associated with Eligius in any way. I just think that it is a good pool with a cool payment system
|
|
|
PlanetCrypto
|
|
July 07, 2014, 06:05:31 AM |
|
Maybe I'm FUBAR, but if I had 20% of the network hash rate I think I'd be more concerned with what color Lamborghini Aventador I was going to buy next, versus a withholding attack.
|
|
|
|
vulgartrendkill
|
|
July 07, 2014, 06:47:42 AM |
|
Maybe I'm FUBAR, but if I had 20% of the network hash rate I think I'd be more concerned with what color Lamborghini Aventador I was going to buy next, versus a withholding attack.
I'm with you on that one.
|
|
|
|
wizkid057 (OP)
Legendary
Offline
Activity: 1223
Merit: 1006
|
|
July 07, 2014, 10:18:21 AM |
|
Maybe I'm FUBAR, but if I had 20% of the network hash rate I think I'd be more concerned with what color Lamborghini Aventador I was going to buy next, versus a withholding attack.
I'm with you on that one. Tesla Model S P85+
|
|
|
|
Bitskint
Member
Offline
Activity: 79
Merit: 10
|
|
July 07, 2014, 10:35:46 AM |
|
Maybe I'm FUBAR, but if I had 20% of the network hash rate I think I'd be more concerned with what color Lamborghini Aventador I was going to buy next, versus a withholding attack.
I'm with you on that one. Tesla Model S P85+One I got the other week from my profits Lamborghini-reventon
|
1M68XehjYww77DLgwW9rk2zRid8Z8B7uw7 <-- my new BTC addy since Cryptsy took everything
|
|
|
midyatspor
Member
Offline
Activity: 107
Merit: 10
|
|
July 07, 2014, 01:43:01 PM |
|
Any idea why the pool payments is taking this long, just curious, no problem waiting on my part, it's been 5 days, have almost 1 BTC.
|
|
|
|
jcumins
Full Member
Offline
Activity: 312
Merit: 100
Bcnex - The Ultimate Blockchain Trading Platform
|
|
July 07, 2014, 02:01:34 PM |
|
It is all based upon the oldest payment first, as blocks are solved.
25 BTC per block.
|
|
|
|
Kexkey
Full Member
Offline
Activity: 237
Merit: 100
Smile while thinking.
|
|
July 07, 2014, 02:01:47 PM |
|
the attacker does not gain any direct benefit by performing the attack
Hi guys, It is NOT true that the attacker cannot benefit from such an attack! In our paper published 6 months ago we explain how to make block withholding attacks PROFITABLE. It is very very simple and gains can be quite substantial in practice, see: http://arxiv.org/abs/1402.1718If I read correctly, in your paper, you don't explain how withholding blocks is profitable. You explain how it makes miners from the attacked pool (including the withholder) gain less (than if there was no withholding). So, by having half the hashpower mining elsewhere, the withholder gains are bigger than the other miners (from the attacked pool) -- but they are less than if there was no block withholding. I don't think this is PROFIT in the sense of gaining more. It's just "more than the others from the pool". Where withholding blocks could be profitable is for pool operators. Making a competitor pool look less interesting with bad luck may make miners switch/choose another pool and the chosen pool operator would then benefit from the better pool fees/income. Thinking out loud. It is not mathematics, it is just manipulation of miner opinions and decisions by making a pool look bad. Kexkey
|
This digital signature is not a digital signature.
|
|
|
PlanetCrypto
|
|
July 07, 2014, 04:12:57 PM |
|
Maybe I'm FUBAR, but if I had 20% of the network hash rate I think I'd be more concerned with what color Lamborghini Aventador I was going to buy next, versus a withholding attack.
I'm with you on that one. Tesla Model S P85+One I got the other week from my profits Lamborghini-reventonSo jealous, have wanted an S Model since it was glimmer in the minds of the engineers. Reventons were very limited production (as were the Siesto Elemento's), hard to find at any price. Aventadors are common in the new (~$397K) and used markets. And @ 691 Hp, 2.8 secs to 100, and a top end of 217Mph that blows my skirt up enough.
|
|
|
|
proclivity
Member
Offline
Activity: 67
Merit: 10
|
|
July 07, 2014, 10:22:51 PM |
|
Maybe I'm FUBAR, but if I had 20% of the network hash rate I think I'd be more concerned with what color Lamborghini Aventador I was going to buy next, versus a withholding attack.
I'm with you on that one. Tesla Model S P85+I confirmed a month ago for a P85+ but it will be at least 6-7 weeks longer until it's built and delivered
|
For tips only - 12QT6zPJM5kQ5piZfn7tyFfcJrbgvSnMLn
|
|
|
crashoveride54902
|
|
July 07, 2014, 11:49:00 PM |
|
I've got 6 TerraMinerIV's on here (and a lot of other miners).
Checking stats today.. #5 had its title changed, NMC address removed. What in the actual F.
got a virus from somewhere you don't know about? someone nabbed your wallet.dat file? you have it password protected right? I just don't see how someone can change this otherwise...unless your using an online wallet...that would be easier to steal with virus if so, i'd use QT right away and switch yer password on like everything just to be safe someone hacked my btc-e account somehow...didn't even get a virus or anything...just one day saw a login from an IP that was wasn't mine...oh well lucky i didn't store anything in there after being lucky dodging the gox issue i thought best to keep all my coins in wallets i control go me!
|
Dreams of cyprto solving everything is slowly slipping away...Replaced by scams/hacks
|
|
|
vittorio88
Newbie
Offline
Activity: 7
Merit: 0
|
|
July 08, 2014, 03:12:24 PM |
|
Hello Everybody!
Mining n00b here!
I just bought an Bitmain Tech Antminer S2, and after having the factory PSU throw sparks that sounded like gunshots and stink up my house like an electronics factory burning down; I successfully replaced it with an Enermax Platimax 1350W and am back online.
I successfully configured Slush's Pool to verify the functionality, and am trying to switch to Eligius.
After roughly 12 hours of mining on the stratum server, and 5 hours of mining on the GBT server, I have not seen updates in the Stats server.
I would love to say, "It's not you, it's me", and keep troubleshooting on my end, but I'm afraid I'm throwing away BTC. (or at least throwing them at the pool instead of my own wallet)
Thanks everybody, Vittorio
|
|
|
|
Kuma
Member
Offline
Activity: 107
Merit: 10
|
|
July 08, 2014, 03:24:42 PM |
|
Hi, can you send screenshot of your settings for Eligius?
|
|
|
|
baddw
|
|
July 08, 2014, 03:34:27 PM |
|
the attacker does not gain any direct benefit by performing the attack
Hi guys, It is NOT true that the attacker cannot benefit from such an attack! In our paper published 6 months ago we explain how to make block withholding attacks PROFITABLE. It is very very simple and gains can be quite substantial in practice, see: http://arxiv.org/abs/1402.1718Just to follow-up to my earlier post.... 1) There is a possibility for mining in a pool, and withholding blocks, to be net profitable for an attacker solely by the effect on the difficulty level, and delaying the difficulty retargeting. If one had a substantial hashrate (say 5% of the network) then by mining in a pool and withholding valid blocks, blocks will be found 5% slower, and the difficulty retargeting will be delayed by 5%. So they could potentially gain a few hours of time submitting shares to the pool at a higher value per share due to the lower difficulty. Also, the new after-retarget difficulty will be lower than if they were submitting blocks properly, so again the attacker will receive a higher value per share submitted to the pool after the difficulty retarget. There would be no reason for such an attacker not to use 100% of his hashrate in this way; but (for detection avoidance purposes) it would of course be smart to split it up among different pools, and different accounts within those pools. The net effect will be the same. 2) There is a race condition that occurs whenever two miners find blocks at roughly the same time (i.e., a short fork in the blockchain, resulting in an orphaned block). These events are rare; however, they do occur with predictable frequency. This is the only time when the results of one miner can impact the results of another. However, in the absence of persistent advantages in network capability, it is hard to imagine that these effects will be biased in one way or the other. If there is a net effect, it will be much more subtle than the result presented in the paper. Mining is still a series of independent trials, for all practical purposes. 3) I PM'ed ncourtois to see what he has to say. I noticed that he has updated the paper with a new version, which discusses the block withholding attack on Eligius and asserts that the attackers "profited" from the attack (i.e., had greater earnings than if they had been submitting blocks properly).
|
BTC/XCP 11596GYYq5WzVHoHTmYZg4RufxxzAGEGBX DRK XvFhRFQwvBAmFkaii6Kafmu6oXrH4dSkVF Eligius Payouts/CPPSRB Explained I am not associated with Eligius in any way. I just think that it is a good pool with a cool payment system
|
|
|
vittorio88
Newbie
Offline
Activity: 7
Merit: 0
|
|
July 08, 2014, 03:43:15 PM |
|
Hi, can you send screenshot of your settings for Eligius?
https://dl.dropboxusercontent.com/u/13943233/Cattura.JPGHi! I hope the previous image is sufficient, please let me know otherwise. Thanks, Vittorio PS: How long does it normally take for stats to post for a new miner? PS2: Wallet address for pastiness: 3HMiKMkBCBeEoP5ik4u3mBzckKfBYsru1B
|
|
|
|
Kuma
Member
Offline
Activity: 107
Merit: 10
|
|
July 08, 2014, 03:51:53 PM |
|
I should try to remove GBT address, I'm not sure if it's working correctly under S2. I'm using just stratum at Eligius with my S2.
|
|
|
|
jonnybravo0311
Legendary
Offline
Activity: 1344
Merit: 1024
Mine at Jonny's Pool
|
|
July 08, 2014, 04:43:26 PM |
|
Hi, can you send screenshot of your settings for Eligius?
Hi! I hope the previous image is sufficient, please let me know otherwise. Thanks, Vittorio PS: How long does it normally take for stats to post for a new miner? PS2: Wallet address for pastiness: 3HMiKMkBCBeEoP5ik4u3mBzckKfBYsru1B Um... I thought all BTC addresses start with a 1... Why is yours starting with a 3...? Edit: well I guess it is a valid address since I can find it in blockchain... Learn something new every day...
|
Jonny's Pool - Mine with us and help us grow! Support a pool that supports Bitcoin, not a hardware manufacturer's pockets! No SPV cheats. No empty blocks.
|
|
|
RealMalatesta
Legendary
Offline
Activity: 2366
Merit: 1141
|
|
July 08, 2014, 05:35:01 PM |
|
Maybe I'm FUBAR, but if I had 20% of the network hash rate I think I'd be more concerned with what color Lamborghini Aventador I was going to buy next, versus a withholding attack.
I'm with you on that one. Tesla Model S P85+Don't tease
|
|
|
|
ProfMac
Legendary
Offline
Activity: 1246
Merit: 1002
|
|
July 08, 2014, 05:50:55 PM |
|
From my mathematics training, I tend to speculate about changing rules, and what outcomes are likely.
This weekend, I wondered what would happen if the "recent backpay" was changed to "oldest backpay."
One effect is that the very old backpay would be paid out. In the current system, there is some doubt whether it will ever be paid. Another effect is that new miners would see a drop in their revenue, because initially they would not receive any backpay. Possibly a blended system, 50% recent and 50% oldest would balance these two concerns.
I assume wizkid & Luke evaluated this question in the past. I wonder what their reasoning was.
|
I try to be respectful and informed.
|
|
|
|