Fascinating what Michael Deletes [BTCguild 90% luck and dropping]

[cccminer]

I would think you could detect someone performing a block withholding attack on the pool through a simple test:

First identify your 'unluckiest' participants.  Then when a block is solved, immediately send the work unit for the block to those miners.  If they consistently fail to return the winning solution you know they are ripping you off.

There are a number of other attacks that could be detected with similar approaches.

What's troubling to me is the massive asymmetry of risks right now.  The miners on BTCguild have over $50M in hardware investments that is depreciating at 25% / month .  I'd be shocked if Micheal has $50k in total in hardware to run the pool.

My personal theory has been mentioned already:

<Tin foil hat on>
Startup 42e1 spends $2M on design and masks to build out their $5M 2Ph/s mine only to discover that the design has a flaw that prevents it from finding nonces with difficulties over 4.2 billion.  It still hashes lots of results below that level, so instead of scrapping things they move all their machines off the internal pool to a big public pool.
<tin foil hat off>

There are many, many other reasons someone could be maliciously attacking a pool, and the stakes keep getting larger.  If you're operating a public pool and not actively developing defenses, you will be burned.

And personally if I was clearing $250k / month off my pool, I wouldn't care what little people think either, but I would pay somebody to care.

Actually,  You should send the the winning hash/nonce to ALL particpants.  Just that hash.  Every miner that doesn't return the winning block should instantly be blacklisted.

THis is very very minor tax,  but a huge payoff in preventing a withholding attack, or blocking bad hardware.

[1713555292]

1713555292

[zvisha]

I would think you could detect someone performing a block withholding attack on the pool through a simple test:

First identify your 'unluckiest' participants.  Then when a block is solved, immediately send the work unit for the block to those miners.  If they consistently fail to return the winning solution you know they are ripping you off.

There are a number of other attacks that could be detected with similar approaches.

What's troubling to me is the massive asymmetry of risks right now.  The miners on BTCguild have over $50M in hardware investments that is depreciating at 25% / month .  I'd be shocked if Micheal has $50k in total in hardware to run the pool.

My personal theory has been mentioned already:

<Tin foil hat on>
Startup 42e1 spends $2M on design and masks to build out their $5M 2Ph/s mine only to discover that the design has a flaw that prevents it from finding nonces with difficulties over 4.2 billion.  It still hashes lots of results below that level, so instead of scrapping things they move all their machines off the internal pool to a big public pool.
<tin foil hat off>

There are many, many other reasons someone could be maliciously attacking a pool, and the stakes keep getting larger.  If you're operating a public pool and not actively developing defenses, you will be burned.

And personally if I was clearing $250k / month off my pool, I wouldn't care what little people think either, but I would pay somebody to care.

Actually,  You should send the the winning hash/nonce to ALL particpants.  Just that hash.  Every miner that doesn't return the winning block should instantly be blacklisted.

THis is very very minor tax,  but a huge payoff in preventing a withholding attack, or blocking bad hardware.

It won't work. Our miners for example don't check all nonce range, and a lot of cgminer generated jobs get dropped. Also we use ntime-rolling differently from other pools. It's impossible to know what the miner will generate from stratum template.

[DeathAndTaxes]

I would think you could detect someone performing a block withholding attack on the pool through a simple test:

First identify your 'unluckiest' participants.  Then when a block is solved, immediately send the work unit for the block to those miners.  If they consistently fail to return the winning solution you know they are ripping you off.

There are a number of other attacks that could be detected with similar approaches.

What's troubling to me is the massive asymmetry of risks right now.  The miners on BTCguild have over $50M in hardware investments that is depreciating at 25% / month .  I'd be shocked if Micheal has $50k in total in hardware to run the pool.

My personal theory has been mentioned already:

<Tin foil hat on>
Startup 42e1 spends $2M on design and masks to build out their $5M 2Ph/s mine only to discover that the design has a flaw that prevents it from finding nonces with difficulties over 4.2 billion.  It still hashes lots of results below that level, so instead of scrapping things they move all their machines off the internal pool to a big public pool.
<tin foil hat off>

There are many, many other reasons someone could be maliciously attacking a pool, and the stakes keep getting larger.  If you're operating a public pool and not actively developing defenses, you will be burned.

And personally if I was clearing $250k / month off my pool, I wouldn't care what little people think either, but I would pay somebody to care.

Actually,  You should send the the winning hash/nonce to ALL particpants.  Just that hash.  Every miner that doesn't return the winning block should instantly be blacklisted.

THis is very very minor tax,  but a huge payoff in preventing a withholding attack, or blocking bad hardware.

How long do you wait before you broadcast the block?  Every 6 seconds that passes there is a 1% chance that another pool solves a block and your block becomes orphaned.  The hardware error rate of miners is not zero.  You would rapidly blacklist yourself to a pool of zero.  What about miners who already have work queued up?  Are you going to wait multiple seconds and increase your orphan rate while still having false negatives and end up blacklisting good miners?  Some ASICs don't attempt every nonce.  Those miners wouldn't even have a way to know it is a solution to a block.

[cccminer]

 Those miners wouldn't even have a way to know it is a solution to a block.

Well that is the point isn't it?

Clearly this would need to be flushed out and tested and instaban is simply rhetoric.    I'm not going to engineer the entire test here in a forum post,  but that's the top level pseudo code.  However any miner that fails the test should be considered suspect and perhaps subject to an additional test.   A miner with a 1% error rate would have a 1 in 1,000 chance of artificially failing 2 known good blocks.  Make it 3 tests and the odds raise to 1 in 100,000

All this aside.  It seems that pools now need a way to prove themselves reliable.   As much as I like BTCGuild, I have moved away because it is crystal clear that it is now tainted in some way that costs me money.

[DeathAndTaxes]

 Those miners wouldn't even have a way to know it is a solution to a block.

Well that is the point isn't it?

You misunderstand.  My point is that legit miner would NEVER find a solution for that particular unit of work.  It isn't due to fraud, it is due to the mechanics of mining.  So if a miner doesn't return a solution (in time) is it because he is withholding, is it because he legitimately found no solution, is it because due to queued up work he never even started working on that work until after you broadcasted the winning block (at which point he would flush all stale work)?

You don't know.  There is no way to know.

Clearly this would need to be flushed out and tested and instaban is simply rhetoric.    I'm not going to engineer the entire test here in a forum post,  but that's the top level pseudo code.

It doesn't work even at the top level code.  You are making incorrect assumptions about how much work is actually completed and returned.  The error rate wouldn't be 1% it would be more like 20%+.  Some ASIC chips don't attempt every value in nonce range.  If the winning solution uses a nonce of 0x18392740 and a particular ASIC is not checking that value the miner isn't going to return a solution.  You could send him the same work 1,000 times and he will NEVER return a solution.  

Redo your numbers with say 10% or 20%.  Also how long are you willing to wait to test all miners?  How much increased orphan losses are you willing to accept?  Is 100% luck with 20% orphan loss a good pool?

It is also trivial to bypass.  Attacker simply has more than one account and compares the work received between accounts.  Work is normally never duplicated so any duplicate work is a test.  Attacker returns 100% of test blocks and drops 100% of legit blocks.  Even at a smaller % tested the attacker can sniff the test blocks out with ease.  If you test 10% of users and attacker has hashpower spread across 30 accounts the probability that the test block won't be duplicated across his accounts is nil.

[cccminer]

  Those miners wouldn't even have a way to know it is a solution to a block.

Well that is the point isn't it?

Clearly this would need to be flushed out and tested and instaban is simply rhetoric.    I'm not going to engineer the entire test here in a forum post,  but that's the top level pseudo code.  However any miner that fails the test should be considered suspect and perhaps subject to an additional test.   A miner with a 1% error rate would have a 1 in 1,000 chance of artificially failing 2 known good blocks.  Make it 3 tests and the odds raise to 1 in 100,000

You are still not getting it.  Some ASIC chips don't attempt every value in nonce range.  Some never do under any conditions, the multcore chips break the nonce range into "chunks" with a chunk going to each core.  They never have 100% of the cores active because nothing has 100% yield, some are turned on.  So if the nonce that solves the block is 7289372 and it is sent to core 2 but core 2 is disabled then that miners will NEVER return a solution for that work.

Of course you ignored the rest, how long do you wait? how much do you want to lose to orphans because you are waiting to publish a winning block and every second you delay the probability of another pool broadcasting a block and orphanning you increases.  What about a miners that due to latency returns the solution after you publish the winning block?

It isn't a viable system. 

Well, like I said,  a forum post does not a system make.   

This is a problem that has to be solved,  or pooled mining will die.   We aren't going to solve (or at least I'm not going to try) in this thread,   but a sanity check of hardware is not an unheard of thing, and it's clearly needed now.

Folks are not going to stick around while they watch 20% of their earnings evaporate.

[DeathAndTaxes]

Well, like I said,  a forum post does not a system make.  

Nobody is confusing your post with a "system" but it is possible to that a proposal is flawed even at the conceptual level.  If you told me you were going to the moon by jumping high enough to break orbit, well I don't need to wait to see the engineering plans to tell you it isn't going to work.

but a sanity check of hardware is not an unheard of thing, and it's clearly needed now.

Your proposal isn't a sanity check, it is a ban randomly miners without any basis in the name of "doing something" and rack up even more losses due to orphans.

[cccminer]

Well, like I said,  a forum post does not a system make.  

Nobody is confusing your post with a "system" but it is possible to that a proposal is flawed even at the conceptual level.  If you told me you were going to the moon by jumping high enough to break orbit, well I don't need to wait to see the engineering plans to tell you it isn't going to work.

but a sanity check of hardware is not an unheard of thing, and it's clearly needed now.

Your proposal isn't a sanity check, it is a ban randomly miners without any basis in the name of "doing something" and rack up even more losses due to orphans.

Once again.  It's a forum post with a high level approach.  Details need to be worked out.  If you want to write out the code, then I applaud you,  but I'm not interested in debating the finer points of the protocol.

Right now folks using btcguild are losing ~10 to 20% of their earnings to either malice or incompetence.   A sanity check that cost less 10/20% would be net positive.

[DPoS]

 Some ASIC chips don't attempt every value in nonce range.  If the winning solution uses a nonce of 0x18392740 and a particular ASIC is not checking that value the miner isn't going to return a solution.  You could send him the same work 1,000 times and he will NEVER return a solution.  

so if miners are not equal, perhaps pools should be segregated?  detection and enforcement would need to be worked out, but much more complex systems exist in this world

[DeathAndTaxes]

so if miners are not equal, perhaps pools should be segregated?  detection and enforcement would need to be worked out, but much more complex systems exist in this world

Not sure what you mean by equal.  There is no requirement to use all possible nonces.  It doesn't allow them to cheat or gain a disproportionate share of the reward.  It is also dynamic.  Two different ASIC chips from the same company many not cover the same portion of the nonce range.

[-ck]

so if miners are not equal, perhaps pools should be segregated?  detection and enforcement would need to be worked out, but much more complex systems exist in this world

Not sure what you mean by equal.  There is no requirement to use all possible nonces.  It doesn't allow them to cheat or gain a disproportionate share of the reward.  It is also dynamic.  Two different ASIC chips from the same company many not cover the same portion of the nonce range.

I think this is a misunderstanding of  most users that you must check the entire nonce range to be doing as much "work" which is wrong. It's purely the number of nonces you check, even if they're from different work.

Very little hardware actually checks the full nonce range. Many abort work on the first nonce they find while others have a matrix of nonces they're likely to check and miss others (there is nothing invalid about doing this, nor is there any way to make this sort of practice find less blocks).

[DeathAndTaxes]

so if miners are not equal, perhaps pools should be segregated?  detection and enforcement would need to be worked out, but much more complex systems exist in this world

Not sure what you mean by equal.  There is no requirement to use all possible nonces.  It doesn't allow them to cheat or gain a disproportionate share of the reward.  It is also dynamic.  Two different ASIC chips from the same company many not cover the same portion of the nonce range.

I think this is a misunderstanding of  most users that you must check the entire nonce range to be doing as much "work" which is wrong. It's purely the number of nonces you check, even if they're from different work.

Very little hardware actually checks the full nonce range. Many abort work on the first nonce they find while others have a matrix of nonces they're likely to check and miss others (there is nothing invalid about doing this, nor is there any way to make this sort of practice find less blocks).

I agree ckolivas.  I assumed this was fairly common knowledge but I think you are right that there are some incorrect assumptions on what work it takes to complete a specific difficulty share/block.

[DPoS]

well then the game is over for public pool mining with no innovation here..  if there was already a solution there wouldn't be a problem

[DeathAndTaxes]

well then the game is over for public pool mining with no innovation here..  if there was already a solution there wouldn't be a problem

There is a very good solution but it will require a hard fork.

[DPoS]

well then the game is over for public pool mining with no innovation here..  if there was already a solution there wouldn't be a problem

There is a very good solution but it will require a hard fork.

game on then

actually let me be a little clearer.... if there is a solution being held back because of the aversion of a hard fork then why would miners endure it for months and just say luck is luck??

ya, trust is at a all time high in these parts

[os2sam]

well then the game is over for public pool mining with no innovation here..  if there was already a solution there wouldn't be a problem

There is a very good solution but it will require a hard fork.

It seems to me that the solution you recommended earlier in this thread would allow a pool to withhold vital information about the hash's that a miner submits.  The miner wouldn't know if he really found a block or not or even know what difficulty of the share was.  So a miner would have no way to verify if a pool was above board or not or even know how much he was getting paid for his hash's.

[mdude77]

well then the game is over for public pool mining with no innovation here..  if there was already a solution there wouldn't be a problem

There is a very good solution but it will require a hard fork.

game on then

actually let me be a little clearer.... if there is a solution being held back because of the aversion of a hard fork then why would miners endure it for months and just say luck is luck??

ya, trust is at a all time high in these parts

p2pool ftw.

M

[eleuthria]

well then the game is over for public pool mining with no innovation here..  if there was already a solution there wouldn't be a problem

There is a very good solution but it will require a hard fork.

It seems to me that the solution you recommended earlier in this thread would allow a pool to withhold vital information about the hash's that a miner submits.  The miner wouldn't know if he really found a block or not or even know what difficulty of the share was.  So a miner would have no way to verify if a pool was above board or not or even know how much he was getting paid for his hash's.

The miner would know enough to know how many shares they submitted.  They would not know enough to know if they solved a block though.

The other question of course:  Would that proposed solution even work with existing ASICs, since you're changing the block header fields that are going to be hashed?  Not that it matters...nobody is going to hard fork bitcoin in order to preserve pools.

[eleuthria]

p2pool ftw.

M

p2pool is just as vulnerable to withholding.  Maybe even moreso, since you can't actually take actions (ban/freeze accounts) against somebody doing it.

[DeathAndTaxes]

well then the game is over for public pool mining with no innovation here..  if there was already a solution there wouldn't be a problem

There is a very good solution but it will require a hard fork.

It seems to me that the solution you recommended earlier in this thread would allow a pool to withhold vital information about the hash's that a miner submits.  The miner wouldn't know if he really found a block or not or even know what difficulty of the share was.  So a miner would have no way to verify if a pool was above board or not or even know how much he was getting paid for his hash's.

That is not correct.  The miner would know the exact difficulty of the share just not if the share solves a block or not.