Bitcoin Forum
March 19, 2024, 07:18:19 AM *
News: Latest Bitcoin Core release: 26.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: « 1 [2] 3 4 »  All
  Print  
Author Topic: Bitcoin’s Collusion Problem - by Timothy B Lee  (Read 8787 times)
Jim Hyslop
Member
**
Offline Offline

Activity: 98
Merit: 20


View Profile
April 24, 2011, 05:44:32 AM
 #21

By the way:

Bitcoin is not a democracy:  nobody has to suffer from the stupidity of the majority of people.

Wait - does that mean if Bitcoin becomes generally accepted, we'll all become stupid because we'll be in the majority? :-D

Like my answer? Did I help? Tips gratefully accepted here: 1H6wM8Xj8GNrhqWBrnDugd8Vf3nAfZgMnq
1710832699
Hero Member
*
Offline Offline

Posts: 1710832699

View Profile Personal Message (Offline)

Ignore
1710832699
Reply with quote  #2

1710832699
Report to moderator
Make sure you back up your wallet regularly! Unlike a bank account, nobody can help you if you lose access to your BTC.
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction.
grondilu
Legendary
*
Offline Offline

Activity: 1288
Merit: 1076


View Profile
April 24, 2011, 05:49:22 AM
 #22

Anyway, as often, the answer can be found in Satoshi's paper:

Quote from: 'Satoshi' link='http://www.bitcoin.org/bitcoin.pdf'
It is possible to verify payments without running a full network node. A user only needs to keep
a copy of the block headers of the longest proof-of-work chain, which he can get by querying
network nodes until he's convinced he has the longest chain, and obtain the Merkle branch
linking the transaction to the block it's timestamped in. He can't check the transaction for
himself, but by linking it to a place in the chain, he can see that a network node has accepted it,
and blocks added after it further confirm the network has accepted it.

As such, the verification is reliable as long as honest nodes control the network, but is more
vulnerable if the network is overpowered by an attacker.
While network nodes can verify
transactions for themselves, the simplified method can be fooled by an attacker's fabricated
transactions for as long as the attacker can continue to overpower the network. One strategy to
protect against this would be to accept alerts from network nodes when they detect an invalid
block, prompting the user's software to download the full block and alerted transactions to
confirm the inconsistency.
Businesses that receive frequent payments will probably still want to
run their own nodes for more independent security and quicker verification.

grondilu
Legendary
*
Offline Offline

Activity: 1288
Merit: 1076


View Profile
April 25, 2011, 04:44:32 AM
 #23

crime is a very small percentage of what dollars do and, from the way it's reported, a much larger percentage of what Bitcoin does.

Do you have any proof for these allegations?

grondilu
Legendary
*
Offline Offline

Activity: 1288
Merit: 1076


View Profile
April 25, 2011, 04:55:27 AM
 #24

To make it concrete:  I believe I know (or at least know of) people who, under the right circumstances, could decide to mobilize relatively easily to get 1000 people with decent hardware to attempt to destroy the Bitcoin network if they thought it was a moral imperative to do that.  Note that under the brand of libertarianism popular in these forums, such an "attack" would not be "criminal" or "wrong"; it would be an exercise of "freedom."

Well, yes (I don't know if 1000 people would be enough though).   So what?

Also, if it's an University professor that does that with tax payer money, it's not much liberal, you know.

Anyway, even if it's with their own money or if we consider that a university professor can do whatever he wants with his money even if it comes from tax payer (I don't know about univeristies in your country, but in mine, most of them are financed by gov.), I guess they can indeed mess with other people's business and try to destroy what other people have built.

It would only reveal a weakness in bitcoin, which somehow would be a good thing.

grondilu
Legendary
*
Offline Offline

Activity: 1288
Merit: 1076


View Profile
April 25, 2011, 05:04:24 AM
 #25

Others were arguing that Bitcoin was a libertarian paradise, not a democracy.  I think it's far closer to the latter than the former, at least potentially.  And this is a significant fragility; more than anything else at the moment, I think it would prevent me from converting dollars to Bitcoins, if I were otherwise inclined to do that.

Well, I said that bitcoin is not democratic but indeed I was wrong.

As Satoshi wrote it clearly from the very beginning, the network can be corrupted by any group of people which can obtain and maintain 50% of the processing power.

MoonShadow
Legendary
*
Offline Offline

Activity: 1708
Merit: 1007



View Profile
April 25, 2011, 05:13:03 AM
 #26

To make it concrete:  I believe I know (or at least know of) people who, under the right circumstances, could decide to mobilize relatively easily to get 1000 people with decent hardware to attempt to destroy the Bitcoin network if they thought it was a moral imperative to do that.  Note that under the brand of libertarianism popular in these forums, such an "attack" would not be "criminal" or "wrong"; it would be an exercise of "freedom."
Well, yes (I don't know if 1000 people would be enough though).   So what?

Others were arguing that Bitcoin was a libertarian paradise, not a democracy. 


Bitcoin is neither.  Bitcoin is simply a monetary system.  There is no ideology there, and any that people project upon it is their own doing.

Quote
At the moment, 1000 people with the right (consumer) hardware would be more than enough to compromise the network seriously if not disintegrate it altogether.  I think far fewer would pose a serious threat.  It's not hard for an individual to become about 1/1000 of the network's hashing power for about $1000 in hardware. 

I doubt that, seriously.  Just looking at the ongoing hashing power doesn't tell the whole story.  I'd wager that there are plenty of people with respectable hashing power that do not presently participate, that would be willing to generate at a loss if an ongoing attack were to become evident.  That includes myself.  Granted, there is no way to know how much hashing power remains in reserve.  But is is easily false to assume that there isn't any.

And my my rough calculations, an attacker would need roughly 31K GPU's just to overtake the honest network at this writing.

"The powers of financial capitalism had another far-reaching aim, nothing less than to create a world system of financial control in private hands able to dominate the political system of each country and the economy of the world as a whole. This system was to be controlled in a feudalist fashion by the central banks of the world acting in concert, by secret agreements arrived at in frequent meetings and conferences. The apex of the systems was to be the Bank for International Settlements in Basel, Switzerland, a private bank owned and controlled by the world's central banks which were themselves private corporations. Each central bank...sought to dominate its government by its ability to control Treasury loans, to manipulate foreign exchanges, to influence the level of economic activity in the country, and to influence cooperative politicians by subsequent economic rewards in the business world."

- Carroll Quigley, CFR member, mentor to Bill Clinton, from 'Tragedy And Hope'
grondilu
Legendary
*
Offline Offline

Activity: 1288
Merit: 1076


View Profile
April 25, 2011, 05:16:28 AM
 #27

It would be some kind of a cyberwar.

On one side, bitcoin adepts.   On the other side, supporters of centralised government based national currencies.

Good thing is that such war would not recquire guns or explosive, but GPU cards and electricity.

Could be fun.

kiba
Legendary
*
Offline Offline

Activity: 980
Merit: 1014


View Profile
April 25, 2011, 05:27:04 AM
 #28


Well, right, there's Bitcoin and then there are Bitcoin users.  But Bitcoin itself does embody a kind of ideology, the same way that any currency does.  The protocol itself can be described as populist without doing injustice to either the protocol or the notion of populism.

Bitcoin is not about the people fighting the elite.

There are the bitcoin natural elites, but they earn their position through merit and hard work. They don't even have political power. Their position is entirely built on respect. Not the kind of respect that you show to authorities because you fear them, but the kind of respect because you recognize their contribution to humanity or that they are good at something.

You also have to remember that there are some individuals who are bitcoin wealthy, probably satoshi.

In any case, the same level of security that the bitcoin have, you can now have because of the algorithms and the spread of ubiquitous computing.  In the world of governments and state, only the rich have the tools to evade tax. Now the poor can do so if it is necessary for survival.

grondilu
Legendary
*
Offline Offline

Activity: 1288
Merit: 1076


View Profile
April 25, 2011, 05:43:31 AM
 #29



error
Hero Member
*****
Offline Offline

Activity: 588
Merit: 500



View Profile
April 25, 2011, 08:28:23 AM
 #30

I'm actually surprised the NSA hasn't just DOSsed Tor.

Why would they do that? The US government is one of Tor's biggest users!

3KzNGwzRZ6SimWuFAgh4TnXzHpruHMZmV8
stillfire
Full Member
***
Offline Offline

Activity: 124
Merit: 100


View Profile
April 25, 2011, 04:31:30 PM
 #31

Also, people -- regardless of their political beliefs -- are easily led and misled by those who are good at framing things; this is one reason that I'm a bit disappointed in the somewhat emotional reaction that I see persistently on the Bitcoin boards.  I don't get the feeling there's an independent, ground-up evaluation of the technology by most people, but of course there never is, for anything.  There's the veneer of it here, though, and that has a kind of social or rhetorical power, for better or worse.

It will be extremely easy to turn the public against BitCoin and that public sentiment can then be capitalised upon to try to bring down the network. Having a large install base will make matters easier, as I wrote in "How a social attack could defeat a prosperous Bitcoin network".

That is why it is my hope that BitCoin will grow only slowly and mostly outside of the public eye. It might be precisely the 'somewhat emotional reactions' which are needed to protect the network: if that's the majority of the user population, resistance to subversion of the network is all but guaranteed.

The underlying technology is in my opinion solid but there is no technology that can protect against human foolishness.

Lost your wallet password? Try Stillfire's Password Recovery Service.
kiba
Legendary
*
Offline Offline

Activity: 980
Merit: 1014


View Profile
April 25, 2011, 04:36:16 PM
 #32


It will be extremely easy to turn the public against BitCoin and that public sentiment can then be capitalised upon to try to bring down the network. Having a large install base will make matters easier, as I wrote in "How a social attack could defeat a prosperous Bitcoin network".


I am interested in case studies of such social attack by the government. It seems that the government have a very powerful propaganda arm.

It's a widespread belief but I am interested in evidence.

Mike Hearn
Legendary
*
Offline Offline

Activity: 1526
Merit: 1078


View Profile
April 25, 2011, 07:08:45 PM
 #33

That is easily solved by having light clients demand to see the first transaction in each new block. It can be linked back to the header with a merkle branch.

The protocol today does not support this, so you have to download full blocks anyway. In future it probably will and then the additional rules can be checked like that.

It's not a big deal, IMHO.
MoonShadow
Legendary
*
Offline Offline

Activity: 1708
Merit: 1007



View Profile
April 25, 2011, 09:54:44 PM
 #34

That is easily solved by having light clients demand to see the first transaction in each new block. It can be linked back to the header with a merkle branch.

The protocol today does not support this, so you have to download full blocks anyway. In future it probably will and then the additional rules can be checked like that.

It's not a big deal, IMHO.

That's a response to one kind of attack, but not to the one we're discussing here.

Sure it would.  The first transaction in every block is the special transaction that gives the miner his 50 bitcoin reward.  If every light client were checking that transaction to keep the miners honest, there wouldn't be any way to collude, as the lightweight clients would reject the blocks themselves and keep searching the Bitcoin network for blocks that used the proper reward amount.

"The powers of financial capitalism had another far-reaching aim, nothing less than to create a world system of financial control in private hands able to dominate the political system of each country and the economy of the world as a whole. This system was to be controlled in a feudalist fashion by the central banks of the world acting in concert, by secret agreements arrived at in frequent meetings and conferences. The apex of the systems was to be the Bank for International Settlements in Basel, Switzerland, a private bank owned and controlled by the world's central banks which were themselves private corporations. Each central bank...sought to dominate its government by its ability to control Treasury loans, to manipulate foreign exchanges, to influence the level of economic activity in the country, and to influence cooperative politicians by subsequent economic rewards in the business world."

- Carroll Quigley, CFR member, mentor to Bill Clinton, from 'Tragedy And Hope'
grondilu
Legendary
*
Offline Offline

Activity: 1288
Merit: 1076


View Profile
April 25, 2011, 10:05:41 PM
 #35

Sure it would.  The first transaction in every block is the special transaction that gives the miner his 50 bitcoin reward.  If every light client were checking that transaction to keep the miners honest, there wouldn't be any way to collude, as the lightweight clients would reject the blocks themselves and keep searching the Bitcoin network for blocks that used the proper reward amount.

Yeah but this transaction is at the bottom of the Merkle tree, isn'it?   This means that the light client should store a whole branch of the tree, which defeats the purpose of a "light" client I guess.

Maybe we could restructure the Merkle tree and have the special transaction be on the top, just aside the root of all the other transactions.

MoonShadow
Legendary
*
Offline Offline

Activity: 1708
Merit: 1007



View Profile
April 25, 2011, 10:26:40 PM
 #36

Sure it would.  The first transaction in every block is the special transaction that gives the miner his 50 bitcoin reward.  If every light client were checking that transaction to keep the miners honest, there wouldn't be any way to collude, as the lightweight clients would reject the blocks themselves and keep searching the Bitcoin network for blocks that used the proper reward amount.

Yeah but this transaction is at the bottom of the Merkle tree, isn'it?   This means that the light client should store a whole branch of the tree, which defeats the purpose of a "light" client I guess.

No, because each client would only have to download however many hashes in the tree to lead to that transaction, and then that transaction itself.  In a huge block, we might be talking about three or four dozen 256 bit long hashes and one very small transaction. (no inputs, one output, nothing special to take up space).  Yes, that would be much more bandwidth than just the headers; but still much less than downloading a full block with 3000+ variable sized transactions in it.  Once it was downloaded and checked, the light client could simply throw it all away except the 80 byte header.

Quote

Maybe we could restructure the Merkle tree and have the special transaction be on the top, just aside the root of all the other transactions.

Interesting idea, but this could be a breaking change.  Better to make certain that such a thing were actually required, and if so, simply alter the headers to include the special transaction.

"The powers of financial capitalism had another far-reaching aim, nothing less than to create a world system of financial control in private hands able to dominate the political system of each country and the economy of the world as a whole. This system was to be controlled in a feudalist fashion by the central banks of the world acting in concert, by secret agreements arrived at in frequent meetings and conferences. The apex of the systems was to be the Bank for International Settlements in Basel, Switzerland, a private bank owned and controlled by the world's central banks which were themselves private corporations. Each central bank...sought to dominate its government by its ability to control Treasury loans, to manipulate foreign exchanges, to influence the level of economic activity in the country, and to influence cooperative politicians by subsequent economic rewards in the business world."

- Carroll Quigley, CFR member, mentor to Bill Clinton, from 'Tragedy And Hope'
MoonShadow
Legendary
*
Offline Offline

Activity: 1708
Merit: 1007



View Profile
April 25, 2011, 10:42:06 PM
 #37

Sure it would.  The first transaction in every block is the special transaction that gives the miner his 50 bitcoin reward.  If every light client were checking that transaction to keep the miners honest, there wouldn't be any way to collude, as the lightweight clients would reject the blocks themselves and keep searching the Bitcoin network for blocks that used the proper reward amount.

But the attack I'm describing isn't just "incorrect rewards for false mining"; the blocks themselves would be valid Bitcoin blocks under the attack we're now discussing, given the attacker's hashing power compared to that of the network.

What am I missing then?  An incorrect mining reward invalidates the block.  Presently, full clients do check for this, and violators are ignored.  The net effect being that it doesn't matter how much power the colluding violators throw at the problem, the honest network simply ignores anything that they come up with.  The violators can, presently, either mine honestly or attempt to rewrite the recent blocks of the blockchain, but that's a different attack vector.  The claim that I saw basicly says that the collusion problem is because future clients will be dominated by lightweight clients, which presumedly wouldn't pay any attention to the actual blockchain reward; and this would permit a small cabal of well heeled miners to collude into changing the rules and segmenting the other honest miners into a minory blockchian because the majority of clients would blindly accept blocks produced that were invalid due to an overly high block reward, but reject the minority chain being produced by the honest miners that remained because they would have a shorter proof-of-work chain.
Yet, if the lightweight clients even occasionally check the validity of the block reward, or even only a fraction of smartphone clients did this; the attack is undermined.

How am I wrong?

"The powers of financial capitalism had another far-reaching aim, nothing less than to create a world system of financial control in private hands able to dominate the political system of each country and the economy of the world as a whole. This system was to be controlled in a feudalist fashion by the central banks of the world acting in concert, by secret agreements arrived at in frequent meetings and conferences. The apex of the systems was to be the Bank for International Settlements in Basel, Switzerland, a private bank owned and controlled by the world's central banks which were themselves private corporations. Each central bank...sought to dominate its government by its ability to control Treasury loans, to manipulate foreign exchanges, to influence the level of economic activity in the country, and to influence cooperative politicians by subsequent economic rewards in the business world."

- Carroll Quigley, CFR member, mentor to Bill Clinton, from 'Tragedy And Hope'
MoonShadow
Legendary
*
Offline Offline

Activity: 1708
Merit: 1007



View Profile
April 25, 2011, 11:21:22 PM
 #38

Sure it would.  The first transaction in every block is the special transaction that gives the miner his 50 bitcoin reward.  If every light client were checking that transaction to keep the miners honest, there wouldn't be any way to collude, as the lightweight clients would reject the blocks themselves and keep searching the Bitcoin network for blocks that used the proper reward amount.

But the attack I'm describing isn't just "incorrect rewards for false mining"; the blocks themselves would be valid Bitcoin blocks under the attack we're now discussing, given the attacker's hashing power compared to that of the network.

What am I missing then?  An incorrect mining reward invalidates the block.  Presently, full clients do check for this, and violators are ignored.  The net effect being that it doesn't matter how much power the colluding violators throw at the problem, the honest network simply ignores anything that they come up with.  The violators can, presently, either mine honestly or attempt to rewrite the recent blocks of the blockchain, but that's a different attack vector.  The claim that I saw basicly says that the collusion problem is because future clients will be dominated by lightweight clients, which presumedly wouldn't pay any attention to the actual blockchain reward; and this would permit a small cabal of well heeled miners to collude into changing the rules and segmenting the other honest miners into a minory blockchian because the majority of clients would blindly accept blocks produced that were invalid due to an overly high block reward, but reject the minority chain being produced by the honest miners that remained because they would have a shorter proof-of-work chain.
Yet, if the lightweight clients even occasionally check the validity of the block reward, or even only a fraction of smartphone clients did this; the attack is undermined.

How am I wrong?

We might just be talking about two different things.  The article by Lee discussed at the start of this thread laid out several high-level possibilities without much technical detail, and though they could loosely be important under some future scenarios, they're not my chief concern.  What I took us to be discussing now is separate and more specific:  the relative ease and cost of an attack on the Bitcoin network by entities that simply bring higher mining/hashing power to the network than those who want to use Bitcoin for any of its potentially useful purposes.  It is effectively a denial-of-service attack that any moderately sized entity or government (or even individual) could mount easily at present to crush Bitcoin entirely, and though Satoshi's paper mentions its possibility and it's been known and discussed for several months in some other public forums, it doesn't seem to be in the mainstream knowledge of the official forums.
.

Are you refering to the attack vector that requires over 50% of the hashing power of the network, with the intent of overwriting recent blocks?  The forced double spending attack?

"The powers of financial capitalism had another far-reaching aim, nothing less than to create a world system of financial control in private hands able to dominate the political system of each country and the economy of the world as a whole. This system was to be controlled in a feudalist fashion by the central banks of the world acting in concert, by secret agreements arrived at in frequent meetings and conferences. The apex of the systems was to be the Bank for International Settlements in Basel, Switzerland, a private bank owned and controlled by the world's central banks which were themselves private corporations. Each central bank...sought to dominate its government by its ability to control Treasury loans, to manipulate foreign exchanges, to influence the level of economic activity in the country, and to influence cooperative politicians by subsequent economic rewards in the business world."

- Carroll Quigley, CFR member, mentor to Bill Clinton, from 'Tragedy And Hope'
grondilu
Legendary
*
Offline Offline

Activity: 1288
Merit: 1076


View Profile
April 25, 2011, 11:24:10 PM
 #39

Another way of putting the attack, in more clearly economic terms, is that in Bitcoin, the central bank is for sale -- at whatever cost it takes to provide on the order of half the hashing power of the network.

I'm not sure this is a correct way to see things.  Spending money to do something is not an other way to say that you buy it.   When you buy something, at the end you own it, which means that nobody can take it back from you if you don't want to sell.   On the opposite, if at some point you spend enough money to acquire more than 50% of the bitcoin processing power, it doesn't belong to you anyway.  Because at any moment someone else could do the same and take back the majority of CPU even if you don't agree with that.  It's not a commercial transaction.

stillfire
Full Member
***
Offline Offline

Activity: 124
Merit: 100


View Profile
April 25, 2011, 11:31:14 PM
 #40

The very openness of the protocol becomes its economic weakness (I know that's something people here don't like to hear)

On the contrary. I have only monitored this forum for a few weeks and just about every other thread is about what would happen if someone applied a huge amount of processing power against the rest of the network. You're one in the line of a generation of BitCoin users very concerned about systemic threats.

I'm still not clear on what you imagine the attacker would do though. Like the original essay says, the attacker can double spend or try to block transactions from being recorded at all. But if his goal was to erase his debt worth X money, it seems reasonable to expect the economy as a whole to be substantially larger than X. The people invested in the economy as a whole, rather than that one debt of X, would therefore have a hugely larger amount of money to implement countermeasures with. And it'd make economic sense to do so.

If you are ready to spend more than 50% of what the whole BitCoin economy is worth to take it out you'd be better off not doing so and just keeping the money.

Lost your wallet password? Try Stillfire's Password Recovery Service.
Pages: « 1 [2] 3 4 »  All
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!