MoonShadow (OP)
Legendary
 Offline
Activity: 1708
Merit: 1007
|
 |
August 03, 2010, 05:53:51 PM |
|
Another thread that asked what would happen if the bitcoin network were to split over a period of time and reconnect got me thinking....
One way to protect against such an unlikey event would be to have a watchdog process that kept track of the average time between blocks since the last change in difficulty, and alert the owner if the time between blocks were to jump significantly and uncharacteristicly over one or more consecutive blocks. This would also help protect a vendor from a double-spending scam if the theives involved were talented enough to be able to spoof his client's connections to delay another spend event from reaching him.
But then I realized that a server running a modified client on another machine, without a hard connection limit, could do the above for a collection of vendors, while monitoring the vendor's client by maintaining a connection to it and notifying the vendor by other means if the connection is lost. Also, if a war, internet virus, or other were to divide the bitcoin network for an extended time; the watchdog would be able to deterimine *where* the problem on the Internet actually is by analysis of it's customers' connections that were lost, and notify all customers in the affected zone that, presumedly, they are on the wrong side of the split.
The watchdog would also work quite well as a rapid annouce clearinghouse, improving the odds for it's customers that if they are subjects of a double-spending scam, that it's less likely that they are those left holding the raw deal.
Any talented programmers willing to take this up?
|
"The powers of financial capitalism had another far-reaching aim, nothing less than to create a world system of financial control in private hands able to dominate the political system of each country and the economy of the world as a whole. This system was to be controlled in a feudalist fashion by the central banks of the world acting in concert, by secret agreements arrived at in frequent meetings and conferences. The apex of the systems was to be the Bank for International Settlements in Basel, Switzerland, a private bank owned and controlled by the world's central banks which were themselves private corporations. Each central bank...sought to dominate its government by its ability to control Treasury loans, to manipulate foreign exchanges, to influence the level of economic activity in the country, and to influence cooperative politicians by subsequent economic rewards in the business world."
- Carroll Quigley, CFR member, mentor to Bill Clinton, from 'Tragedy And Hope'
|
|
|
|
|
|
|
|
|
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction.
|
|
|
|
|
jgarzik
Legendary
Offline
Activity: 1596
Merit: 1091
|
|
August 03, 2010, 06:12:28 PM |
|
A good way to prevent long-chain takeover is to store the signature of the last-known "good" block in each bitcoin release binary.
|
Jeff Garzik, Bloq CEO, former bitcoin core dev team; opinions are my own.
Visit bloq.com / metronome.io
Donations / tip jar: 1BrufViLKnSWtuWGkryPsKsxonV2NQ7Tcj
|
|
|
nelisky
Legendary
Offline
Activity: 1540
Merit: 1001
|
|
August 03, 2010, 06:59:58 PM |
|
A good way to prevent long-chain takeover is to store the signature of the last-known "good" block in each bitcoin release binary.
But that is only as good as the trust you have in the distribution channels, which are being discussed in other threads. If a compromised client was to be served as an upgrade, and most running clients would be using this version, then a new chain would replace the old one. What would happen when, after some time, the attack was disclosed and new clients with the real block chain signatures were run? Would the old (real) chain still be alive and replace the bogus one? |
|
|
|
|
|
throughput
|
|
August 12, 2010, 03:28:43 PM |
|
Definitively, we need some overall network hps meter in every node. And at last I've found that article: http://www.informit.com/articles/article.aspx?p=1237179Network splits are easier to produce, and happen more often, than many users on this forum think. You don't really need to cut any cable, nor hack into ISP's router to plug that ISP off Internet. You don't need to hack his peers either. All you need is BGP router in any AS (and some unwary BGP peers). I have one  So, it is possible to talk about a short (1 - 3 hours) and controlled network split. Not just split in half, but split into ASes. After an hour or three-four most of ISPs will recover, but that really depends on work hours. Weekend attack may have more prolonged effect. Perhaps in the future that will be fixed and no BGP router will be vulnerable, but anyway, nobody should count on Internet stability and persistent connectivity. |
|
|
|
|
jgarzik
Legendary
Offline
Activity: 1596
Merit: 1091
|
|
August 12, 2010, 04:14:11 PM |
|
A good way to prevent long-chain takeover is to store the signature of the last-known "good" block in each bitcoin release binary.
But that is only as good as the trust you have in the distribution channels, which are being discussed in other threads. If a compromised client was to be served as an upgrade, and most running clients would be using this version, then a new chain would replace the old one. What would happen when, after some time, the attack was disclosed and new clients with the real block chain signatures were run? Would the old (real) chain still be alive and replace the bogus one? We could convince satoshi to always post SHA1 signatures of uploads inside a PGP-signed blocks... establish a chain of trust for both source code and official binaries. |
Jeff Garzik, Bloq CEO, former bitcoin core dev team; opinions are my own.
Visit bloq.com / metronome.io
Donations / tip jar: 1BrufViLKnSWtuWGkryPsKsxonV2NQ7Tcj
|
|
|
|
aceat64
|
|
August 12, 2010, 05:02:43 PM |
|
Definitively, we need some overall network hps meter in every node. And at last I've found that article: http://www.informit.com/articles/article.aspx?p=1237179Network splits are easier to produce, and happen more often, than many users on this forum think. You don't really need to cut any cable, nor hack into ISP's router to plug that ISP off Internet. You don't need to hack his peers either. All you need is BGP router in any AS (and some unwary BGP peers). I have one So, it is possible to talk about a short (1 - 3 hours) and controlled network split. Not just split in half, but split into ASes. After an hour or three-four most of ISPs will recover, but that really depends on work hours. Weekend attack may have more prolonged effect. Perhaps in the future that will be fixed and no BGP router will be vulnerable, but anyway, nobody should count on Internet stability and persistent connectivity. How would an attacker connect to both sides during this split in order to spend the coins? And if the attacker can do it, the likelihood that one or more honest nodes could bridge the divide is pretty good. |
|
|
|
|
satoshi
Founder
Sr. Member
Offline
Activity: 364
Merit: 6723
|
|
August 12, 2010, 09:34:44 PM |
|
True, there would probably be someone with a dial-up modem or satellite dish internet. Rarer would be someone who has both that and the wired internet that has the outage, but if it's a big enough segment to matter, out of a million people there's bound to be a multi-home geek.
ISP network cuts are just your local area. If you still have communication with the rest of your area, it would probably be something like 1/1000 of the world or less. Block generation in the segment would take several hours per block.
I favour the plan to monitor if the frequency of blocks received drops too slow. That covers a large range of possibilities.
|
|
|
|
|
|
throughput
|
|
August 13, 2010, 06:45:50 AM |
|
Definitively, we need some overall network hps meter in every node. And at last I've found that article: http://www.informit.com/articles/article.aspx?p=1237179Network splits are easier to produce, and happen more often, than many users on this forum think. You don't really need to cut any cable, nor hack into ISP's router to plug that ISP off Internet. You don't need to hack his peers either. All you need is BGP router in any AS (and some unwary BGP peers). I have one So, it is possible to talk about a short (1 - 3 hours) and controlled network split. Not just split in half, but split into ASes. After an hour or three-four most of ISPs will recover, but that really depends on work hours. Weekend attack may have more prolonged effect. Perhaps in the future that will be fixed and no BGP router will be vulnerable, but anyway, nobody should count on Internet stability and persistent connectivity. How would an attacker connect to both sides during this split in order to spend the coins? And if the attacker can do it, the likelihood that one or more honest nodes could bridge the divide is pretty good. 1. Why an attacker is forced to be a single person with a single PC? Copy the wallet on another PC and use it anywhere! 2. Why should network isolation only be used for double spending? Can't it be used to slow down block generation? Will that affect difficulty adjustment? True, there would probably be someone with a dial-up modem or satellite dish internet. Rarer would be someone who has both that and the wired internet that has the outage, but if it's a big enough segment to matter, out of a million people there's bound to be a multi-home geek.
But there will be no irc server to bootsrap from. |
|
|
|
|
satoshi
Founder
Sr. Member
Offline
Activity: 364
Merit: 6723
|
|
August 13, 2010, 05:09:27 PM |
|
But there will be no irc server to bootstrap from.
Which doesn't matter because you can't access sourceforge to download the software either. If you've ever been connected before, you don't need IRC to bootstrap anymore. Even if you haven't, you can bootstrap from seed nodes. IRC is completely redundant since 0.3.0. |
|
|
|
|
|
