DoS implications on long term success.

[Bitcopia]

In the topic of Deanonymisation of clients in Bitcoin P2P network (https://bitcointalk.org/index.php?topic=632124.0) Mike Hearn says:

Encrypting individual Bitcoin connections with overlay networks isn't as helpful as encrypting other kinds of connections, unless you're willing to waste large amounts of bandwidth and time. The problem is an observer who can watch traffic in and out of the encrypting server can watch a transaction-sized packet arrive over an encrypted connection and the decrypted transaction get relayed on to the P2P network a moment later. Given the highly predictable packet sizes and timings involved you can probably match them up very reliably. Delaying things doesn't really help - there aren't many transactions even across the whole Bitcoin network, so the anonymity set would be extremely small even if batched, and people want instantaneous response for things like in person transactions.

This could be solved by encrypting the entire P2P network (but then, it would be trivial for an adversary to connect to you and get the traffic unencrypted again), and by sending lots of cover traffic so it's harder to tell when a tx is being relayed. But that's very expensive, probably too expensive.

Privacy against privileged network observers is one thing. DoS is something else. As far as I know, nobody has ever built a P2P network that is really DoS resistant. It's not even clear it's possible with current technology. This may make Bitcoin technically unviable in the long run. However our current anti-DoS strategy is not that great and this is no news - e.g. banning an IP address because it sent an 81 byte message that cost almost nothing to process doesn't make a whole lot of sense (it would be better to put that IP at the bottom of a priority queue instead).

My questions for the more technically apt amongst us are:
How big of an issue is DoS? Do you think it is solvable?

From what I have seen: (https://www.youtube.com/watch?v=2MtUKr05Y3I & https://www.youtube.com/watch?v=U-C3llqr_sEMike & the above post)
Mike Hearn seems rather unenthused about the success of Bitcoin recently. Does anybody know if this a view shared amongst other core developers?

[Peter Todd]

In the topic of Deanonymisation of clients in Bitcoin P2P network (https://bitcointalk.org/index.php?topic=632124.0) Mike Hearn says:
My questions for the more technically apt amongst us are:
How big of an issue is DoS? Do you think it is solvable?

In my experience Hearn's views are rarely supported by other developers.

Bitcoin's P2P network is far more DoS resistant than most because we already have a valuable token - Bitcoins themselves - that we can use to make DoS attacks expensive. For instance even though transactions are flood-filled to every node DoS attacking the network by flooding it with transactions is sufficiently expensive that such attacks rarely happen. Tricks to make such floods less expensive are considered exploits and fixed. Of course if you want to use the P2P network for free, you can be outspent by attackers, but such is life in an anonymous system. It's notably most of Hearn's work experience was at Google combating email spam via adding centralization to email and strongly tying your ability to send an email to you email provider's identity, and by extension your own. Compare that to Adam Back's early work combating email spam via hashcash, a decentralized technology that eventually lead to Bitcoin itself.

Ultimately in any system security has a cost. In centralized systems that cost tends to be your privacy and freedom, in decentralized systems that cost is direct and monetary.

From what I have seen: (https://www.youtube.com/watch?v=2MtUKr05Y3I & https://www.youtube.com/watch?v=U-C3llqr_sEMike & the above post)
Mike Hearn seems rather unenthused about the success of Bitcoin recently. Does anybody know if this a view shared amongst other core developers?

We've always known Bitcoin faces serious threats, e.g. scalability, mining centralization, blacklists, etc. Whether or not they're going to be solved is an open question, however it is clear there do exist potential solutions.

[Bitcopia]

So, if I understand correctly, a DoS attack would have to be very well funded to get priority above any transaction that includes a moderate tx fee?

We've always known Bitcoin faces serious threats, e.g. scalability, mining centralization, blacklists, etc. Whether or not they're going to be solved is an open question, however it is clear there do exist potential solutions.

There seems to be an accelerating number of great developers getting involved with Bitcoin, either directly or via privately funded startups. It is my belief that with the core developers and the consistent influx of new interest, Bitcoin has a great chance of overcoming its growing pains. I have faith, and I wish I had the technical aptitude to truly understand the depths of the technology and contribute to its success in a more direct way.

Thank you for your thoughtful response and the work that you do for Bitcoin.

[Peter Todd]

So, if I understand correctly, a DoS attack would have to be very well funded to get priority above any transaction that includes a moderate tx fee?

Exactly. Right now about $8,000 a day is being paid in transaction fees - an attacker would have to spend multiple times that per day to cause problems. Of course, transaction fees are ultimately just a supply-and-demand market - if an "attacker" wants to outbid all other buyers for a limited resource, are they really attacking anything?

There are other issues too, e.g. the DoS attack vulnerabilities caused by Bloom filters, but there are fairly reasonable ways to fix those issues. Again, when you put a price on something, so-called DoS attackers become well heeled customers!

We've always known Bitcoin faces serious threats, e.g. scalability, mining centralization, blacklists, etc. Whether or not they're going to be solved is an open question, however it is clear there do exist potential solutions.

There seems to be an accelerating number of great developers getting involved with Bitcoin, either directly or via privately funded startups. It is my belief that with the core developers and the consistent influx of new interest, Bitcoin has a great chance of overcoming its growing pains. I have faith, and I wish I had the technical aptitude to truly understand the depths of the technology and contribute to its success in a more direct way.

Thank you for your thoughtful response and the work that you do for Bitcoin.

Thanks!

[solex]

Great posts Peter, excellent summary of the situation.

[instagibbs]

Peter's point is salient, which makes me think that what isn't protected from DoS is our meta-bitcoin systems, such as current iterations of CoinJoin, etc.

Maybe a meta-solution is pre-loaded small deposit to the CoinJoin server? The server can give the deposit back when requested, but DoS attempts result in a ban and "theft" of deposit.

(probably not possible in the case of the advanced CoinJoin setups where the server doesn't have much knowledge of what's going on, but just throwing something out there)

[Peter Todd]

Peter's point is salient, which makes me think that what isn't protected from DoS is our meta-bitcoin systems, such as current iterations of CoinJoin, etc.

Maybe a meta-solution is pre-loaded small deposit to the CoinJoin server? The server can give the deposit back when requested, but DoS attempts result in a ban and "theft" of deposit.

(probably not possible in the case of the advanced CoinJoin setups where the server doesn't have much knowledge of what's going on, but just throwing something out there)

That's exactly the kinds of solutions that will be implemented in the future for CoinJoin. They haven't yet been implemented purely as a matter of priorities: 1) Don't lose funds. 2) Don't reveal users' identities. 3) Be robust against attacks.