Bitcoin Forum
December 05, 2016, 12:39:12 AM *
News: Latest stable version of Bitcoin Core: 0.13.1  [Torrent].
 
   Home   Help Search Donate Login Register  
Pages: « 1 [2] 3 4 »  All
  Print  
Author Topic: Thought Experiment on Super Computing and Bitcoin Generation Difficulty  (Read 8984 times)
gigabytecoin
Sr. Member
****
Offline Offline

Activity: 280


View Profile
March 17, 2011, 12:42:07 PM
 #21

The difficulty can't go up or down more than 4x in one adjustment, so it'd take longer than 2016 blocks to become completely out of reach.

If that ever happens, I suppose we'd have to change the difficulty adjustment method to fix it.

That was going to be one of the suggestions I just had as a way to stop this attack... but how often do the "adjustments" take place?

Theoretically this is just a bandaid to the attack vector. Even if the bitcoin network forced a new difficultly to be increased by only 4x every 10 minutes... the difficulty could be increased 4^6=4096 times within one hour. Thus ceasing all transactions to a halt (once they backed out of generating).

I doubt the bitcoin core developers will update their software once an hour.

And what if the difficulty adjustment takes place instantaneously? Which I assume it would... the attacker could ramp up a 10,000 factor difficulty in a matter of seconds just as originally described. With a 4x per increment maximum or not.
1480898352
Hero Member
*
Offline Offline

Posts: 1480898352

View Profile Personal Message (Offline)

Ignore
1480898352
Reply with quote  #2

1480898352
Report to moderator
1480898352
Hero Member
*
Offline Offline

Posts: 1480898352

View Profile Personal Message (Offline)

Ignore
1480898352
Reply with quote  #2

1480898352
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
gigabytecoin
Sr. Member
****
Offline Offline

Activity: 280


View Profile
March 17, 2011, 12:49:19 PM
 #22

vladimir, are you talking about 50% network capacity in terms of computer power or networking nodes? I am referring to a single computer capable of generating 2016 blocks within a matter of seconds on a single node/ip address. And then abandoning the network. Thus making it nearly impossible for the rest of us to solve a block... ever.
JohnDoe
Sr. Member
****
Offline Offline

Activity: 392



View Profile
March 17, 2011, 12:56:39 PM
 #23

The difficulty can't go up or down more than 4x in one adjustment

LOL, such a simple mitigator that I feel dumb not thinking about it while reading this thread.

So why not change this right now while it's still easy to something like a difficulty adjustment every 144 blocks with a maximum increment of 0.5x and unlimited decrease?
caveden
Legendary
*
Offline Offline

Activity: 1106



View Profile
March 17, 2011, 01:08:17 PM
 #24

I am a rogue government or central bank with almost unlimited funds.

This is not an acceptable hypothesis.

By the way, the bitcoin network computing power is already comparable (~50%) to the strongest supercomputer on Earth, according to what I've read in these forums.

18rZYyWcafwD86xvLrfuxWG5xEMMWUtVkL
FreeMoney
Legendary
*
Offline Offline

Activity: 1246


Strength in numbers


View Profile WWW
March 17, 2011, 01:49:44 PM
 #25

I am a rogue government or central bank with almost unlimited funds.

This is not an acceptable hypothesis.

By the way, the bitcoin network computing power is already comparable (~50%) to the strongest supercomputer on Earth, according to what I've read in these forums.

Yeah, there are computers that are orders of magnitude faster than other computers, but not that much faster than all the other computers combined (or even all the ones working on bitcoin).

Play Bitcoin Poker at sealswithclubs.eu. We're active and open to everyone.
comboy
Sr. Member
****
Offline Offline

Activity: 247



View Profile
March 17, 2011, 02:23:24 PM
 #26

The difficulty can't go up or down more than 4x in one adjustment
LOL, such a simple mitigator that I feel dumb not thinking about it while reading this thread.
So why not change this right now while it's still easy to something like a difficulty adjustment every 144 blocks with a maximum increment of 0.5x and unlimited decrease?

1. I don't get how this could help, we would not be able to solve even one block. It could be maybe something like "adjust difficulty if no block if found for N hours", but:
2. Really, fighting this problem seems like fighting hash collisions to me. Yes it can happen. Yet it would be bad. But what are the odds?

Variance is a bitch!
JohnDoe
Sr. Member
****
Offline Offline

Activity: 392



View Profile
March 17, 2011, 02:46:34 PM
 #27

1. I don't get how this could help, we would not be able to solve even one block.

I don't get it, why wouldn't be able to solve even one block? As I see it, lower number of blocks needed per adjustment and lower maximum increment would allow things to go back to normal faster after an attack.

Take the current mystery miner effect for example. If difficulty was adjusted every 144 blocks instead of every 2016 then we would already be generating ~6 blocks an hour like we are supposed to, but with the current setting we still have more than a week to go before we go back to the optimal rate.
Raulo
Full Member
***
Offline Offline

Activity: 238


View Profile
March 17, 2011, 03:32:49 PM
 #28

Why initiate such a lame attack? Anybody who can generate 2106 quickly can generate an alternative blockchain and inject it into the bitcoin network. Since all the nodes rely on the longest chain, they will accept it as the current one. It will render all the transactions (and hence all the bitcoins owned) from the current blockchain void. Alternatively, it can more slowly, continue with the current blockchain but generate so many blocks that enables the attacker to reverse  transactions at will and make any trust in Bitcoin disappear.

1HAoJag4C3XtAmQJAhE9FTAAJWFcrvpdLM
BitterTea
Sr. Member
****
Offline Offline

Activity: 294



View Profile
March 17, 2011, 03:46:07 PM
 #29

It will render all the transactions (and hence all the bitcoins owned) from the current blockchain void.
This wouldn't work, as certain block numbers are hard coded into Bitcoin client releases. That block (and thus the previous blocks) must match in order for that client to consider the blockchain valid.
Raulo
Full Member
***
Offline Offline

Activity: 238


View Profile
March 17, 2011, 03:51:54 PM
 #30

This wouldn't work, as certain block numbers are hard coded into Bitcoin client releases. That block (and thus the previous blocks) must match in order for that client to consider the blockchain valid.

It doesn't matter because it will have almost the same impact. The recent version has hardcoded block 105000 so anything from block 105000 can be voided. It would make a lot of wallets thinner and kill all the trust in the system.


1HAoJag4C3XtAmQJAhE9FTAAJWFcrvpdLM
Cryptoman
Hero Member
*****
Offline Offline

Activity: 728



View Profile
March 17, 2011, 04:02:02 PM
 #31

I don't see anyone coming up with such a supercomputer anytime soon.  The fastest computer currently known is the Tianhe-I, which is capable of 2.5 petaFLOPS.  The current Bitcoin network hashing rate is around 500 Ghash/S.  According to ArtForz, one hash/s corresponds to approximately 8000 FLOPS.  Therefore, the Bitcoin network is capable of around 4 petaFLOPS today.  That's pretty amazing if you think about it.  Finding a block in a second, not nanoseconds as you are suggesting, would require a computer capable of something on the order of 2.5 exaFLOPS.  That's a thousand times more powerful than the most powerful supercomputer today.  If someone had such a machine, I suspect the last thing they would be doing with it would be attacking the Bitcoin network.

"A small body of determined spirits fired by an unquenchable faith in their mission can alter the course of history." --Gandhi
caveden
Legendary
*
Offline Offline

Activity: 1106



View Profile
March 17, 2011, 04:25:53 PM
 #32

I don't see anyone coming up with such a supercomputer anytime soon.  The fastest computer currently known is the Tianhe-I, which is capable of 2.5 petaFLOPS.  The current Bitcoin network hashing rate is around 500 Ghash/S.  According to ArtForz, one hash/s corresponds to approximately 8000 FLOPS.  Therefore, the Bitcoin network is capable of around 4 petaFLOPS today.  

You're saying that the bitcoin miners altogether already beat the strongest supercomputer of the world? Last time I read about it here it was told that the difficulty should be above 100.000 for that to happen.

If that's truly the case, a few blog posts on it could cause some buzz, maybe even earns us another /.

18rZYyWcafwD86xvLrfuxWG5xEMMWUtVkL
Cryptoman
Hero Member
*****
Offline Offline

Activity: 728



View Profile
March 17, 2011, 04:55:39 PM
 #33

You're saying that the bitcoin miners altogether already beat the strongest supercomputer of the world? Last time I read about it here it was told that the difficulty should be above 100.000 for that to happen.

If that's truly the case, a few blog posts on it could cause some buzz, maybe even earns us another /.

I got my estimate of network hashing capacity from sipa's graphs here: http://bitcoin.sipa.be/
Then I used the hash-to-FLOPS conversion figures provided by ArtForz here: http://bitcointalk.org/index.php?topic=4408.msg64596#msg64596

So today's approximate FLOPS figure would be (500E9 hash/s) * (4150 intops/hash) * (2 flops/intop) = 4.15E15 FLOPS.  It's definitely a newsworthy development.


"A small body of determined spirits fired by an unquenchable faith in their mission can alter the course of history." --Gandhi
Raulo
Full Member
***
Offline Offline

Activity: 238


View Profile
March 17, 2011, 04:56:14 PM
 #34

You're saying that the bitcoin miners altogether already beat the strongest supercomputer of the world? Last time I read about it here it was told that the difficulty should be above 100.000 for that to happen.

Tianhe-1A has 7168 Teslas and with 80 MH/s each, the supercomputer can get 573 GH/s from the GPUs alone. Then, it has 14,336 Xeon X5670 processors, each capable of 19 MH/s=272 GH/s. Total 845 GH/s equivalent to difficulty 140,000.

The quoted 2.5 PFLOPs for Tianhe is with the loss on interconnections. For bitcoin mining, the network is irrelevant and better figure is the peak 4.7 PFLOPs.

Anyway, supercomputers sound sexy and all but you don't need a supercomputer for Bitcoin hashing. The biggest trouble with a supercomputer is to get so much computing power in one place, with fast connections. But you can attack Bitcoin with 10 smaller supercomputers or with a botnet. Mystery Miner achieved 400 GH/s at his peak, and could have reversed transactions.

Currently, the strongest Bitcoin defense is irrelevancy. Nobody cares about destroying Bitcoin, yet. And if Bitcoin becomes relevant, the attack will be more difficult.

1HAoJag4C3XtAmQJAhE9FTAAJWFcrvpdLM
caveden
Legendary
*
Offline Offline

Activity: 1106



View Profile
March 17, 2011, 05:11:41 PM
 #35

Thank you for the numbers.

Raulo, you seem to claim that somebody could "easily destroy" bitcoins in its current stage...

First, to me saying that double-spending by one super-attacker "destroys" bitcoin is way exaggerated. That super-attacker would just become a dangerous criminal, able to "counterfeit" transactions with every unfortunate person which happens to transact with him. That's serious, but it's not a "destruction" of the currency. Such criminal wouldn't manage to go too far, I believe, before being spotted.

And by the way, how easy is that? I mean, how much $$$ would it be necessary to double-spend? Do yo really think that it's a profitable crime? I don't know, but I think the costs largely outcome the potential benefits.

18rZYyWcafwD86xvLrfuxWG5xEMMWUtVkL
theymos
Administrator
Legendary
*
Online Online

Activity: 2492


View Profile
March 17, 2011, 06:16:51 PM
 #36

vladimir, are you talking about 50% network capacity in terms of computer power or networking nodes? I am referring to a single computer capable of generating 2016 blocks within a matter of seconds on a single node/ip address. And then abandoning the network. Thus making it nearly impossible for the rest of us to solve a block... ever.

An attacker with more than 50% of the network's CPU can also prevent anyone from ever making a block. It's probably cheaper to maintain 51% continuously than do 2000% or whatever in bursts.

1NXYoJ5xU91Jp83XfVMHwwTUyZFK64BoAD
Raulo
Full Member
***
Offline Offline

Activity: 238


View Profile
March 17, 2011, 06:24:25 PM
 #37

Raulo, you seem to claim that somebody could "easily destroy" bitcoins in its current stage...

I'm not saying "easily". But it's doable.

Quote
First, to me saying that double-spending by one super-attacker "destroys" bitcoin is way exaggerated. That super-attacker would just become a dangerous criminal, able to "counterfeit" transactions with every unfortunate person which happens to transact with him. That's serious, but it's not a "destruction" of the currency. Such criminal wouldn't manage to go too far, I believe, before being spotted.

It is more profitable just to mine than to double spend but we are discussing destroying Bitcoin, not profiting from that. 

Quote
And by the way, how easy is that? I mean, how much $$$ would it be necessary to double-spend? Do yo really think that it's a profitable crime? I don't know, but I think the costs largely outcome the potential benefits.

We are discussing in a thread which starts with "Though experiment".  I'm just saying with 50% of network hash, one can destroy Bitcoin. Period. It's in the principles and it is described in the Satoshi's technical paper. One does not need to go into some elaborate "difficulty hiking" to destroy Bitcoin. 500 GH/s of network power is not peanuts but there are a few dozen entities that can pull that.


1HAoJag4C3XtAmQJAhE9FTAAJWFcrvpdLM
theymos
Administrator
Legendary
*
Online Online

Activity: 2492


View Profile
March 17, 2011, 06:27:09 PM
 #38

I'm just saying with 50% of network hash, one can destroy Bitcoin. Period.

It doesn't "destroy" Bitcoin. It just makes it unsafe for as long as the attacker is in control.

1NXYoJ5xU91Jp83XfVMHwwTUyZFK64BoAD
Cryptoman
Hero Member
*****
Offline Offline

Activity: 728



View Profile
March 17, 2011, 06:35:46 PM
 #39

Mystery Miner achieved 400 GH/s at his peak, and could have reversed transactions.

Do we know that this hashing power was under the control of a single entity?  Could a bunch of kids from overclock.net have joined the network temporarily only to get bored and return to gaming when they realized they would not become millionaires overnight? 

"A small body of determined spirits fired by an unquenchable faith in their mission can alter the course of history." --Gandhi
Raulo
Full Member
***
Offline Offline

Activity: 238


View Profile
March 17, 2011, 06:37:52 PM
 #40

I'm just saying with 50% of network hash, one can destroy Bitcoin. Period.
It doesn't "destroy" Bitcoin. It just makes it unsafe for as long as the attacker is in control.

True. But it is equivalent of death of Bitcoin as a currency. A small attack, reversing a few blocks would probably not be fatal for Bitcoin. But a large one? I doubt it. Who would trust it?  Building the bitcoin chain in parallel and reversing all transactions from, say, last week would, for instance, cripple bitcoin exchanges if they would be required to refund the reversed purchases. And it can be done in a stealth way so the community cannot do any countermeasures until after it happens.

1HAoJag4C3XtAmQJAhE9FTAAJWFcrvpdLM
Pages: « 1 [2] 3 4 »  All
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!