MineForeman.com
Legendary
 Offline
Activity: 896
Merit: 1000
|
 |
August 18, 2014, 09:46:54 PM |
|
Step 4) Don't submit winning hashes, reducing the REVENUE of competitors by 3%
When mining you don't know if you have the winning hash until after you submit it (sometimes not even then). Neil Hi Neil, thanks for the input. This is the latest response I've got from BM on the forum https://bitsharestalk.org/index.php?topic=7003.msg94085#msg94085Your absolutely right of coarse, the miner could 'guess' what shares may solve a block without too much trouble. Neil P.S. I blame a head cold, I took some pseudoephedrine about an hour or two ago and I just realized I am not thinking all that straight.... I think I will stop doing test restores of VM's as well before I do some damage  . |
|
|
|
|
|
|
|
|
|
|
|
|
No Gods or Kings. Only Bitcoin
|
|
|
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction.
|
|
|
|
|
|
|
Soros Shorts
Donator
Legendary
Offline
Activity: 1617
Merit: 1012
|
|
August 18, 2014, 11:02:49 PM |
|
Would this work, is this a threat at all?
It is hard to say. The community would be closely watching such a pool and would likely take countermeasures the moment that pool does any underhanded stuff. This may include custom clients that would completely prevent blocks solved by that pool from propagating through the network, if such blocks could be identified easily. |
|
|
|
|
|
wasserman99
|
|
August 19, 2014, 01:22:52 AM |
|
Step 4) Don't submit winning hashes, reducing the REVENUE of competitors by 3%
When mining you don't know if you have the winning hash until after you submit it (sometimes not even then). Neil There are some modified versions of mining software (I believe it was cgminer) that can be set so that found blocks are not submitted to the pool. There was a miner in China earlier this year that was mining on the eligius pool, withheld what should have been several blocks (they would have been expected to find several blocks verses what they actually found); it ended up costing the pool several hundred BTC. There was also likely a similar attack on BTC guild that lasted several months before that as their luck was way below what it should have been. |
|
|
|
Darwerft
Newbie
Offline
Activity: 27
Merit: 0
|
|
August 19, 2014, 08:30:47 PM
Last edit: August 19, 2014, 08:55:03 PM by Darwerft |
|
There is so much Wrong information here that goes against everything I thought. Im pretty sure it works this way:
1. Pool has "complicated problem" to find a new block
2. Pool takes part of this "complicated problem" and sends to client
3. Client solves the new "problem" (Important; Client dont know if their solution works on "complicated problem" as client dont have that)
4. Client sends in the solution
5. Pool checks to see solution works on the given problem
6. If solution works GOOD POOL FOUND NEW BLOCK! if not it still had a chance to find the solution. Either way the client gets payed
7. Pool sees how often you submit a solution to decide what your hashrate approx is.
This also means that it takes some time for the pool to calc your computer speed fx. your computer submits 100 solutions an hour and the pool
calc's this into 10G/Hash (JUST EXAMPLE).
Today I learned: If I took a lot of computers to mine in pool and started to withhold possible solutions, the pool would see it as the hashrate was dropped as you are normally paid per successful solutions send to pool.
Or maybe im just stupid and bitcoin is very easy to kill.
When you sit with a solution you have no idea if pool can use it or not (Neither does pool yet), you know that there is a much bigger chance of this being the solution the pool can use than if you took a random answer. You only get paid when you submit it to the pool.
For children:
Imagine that your parents had this rare football.
They just didnt know where this rare football was.
So they paid you to bring them round objects.
Everytime you bought them a round object you get paid a little.
The parents could not tell you that it is the football they are looking for,
if they told you and you found it, you would keep it too your self.
so they tell you to bring them round objects, now you dont know if your parents actually profit when you bring them a round object.
You bring them a tennisball
you bring them a tire
you bring them a melon
It might take long but in time and with enough people someone will bring the football, they will give it too the parents because it has no value to them, they dont know it is rare, all they know is that it is a round object.
The parents sell the football and use the money the pay the children for each round object they found.
Really hard to put it more simple sorry.
Now there are different systems.
Named PPS, PPLNS and so on.
In some systems the children are payed per thing they submit that qualify.
In others no one is payed until the football is found and then they are payed equal to effort.
sometimes the children might get lucky and find the football after just 4 things have been submitted and the 4 people all share the reward. (Thus getting payed much to be lucky)
Other times there will go along time without anyone finding what item is actually worth anything, in this case the people will get payed litle when you consider the number of possible things they have submitted.
ITS all about who takes Variance that the pool or the miners.
Overtime thou it shouldn't matter.
|
|
|
|
|
|
mjc
|
|
August 19, 2014, 08:45:19 PM |
|
Do you even have the slightest idea about how important Bitcoin Mining!!! and you want to attack it!!! Why!!!
Because of the importance of mining is exactly why we should talk about the vulnerabilities associated with it. It is only then that we can mitigate them and strengthen Bitcoin. Michael, CEH & OSCP Security Pen Tester |
|
|
|
|
mjc
|
|
August 19, 2014, 08:46:56 PM |
|
There is so much Wrong information here that goes against everything I thought. Im pretty sure it works this way:
1. Pool has "complicated problem" to find a new block
2. Pool takes part of this "complicated problem" and sends to client
3. Client solves the new "problem" (Important; Client dont know if their solution works on "complicated problem" as client dont have that)
4. Client sends in the solution
5. Pool checks to see solution works on the given problem
6. If solution works GOOD POOL FOUND NEW BLOCK! if not it still had a chance to find the solution. Either way the client gets payed
7. Pool sees how often you submit a solution to decide what your hashrate approx is.
This also means that it takes some time for the pool to calc your computer speed fx. your computer submits 100 solutions an hour and the pool
calc's this into 10G/Hash (JUST EXAMPLE).
Today I learned: If I took a lot of computers to mine in pool and started to withhold possible solutions, the pool would see it as the hashrate was dropped as you are normally paid per successful solutions send to pool.
Or maybe im just stupid and bitcoin is very easy to kill.
When you sit with a solution you have no idea if pool can use it or not (Neither does pool yet), you know that there is a much bigger chance of this being the solution the pool can use than if you took a random answer. You only get paid when you submit it to the pool.
So in a nutshell you're suggesting that you cannot chain pools together. If this is accurate than the OP claim of vulnerability has been resolved as False. |
|
|
|
DeathAndTaxes
Donator
Legendary
Offline
Activity: 1218
Merit: 1079
Gerald Davis
|
|
August 19, 2014, 08:53:54 PM
Last edit: August 19, 2014, 09:04:24 PM by DeathAndTaxes |
|
There is so much Wrong information here that goes against everything I thought. Maybe what you thought was incorrect not the information presented. Google " block withholding attack". It has been know and discussed pretty much as long as there has been pooled mining. 3. Client solves the new "problem" (Important; Client dont know if their solution works on "complicated problem" as client dont have that)
This is incorrect. A miner instantly knows if he solved a block or not. However that solution is tied to that specific attempted block (with predetermined coinbase or "reward" address). A miner can't profit from this information. He can either submit it or not submit it. Not submitting it is the block withholding attack. This will reduce the gross revenue produced by the pool and will equally affect all miners in the pool (including the attacker) and the pool operator. There are ways to make the block withholding attack impossible however they require a hard fork in the protocol (a change in the format of the block header). |
|
|
|
|
Darwerft
Newbie
Offline
Activity: 27
Merit: 0
|
|
August 19, 2014, 08:57:32 PM |
|
There is so much Wrong information here that goes against everything I thought. Maybe what you thought was incorrect not the information presented. Google "block withholding attack" it has been known and discussed for years. It is pretty much as old as pooled mining. 3. Client solves the new "problem" (Important; Client dont know if their solution works on "complicated problem" as client dont have that)
This is incorrect. A miner instantly knows if he solved a block or not. However that solution is tied to that specific attempted block (with predetermined coinbase or "reward" address). A miner can't profit from this information. He can either submit it or not submit it. Not submitting it is the block withholding attack. This will reduce the profitability of all miners in the pool including the attacker. The amount of the reduction is directly related to the blocks withheld so if a miner has 5% of the pool hashrate and withholds half the blocks he solves then all miners (inlcuding the attacker) will earn 2.5% less than expected. There are potential ways to make the block withholding attack impossible however they would require a hard fork in the protocol. Yeah well I alone could think of ways to close this hole so if there is a hole it is just the lazy devs or the stubborn bitcoiners that havent implemented it yet. |
|
|
|
|
NickNick
Newbie
Offline
Activity: 32
Merit: 0
|
|
August 23, 2014, 08:04:29 PM
Last edit: August 23, 2014, 08:17:04 PM by NickNick |
|
More generally, what if I participate in a pool and just keep the good hashes for myself? I guess this would be strictly more profitable for me than just participating in a pool. But if every one does the same, pools should just never find a block. Right? Then: Why do pools exist in the first place?
|
|
|
|
|
Syke
Legendary
Offline
Activity: 3878
Merit: 1193
|
|
August 23, 2014, 08:43:40 PM |
|
More generally, what if I participate in a pool and just keep the good hashes for myself? I guess this would be strictly more profitable for me than just participating in a pool. But if every one does the same, pools should just never find a block. Right? Then: Why do pools exist in the first place?
You can't "keep the good hashes". Either you send them to the pool, or you throw them away. If you throw them away, you get nothing. Yes, you can do that, but it's a waste for you. |
Buy & Hold
|
|
|
|
