Selfish mining theory

[9kv]

If someone controls a couple nodes (10 for example, shouldn't be hard to do that right?), and at some point he isolates those nodes from the other bitcoin nodes, that will lead to an isolated blockchain that only he have access to it, and if he mines on it at 1kh/s or whatever super slow hash rate, at the time of recalculating the difficulty, it'll drop down by huge amount considering there wouldn't be any new blocks found between the time he isolated the chain till the time of changing the target difficulty (maybe he waits for 2 recalculating events, or modify something to make the difficulty drop to lowest possible not sure how possible that is). After this new low difficulty, he uses high mining power to create blocks at very high speed since the difficulty has dropped (on his own blockchain), meanwhile the true blockchain will have generated blocks that aren't included in those isolated chains, but due to him having low difficulty he generated twice the amount of blocks (or maybe x1.5 for example) if he then releases those nodes and they start interacting with other nodes, will this "self generated" chain become the "true" chain? I mean since it's a longer chain wouldn't it be the "true" blockchain? and that person would have actually reversed some transactions, and also generated new blocks and took the reward for himself?

I got this theory while reading an article about selfish mining, but for selfish mining to work you'll need to have something around 25% hash rate? (can't remember the exact %)

Anyway, the idea was taken from selfish mining, but I added that attacker needs to have couple nodes under his control and he isolate them in order to massively reduce the target difficulty so he can generate blocks at ridiculous high speed to make up for the time he didn't generate blocks while isolated.
also I'm not sure if 10 nodes are enough? maybe he needs something like 1/3 of total number of nodes to make sure that his blockchain will be published to everyone?

That's all, if anyone can explain if it's possible or not or if you can provide links to articles that help me finding the answer I'll be really appreciated, hope I explained my theory in an easy way.

[franky1]

If someone controls a couple nodes (10 for example, shouldn't be hard to do that right?), and at some point he isolates those nodes from the other bitcoin nodes, that will lead to an isolated blockchain that only he have access to it, and if he mines on it at 1kh/s or whatever super slow hash rate, at the time of recalculating the difficulty, it'll drop down by huge amount considering there wouldn't be any new blocks found between the time he isolated the chain till the time of changing the target difficulty (maybe he waits for 2 recalculating events, or modify something to make the difficulty drop to lowest possible not sure how possible that is). After this new low difficulty, he uses high mining power to create blocks at very high speed since the difficulty has dropped (on his own blockchain), meanwhile the true blockchain will have generated blocks that aren't included in those isolated chains, but due to him having low difficulty he generated twice the amount of blocks (or maybe x1.5 for example) if he then releases those nodes and they start interacting with other nodes, will this "self generated" chain become the "true" chain? I mean since it's a longer chain wouldn't it be the "true" blockchain? and that person would have actually reversed some transactions, and also generated new blocks and took the reward for himself?

I got this theory while reading an article about selfish mining, but for selfish mining to work you'll need to have something around 25% hash rate? (can't remember the exact %)

Anyway, the idea was taken from selfish mining, but I added that attacker needs to have couple nodes under his control and he isolate them in order to massively reduce the target difficulty so he can generate blocks at ridiculous high speed to make up for the time he didn't generate blocks while isolated.
also I'm not sure if 10 nodes are enough? maybe he needs something like 1/3 of total number of nodes to make sure that his blockchain will be published to everyone?

That's all, if anyone can explain if it's possible or not or if you can provide links to articles that help me finding the answer I'll be really appreciated, hope I explained my theory in an easy way.

if you separated yourself from the main network at block h 322992. and started mining in your smal network. the difficulty will still initially be high. so if you only had some USB erupter miners. you probably wont even mine one block in the 2 weeks you have to wait.

once the 2 weeks are up and it time to change difficulty down because your small network is suppose to be at 2016 blocks further on. yet you have not solved a block due to complexity too high.. it will drop alot..

you have already by now lost the game before you even got a block, just by not keeping up with the real network block numbers.

so the problem is that even if you do not mess with the code to make a block you want to solve give you 5 trillian coins. even if you think you have solved a legitimate block. when you then connect to the main network. your blockchain will put you at 322993, yet everyone else's chain will be atleast 324000. meaning that block you hoped would net you 25legit coins or 5trillian reprogrammed coins.. would both be simply ignored and your personal block would be orphaned/binned/thrown out, 'shown the hand because the tcp aint listening'. simply because your block 322993 does not follow on from everyone elses.

thus its not worth it.

[Injust]

If someone controls a couple nodes (10 for example, shouldn't be hard to do that right?), and at some point he isolates those nodes from the other bitcoin nodes, that will lead to an isolated blockchain that only he have access to it, and if he mines on it at 1kh/s or whatever super slow hash rate, at the time of recalculating the difficulty, it'll drop down by huge amount considering there wouldn't be any new blocks found between the time he isolated the chain till the time of changing the target difficulty (maybe he waits for 2 recalculating events, or modify something to make the difficulty drop to lowest possible not sure how possible that is). After this new low difficulty, he uses high mining power to create blocks at very high speed since the difficulty has dropped (on his own blockchain), meanwhile the true blockchain will have generated blocks that aren't included in those isolated chains, but due to him having low difficulty he generated twice the amount of blocks (or maybe x1.5 for example) if he then releases those nodes and they start interacting with other nodes, will this "self generated" chain become the "true" chain? I mean since it's a longer chain wouldn't it be the "true" blockchain? and that person would have actually reversed some transactions, and also generated new blocks and took the reward for himself?

I got this theory while reading an article about selfish mining, but for selfish mining to work you'll need to have something around 25% hash rate? (can't remember the exact %)

Anyway, the idea was taken from selfish mining, but I added that attacker needs to have couple nodes under his control and he isolate them in order to massively reduce the target difficulty so he can generate blocks at ridiculous high speed to make up for the time he didn't generate blocks while isolated.
also I'm not sure if 10 nodes are enough? maybe he needs something like 1/3 of total number of nodes to make sure that his blockchain will be published to everyone?

That's all, if anyone can explain if it's possible or not or if you can provide links to articles that help me finding the answer I'll be really appreciated, hope I explained my theory in an easy way.

if you separated yourself from the main network at block h 322992. and started mining in your smal network. the difficulty will still initially be high. so if you only had some USB erupter miners. you probably wont even mine one block in the 2 weeks you have to wait.

once the 2 weeks are up and it time to change difficulty down because your small network is suppose to be at 2016 blocks further on. yet you have not solved a block due to complexity too high.. it will drop alot..

you have already by now lost the game before you even got a block, just by not keeping up with the real network block numbers.

so the problem is that even if you do not mess with the code to make a block you want to solve give you 5 trillian coins. even if you think you have solved a legitimate block. when you then connect to the main network. your blockchain will put you at 322993, yet everyone else's chain will be atleast 324000. meaning that block you hoped would net you 25legit coins or 5trillian reprogrammed coins.. would both be simply ignored and your personal block would be orphaned/binned/thrown out, 'shown the hand because the tcp aint listening'. simply because your block 322993 does not follow on from everyone elses.

thus its not worth it.

I think what OP means is to separate from the network, and mine with a really low hashrate. Then, because of the lack of blocks found, the difficulty in OP's network would drop by a lot, and he/she would use a large amount of hashing power to catch up and overtake the main network's blocks.

[9kv]

If someone controls a couple nodes (10 for example, shouldn't be hard to do that right?), and at some point he isolates those nodes from the other bitcoin nodes, that will lead to an isolated blockchain that only he have access to it, and if he mines on it at 1kh/s or whatever super slow hash rate, at the time of recalculating the difficulty, it'll drop down by huge amount considering there wouldn't be any new blocks found between the time he isolated the chain till the time of changing the target difficulty (maybe he waits for 2 recalculating events, or modify something to make the difficulty drop to lowest possible not sure how possible that is). After this new low difficulty, he uses high mining power to create blocks at very high speed since the difficulty has dropped (on his own blockchain), meanwhile the true blockchain will have generated blocks that aren't included in those isolated chains, but due to him having low difficulty he generated twice the amount of blocks (or maybe x1.5 for example) if he then releases those nodes and they start interacting with other nodes, will this "self generated" chain become the "true" chain? I mean since it's a longer chain wouldn't it be the "true" blockchain? and that person would have actually reversed some transactions, and also generated new blocks and took the reward for himself?

I got this theory while reading an article about selfish mining, but for selfish mining to work you'll need to have something around 25% hash rate? (can't remember the exact %)

Anyway, the idea was taken from selfish mining, but I added that attacker needs to have couple nodes under his control and he isolate them in order to massively reduce the target difficulty so he can generate blocks at ridiculous high speed to make up for the time he didn't generate blocks while isolated.
also I'm not sure if 10 nodes are enough? maybe he needs something like 1/3 of total number of nodes to make sure that his blockchain will be published to everyone?

That's all, if anyone can explain if it's possible or not or if you can provide links to articles that help me finding the answer I'll be really appreciated, hope I explained my theory in an easy way.

if you separated yourself from the main network at block h 322992. and started mining in your smal network. the difficulty will still initially be high. so if you only had some USB erupter miners. you probably wont even mine one block in the 2 weeks you have to wait.

once the 2 weeks are up and it time to change difficulty down because your small network is suppose to be at 2016 blocks further on. yet you have not solved a block due to complexity too high.. it will drop alot..

you have already by now lost the game before you even got a block, just by not keeping up with the real network block numbers.

so the problem is that even if you do not mess with the code to make a block you want to solve give you 5 trillian coins. even if you think you have solved a legitimate block. when you then connect to the main network. your blockchain will put you at 322993, yet everyone else's chain will be atleast 324000. meaning that block you hoped would net you 25legit coins or 5trillian reprogrammed coins.. would both be simply ignored and your personal block would be orphaned/binned/thrown out, 'shown the hand because the tcp aint listening'. simply because your block 322993 does not follow on from everyone elses.

thus its not worth it.

I think what OP means is to separate from the network, and mine with a really low hashrate. Then, because of the lack of blocks found, the difficulty in OP's network would drop by a lot, and he/she would use a large amount of hashing power to catch up and overtake the main network's blocks.

Yeah, this is what I mean. I still learned some good points from your post but I think this is still a valid thing.. anyone else have a way to disprove?

[cutepuppy]

If someone controls a couple nodes (10 for example, shouldn't be hard to do that right?), and at some point he isolates those nodes from the other bitcoin nodes, that will lead to an isolated blockchain that only he have access to it, and if he mines on it at 1kh/s or whatever super slow hash rate, at the time of recalculating the difficulty, it'll drop down by huge amount considering there wouldn't be any new blocks found between the time he isolated the chain till the time of changing the target difficulty (maybe he waits for 2 recalculating events, or modify something to make the difficulty drop to lowest possible not sure how possible that is). After this new low difficulty, he uses high mining power to create blocks at very high speed since the difficulty has dropped (on his own blockchain), meanwhile the true blockchain will have generated blocks that aren't included in those isolated chains, but due to him having low difficulty he generated twice the amount of blocks (or maybe x1.5 for example) if he then releases those nodes and they start interacting with other nodes, will this "self generated" chain become the "true" chain? I mean since it's a longer chain wouldn't it be the "true" blockchain? and that person would have actually reversed some transactions, and also generated new blocks and took the reward for himself?

I got this theory while reading an article about selfish mining, but for selfish mining to work you'll need to have something around 25% hash rate? (can't remember the exact %)

Anyway, the idea was taken from selfish mining, but I added that attacker needs to have couple nodes under his control and he isolate them in order to massively reduce the target difficulty so he can generate blocks at ridiculous high speed to make up for the time he didn't generate blocks while isolated.
also I'm not sure if 10 nodes are enough? maybe he needs something like 1/3 of total number of nodes to make sure that his blockchain will be published to everyone?

That's all, if anyone can explain if it's possible or not or if you can provide links to articles that help me finding the answer I'll be really appreciated, hope I explained my theory in an easy way.

if you separated yourself from the main network at block h 322992. and started mining in your smal network. the difficulty will still initially be high. so if you only had some USB erupter miners. you probably wont even mine one block in the 2 weeks you have to wait.

once the 2 weeks are up and it time to change difficulty down because your small network is suppose to be at 2016 blocks further on. yet you have not solved a block due to complexity too high.. it will drop alot..

you have already by now lost the game before you even got a block, just by not keeping up with the real network block numbers.

so the problem is that even if you do not mess with the code to make a block you want to solve give you 5 trillian coins. even if you think you have solved a legitimate block. when you then connect to the main network. your blockchain will put you at 322993, yet everyone else's chain will be atleast 324000. meaning that block you hoped would net you 25legit coins or 5trillian reprogrammed coins.. would both be simply ignored and your personal block would be orphaned/binned/thrown out, 'shown the hand because the tcp aint listening'. simply because your block 322993 does not follow on from everyone elses.

thus its not worth it.

I think what OP means is to separate from the network, and mine with a really low hashrate. Then, because of the lack of blocks found, the difficulty in OP's network would drop by a lot, and he/she would use a large amount of hashing power to catch up and overtake the main network's blocks.

Yeah, this is what I mean. I still learned some good points from your post but I think this is still a valid thing.. anyone else have a way to disprove?

It would take too long to find enough blocks until the difficulty recalculates. The difficulty does not readjust every two weeks, it readjusts every 2016 blocks. It would take a very long time to find enough blocks to finish the remaining 2016 blocks until the difficulty recalculates with only a few kh/s of mining power and once the difficulty does adjust with your "special" blockchian the "real" blockchain will be much longer then what your new blockchain would be able to achieve.

[9kv]

If someone controls a couple nodes (10 for example, shouldn't be hard to do that right?), and at some point he isolates those nodes from the other bitcoin nodes, that will lead to an isolated blockchain that only he have access to it, and if he mines on it at 1kh/s or whatever super slow hash rate, at the time of recalculating the difficulty, it'll drop down by huge amount considering there wouldn't be any new blocks found between the time he isolated the chain till the time of changing the target difficulty (maybe he waits for 2 recalculating events, or modify something to make the difficulty drop to lowest possible not sure how possible that is). After this new low difficulty, he uses high mining power to create blocks at very high speed since the difficulty has dropped (on his own blockchain), meanwhile the true blockchain will have generated blocks that aren't included in those isolated chains, but due to him having low difficulty he generated twice the amount of blocks (or maybe x1.5 for example) if he then releases those nodes and they start interacting with other nodes, will this "self generated" chain become the "true" chain? I mean since it's a longer chain wouldn't it be the "true" blockchain? and that person would have actually reversed some transactions, and also generated new blocks and took the reward for himself?

I got this theory while reading an article about selfish mining, but for selfish mining to work you'll need to have something around 25% hash rate? (can't remember the exact %)

Anyway, the idea was taken from selfish mining, but I added that attacker needs to have couple nodes under his control and he isolate them in order to massively reduce the target difficulty so he can generate blocks at ridiculous high speed to make up for the time he didn't generate blocks while isolated.
also I'm not sure if 10 nodes are enough? maybe he needs something like 1/3 of total number of nodes to make sure that his blockchain will be published to everyone?

That's all, if anyone can explain if it's possible or not or if you can provide links to articles that help me finding the answer I'll be really appreciated, hope I explained my theory in an easy way.

if you separated yourself from the main network at block h 322992. and started mining in your smal network. the difficulty will still initially be high. so if you only had some USB erupter miners. you probably wont even mine one block in the 2 weeks you have to wait.

once the 2 weeks are up and it time to change difficulty down because your small network is suppose to be at 2016 blocks further on. yet you have not solved a block due to complexity too high.. it will drop alot..

you have already by now lost the game before you even got a block, just by not keeping up with the real network block numbers.

so the problem is that even if you do not mess with the code to make a block you want to solve give you 5 trillian coins. even if you think you have solved a legitimate block. when you then connect to the main network. your blockchain will put you at 322993, yet everyone else's chain will be atleast 324000. meaning that block you hoped would net you 25legit coins or 5trillian reprogrammed coins.. would both be simply ignored and your personal block would be orphaned/binned/thrown out, 'shown the hand because the tcp aint listening'. simply because your block 322993 does not follow on from everyone elses.

thus its not worth it.

I think what OP means is to separate from the network, and mine with a really low hashrate. Then, because of the lack of blocks found, the difficulty in OP's network would drop by a lot, and he/she would use a large amount of hashing power to catch up and overtake the main network's blocks.

Yeah, this is what I mean. I still learned some good points from your post but I think this is still a valid thing.. anyone else have a way to disprove?

It would take too long to find enough blocks until the difficulty recalculates. The difficulty does not readjust every two weeks, it readjusts every 2016 blocks. It would take a very long time to find enough blocks to finish the remaining 2016 blocks until the difficulty recalculates with only a few kh/s of mining power and once the difficulty does adjust with your "special" blockchian the "real" blockchain will be much longer then what your new blockchain would be able to achieve.

But what if you time it PERFECTLY, and manage to get lucky and solve the block on the first try on your new blockchain?

[Injust]

If someone controls a couple nodes (10 for example, shouldn't be hard to do that right?), and at some point he isolates those nodes from the other bitcoin nodes, that will lead to an isolated blockchain that only he have access to it, and if he mines on it at 1kh/s or whatever super slow hash rate, at the time of recalculating the difficulty, it'll drop down by huge amount considering there wouldn't be any new blocks found between the time he isolated the chain till the time of changing the target difficulty (maybe he waits for 2 recalculating events, or modify something to make the difficulty drop to lowest possible not sure how possible that is). After this new low difficulty, he uses high mining power to create blocks at very high speed since the difficulty has dropped (on his own blockchain), meanwhile the true blockchain will have generated blocks that aren't included in those isolated chains, but due to him having low difficulty he generated twice the amount of blocks (or maybe x1.5 for example) if he then releases those nodes and they start interacting with other nodes, will this "self generated" chain become the "true" chain? I mean since it's a longer chain wouldn't it be the "true" blockchain? and that person would have actually reversed some transactions, and also generated new blocks and took the reward for himself?

I got this theory while reading an article about selfish mining, but for selfish mining to work you'll need to have something around 25% hash rate? (can't remember the exact %)

Anyway, the idea was taken from selfish mining, but I added that attacker needs to have couple nodes under his control and he isolate them in order to massively reduce the target difficulty so he can generate blocks at ridiculous high speed to make up for the time he didn't generate blocks while isolated.
also I'm not sure if 10 nodes are enough? maybe he needs something like 1/3 of total number of nodes to make sure that his blockchain will be published to everyone?

That's all, if anyone can explain if it's possible or not or if you can provide links to articles that help me finding the answer I'll be really appreciated, hope I explained my theory in an easy way.

if you separated yourself from the main network at block h 322992. and started mining in your smal network. the difficulty will still initially be high. so if you only had some USB erupter miners. you probably wont even mine one block in the 2 weeks you have to wait.

once the 2 weeks are up and it time to change difficulty down because your small network is suppose to be at 2016 blocks further on. yet you have not solved a block due to complexity too high.. it will drop alot..

you have already by now lost the game before you even got a block, just by not keeping up with the real network block numbers.

so the problem is that even if you do not mess with the code to make a block you want to solve give you 5 trillian coins. even if you think you have solved a legitimate block. when you then connect to the main network. your blockchain will put you at 322993, yet everyone else's chain will be atleast 324000. meaning that block you hoped would net you 25legit coins or 5trillian reprogrammed coins.. would both be simply ignored and your personal block would be orphaned/binned/thrown out, 'shown the hand because the tcp aint listening'. simply because your block 322993 does not follow on from everyone elses.

thus its not worth it.

I think what OP means is to separate from the network, and mine with a really low hashrate. Then, because of the lack of blocks found, the difficulty in OP's network would drop by a lot, and he/she would use a large amount of hashing power to catch up and overtake the main network's blocks.

Yeah, this is what I mean. I still learned some good points from your post but I think this is still a valid thing.. anyone else have a way to disprove?

It would take too long to find enough blocks until the difficulty recalculates. The difficulty does not readjust every two weeks, it readjusts every 2016 blocks. It would take a very long time to find enough blocks to finish the remaining 2016 blocks until the difficulty recalculates with only a few kh/s of mining power and once the difficulty does adjust with your "special" blockchian the "real" blockchain will be much longer then what your new blockchain would be able to achieve.

But what if you time it PERFECTLY, and manage to get lucky and solve the block on the first try on your new blockchain?

Even if you get lucky like that, your new blockchain will still be many blocks behind the main blockchain, and you won't be able to overtake it unless you have tons of hashing power.

[CliveK]

10 nodes is as simple as setting up 10 computers to be nodes, not sure if you need individual public IPs for them, etc. Currently there is an estimated 6825 updated nodes according to bitnodes (https://getaddr.bitnodes.io/).

The difficulty is based on keeping the time to solve a block at 10 minutes, so not sure about your attack vector.

Assuming you are attacking the last block before difficulty change...If you dropped your hash 1kh/s and still somehow manage to solve the block at your first attempt, then the difficulty would increase not decrease, as it would need to average out to take 10 minutes, making your now isolated blockchain behind the distributed (legitimate) blockchain.

Assuming your attack is attacking the block to get difficulty to change from anywhere else between the creation of the new difficulty to before the last block before the change: the estimated time for solving a block with 1kh/s is 1723055322786 days, so this isn't a practical attack method (calculated on https://tradeblock.com/mining/).

[The00Dustin]

Also, IIRC, the difficulty can only change by 25%, and is based on the time to calculate the 2016 blocks.  So, if you started at block 2016 of the current difficulty, changed all your computer clocks in your private chain, got lucky and found the block to trigger the difficulty change immediately, and got the difficulty to drop as much as possible, it would still be ridiculously high, and you'd still be hard pressed to find additional blocks, much less 2016 of them.  In the meantime, the network would still hash away leaving you in the dust.

Regarding the suggestion that you manipulate the code, if you manipulated the code to make it drop to like 1kH/s, then your longer chain would be rejected by the network because it breaks validation rules (wrong difficulty).

ETA:  Regarding the first method, even if you had enough power to perform the attack simply by manipulating time, the time manipulation would have to be slowly reversed to get most blocks in the past by the time you submit the chain, so it would be very complicated and take a lot more power than "a couple nodes (10 for example)".

[franky1]

I think what OP means is to separate from the network, and mine with a really low hashrate. Then, because of the lack of blocks found, the difficulty in OP's network would drop by a lot, and he/she would use a large amount of hashing power to catch up and overtake the main network's blocks.

cutepuppy is even more correct than i am

as cutepuppy says
if you separated yourself from the main network at block 2015 exactly... the difficulty adjusts to the timing of that hashrate (which ofcourse is still MANY petahashs,

THEN

its your turn, at still 35,000,000,000 difficulty(because average still based on the many petahash of that last cycle). now YOU have to get 2016 blocks to get your network to adjust down, because now its based on your hashrate. so yea it wont be 2 weeks as thats based on the main networks rate and they have the power to solve blocks every 10 minutes. so you will be sat there for months/years trying to get 2016 blocks to force the difficulty to adjust down.

so by the time it has adjusted down. the main network will be many many cycles of 2016 blocks ahead of you, that catching up wont help. and as i said initially by the time you try to rejoin the network, you are still going to be behind the main network. meaning your chain will be ignored.

but lets get imaginative. lets say you did catch up. infact lets say you found a way to overtake.. usually you would find that your dozen connections to proper international peers of the main net will see your chain. and compare it to the chain they have and see that your transactions do not correspond with theirs. so even if not "orphaned" it will simply not get accepted

[evok3d]

Also, IIRC, the difficulty can only change by 25%, and is based on the time to calculate the 2016 blocks.  So, if you started at block 2016 of the current difficulty, changed all your computer clocks in your private chain, got lucky and found the block to trigger the difficulty change immediately, and got the difficulty to drop as much as possible, it would still be ridiculously high, and you'd still be hard pressed to find additional blocks, much less 2016 of them.  In the meantime, the network would still hash away leaving you in the dust.

Regarding the suggestion that you manipulate the code, if you manipulated the code to make it drop to like 1kH/s, then your longer chain would be rejected by the network because it breaks validation rules (wrong difficulty).

ETA:  Regarding the first method, even if you had enough power to perform the attack simply by manipulating time, the time manipulation would have to be slowly reversed to get most blocks in the past by the time you submit the chain, so it would be very complicated and take a lot more power than "a couple nodes (10 for example)".

Best response +1

I agree with the above statement as the network will never allow you to bring your own blockchain to the network as it would conflict with the majority. It will not turst 10 computers over millions of others (correct me if im wrong). The only way to do this would be to have a quantum computer or perhaps one the size of the sun to overtake the network / break the encryption - in which case the biggest issue will not be bitcoin but ALL online encryption as a whole.

All of these concerns have been thought about by very very intelligent people who stand for the integrity of this network.

Cheers

[9kv]

Also, IIRC, the difficulty can only change by 25%, and is based on the time to calculate the 2016 blocks.  So, if you started at block 2016 of the current difficulty, changed all your computer clocks in your private chain, got lucky and found the block to trigger the difficulty change immediately, and got the difficulty to drop as much as possible, it would still be ridiculously high, and you'd still be hard pressed to find additional blocks, much less 2016 of them.  In the meantime, the network would still hash away leaving you in the dust.

Regarding the suggestion that you manipulate the code, if you manipulated the code to make it drop to like 1kH/s, then your longer chain would be rejected by the network because it breaks validation rules (wrong difficulty).

ETA:  Regarding the first method, even if you had enough power to perform the attack simply by manipulating time, the time manipulation would have to be slowly reversed to get most blocks in the past by the time you submit the chain, so it would be very complicated and take a lot more power than "a couple nodes (10 for example)".

Best response +1

I agree with the above statement as the network will never allow you to bring your own blockchain to the network as it would conflict with the majority. It will not turst 10 computers over millions of others (correct me if im wrong). The only way to do this would be to have a quantum computer or perhaps one the size of the sun to overtake the network / break the encryption - in which case the biggest issue will not be bitcoin but ALL online encryption as a whole.

All of these concerns have been thought about by very very intelligent people who stand for the integrity of this network.

Cheers

Nice. Thanks for your help everyone, I understand now that it is impractical and several main points of the idea are incorrect and there are already several measures against such an attack.

[a447513372]

Also, IIRC, the difficulty can only change by 25%, and is based on the time to calculate the 2016 blocks.  So, if you started at block 2016 of the current difficulty, changed all your computer clocks in your private chain, got lucky and found the block to trigger the difficulty change immediately, and got the difficulty to drop as much as possible, it would still be ridiculously high, and you'd still be hard pressed to find additional blocks, much less 2016 of them.  In the meantime, the network would still hash away leaving you in the dust.

Regarding the suggestion that you manipulate the code, if you manipulated the code to make it drop to like 1kH/s, then your longer chain would be rejected by the network because it breaks validation rules (wrong difficulty).

ETA:  Regarding the first method, even if you had enough power to perform the attack simply by manipulating time, the time manipulation would have to be slowly reversed to get most blocks in the past by the time you submit the chain, so it would be very complicated and take a lot more power than "a couple nodes (10 for example)".

The difficulty increases by more then 25% on a regular basis. (this was said above) The max that the difficulty can increase every 2016 blocks is 400%, and IIRC the 4th or 5th time the difficulty actually increased it came very close to this

[impulse]

It's not just the longest chain that wins, it's the chain with the most amount of work behind it.

[hhanh00]

It's not just the longest chain that wins, it's the chain with the most amount of work behind it.

@9kv

Like @impulse said, if you mine with a lower hashrate, either you won't find blocks as fast as the rest of the network or you have to lower the difficulty to compensate.

In either case, you will be behind when you merge back to the main chain. Every block has a 'nonce' and a 'bits' field. The nonce lets the miner tweak the hash, the bits translates to the difficulty - how much tolerance you accepted on the hash.

The network verifies both. If your nonce gives a hash too high for your bits then your block is invalid. If your bits is too low, you are not competitive and your block is rejected.

Without this, the system is totally broken. Hypothetically if the bits were not part of the calculation:
You run bitcoin core in regtest mode. It creates a private blockchain starting with the same genesis block. Issue a 'set generate true 1000000' to produce 1 million blocks at the lowest difficulty with all rewards going to your wallet. And then broadcast it to the network. Your chain wins and the entire blockchain is wiped out.

[The00Dustin]

Also, IIRC, the difficulty can only change by 25%, and is based on the time to calculate the 2016 blocks.  So, if you started at block 2016 of the current difficulty, changed all your computer clocks in your private chain, got lucky and found the block to trigger the difficulty change immediately, and got the difficulty to drop as much as possible, it would still be ridiculously high, and you'd still be hard pressed to find additional blocks, much less 2016 of them.  In the meantime, the network would still hash away leaving you in the dust.

Regarding the suggestion that you manipulate the code, if you manipulated the code to make it drop to like 1kH/s, then your longer chain would be rejected by the network because it breaks validation rules (wrong difficulty).

ETA:  Regarding the first method, even if you had enough power to perform the attack simply by manipulating time, the time manipulation would have to be slowly reversed to get most blocks in the past by the time you submit the chain, so it would be very complicated and take a lot more power than "a couple nodes (10 for example)".

The difficulty increases by more then 25% on a regular basis. (this was said above) The max that the difficulty can increase every 2016 blocks is 400%, and IIRC the 4th or 5th time the difficulty actually increased it came very close to this

Right, IIRC, it's a 4x increase or decrease meaning it can drop TO 25% of the current rate in a single change.  That thought was clearly not properly laid out.  Even if I'm wrong and it can drop to 20%, that's still far too difficult to make the attack feasible even without the other constraints.

[hhanh00]

It doesn't matter. When you merge back, it is the cumulative difficulty that counts for the longest chain.
Basically you are proving work, not your ability to create blocks.

[juju]

If someone controls a couple nodes (10 for example, shouldn't be hard to do that right?), and at some point he isolates those nodes from the other bitcoin nodes, that will lead to an isolated blockchain that only he have access to it, and if he mines on it at 1kh/s or whatever super slow hash rate, at the time of recalculating the difficulty, it'll drop down by huge amount considering there wouldn't be any new blocks found between the time he isolated the chain till the time of changing the target difficulty (maybe he waits for 2 recalculating events, or modify something to make the difficulty drop to lowest possible not sure how possible that is). After this new low difficulty, he uses high mining power to create blocks at very high speed since the difficulty has dropped (on his own blockchain), meanwhile the true blockchain will have generated blocks that aren't included in those isolated chains, but due to him having low difficulty he generated twice the amount of blocks (or maybe x1.5 for example) if he then releases those nodes and they start interacting with other nodes, will this "self generated" chain become the "true" chain? I mean since it's a longer chain wouldn't it be the "true" blockchain? and that person would have actually reversed some transactions, and also generated new blocks and took the reward for himself?

I got this theory while reading an article about selfish mining, but for selfish mining to work you'll need to have something around 25% hash rate? (can't remember the exact %)

Anyway, the idea was taken from selfish mining, but I added that attacker needs to have couple nodes under his control and he isolate them in order to massively reduce the target difficulty so he can generate blocks at ridiculous high speed to make up for the time he didn't generate blocks while isolated.
also I'm not sure if 10 nodes are enough? maybe he needs something like 1/3 of total number of nodes to make sure that his blockchain will be published to everyone?

That's all, if anyone can explain if it's possible or not or if you can provide links to articles that help me finding the answer I'll be really appreciated, hope I explained my theory in an easy way.

Read section 11 of the Bitcoin.pdf

https://bitcoin.org/bitcoin.pdf

At section 11 it talks about the scenario you are proposing, like others are mentioning it would be impossible for the attacker to keep up with the honest chain unless they had 51% or more of the network, even if they made their own chain it would grow a a significantly slower rate since the difficulty will be high and it will take many blocks to readjust the difficulty. Even if the chain was copied 1 block before retargeting, this chain would most likely remain 1+ Blocks behind because they would have to solve atleast that last difficult block before the retarget.

"The race between the honest chain and an attacker chain can be characterized as a Binomial
Random Walk. The success event is the honest chain being extended by one block, increasing its
lead by +1, and the failure event is the attacker's chain being extended by one block, reducing the
gap by -1." - Satoshi Nakamoto

Additionally: creating value out of thin air or taking money that never belonged to the attacker is not possible even if they had 51% of the network.  They still can't brute force your Private keys and create transactions.

[Verse]

It's not just the longest chain that wins, it's the chain with the most amount of work behind it.

The first person to give the correct answer. The other guys saying "You'll never catch up" are also correct for all practical purposes, but that doesn't matter because, as impulse stated, the network wouldn't even accept a longer blockchain (by number of blocks) if it did not also have more work behind it - aka the highest computational requirement wins.

[a447513372]

Also, IIRC, the difficulty can only change by 25%, and is based on the time to calculate the 2016 blocks.  So, if you started at block 2016 of the current difficulty, changed all your computer clocks in your private chain, got lucky and found the block to trigger the difficulty change immediately, and got the difficulty to drop as much as possible, it would still be ridiculously high, and you'd still be hard pressed to find additional blocks, much less 2016 of them.  In the meantime, the network would still hash away leaving you in the dust.

Regarding the suggestion that you manipulate the code, if you manipulated the code to make it drop to like 1kH/s, then your longer chain would be rejected by the network because it breaks validation rules (wrong difficulty).

ETA:  Regarding the first method, even if you had enough power to perform the attack simply by manipulating time, the time manipulation would have to be slowly reversed to get most blocks in the past by the time you submit the chain, so it would be very complicated and take a lot more power than "a couple nodes (10 for example)".

The difficulty increases by more then 25% on a regular basis. (this was said above) The max that the difficulty can increase every 2016 blocks is 400%, and IIRC the 4th or 5th time the difficulty actually increased it came very close to this

Right, IIRC, it's a 4x increase or decrease meaning it can drop TO 25% of the current rate in a single change.  That thought was clearly not properly laid out.  Even if I'm wrong and it can drop to 20%, that's still far too difficult to make the attack feasible even without the other constraints.

I don't think I have read anything that would confirm this, although it may still be accurate. I would say that satashi would likely have not needed to write this into the code as there is generally not a reason for miners to stop mining so suddenly like this so large decreases in difficulty would likely never be an issue for the network, however large increases in difficulty are a real possibility