byt411 (OP)
|
|
July 09, 2014, 03:43:34 PM |
|
So I just came up with an idea, but a very rough idea, as to how an attacker can carry out a 51%-attack-like attack.
Basically, as far as I understand, the Bitcoin Network knows its time based on what the nodes relay, and it takes an average out of it. Well, an attacker could create their own fork of the blockchain when it is 1 block away from difficulty change, with a small number of nodes that only he controls, and change the time of the nodes. This would make the network "think" that a lot of time has passed since the next block was found, and all they have to do is find that single block. Once it is found, difficulty would dramatically decrease on their fork of the chain, since a lot of time had passed before blocks were found. Then all he needs to do is continue mining until his chain is 1 block away from difficulty change, and repeat the process. He can make his chain longer than the main one easily, and then broadcast it. This would effectively make the "official" blockchain fork.
I have no idea if this will work, since I'm not that into the tech of bitcoin, and I hope this isn't possible, and for someone to explain why.
|
|
|
|
Erdogan
Legendary
Offline
Activity: 1512
Merit: 1005
|
|
July 09, 2014, 04:59:01 PM |
|
So I just came up with an idea, but a very rough idea, as to how an attacker can carry out a 51%-attack-like attack.
Basically, as far as I understand, the Bitcoin Network knows its time based on what the nodes relay, and it takes an average out of it. Well, an attacker could create their own fork of the blockchain when it is 1 block away from difficulty change, with a small number of nodes that only he controls, and change the time of the nodes. This would make the network "think" that a lot of time has passed since the next block was found, and all they have to do is find that single block. Once it is found, difficulty would dramatically decrease on their fork of the chain, since a lot of time had passed before blocks were found. Then all he needs to do is continue mining until his chain is 1 block away from difficulty change, and repeat the process. He can make his chain longer than the main one easily, and then broadcast it. This would effectively make the "official" blockchain fork.
I have no idea if this will work, since I'm not that into the tech of bitcoin, and I hope this isn't possible, and for someone to explain why.
Difficulty is part of the calculation of the length of the chain, so the fork would eventually be abandoned.
|
|
|
|
byt411 (OP)
|
|
July 09, 2014, 05:14:42 PM |
|
So I just came up with an idea, but a very rough idea, as to how an attacker can carry out a 51%-attack-like attack.
Basically, as far as I understand, the Bitcoin Network knows its time based on what the nodes relay, and it takes an average out of it. Well, an attacker could create their own fork of the blockchain when it is 1 block away from difficulty change, with a small number of nodes that only he controls, and change the time of the nodes. This would make the network "think" that a lot of time has passed since the next block was found, and all they have to do is find that single block. Once it is found, difficulty would dramatically decrease on their fork of the chain, since a lot of time had passed before blocks were found. Then all he needs to do is continue mining until his chain is 1 block away from difficulty change, and repeat the process. He can make his chain longer than the main one easily, and then broadcast it. This would effectively make the "official" blockchain fork.
I have no idea if this will work, since I'm not that into the tech of bitcoin, and I hope this isn't possible, and for someone to explain why.
Difficulty is part of the calculation of the length of the chain, so the fork would eventually be abandoned. I don't understand what you mean, please expand on it.
|
|
|
|
franky1
Legendary
Offline
Activity: 4410
Merit: 4763
|
|
July 09, 2014, 05:38:46 PM |
|
what the OP is trying to say is that knowing difficulty is changed every 2100 blocks. he will set up a private network of 2 PC's and at block 2098 he will set both computers time to be year 2100, thus as mining 2 more blocks. in this closed network. then the protocol in his theory will see that the blockchain has not mined blocks for 85 years and then give him super easy difficulty.. now the reality. when he rejoins the network he wil be all alone on his fork and everyone else will mine as usual not realising he exists, his coins from those 2 blocks would show as invalid and unspendable (wont confirm if he tried to send them) and he will get on with his life. OP you also have to realise that you trying to (in basic principle) solo mine block 2098 and 2099, would be still at an extremely high difficulty before the change, which unless you had a asic farm, would take you not 20 minutes.. but days or weeks if lucky.. so dont waste your time on this. many thousands of people have been there, done that. so heres the T-shirt the other theory is to gather soooo much hash power to rival Ghash.oi etc. that if lucky he is the one that mines the critical block 2099 and it shows a timestamp of the year 2100.. goodluck, have you got over $10mill of equipment to try?
|
I DO NOT TRADE OR ACT AS ESCROW ON THIS FORUM EVER. Please do your own research & respect what is written here as both opinion & information gleaned from experience. many people replying with insults but no on-topic content substance, automatically are 'facepalmed' and yawned at
|
|
|
byt411 (OP)
|
|
July 09, 2014, 06:24:00 PM |
|
what the OP is trying to say is that knowing difficulty is changed every 2100 blocks. he will set up a private network of 2 PC's and at block 2098 he will set both computers time to be year 2100, thus as mining 2 more blocks. in this closed network. then the protocol in his theory will see that the blockchain has not mined blocks for 85 years and then give him super easy difficulty.. now the reality. when he rejoins the network he wil be all alone on his fork and everyone else will mine as usual not realising he exists, his coins from those 2 blocks would show as invalid and unspendable (wont confirm if he tried to send them) and he will get on with his life. OP you also have to realise that you trying to (in basic principle) solo mine block 2098 and 2099, would be still at an extremely high difficulty before the change, which unless you had a asic farm, would take you not 20 minutes.. but days or weeks if lucky.. so dont waste your time on this. many thousands of people have been there, done that. so heres the T-shirt the other theory is to gather soooo much hash power to rival Ghash.oi etc. that if lucky he is the one that mines the critical block 2099 and it shows a timestamp of the year 2100.. goodluck, have you got over $10mill of equipment to try? Of course, a regular person wouldn't be able to do so, but Even a small pool like Bitminter, or Bitmaintech's AntPool, or KnC's "Testing Facility" could easily accomplish this without controlling 51% of the network. After they find that one block, which wouldn't take long, they would be able to start the cycle. I think this deserves a bit more attention.
|
|
|
|
Ron~Popeil
|
|
July 09, 2014, 06:44:46 PM |
|
what the OP is trying to say is that knowing difficulty is changed every 2100 blocks. he will set up a private network of 2 PC's and at block 2098 he will set both computers time to be year 2100, thus as mining 2 more blocks. in this closed network. then the protocol in his theory will see that the blockchain has not mined blocks for 85 years and then give him super easy difficulty.. now the reality. when he rejoins the network he wil be all alone on his fork and everyone else will mine as usual not realising he exists, his coins from those 2 blocks would show as invalid and unspendable (wont confirm if he tried to send them) and he will get on with his life. OP you also have to realise that you trying to (in basic principle) solo mine block 2098 and 2099, would be still at an extremely high difficulty before the change, which unless you had a asic farm, would take you not 20 minutes.. but days or weeks if lucky.. so dont waste your time on this. many thousands of people have been there, done that. so heres the T-shirt the other theory is to gather soooo much hash power to rival Ghash.oi etc. that if lucky he is the one that mines the critical block 2099 and it shows a timestamp of the year 2100.. goodluck, have you got over $10mill of equipment to try? Of course, a regular person wouldn't be able to do so, but Even a small pool like Bitminter, or Bitmaintech's AntPool, or KnC's "Testing Facility" could easily accomplish this without controlling 51% of the network. After they find that one block, which wouldn't take long, they would be able to start the cycle. I think this deserves a bit more attention. I don't pretend to know enough to comment on the specifics of such an idea. I do think as an academic exercise it is good to be aware of this kind of stuff in order to stay ahead of people that would try to game the system. I don't believe most such attacks would succeed in getting a bunch of coins, but they can cause chaos and fear which does affect our wealth.
|
|
|
|
byt411 (OP)
|
|
July 09, 2014, 06:46:39 PM |
|
what the OP is trying to say is that knowing difficulty is changed every 2100 blocks. he will set up a private network of 2 PC's and at block 2098 he will set both computers time to be year 2100, thus as mining 2 more blocks. in this closed network. then the protocol in his theory will see that the blockchain has not mined blocks for 85 years and then give him super easy difficulty.. now the reality. when he rejoins the network he wil be all alone on his fork and everyone else will mine as usual not realising he exists, his coins from those 2 blocks would show as invalid and unspendable (wont confirm if he tried to send them) and he will get on with his life. OP you also have to realise that you trying to (in basic principle) solo mine block 2098 and 2099, would be still at an extremely high difficulty before the change, which unless you had a asic farm, would take you not 20 minutes.. but days or weeks if lucky.. so dont waste your time on this. many thousands of people have been there, done that. so heres the T-shirt the other theory is to gather soooo much hash power to rival Ghash.oi etc. that if lucky he is the one that mines the critical block 2099 and it shows a timestamp of the year 2100.. goodluck, have you got over $10mill of equipment to try? Of course, a regular person wouldn't be able to do so, but Even a small pool like Bitminter, or Bitmaintech's AntPool, or KnC's "Testing Facility" could easily accomplish this without controlling 51% of the network. After they find that one block, which wouldn't take long, they would be able to start the cycle. I think this deserves a bit more attention. I don't pretend to know enough to comment on the specifics of such an idea. I do think as an academic exercise it is good to be aware of this kind of stuff in order to stay ahead of people that would try to game the system. I don't believe most such attacks would succeed in getting a bunch of coins, but they can cause chaos and fear which does affect our wealth. If no countermeasure is put in place, the attackers will just grab all block rewards with very little effort, and all coins will get mined in very little time, so it is a bunch of coins.
|
|
|
|
|
jook
Newbie
Offline
Activity: 47
Merit: 0
|
|
July 09, 2014, 07:34:26 PM |
|
Of course, a regular person wouldn't be able to do so, but Even a small pool like Bitminter, or Bitmaintech's AntPool, or KnC's "Testing Facility" could easily accomplish this without controlling 51% of the network. After they find that one block, which wouldn't take long, they would be able to start the cycle. I think this deserves a bit more attention.
No, it doesn't deserve attention because you're misunderstanding how Bitcoin works. The length of the blockchain is not measured in number-of-blocks, but in the amount of work done, i.e. blocks multiplied by difficulty. If someone managed to set up the scheme you describe, the manipulated chain would not be accepted as the longest. Its higher block count multiplied with the fake low difficulty makes it shorter than the real one.
|
|
|
|
jonald_fyookball
Legendary
Offline
Activity: 1302
Merit: 1008
Core dev leaves me neg feedback #abuse #political
|
|
July 09, 2014, 07:36:59 PM |
|
Of course, a regular person wouldn't be able to do so, but Even a small pool like Bitminter, or Bitmaintech's AntPool, or KnC's "Testing Facility" could easily accomplish this without controlling 51% of the network. After they find that one block, which wouldn't take long, they would be able to start the cycle. I think this deserves a bit more attention.
No, it doesn't deserve attention because you're misunderstanding how Bitcoin works. The length of the blockchain is not measured in number-of-blocks, but in the amount of work done, i.e. blocks multiplied by difficulty. If someone managed to set up the scheme you describe, the manipulated chain would not be accepted as the longest. Its higher block count multiplied with the fake low difficulty makes it shorter than the real one. you misunderstood the OP, he is talking about manipulation via difficulty adjustment , but that won't work because the timestamps are validated.
|
|
|
|
jook
Newbie
Offline
Activity: 47
Merit: 0
|
|
July 09, 2014, 08:04:25 PM |
|
you misunderstood the OP, he is talking about manipulation via difficulty adjustment , but that won't work because the timestamps are validated.
I don't think I misunderstood the OP. The argument is that even if timestamps were not validated, it still wouldn't work, because the fake chain won't be accepted as the longest. So there are at least two reasons why this is not an actual problem.
|
|
|
|
jonald_fyookball
Legendary
Offline
Activity: 1302
Merit: 1008
Core dev leaves me neg feedback #abuse #political
|
|
July 09, 2014, 08:10:49 PM |
|
you misunderstood the OP, he is talking about manipulation via difficulty adjustment , but that won't work because the timestamps are validated.
I don't think I misunderstood the OP. The argument is that even if timestamps were not validated, it still wouldn't work, because the fake chain won't be accepted as the longest. So there are at least two reasons why this is not an actual problem. If timestamps were not validated, I think it actually would be a problem because attacker could build a very long chain very quickly and broadcast that whole chain.
|
|
|
|
jook
Newbie
Offline
Activity: 47
Merit: 0
|
|
July 09, 2014, 08:23:46 PM |
|
If timestamps were not validated, I think it actually would be a problem because attacker could build a very long chain very quickly and broadcast that whole chain.
No, the attacker cannot build a longer chain. Re-read my first post, I don't know how to make it any clearer.
|
|
|
|
jonald_fyookball
Legendary
Offline
Activity: 1302
Merit: 1008
Core dev leaves me neg feedback #abuse #political
|
|
July 09, 2014, 08:31:38 PM Last edit: July 09, 2014, 08:49:34 PM by jonald_fyookball |
|
If timestamps were not validated, I think it actually would be a problem because attacker could build a very long chain very quickly and broadcast that whole chain.
No, the attacker cannot build a longer chain. Re-read my first post, I don't know how to make it any clearer. I see your point now, sorry... but still I think there could still be problems. Why wouldn't the network build on top of your long chain since you were the first to broadcast it? Also, it would be a very chaotic situation if you had miners trying to solve at different difficulty levels. A lot of reorgs. And a distinct possibility someone would come out with X number of cheap blocks. Such chaos would be very bad for Bitcoin.
|
|
|
|
franky1
Legendary
Offline
Activity: 4410
Merit: 4763
|
|
July 09, 2014, 08:42:58 PM |
|
darn it, you spoiled it for me.. i wanted to see how far down the rabbit hole of fantasy bitcoin attack theory byt411 would go, either deeper down to pretend there was a threat or would come back with an acceptable argument that no one has realised.. but you had to put the deathnail into his fantasy theory.. some of these new people need to realise bitcoin has been tried and tested by hackers and whitehackers for 5 years. and bitcoins is still here, so most theories of attack are already preventable. i just wanted to see if he was the acception that knew something we didnt im having a comedy day today. chillin in the sun dont mind me
|
I DO NOT TRADE OR ACT AS ESCROW ON THIS FORUM EVER. Please do your own research & respect what is written here as both opinion & information gleaned from experience. many people replying with insults but no on-topic content substance, automatically are 'facepalmed' and yawned at
|
|
|
jonald_fyookball
Legendary
Offline
Activity: 1302
Merit: 1008
Core dev leaves me neg feedback #abuse #political
|
|
July 09, 2014, 08:48:10 PM |
|
darn it, you spoiled it for me.. i wanted to see how far down the rabbit hole of fantasy bitcoin attack theory byt411 would go, either deeper down to pretend there was a threat or would come back with an acceptable argument that no one has realised.. but you had to put the deathnail into his fantasy theory.. some of these new people need to realise bitcoin has been tried and tested by hackers and whitehackers for 5 years. and bitcoins is still here, so most theories of attack are already preventable. i just wanted to see if he was the acception that knew something we didnt im having a comedy day today. chillin in the sun dont mind meWell, I think people should try to keep thinking of ways to attack Bitcoin. A new idea can come from any mind. That said, I agree, the devs are very smart people and have had a lot of Bitcoin experience. They are usually several steps ahead of the crowd.
|
|
|
|
franky1
Legendary
Offline
Activity: 4410
Merit: 4763
|
|
July 09, 2014, 10:06:41 PM |
|
Well, I think people should try to keep thinking of ways to attack Bitcoin. A new idea can come from any mind.
That said, I agree, the devs are very smart people and have had a lot of Bitcoin experience. They are usually several steps ahead of the crowd.
i know thats why i didnt want him to totally give up, i wanted to see where it lead to and find out if he actually done much research and found a flaw. turns out he was a standard worry-wort.
|
I DO NOT TRADE OR ACT AS ESCROW ON THIS FORUM EVER. Please do your own research & respect what is written here as both opinion & information gleaned from experience. many people replying with insults but no on-topic content substance, automatically are 'facepalmed' and yawned at
|
|
|
byt411 (OP)
|
|
July 10, 2014, 12:03:24 AM |
|
Well, I think people should try to keep thinking of ways to attack Bitcoin. A new idea can come from any mind.
That said, I agree, the devs are very smart people and have had a lot of Bitcoin experience. They are usually several steps ahead of the crowd.
i know thats why i didnt want him to totally give up, i wanted to see where it lead to and find out if he actually done much research and found a flaw. turns out he was a standard worry-wort. I didn't do a lot of research, it's just something I came up with. Can someone expand on how the timestamps are validated?
|
|
|
|
jonald_fyookball
Legendary
Offline
Activity: 1302
Merit: 1008
Core dev leaves me neg feedback #abuse #political
|
|
July 10, 2014, 12:37:57 AM |
|
Well, I think people should try to keep thinking of ways to attack Bitcoin. A new idea can come from any mind.
That said, I agree, the devs are very smart people and have had a lot of Bitcoin experience. They are usually several steps ahead of the crowd.
i know thats why i didnt want him to totally give up, i wanted to see where it lead to and find out if he actually done much research and found a flaw. turns out he was a standard worry-wort. I didn't do a lot of research, it's just something I came up with. Can someone expand on how the timestamps are validated? Please read the wiki page, it is not long In the case of trying to spoof a timestamp far in the future, the block would be instantly rejected by other nodes because is is not within 2 hours of the network time.
|
|
|
|
hollowframe
|
|
July 14, 2014, 05:21:22 AM |
|
Well, I think people should try to keep thinking of ways to attack Bitcoin. A new idea can come from any mind.
That said, I agree, the devs are very smart people and have had a lot of Bitcoin experience. They are usually several steps ahead of the crowd.
i know thats why i didnt want him to totally give up, i wanted to see where it lead to and find out if he actually done much research and found a flaw. turns out he was a standard worry-wort. I didn't do a lot of research, it's just something I came up with. Can someone expand on how the timestamps are validated? A timestamp will only be accepted if it is no more then 2 hours greater then the average of the time of all the nodes that you connect to. In other words the most you can manipulate the time is to make it 2 hours in the future. You would not wish to do this for found blocks, as the first block found is generally the one accepted to the blockchain assuming both chains are the same length.
|
|
|
|
|