F.R.O.N.T. Attack Vector and What the Bitcoin Devs are doing to prevent it.

[DannyHamilton]

Interesting attack indeed but h4xx0r who did you quote with the idea of giving to the next miner a share of your coinbase tx? It's trivial to give to the next miner outside the coinbase transaction by sending the reward as a transaction using one of the current inputs. Sure, then you have to scrape the bitcoins from elsewhere.

To recap the attack in laymen's terms:

If somebody paid 10,000BTC in transaction fees, miners would not care about block rewards for the next 10,000/25=400 blocks. Any miner that thinks it could outrun the biggest other miner would try to do so. If there is a draw between the top miners, such a battle could take a long time. If the top miners hold 10% of the mining power, they might try even when the other had a head start and was slowly building a chain that's growing faster than the own chain as they could still call their friends of other pools to team up catch that guy, essentially to the point where all miners took one side or the other and weaker group gives up.

During such an episode, massive re-orgs would happen, clients would act strangely, Finney attacks would be slightly easier etc. and we would have a slightly higher level of drama. And we will never know who sponsored that drama but it would not be a cheap endeavor.

It's an interesting math problem.

If you have 51% of the global hash power, then it is generally in your favor financially to mine only on top of your own blocks, ignoring all other blocks.

As your hash power drops below 51% it begins to become beneficial to build on to of the most recent block, due to the cost associated with the orphan risk.  However, with 49% of the hash power, it would probably be beneficial ignore any block that has a larger than average block reward.

The lower your percentage of the hash power, the higher value a block reward must be to overcome the cost associated with the orphan risk.

Assuming for the sake of calculation that all solved blocks are instantaneously known by all miners, and that there are never any splits caused by two or more miners simultaneously solving the current block...

Is there a formula that can indicate for every percentage of global hash power how much higher than the average block reward would be necessary to result in a positive expectation for ignoring the most recently solved block and continuing to attempt to mine it one's self?

Anything over 50% requires a no increase above average reward to result in positive expectation.
As you approach 0% the required increase above average reward approaches infinity.

What does the curve look like between those two extremes?

[1714749858]

1714749858

[1714749858]

1714749858

[1714749858]

1714749858

[1714749858]

1714749858

[1714749858]

1714749858

[giszmo]

Interesting attack indeed but h4xx0r who did you quote with the idea of giving to the next miner a share of your coinbase tx? It's trivial to give to the next miner outside the coinbase transaction by sending the reward as a transaction using one of the current inputs. Sure, then you have to scrape the bitcoins from elsewhere.

To recap the attack in laymen's terms:

If somebody paid 10,000BTC in transaction fees, miners would not care about block rewards for the next 10,000/25=400 blocks. Any miner that thinks it could outrun the biggest other miner would try to do so. If there is a draw between the top miners, such a battle could take a long time. If the top miners hold 10% of the mining power, they might try even when the other had a head start and was slowly building a chain that's growing faster than the own chain as they could still call their friends of other pools to team up catch that guy, essentially to the point where all miners took one side or the other and weaker group gives up.

During such an episode, massive re-orgs would happen, clients would act strangely, Finney attacks would be slightly easier etc. and we would have a slightly higher level of drama. And we will never know who sponsored that drama but it would not be a cheap endeavor.

It's an interesting math problem.

If you have 51% of the global hash power, then it is generally in your favor financially to mine only on top of your own blocks, ignoring all other blocks.

As your hash power drops below 51% it begins to become beneficial to build on to of the most recent block, due to the cost associated with the orphan risk.  However, with 49% of the hash power, it would probably be beneficial ignore any block that has a larger than average block reward.

The lower your percentage of the hash power, the higher value a block reward must be to overcome the cost associated with the orphan risk.

Assuming for the sake of calculation that all solved blocks are instantaneously known by all miners, and that there are never any splits caused by two or more miners simultaneously solving the current block...

Is there a formula that can indicate for every percentage of global hash power how much higher than the average block reward would be necessary to result in a positive expectation for ignoring the most recently solved block and continuing to attempt to mine it one's self?

Anything over 50% requires a no increase above average reward to result in positive expectation.
As you approach 0% the required increase above average reward approaches infinity.

What does the curve look like between those two extremes?

The assumption of selfish mining and total transparency of mining power among all the competition is essential here.

If I have 1/n-th of the network, just like all the competing, evil miners I would find every n-th block, gaining every n-th block reward if we play nicely. If we don't I might not get it in the end, so I have an incentive to help punishing others that don't play nicely, but without crazy fees, there is little incentive to build on top of one block rather than another, so it works.

With a big treasure trove setup for the winner, those evil miners can try and if all factors are known, you can't win unless you have 51%.

Imagine you have 49% and set out to try this. The others know they have 51% united but less than 49% each for themselves. They would go with the first block regardless where it came from as they don't go for cheater mode. They would further assume that any fork mining the treasure trove to another address to originate from the only candidate that might try foul play and would stick to the old chain, knowing that they can win.

Unfortunately in the real world they can't know if some other miner supports Mr. 49% just this one time, so they might be in for some long orphan chain, so I doubt there is a formula as the biggest selfish miner always wins against selfish miners, while non-selfish miners are meant to protect the network.

I guess if this ever would be a problem once, in the future miners would just put a bait into the tx pool in form of some 20% of the received fees and nobody would attempt to pull this off.

We could just as well discuss the problem of somebody paying a pool for not mining as it would have the same slowing effects as this attack if the economics are right.

[h4xx0r]

The Latest from the mailing list sheds some light on this attack, and a new attack. some of these guys have a wealth of knowledge. If you want to get smarter, join the mailing list. it is a great read and is a good oppurtunity to learn about advanced concepts and technical information related to bitcoin technologies.

On 06/10/2014 08:43 p.m., Tom Harding wrote:
> On 10/5/2014 4:00 PM, Sergio Lerner wrote:
>> If everyone acts rationally in his own interest, then the best choice
>> for the remaining miners is to try to mine a competing block at the
>> same height n including the high-fee transaction, to collect the fee
>> for themselves.
>
> Sergio --
>
> Just some thoughts on your interesting problem.
>
>
> Since everybody but M10 is on equal footing, I would expect M10 to
> have some fixed advantage depending on assumptions, and the bigger the
> advantage, the shorter the "freeze time".
>

Yes, that's how simulation works. The problem is that the existence of
high-fee delays the decision to switch to M10. Since the network is
moving slower (because of fragmentation) the effect of the high-fee is
twofold: it delays the convergence because it promotes selfishness and
it delays convergence because it promotes fragmentation.

During that time window where the network is frozen, any other high-fee
transaction only makes things worse. This is a very rare example where
a well distributed network (100 miners having 1% each) is much much
worse than 3 miners having 33% each.

Using the my previous terminology, automatic fee-sharing ("ORBS") is a
solution to the freeze problem ("FRONT") but opens the windows to
"CHAKIDO" double-spending. and CHAKIDO double-spending is a much worse
problem than FRONT.
But as Tamas pointed out, sooner or later someone will implement
something like ORBS, get over the critical mass of miner adoption, and
then the CHAKIDO problem will be inevitable.

The only clean solution to this problem is the DECOR+ protocol, which
shares block-rewards by including "uncles" (as GHOST does) and splitting
the reward between all miners at the same height until coinbase maturity
is over. This way the best choice is always cooperative.

PS: Using so many acronyms makes arguments much more concise, but
suggest we should have all the attack terminology described in a single
"Bitcoin Security Wiki"...

[giszmo]

On 06/10/2014 08:43 p.m., Tom Harding wrote:
PS: Using so many acronyms makes arguments much more concise, but
suggest we should have all the attack terminology described in a single
"Bitcoin Security Wiki"...

… please. CHAKIDO is missing in my vocabulary. But it seams to be what I asked for over at reddit.

[51percemt]

Interesting attack indeed but h4xx0r who did you quote with the idea of giving to the next miner a share of your coinbase tx? It's trivial to give to the next miner outside the coinbase transaction by sending the reward as a transaction using one of the current inputs. Sure, then you have to scrape the bitcoins from elsewhere.

To recap the attack in laymen's terms:

If somebody paid 10,000BTC in transaction fees, miners would not care about block rewards for the next 10,000/25=400 blocks. Any miner that thinks it could outrun the biggest other miner would try to do so. If there is a draw between the top miners, such a battle could take a long time. If the top miners hold 10% of the mining power, they might try even when the other had a head start and was slowly building a chain that's growing faster than the own chain as they could still call their friends of other pools to team up catch that guy, essentially to the point where all miners took one side or the other and the weaker group gives up.

Also the attack does only work if the biggest selfish miner is bigger than the total of his run-up competitor with all non-selfish miners, so it assumes a pretty corrupt mining landscape.

The attack's effects:

During such an episode, massive re-orgs would happen, clients would act strangely, Finney attacks would be slightly easier etc. and we would have a slightly higher level of drama. And we will never know who sponsored that drama but it would not be a cheap endeavor.

In additional to Danny's point above, you also have the issue that someone would need to incur the financial burden to pay these TX fees in the first place. There would be little economic benefit for someone to offer such a large TX fee, especially considering that the benefactor of such attack is unclear (therefore anyone attempting to profit off of an attack may or may not actually benefit in the event such attack is successful in slowing down the network).

IMO this attack vector would be something that is very easy to fix - simply fork the blockchain to institute a maximum TX fee on a per block and per TX basis, the max TX fee on a block basis could be a rolling average (plus some additional margin) of the last 'n' blocks and the max TX fee on a TX basis could be "x" times the min recommended TX fee, and if a TX would warrant larger then the max TX fee then the TX can be split up into smaller TXs.

[h4xx0r]

Interesting attack indeed but h4xx0r who did you quote with the idea of giving to the next miner a share of your coinbase tx? It's trivial to give to the next miner outside the coinbase transaction by sending the reward as a transaction using one of the current inputs. Sure, then you have to scrape the bitcoins from elsewhere.

To recap the attack in laymen's terms:

If somebody paid 10,000BTC in transaction fees, miners would not care about block rewards for the next 10,000/25=400 blocks. Any miner that thinks it could outrun the biggest other miner would try to do so. If there is a draw between the top miners, such a battle could take a long time. If the top miners hold 10% of the mining power, they might try even when the other had a head start and was slowly building a chain that's growing faster than the own chain as they could still call their friends of other pools to team up catch that guy, essentially to the point where all miners took one side or the other and the weaker group gives up.

Also the attack does only work if the biggest selfish miner is bigger than the total of his run-up competitor with all non-selfish miners, so it assumes a pretty corrupt mining landscape.

The attack's effects:

During such an episode, massive re-orgs would happen, clients would act strangely, Finney attacks would be slightly easier etc. and we would have a slightly higher level of drama. And we will never know who sponsored that drama but it would not be a cheap endeavor.

In additional to Danny's point above, you also have the issue that someone would need to incur the financial burden to pay these TX fees in the first place. There would be little economic benefit for someone to offer such a large TX fee, especially considering that the benefactor of such attack is unclear (therefore anyone attempting to profit off of an attack may or may not actually benefit in the event such attack is successful in slowing down the network).

IMO this attack vector would be something that is very easy to fix - simply fork the blockchain to institute a maximum TX fee on a per block and per TX basis, the max TX fee on a block basis could be a rolling average (plus some additional margin) of the last 'n' blocks and the max TX fee on a TX basis could be "x" times the min recommended TX fee, and if a TX would warrant larger then the max TX fee then the TX can be split up into smaller TXs.

it would be a State actor or a someone who stands to lose alot to a technology like bitcoin who would carry out an attack like this. The purpose of the post isn't fear it's education. i think the goal is clear. a currency not controlled or easily defeated by malicious actors.

[51percemt]

Interesting attack indeed but h4xx0r who did you quote with the idea of giving to the next miner a share of your coinbase tx? It's trivial to give to the next miner outside the coinbase transaction by sending the reward as a transaction using one of the current inputs. Sure, then you have to scrape the bitcoins from elsewhere.

To recap the attack in laymen's terms:

If somebody paid 10,000BTC in transaction fees, miners would not care about block rewards for the next 10,000/25=400 blocks. Any miner that thinks it could outrun the biggest other miner would try to do so. If there is a draw between the top miners, such a battle could take a long time. If the top miners hold 10% of the mining power, they might try even when the other had a head start and was slowly building a chain that's growing faster than the own chain as they could still call their friends of other pools to team up catch that guy, essentially to the point where all miners took one side or the other and the weaker group gives up.

Also the attack does only work if the biggest selfish miner is bigger than the total of his run-up competitor with all non-selfish miners, so it assumes a pretty corrupt mining landscape.

The attack's effects:

During such an episode, massive re-orgs would happen, clients would act strangely, Finney attacks would be slightly easier etc. and we would have a slightly higher level of drama. And we will never know who sponsored that drama but it would not be a cheap endeavor.

In additional to Danny's point above, you also have the issue that someone would need to incur the financial burden to pay these TX fees in the first place. There would be little economic benefit for someone to offer such a large TX fee, especially considering that the benefactor of such attack is unclear (therefore anyone attempting to profit off of an attack may or may not actually benefit in the event such attack is successful in slowing down the network).

IMO this attack vector would be something that is very easy to fix - simply fork the blockchain to institute a maximum TX fee on a per block and per TX basis, the max TX fee on a block basis could be a rolling average (plus some additional margin) of the last 'n' blocks and the max TX fee on a TX basis could be "x" times the min recommended TX fee, and if a TX would warrant larger then the max TX fee then the TX can be split up into smaller TXs.

it would be a State actor or a someone who stands to lose alot to a technology like bitcoin who would carry out an attack like this. The purpose of the post isn't fear it's education. i think the goal is clear. a currency not controlled or easily defeated by malicious actors.

Bitcoin does not pose a serious threat to any major government that would have these kind of resources. Also for the amount of money that it would take to start an attack (to give a large TX fee to the miners) would be better spent on miners (either buying them outright or renting hashpower) to be used to attack the network via other means as a lot would need to take place at once in order for this attack to work

[h4xx0r]

Interesting attack indeed but h4xx0r who did you quote with the idea of giving to the next miner a share of your coinbase tx? It's trivial to give to the next miner outside the coinbase transaction by sending the reward as a transaction using one of the current inputs. Sure, then you have to scrape the bitcoins from elsewhere.

To recap the attack in laymen's terms:

If somebody paid 10,000BTC in transaction fees, miners would not care about block rewards for the next 10,000/25=400 blocks. Any miner that thinks it could outrun the biggest other miner would try to do so. If there is a draw between the top miners, such a battle could take a long time. If the top miners hold 10% of the mining power, they might try even when the other had a head start and was slowly building a chain that's growing faster than the own chain as they could still call their friends of other pools to team up catch that guy, essentially to the point where all miners took one side or the other and the weaker group gives up.

Also the attack does only work if the biggest selfish miner is bigger than the total of his run-up competitor with all non-selfish miners, so it assumes a pretty corrupt mining landscape.

The attack's effects:

During such an episode, massive re-orgs would happen, clients would act strangely, Finney attacks would be slightly easier etc. and we would have a slightly higher level of drama. And we will never know who sponsored that drama but it would not be a cheap endeavor.

In additional to Danny's point above, you also have the issue that someone would need to incur the financial burden to pay these TX fees in the first place. There would be little economic benefit for someone to offer such a large TX fee, especially considering that the benefactor of such attack is unclear (therefore anyone attempting to profit off of an attack may or may not actually benefit in the event such attack is successful in slowing down the network).

IMO this attack vector would be something that is very easy to fix - simply fork the blockchain to institute a maximum TX fee on a per block and per TX basis, the max TX fee on a block basis could be a rolling average (plus some additional margin) of the last 'n' blocks and the max TX fee on a TX basis could be "x" times the min recommended TX fee, and if a TX would warrant larger then the max TX fee then the TX can be split up into smaller TXs.

it would be a State actor or a someone who stands to lose alot to a technology like bitcoin who would carry out an attack like this. The purpose of the post isn't fear it's education. i think the goal is clear. a currency not controlled or easily defeated by malicious actors.

Bitcoin does not pose a serious threat to any major government that would have these kind of resources. Also for the amount of money that it would take to start an attack (to give a large TX fee to the miners) would be better spent on miners (either buying them outright or renting hashpower) to be used to attack the network via other means as a lot would need to take place at once in order for this attack to work

Well, so what you're saying is. the attack is possible, but its like getting struck by lighting or the stars aligning? we all know those things have never happened, so therefore we should do nothing about this attack. Shall bitcoin endure stupidity, at the hands of incapable curators? If so, then whoa is bitcoin.

[Karen98]

I think definiting a maximum fee of say 1 BTC would make sense for a future Bitcoin version.

[funtotry]

Interesting attack indeed but h4xx0r who did you quote with the idea of giving to the next miner a share of your coinbase tx? It's trivial to give to the next miner outside the coinbase transaction by sending the reward as a transaction using one of the current inputs. Sure, then you have to scrape the bitcoins from elsewhere.

To recap the attack in laymen's terms:

If somebody paid 10,000BTC in transaction fees, miners would not care about block rewards for the next 10,000/25=400 blocks. Any miner that thinks it could outrun the biggest other miner would try to do so. If there is a draw between the top miners, such a battle could take a long time. If the top miners hold 10% of the mining power, they might try even when the other had a head start and was slowly building a chain that's growing faster than the own chain as they could still call their friends of other pools to team up catch that guy, essentially to the point where all miners took one side or the other and the weaker group gives up.

Also the attack does only work if the biggest selfish miner is bigger than the total of his run-up competitor with all non-selfish miners, so it assumes a pretty corrupt mining landscape.

The attack's effects:

During such an episode, massive re-orgs would happen, clients would act strangely, Finney attacks would be slightly easier etc. and we would have a slightly higher level of drama. And we will never know who sponsored that drama but it would not be a cheap endeavor.

In additional to Danny's point above, you also have the issue that someone would need to incur the financial burden to pay these TX fees in the first place. There would be little economic benefit for someone to offer such a large TX fee, especially considering that the benefactor of such attack is unclear (therefore anyone attempting to profit off of an attack may or may not actually benefit in the event such attack is successful in slowing down the network).

IMO this attack vector would be something that is very easy to fix - simply fork the blockchain to institute a maximum TX fee on a per block and per TX basis, the max TX fee on a block basis could be a rolling average (plus some additional margin) of the last 'n' blocks and the max TX fee on a TX basis could be "x" times the min recommended TX fee, and if a TX would warrant larger then the max TX fee then the TX can be split up into smaller TXs.

it would be a State actor or a someone who stands to lose alot to a technology like bitcoin who would carry out an attack like this. The purpose of the post isn't fear it's education. i think the goal is clear. a currency not controlled or easily defeated by malicious actors.

Bitcoin does not pose a serious threat to any major government that would have these kind of resources. Also for the amount of money that it would take to start an attack (to give a large TX fee to the miners) would be better spent on miners (either buying them outright or renting hashpower) to be used to attack the network via other means as a lot would need to take place at once in order for this attack to work

Well, so what you're saying is. the attack is possible, but its like getting struck by lighting or the stars aligning? we all know those things have never happened, so therefore we should do nothing about this attack. Shall bitcoin endure stupidity, at the hands of incapable curators? If so, then whoa is bitcoin.

In theory the attack is possible but it would not make economic sense to attempt to launch such an attack. A person launching such attack would not only need to risk their bitcoin via a large TX fee but would also need to pay upfront for massive amounts of mining capacity that would be unproductive, as a miner looking after their best economic interests would always mine on the longest blockchain.

[santaClause]

Interesting attack indeed but h4xx0r who did you quote with the idea of giving to the next miner a share of your coinbase tx? It's trivial to give to the next miner outside the coinbase transaction by sending the reward as a transaction using one of the current inputs. Sure, then you have to scrape the bitcoins from elsewhere.

To recap the attack in laymen's terms:

If somebody paid 10,000BTC in transaction fees, miners would not care about block rewards for the next 10,000/25=400 blocks. Any miner that thinks it could outrun the biggest other miner would try to do so. If there is a draw between the top miners, such a battle could take a long time. If the top miners hold 10% of the mining power, they might try even when the other had a head start and was slowly building a chain that's growing faster than the own chain as they could still call their friends of other pools to team up catch that guy, essentially to the point where all miners took one side or the other and the weaker group gives up.

Also the attack does only work if the biggest selfish miner is bigger than the total of his run-up competitor with all non-selfish miners, so it assumes a pretty corrupt mining landscape.

The attack's effects:

During such an episode, massive re-orgs would happen, clients would act strangely, Finney attacks would be slightly easier etc. and we would have a slightly higher level of drama. And we will never know who sponsored that drama but it would not be a cheap endeavor.

In additional to Danny's point above, you also have the issue that someone would need to incur the financial burden to pay these TX fees in the first place. There would be little economic benefit for someone to offer such a large TX fee, especially considering that the benefactor of such attack is unclear (therefore anyone attempting to profit off of an attack may or may not actually benefit in the event such attack is successful in slowing down the network).

IMO this attack vector would be something that is very easy to fix - simply fork the blockchain to institute a maximum TX fee on a per block and per TX basis, the max TX fee on a block basis could be a rolling average (plus some additional margin) of the last 'n' blocks and the max TX fee on a TX basis could be "x" times the min recommended TX fee, and if a TX would warrant larger then the max TX fee then the TX can be split up into smaller TXs.

it would be a State actor or a someone who stands to lose alot to a technology like bitcoin who would carry out an attack like this. The purpose of the post isn't fear it's education. i think the goal is clear. a currency not controlled or easily defeated by malicious actors.

State actors do not usually attack a currency that is not backed by an enemy of theirs. A country will generally only launch an attack against an economy or a currency as part of a war. Since bitcoin is not backed by any country no country will ever be at war with the country that backs bitcoin

[h4xx0r]

Interesting attack indeed but h4xx0r who did you quote with the idea of giving to the next miner a share of your coinbase tx? It's trivial to give to the next miner outside the coinbase transaction by sending the reward as a transaction using one of the current inputs. Sure, then you have to scrape the bitcoins from elsewhere.

To recap the attack in laymen's terms:

If somebody paid 10,000BTC in transaction fees, miners would not care about block rewards for the next 10,000/25=400 blocks. Any miner that thinks it could outrun the biggest other miner would try to do so. If there is a draw between the top miners, such a battle could take a long time. If the top miners hold 10% of the mining power, they might try even when the other had a head start and was slowly building a chain that's growing faster than the own chain as they could still call their friends of other pools to team up catch that guy, essentially to the point where all miners took one side or the other and the weaker group gives up.

Also the attack does only work if the biggest selfish miner is bigger than the total of his run-up competitor with all non-selfish miners, so it assumes a pretty corrupt mining landscape.

The attack's effects:

During such an episode, massive re-orgs would happen, clients would act strangely, Finney attacks would be slightly easier etc. and we would have a slightly higher level of drama. And we will never know who sponsored that drama but it would not be a cheap endeavor.

In additional to Danny's point above, you also have the issue that someone would need to incur the financial burden to pay these TX fees in the first place. There would be little economic benefit for someone to offer such a large TX fee, especially considering that the benefactor of such attack is unclear (therefore anyone attempting to profit off of an attack may or may not actually benefit in the event such attack is successful in slowing down the network).

IMO this attack vector would be something that is very easy to fix - simply fork the blockchain to institute a maximum TX fee on a per block and per TX basis, the max TX fee on a block basis could be a rolling average (plus some additional margin) of the last 'n' blocks and the max TX fee on a TX basis could be "x" times the min recommended TX fee, and if a TX would warrant larger then the max TX fee then the TX can be split up into smaller TXs.

it would be a State actor or a someone who stands to lose alot to a technology like bitcoin who would carry out an attack like this. The purpose of the post isn't fear it's education. i think the goal is clear. a currency not controlled or easily defeated by malicious actors.

State actors do not usually attack a currency that is not backed by an enemy of theirs. A country will generally only launch an attack against an economy or a currency as part of a war. Since bitcoin is not backed by any country no country will ever be at war with the country that backs bitcoin

Again, that is not adequate justification for allowing the vulnerability to exist. you find a vulnerability, you patch it and you move on

[mnmShadyBTC]

Interesting attack indeed but h4xx0r who did you quote with the idea of giving to the next miner a share of your coinbase tx? It's trivial to give to the next miner outside the coinbase transaction by sending the reward as a transaction using one of the current inputs. Sure, then you have to scrape the bitcoins from elsewhere.

To recap the attack in laymen's terms:

If somebody paid 10,000BTC in transaction fees, miners would not care about block rewards for the next 10,000/25=400 blocks. Any miner that thinks it could outrun the biggest other miner would try to do so. If there is a draw between the top miners, such a battle could take a long time. If the top miners hold 10% of the mining power, they might try even when the other had a head start and was slowly building a chain that's growing faster than the own chain as they could still call their friends of other pools to team up catch that guy, essentially to the point where all miners took one side or the other and the weaker group gives up.

Also the attack does only work if the biggest selfish miner is bigger than the total of his run-up competitor with all non-selfish miners, so it assumes a pretty corrupt mining landscape.

The attack's effects:

During such an episode, massive re-orgs would happen, clients would act strangely, Finney attacks would be slightly easier etc. and we would have a slightly higher level of drama. And we will never know who sponsored that drama but it would not be a cheap endeavor.

In additional to Danny's point above, you also have the issue that someone would need to incur the financial burden to pay these TX fees in the first place. There would be little economic benefit for someone to offer such a large TX fee, especially considering that the benefactor of such attack is unclear (therefore anyone attempting to profit off of an attack may or may not actually benefit in the event such attack is successful in slowing down the network).

IMO this attack vector would be something that is very easy to fix - simply fork the blockchain to institute a maximum TX fee on a per block and per TX basis, the max TX fee on a block basis could be a rolling average (plus some additional margin) of the last 'n' blocks and the max TX fee on a TX basis could be "x" times the min recommended TX fee, and if a TX would warrant larger then the max TX fee then the TX can be split up into smaller TXs.

it would be a State actor or a someone who stands to lose alot to a technology like bitcoin who would carry out an attack like this. The purpose of the post isn't fear it's education. i think the goal is clear. a currency not controlled or easily defeated by malicious actors.

Bitcoin does not pose a serious threat to any major government that would have these kind of resources. Also for the amount of money that it would take to start an attack (to give a large TX fee to the miners) would be better spent on miners (either buying them outright or renting hashpower) to be used to attack the network via other means as a lot would need to take place at once in order for this attack to work

Well, so what you're saying is. the attack is possible, but its like getting struck by lighting or the stars aligning? we all know those things have never happened, so therefore we should do nothing about this attack. Shall bitcoin endure stupidity, at the hands of incapable curators? If so, then whoa is bitcoin.

To say that this is possible is like saying that the miners could go "on strike" in a way similar to how unions go on strike. It is not a real threat.

Again, that is not adequate justification for allowing the vulnerability to exist. you find a vulnerability, you patch it and you move on

In theory someone could get really lucky and guess the private key of all of the addresses that contain bitcoin, however the chances of this happening are very small. Do you think we should patch the possibility of people being able to "guess" someone's private key?

[h4xx0r]

Interesting attack indeed but h4xx0r who did you quote with the idea of giving to the next miner a share of your coinbase tx? It's trivial to give to the next miner outside the coinbase transaction by sending the reward as a transaction using one of the current inputs. Sure, then you have to scrape the bitcoins from elsewhere.

To recap the attack in laymen's terms:

If somebody paid 10,000BTC in transaction fees, miners would not care about block rewards for the next 10,000/25=400 blocks. Any miner that thinks it could outrun the biggest other miner would try to do so. If there is a draw between the top miners, such a battle could take a long time. If the top miners hold 10% of the mining power, they might try even when the other had a head start and was slowly building a chain that's growing faster than the own chain as they could still call their friends of other pools to team up catch that guy, essentially to the point where all miners took one side or the other and the weaker group gives up.

Also the attack does only work if the biggest selfish miner is bigger than the total of his run-up competitor with all non-selfish miners, so it assumes a pretty corrupt mining landscape.

The attack's effects:

During such an episode, massive re-orgs would happen, clients would act strangely, Finney attacks would be slightly easier etc. and we would have a slightly higher level of drama. And we will never know who sponsored that drama but it would not be a cheap endeavor.

In additional to Danny's point above, you also have the issue that someone would need to incur the financial burden to pay these TX fees in the first place. There would be little economic benefit for someone to offer such a large TX fee, especially considering that the benefactor of such attack is unclear (therefore anyone attempting to profit off of an attack may or may not actually benefit in the event such attack is successful in slowing down the network).

IMO this attack vector would be something that is very easy to fix - simply fork the blockchain to institute a maximum TX fee on a per block and per TX basis, the max TX fee on a block basis could be a rolling average (plus some additional margin) of the last 'n' blocks and the max TX fee on a TX basis could be "x" times the min recommended TX fee, and if a TX would warrant larger then the max TX fee then the TX can be split up into smaller TXs.

it would be a State actor or a someone who stands to lose alot to a technology like bitcoin who would carry out an attack like this. The purpose of the post isn't fear it's education. i think the goal is clear. a currency not controlled or easily defeated by malicious actors.

Bitcoin does not pose a serious threat to any major government that would have these kind of resources. Also for the amount of money that it would take to start an attack (to give a large TX fee to the miners) would be better spent on miners (either buying them outright or renting hashpower) to be used to attack the network via other means as a lot would need to take place at once in order for this attack to work

Well, so what you're saying is. the attack is possible, but its like getting struck by lighting or the stars aligning? we all know those things have never happened, so therefore we should do nothing about this attack. Shall bitcoin endure stupidity, at the hands of incapable curators? If so, then whoa is bitcoin.

To say that this is possible is like saying that the miners could go "on strike" in a way similar to how unions go on strike. It is not a real threat.

Again, that is not adequate justification for allowing the vulnerability to exist. you find a vulnerability, you patch it and you move on

In theory someone could get really lucky and guess the private key of all of the addresses that contain bitcoin, however the chances of this happening are very small. Do you think we should patch the possibility of people being able to "guess" someone's private key?

no, because elliptic curve cryptography won't likely be broken in my lifetime, and further more the strength of the checksum in bitcoin makes bruteforcing very difficult. On the otherhand, the block subsidy will decay to a point to where the scenario laid out in this discussion becomes a serious possibility and reason for concern, although it would take a "perfect storm" to exploit it. I would rather it not be possible at all then relying on the perfect storm never occurring.

[mnmShadyBTC]

Interesting attack indeed but h4xx0r who did you quote with the idea of giving to the next miner a share of your coinbase tx? It's trivial to give to the next miner outside the coinbase transaction by sending the reward as a transaction using one of the current inputs. Sure, then you have to scrape the bitcoins from elsewhere.

To recap the attack in laymen's terms:

If somebody paid 10,000BTC in transaction fees, miners would not care about block rewards for the next 10,000/25=400 blocks. Any miner that thinks it could outrun the biggest other miner would try to do so. If there is a draw between the top miners, such a battle could take a long time. If the top miners hold 10% of the mining power, they might try even when the other had a head start and was slowly building a chain that's growing faster than the own chain as they could still call their friends of other pools to team up catch that guy, essentially to the point where all miners took one side or the other and the weaker group gives up.

Also the attack does only work if the biggest selfish miner is bigger than the total of his run-up competitor with all non-selfish miners, so it assumes a pretty corrupt mining landscape.

The attack's effects:

During such an episode, massive re-orgs would happen, clients would act strangely, Finney attacks would be slightly easier etc. and we would have a slightly higher level of drama. And we will never know who sponsored that drama but it would not be a cheap endeavor.

In additional to Danny's point above, you also have the issue that someone would need to incur the financial burden to pay these TX fees in the first place. There would be little economic benefit for someone to offer such a large TX fee, especially considering that the benefactor of such attack is unclear (therefore anyone attempting to profit off of an attack may or may not actually benefit in the event such attack is successful in slowing down the network).

IMO this attack vector would be something that is very easy to fix - simply fork the blockchain to institute a maximum TX fee on a per block and per TX basis, the max TX fee on a block basis could be a rolling average (plus some additional margin) of the last 'n' blocks and the max TX fee on a TX basis could be "x" times the min recommended TX fee, and if a TX would warrant larger then the max TX fee then the TX can be split up into smaller TXs.

it would be a State actor or a someone who stands to lose alot to a technology like bitcoin who would carry out an attack like this. The purpose of the post isn't fear it's education. i think the goal is clear. a currency not controlled or easily defeated by malicious actors.

Bitcoin does not pose a serious threat to any major government that would have these kind of resources. Also for the amount of money that it would take to start an attack (to give a large TX fee to the miners) would be better spent on miners (either buying them outright or renting hashpower) to be used to attack the network via other means as a lot would need to take place at once in order for this attack to work

Well, so what you're saying is. the attack is possible, but its like getting struck by lighting or the stars aligning? we all know those things have never happened, so therefore we should do nothing about this attack. Shall bitcoin endure stupidity, at the hands of incapable curators? If so, then whoa is bitcoin.

To say that this is possible is like saying that the miners could go "on strike" in a way similar to how unions go on strike. It is not a real threat.

Again, that is not adequate justification for allowing the vulnerability to exist. you find a vulnerability, you patch it and you move on

In theory someone could get really lucky and guess the private key of all of the addresses that contain bitcoin, however the chances of this happening are very small. Do you think we should patch the possibility of people being able to "guess" someone's private key?

no, because elliptic curve cryptography won't likely be broken in my lifetime, and further more the strength of the checksum in bitcoin makes bruteforcing very difficult. On the otherhand, the block subsidy will decay to a point to where the scenario laid out in this discussion becomes a serious possibility and reason for concern, although it would take a "perfect storm" to exploit it. I would rather it not be possible at all then relying on the perfect storm never occurring.

I am not talking about the elliptic curve being broken, I am talking about someone just getting lucky.

The theory behind the declining block subsidies is that TX fees will rise as block subsidies fall, making the total block reward stay roughly the same over time. The "stars" would not need to line up for this attack to happen, several people would need to act irrationally under a certain circumstance, or one person would need to act even more irrational and spend even more money to launch such attack by both buying up lots of mining capacity and using a lot of bitcoin to fund a large TX fee. However if someone were able to buy up a lot of mining capacity then there is no reason for him to launch such an attack, he could simply buy the capacity and take it offline (or have it mine on some other scamcoin)

[franky1]

are people still trying to act smart and say its a risk without actually trying to test it out.

go on testnet and try to freeze their blockchain. or try it on a near dead altcoin (theres loads of them that are clones of bitcoin)

[giszmo]

I think definiting a maximum fee of say 1 BTC would make sense for a future Bitcoin version.

Limiting the fee would not work as you would have to limiti the total fee spendable by coinbase as nobody could limit me from broadcasting 200 tx with 1BTC each.

[giszmo]

are people still trying to act smart and say its a risk without actually trying to test it out.

go on testnet and try to freeze their blockchain. or try it on a near dead altcoin (theres loads of them that are clones of bitcoin)

On testnet it would probably not work as the monetary incentives are not what they are on a real chain. Those alt-chain-scams are not as competitive as bitcoin neither. I bet many mine their alts just to point to the high hash rate it still has.

[santaClause]

are people still trying to act smart and say its a risk without actually trying to test it out.

go on testnet and try to freeze their blockchain. or try it on a near dead altcoin (theres loads of them that are clones of bitcoin)

On testnet it would probably not work as the monetary incentives are not what they are on a real chain. Those alt-chain-scams are not as competitive as bitcoin neither. I bet many mine their alts just to point to the high hash rate it still has.

I would say that the majority of altcoins are primarily mined by the developers of the coin (likely from leased mining capacity). This would result in one of the mining pools (or miners) that the dev controls to find the block and the rest of the mining capacity the dev controls to act "honestly". I don't think this is even theoretically possible with most altcoins.