Bitcoin Forum
December 11, 2016, 12:05:41 PM *
News: To be able to use the next phase of the beta forum software, please ensure that your email address is correct/functional.
 
   Home   Help Search Donate Login Register  
Pages: [1]
  Print  
Author Topic: Double Spending Proof of Concept  (Read 1872 times)
jpent
Jr. Member
*
Offline Offline

Activity: 31



View Profile
April 14, 2011, 01:12:57 PM
 #1

Hey. I'm just wondering if anyone has written a proof of concept program which attempts to trick the network into allowing double spending. I think it would be good to get something like this out in the open soon so it can be tested thoroughly before the network get any bigger.

It would also be nice to see how the default client reacts when a malicious attempt is detected.

PGP Key Fingerprint: 142E BEF5 5420 B00F 186C  7332 0B15 F673 EF9F DA26

# make install, not war

149gNEaA45b4NkM37XuBbhrM3gTAKikzqd - In case anyone needs this
1481457941
Hero Member
*
Offline Offline

Posts: 1481457941

View Profile Personal Message (Offline)

Ignore
1481457941
Reply with quote  #2

1481457941
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
bitlotto
Hero Member
*****
Offline Offline

Activity: 672


BitLotto - best odds + best payouts + cheat-proof


View Profile WWW
April 14, 2011, 02:17:36 PM
 #2

Hey. I'm just wondering if anyone has written a proof of concept program which attempts to trick the network into allowing double spending. I think it would be good to get something like this out in the open soon so it can be tested thoroughly before the network get any bigger.

It would also be nice to see how the default client reacts when a malicious attempt is detected.

It's why some people wait for confirmations. The network uses a long block chain. As the blocks come in the double spend would not be able to exist. Only during the time of a branch in the chain could both exist. AFAIK.

*Next Draw Feb 1*  BitLotto: monthly raffle (0.25 BTC per ticket) Completely transparent and impossible to manipulate who wins. TOR
TOR2WEB
Donations to: 1JQdiQsjhV2uJ4Y8HFtdqteJsZhv835a8J are appreciated.
jpent
Jr. Member
*
Offline Offline

Activity: 31



View Profile
April 14, 2011, 03:01:00 PM
 #3

Yeah I just think it might be useful to have a program which tests the concept

PGP Key Fingerprint: 142E BEF5 5420 B00F 186C  7332 0B15 F673 EF9F DA26

# make install, not war

149gNEaA45b4NkM37XuBbhrM3gTAKikzqd - In case anyone needs this
AbeSkray
Member
**
Offline Offline

Activity: 72



View Profile
April 14, 2011, 03:09:54 PM
 #4

Yeah I just think it might be useful to have a program which tests the concept

If you really think it would be useful to have a program like this, put your bitcoins where your mouth is! Define some requirements and offer a bounty. Encourage others to contribute to your bounty and eventually a developer might take up the challenge and deliver.

If you end up going this route, you might want to consider moving this thread to the Project Development Forum. This is typically where users discuss bounties. There's also a wiki page.
MoonShadow
Legendary
*
Offline Offline

Activity: 1666



View Profile
April 14, 2011, 03:55:21 PM
 #5

Please keep this on testnet.

"The powers of financial capitalism had another far-reaching aim, nothing less than to create a world system of financial control in private hands able to dominate the political system of each country and the economy of the world as a whole. This system was to be controlled in a feudalist fashion by the central banks of the world acting in concert, by secret agreements arrived at in frequent meetings and conferences. The apex of the systems was to be the Bank for International Settlements in Basel, Switzerland, a private bank owned and controlled by the world's central banks which were themselves private corporations. Each central bank...sought to dominate its government by its ability to control Treasury loans, to manipulate foreign exchanges, to influence the level of economic activity in the country, and to influence cooperative politicians by subsequent economic rewards in the business world."

- Carroll Quigley, CFR member, mentor to Bill Clinton, from 'Tragedy And Hope'
jpent
Jr. Member
*
Offline Offline

Activity: 31



View Profile
April 14, 2011, 04:58:59 PM
 #6

If a program like this doesn't already exist then I might create one. It depends if I can even think of a way to do it that wouldn't be completely futile.

PGP Key Fingerprint: 142E BEF5 5420 B00F 186C  7332 0B15 F673 EF9F DA26

# make install, not war

149gNEaA45b4NkM37XuBbhrM3gTAKikzqd - In case anyone needs this
MoonShadow
Legendary
*
Offline Offline

Activity: 1666



View Profile
April 14, 2011, 08:15:21 PM
 #7

If a program like this doesn't already exist then I might create one. It depends if I can even think of a way to do it that wouldn't be completely futile.

If you can think of some way that it wouldn't be futile, then Bitcoin is in trouble.

"The powers of financial capitalism had another far-reaching aim, nothing less than to create a world system of financial control in private hands able to dominate the political system of each country and the economy of the world as a whole. This system was to be controlled in a feudalist fashion by the central banks of the world acting in concert, by secret agreements arrived at in frequent meetings and conferences. The apex of the systems was to be the Bank for International Settlements in Basel, Switzerland, a private bank owned and controlled by the world's central banks which were themselves private corporations. Each central bank...sought to dominate its government by its ability to control Treasury loans, to manipulate foreign exchanges, to influence the level of economic activity in the country, and to influence cooperative politicians by subsequent economic rewards in the business world."

- Carroll Quigley, CFR member, mentor to Bill Clinton, from 'Tragedy And Hope'
AbeSkray
Member
**
Offline Offline

Activity: 72



View Profile
April 14, 2011, 09:08:28 PM
 #8

If a program like this doesn't already exist then I might create one. It depends if I can even think of a way to do it that wouldn't be completely futile.

I think "completely futile" is not a bad starting point. Like you said:
It would also be nice to see how the default client reacts when a malicious attempt is detected.

I haven't dived into the source code yet, but I imagine it wouldn't take too much tinkering to modify the standard client so that it could attempt a double-spend on the testnet. I think a developer could do this without too much effort. Conceptually, a Bitcoin network should be able to repel a double-spend, but someone should start gathering empirical data at some point (if the white hats don't get there first, the black hats surely will).

What happens when one node attempts a double-spend? What happens when multiple nodes are coordinated in a double-spend? How many bad nodes does it take for a double-spend to succeed (if any)? I think these questions have theoretical answers, but maybe its time to start gathering some hard data.

Keep us up to date if you decide to create something like this. I, for one, would be interested in what you find out. If I have time, I might like to help out. In any case, it sounds like a fun way to start getting familiar with the standard Bitcoin source code.
Raulo
Full Member
***
Offline Offline

Activity: 238


View Profile
April 14, 2011, 09:20:59 PM
 #9

Double spend guide for beginners:

1. Run bitcoin program. Download the blockchain.
2. Get some coins.
3. Backup the wallet and install it on another machine.
4. Connect with the first machine to some nodes and with the other to different ones.
5. Open two windows and simultaneously send coins to different addresses from two machines.
6. Watch in the log as the transactions reach different nodes.
7. Wait patiently for the next block.
8. Enjoy how the network includes only one transaction and rejects the other.

Do you really think nobody tested it?

1HAoJag4C3XtAmQJAhE9FTAAJWFcrvpdLM
Matt Corallo
Hero Member
*****
Offline Offline

Activity: 751


View Profile
April 14, 2011, 09:31:24 PM
 #10

I've been thinking about doing a real attacking client for a while because quite a few people think its near impossible to execute well, but I disagree.  The best way to do this is to get the IPs of some of the largest miners (ArtForz + deepbit + slush's pool would probably do) and send one TX to them and one TX out to a bunch of other nodes (the target if you happen to know its IP).  Because no one will store a duplicate tx, theoretically the victim will hold the probably-wont-get-confirmed TX until the probably-will-be-confirmed is confirmed by one of the large-scale miners.

Obviously you won't double-spend but if people accept with 0 confirmations, well you should be able to pull this off.

Bitcoin Ubuntu PPA maintainer - donate to me personally: 1JBMattRztKDF2KRS3vhjJXA7h47NEsn2c
http://bitcoinrelaynetwork.org maintainer
PGP ID: 07DF 3E57 A548 CCFB 7530  7091 89BB B866 3E2E65CE
bitlotto
Hero Member
*****
Offline Offline

Activity: 672


BitLotto - best odds + best payouts + cheat-proof


View Profile WWW
April 14, 2011, 09:39:15 PM
 #11


Obviously you won't double-spend but if people accept with 0 confirmations, well you should be able to pull this off.

That's why it's recommended to wait for confirmations.

To actually pull off a double spend WITH confirmations it would be very hard. You would have to have a branch of block chains that survives in the network for some time. That would be very hard as I believe the network always picks the HARDEST branch and resists branching.

*Next Draw Feb 1*  BitLotto: monthly raffle (0.25 BTC per ticket) Completely transparent and impossible to manipulate who wins. TOR
TOR2WEB
Donations to: 1JQdiQsjhV2uJ4Y8HFtdqteJsZhv835a8J are appreciated.
Mike Hearn
Legendary
*
Offline Offline

Activity: 1526


View Profile
April 14, 2011, 09:42:33 PM
 #12

If there is a double spend the official client does not alert you, but those transactions will show as 0/unconfirmed forever.
Matt Corallo
Hero Member
*****
Offline Offline

Activity: 751


View Profile
April 14, 2011, 10:02:11 PM
 #13

That's why it's recommended to wait for confirmations.
My point was that many people have said you don't need to worry about it for very small txes, however you might be able to write a client which tries to send bogus txes automatically so you just never have to pay for your small txes.

Bitcoin Ubuntu PPA maintainer - donate to me personally: 1JBMattRztKDF2KRS3vhjJXA7h47NEsn2c
http://bitcoinrelaynetwork.org maintainer
PGP ID: 07DF 3E57 A548 CCFB 7530  7091 89BB B866 3E2E65CE
barbarousrelic
Hero Member
*****
Offline Offline

Activity: 675


View Profile
April 14, 2011, 10:51:13 PM
 #14

Does the client alert you that a transaction has been denied? Or does it just say " 0/unconfirmed " forever?

Do not waste your time debating whether Bitcoin can work. It does work.

"Early adopters will profit" is not a sufficient condition to classify something as a pyramid or Ponzi scheme. If it was, Apple and Microsoft stock are Ponzi schemes.

There is no such thing as "market manipulation." There is only buying and selling.
epii
Full Member
***
Offline Offline

Activity: 196



View Profile
April 14, 2011, 11:29:34 PM
 #15

Does the client alert you that a transaction has been denied? Or does it just say " 0/unconfirmed " forever?

That might be a future feature: http://bitcointalk.org/index.php?topic=5758.msg84785#msg84785
(i.e. if your transaction is not processed within 24 hours, you would know it has been "rejected")

Vires In Numeris.
fabianhjr
Sr. Member
****
Offline Offline

Activity: 322


Do The Evolution


View Profile
April 15, 2011, 02:48:56 AM
 #16

Please note some sites such as probiwon just wait for 1 confirmation, this could create havoc since you could send thousands of 25 BTC transactions to your acceptor and after the first confirmation it will broadcast a send transaction to your address. It won't check for validity afaik, I will contact him to get on this thread.

alkor
Full Member
***
Offline Offline

Activity: 137


View Profile
April 15, 2011, 04:50:52 AM
 #17

I've been thinking about doing a real attacking client for a while because quite a few people think its near impossible to execute well, but I disagree.  The best way to do this is to get the IPs of some of the largest miners (ArtForz + deepbit + slush's pool would probably do) and send one TX to them and one TX out to a bunch of other nodes (the target if you happen to know its IP).
The question is how will you get the IPs of the biggest miners? Don't miners just appear as regular clients on the network? Is there actually a way to tell if a node is a miner or a client?
Matt Corallo
Hero Member
*****
Offline Offline

Activity: 751


View Profile
April 15, 2011, 09:57:34 AM
 #18

I've been thinking about doing a real attacking client for a while because quite a few people think its near impossible to execute well, but I disagree.  The best way to do this is to get the IPs of some of the largest miners (ArtForz + deepbit + slush's pool would probably do) and send one TX to them and one TX out to a bunch of other nodes (the target if you happen to know its IP).
The question is how will you get the IPs of the biggest miners? Don't miners just appear as regular clients on the network? Is there actually a way to tell if a node is a miner or a client?
Slush's pool's node is on the fallback nodes page.  You ask them? I doubt they give them out freely, but if I were to write a proof-of-concept attack I'm sure they would be happy to help.  If anyone were doing real attacking, I'm sure a good social-engineering attack would easily get the proper IPs.  (plus you can figure out ArtForz's node based on GeoIP, I think he is the only one in the middle of Germany on the node map)

Bitcoin Ubuntu PPA maintainer - donate to me personally: 1JBMattRztKDF2KRS3vhjJXA7h47NEsn2c
http://bitcoinrelaynetwork.org maintainer
PGP ID: 07DF 3E57 A548 CCFB 7530  7091 89BB B866 3E2E65CE
Pages: [1]
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!