Bitcoin Forum
December 11, 2016, 08:11:13 AM *
News: Latest stable version of Bitcoin Core: 0.13.1  [Torrent].
 
   Home   Help Search Donate Login Register  
Pages: [1] 2 »  All
  Print  
Author Topic: Sabotaging Mining Pools  (Read 5071 times)
nibor
Sr. Member
****
Offline Offline

Activity: 348


View Profile
July 20, 2012, 09:57:02 PM
 #1


If someone was to make a few line change to cgminer or other mining software that just meant that if you found a share that was a BLOCK it discarded it instead of sending to the mining pool this would soon kill the pool for virtually zero cost to the sabotager.

Only cost to the sabotager (assuming they were mining anyway) would be that one in 1.8 millions shares would not be submitted so reducing their personal income by a tiny amount. (Plus the 5% cost of mining PPS).

But the cost to the mining pool would be massive as they would be paying out on shares to someone who could NEVER find a block.

E.g. to sabotage slush who are charging 2-5% you would only need to have 2-5% of the pools hashing power (so about 25-60 g/hash) to wipe out their entire profits and so soon them. You would just mine PPS and only submit non-block shares!.

And if you were a Pool yourself you could possible redirect some of your users to solve other pools share hashes, collect the fees from the other pool but never send them successful blocks. In this way you can kill the competition without having any hashing power and only relatively small costs.

I know that p2pool tries to work round this by adding a 0.25BTC bonus if you submit a block making share but this hardly changes the costs significantly.

Obviously the pools could drop PPS, but then the costs would just look like bad luck to their users!



Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1481443873
Hero Member
*
Offline Offline

Posts: 1481443873

View Profile Personal Message (Offline)

Ignore
1481443873
Reply with quote  #2

1481443873
Report to moderator
1481443873
Hero Member
*
Offline Offline

Posts: 1481443873

View Profile Personal Message (Offline)

Ignore
1481443873
Reply with quote  #2

1481443873
Report to moderator
1481443873
Hero Member
*
Offline Offline

Posts: 1481443873

View Profile Personal Message (Offline)

Ignore
1481443873
Reply with quote  #2

1481443873
Report to moderator
Ferroh
Full Member
***
Offline Offline

Activity: 141



View Profile WWW
July 21, 2012, 05:51:13 AM
 #2

if you found a share that was a BLOCK

It doesn't work this way.

If it did work that way, you could just keep the block for yourself.

You can't tell which share solves a block for the pool.

Edit:

Or it does, and I'm really tired, sorry Smiley
Graet
VIP
Legendary
*
Offline Offline

Activity: 980



View Profile WWW
July 21, 2012, 09:04:30 AM
 #3

if you found a share that was a BLOCK

It doesn't work this way.

If it did work that way, you could just keep the block for yourself.

You can't tell which share solves a block for the pool.
um actually. cgminer shows you blocks you find so you can tell.

this is called a witholding attack, you would need to be a large part of the pool. only way to do it without costing yourself lots is on a PPS pool.

| Ozcoin Pooled Mining Pty Ltd https://ozcoin.net Double Geometric Reward System https://lc.ozcoin.net for Litecoin mining DGM| https://crowncloud.net VPS and Dedicated Servers for the BTC community
wabber
Member
**
Offline Offline

Activity: 85


View Profile
July 21, 2012, 09:09:49 AM
 #4

if you found a share that was a BLOCK

It doesn't work this way.

If it did work that way, you could just keep the block for yourself.

You can't tell which share solves a block for the pool.

You can.
But you can't change the payout address of the block after it was solved or you have to solve it again if you change it which is why you can't keep it for yourself.
JoelKatz
Legendary
*
Offline Offline

Activity: 1386


Democracy is vulnerable to a 51% attack.


View Profile WWW
July 21, 2012, 09:26:00 AM
 #5

When a pool does mine a block, it can immediately assign that same work unit to many miners. Any that pull a new work unit and don't mine the block are highly suspect.

I am an employee of Ripple.
1Joe1Katzci1rFcsr9HH7SLuHVnDy2aihZ BM-NBM3FRExVJSJJamV9ccgyWvQfratUHgN
ChrisKoss
Full Member
***
Offline Offline

Activity: 169



View Profile WWW
July 28, 2012, 12:21:10 AM
 #6

When a pool does mine a block, it can immediately assign that same work unit to many miners. Any that pull a new work unit and don't mine the block are highly suspect.
+1.  Nice solution.

Now, couldn't a smart withholding attack check to see if the block already exists in the block chain, and only then send it up to the pool server?

I suppose you could hold back releasing the block to the Bitcoin network for 30 secs while you wait for all your workers to prove themselves, but you risk another miner finding a block in the mean time.

I am a consultant providing services to CoinLab, Inc.
nibor
Sr. Member
****
Offline Offline

Activity: 348


View Profile
July 28, 2012, 08:11:16 AM
 #7

if you found a share that was a BLOCK

It doesn't work this way.

If it did work that way, you could just keep the block for yourself.

You can't tell which share solves a block for the pool.
um actually. cgminer shows you blocks you find so you can tell.

this is called a witholding attack, you would need to be a large part of the pool. only way to do it without costing yourself lots is on a PPS pool.

You do not need a large percentage. Just slightly more than the fee. So 5%.
And you still get paid for mining there! So if you had a mining set up that was 5% (i.e. 50-75 Ghash for the 2nd tier pools) you just need to point it at them as pps and withhold the blocks and the attack really costs you nothing.
JoelKatz
Legendary
*
Offline Offline

Activity: 1386


Democracy is vulnerable to a 51% attack.


View Profile WWW
July 28, 2012, 09:43:22 PM
 #8

Now, couldn't a smart withholding attack check to see if the block already exists in the block chain, and only then send it up to the pool server?
Yes, but nobody's that smart yet.

Quote
I suppose you could hold back releasing the block to the Bitcoin network for 30 secs while you wait for all your workers to prove themselves, but you risk another miner finding a block in the mean time.
I think you could withhold for just 4 seconds and still get a pretty good idea. This would incur about a .7% chance of losing the block, with an expected cost of about $3.

I am an employee of Ripple.
1Joe1Katzci1rFcsr9HH7SLuHVnDy2aihZ BM-NBM3FRExVJSJJamV9ccgyWvQfratUHgN
dree12
Legendary
*
Offline Offline

Activity: 1232



View Profile
July 28, 2012, 10:03:47 PM
 #9

Now, couldn't a smart withholding attack check to see if the block already exists in the block chain, and only then send it up to the pool server?
Yes, but nobody's that smart yet.

Quote
I suppose you could hold back releasing the block to the Bitcoin network for 30 secs while you wait for all your workers to prove themselves, but you risk another miner finding a block in the mean time.
I think you could withhold for just 4 seconds and still get a pretty good idea. This would incur about a .7% chance of losing the block, with an expected cost of about $3.
Many pools do not require a password. If a malignant individual mines on someone else's account, they could possibly get them into trouble.
JoelKatz
Legendary
*
Offline Offline

Activity: 1386


Democracy is vulnerable to a 51% attack.


View Profile WWW
July 28, 2012, 11:01:12 PM
 #10

Many pools do not require a password. If a malignant individual mines on someone else's account, they could possibly get them into trouble.
This seems like a pretty unlikely scenario from a practical standpoint. Most likely, you'd just wind up helping them because unless you actually mine a block, you are indistinguishable from a legitimate miner. Someone would have to dedicate huge amounts of hashing power to do this, and the most likely outcome is that they would just enrich the person they are trying to get in trouble.

However, it is definitely worth thinking about.

I am an employee of Ripple.
1Joe1Katzci1rFcsr9HH7SLuHVnDy2aihZ BM-NBM3FRExVJSJJamV9ccgyWvQfratUHgN
K1773R
Legendary
*
Offline Offline

Activity: 1526


/dev/null


View Profile
October 25, 2012, 01:25:03 PM
 #11

source code or it didnt happen Tongue

[GPG Public Key]  [Devcoin Builds]  [BBQCoin Builds]  [Multichain Blockexplorer]  [Multichain Blockexplorer - PoS Coins]  [Ufasoft Miner Linux Builds]
BTC/DVC/TRC/FRC: 1K1773RbXRZVRQSSXe9N6N2MUFERvrdu6y ANC/XPM AK1773RTmRKtvbKBCrUu95UQg5iegrqyeA NMC: NK1773Rzv8b4ugmCgX789PbjewA9fL9Dy1 LTC: LKi773RBuPepQH8E6Zb1ponoCvgbU7hHmd EMC: EK1773RxUes1HX1YAGMZ1xVYBBRUCqfDoF BQC: bK1773R1APJz4yTgRkmdKQhjhiMyQpJgfN
-ck
Moderator
Legendary
*
Offline Offline

Activity: 2002


Ruu \o/


View Profile WWW
October 26, 2012, 02:29:30 AM
 #12

You could definitely do a withholding attack, but why on earth would you do it? It doesn't benefit you, you just make the pool poorer that you mine with, and unless you have ultramegahashes to waste, your effect of withholding a block solve will be insignificant to the final outcome. There is nothing suspect about not returning a share from any work gathered from a pool, and a block solve is no different to returning a share. There is no way to check if a miner is returning all the shares it's "supposed to" as there is no such metric. Pools never send the same work item out to two different miners, so they'd have to have some reason to suspect this is the case, so unless you mine with a pool and after 10x difficulty submission of shares you still haven't sent a block solve, then they'd have to start investigating. Even then, bad luck alone is enough for even 10x difficulty and no block solve to occur. So at current difficulty, for example, a pool operator would have to get suspicious only after you had sent 30 million shares without a block solve. That's a heck of a lot of work you're doing just to withhold one block. So unless you personally have something like >1% of the total bitcoin network hashrate, this is a futile exercise.

On the other hand, if you get enough people running the same malicious mining software you could achieve this. But to what end? It doesn't benefit you directly in any way. Luckily all the source code for my mining software (along with most other mining software) is free and open and anyone can audit it to ensure it's not doing this.

Primary developer/maintainer for cgminer and ckpool/ckproxy.
Pooled mine at kano.is, solo mine at solo.ckpool.org
-ck
K1773R
Legendary
*
Offline Offline

Activity: 1526


/dev/null


View Profile
October 26, 2012, 05:00:09 AM
 #13

You could definitely do a withholding attack, but why on earth would you do it? It doesn't benefit you, you just make the pool poorer that you mine with, and unless you have ultramegahashes to waste, your effect of withholding a block solve will be insignificant to the final outcome. There is nothing suspect about not returning a share from any work gathered from a pool, and a block solve is no different to returning a share. There is no way to check if a miner is returning all the shares it's "supposed to" as there is no such metric. Pools never send the same work item out to two different miners, so they'd have to have some reason to suspect this is the case, so unless you mine with a pool and after 10x difficulty submission of shares you still haven't sent a block solve, then they'd have to start investigating. Even then, bad luck alone is enough for even 10x difficulty and no block solve to occur. So at current difficulty, for example, a pool operator would have to get suspicious only after you had sent 30 million shares without a block solve. That's a heck of a lot of work you're doing just to withhold one block. So unless you personally have something like >1% of the total bitcoin network hashrate, this is a futile exercise.

On the other hand, if you get enough people running the same malicious mining software you could achieve this. But to what end? It doesn't benefit you directly in any way. Luckily all the source code for my mining software (along with most other mining software) is free and open and anyone can audit it to ensure it's not doing this.
there is only one goal where it could be usefull, if a pool owner wants to take down a others pool and only if the others pool is PPS. Prop isnt worth it since u lose too.

[GPG Public Key]  [Devcoin Builds]  [BBQCoin Builds]  [Multichain Blockexplorer]  [Multichain Blockexplorer - PoS Coins]  [Ufasoft Miner Linux Builds]
BTC/DVC/TRC/FRC: 1K1773RbXRZVRQSSXe9N6N2MUFERvrdu6y ANC/XPM AK1773RTmRKtvbKBCrUu95UQg5iegrqyeA NMC: NK1773Rzv8b4ugmCgX789PbjewA9fL9Dy1 LTC: LKi773RBuPepQH8E6Zb1ponoCvgbU7hHmd EMC: EK1773RxUes1HX1YAGMZ1xVYBBRUCqfDoF BQC: bK1773R1APJz4yTgRkmdKQhjhiMyQpJgfN
-ck
Moderator
Legendary
*
Offline Offline

Activity: 2002


Ruu \o/


View Profile WWW
October 26, 2012, 05:04:08 AM
 #14

there is only one goal where it could be usefull, if a pool owner wants to take down a others pool and only if the others pool is PPS. Prop isnt worth it since u lose too.
Certainly this is a real danger with a proxy pool...

Primary developer/maintainer for cgminer and ckpool/ckproxy.
Pooled mine at kano.is, solo mine at solo.ckpool.org
-ck
K1773R
Legendary
*
Offline Offline

Activity: 1526


/dev/null


View Profile
October 26, 2012, 05:28:11 AM
 #15

Certainly this is a real danger with a proxy pool...
but only if the proxy pool is using PPS, otherwise it wouldnt harm much. i wonder if anyone already created some patches for miners to do this...

[GPG Public Key]  [Devcoin Builds]  [BBQCoin Builds]  [Multichain Blockexplorer]  [Multichain Blockexplorer - PoS Coins]  [Ufasoft Miner Linux Builds]
BTC/DVC/TRC/FRC: 1K1773RbXRZVRQSSXe9N6N2MUFERvrdu6y ANC/XPM AK1773RTmRKtvbKBCrUu95UQg5iegrqyeA NMC: NK1773Rzv8b4ugmCgX789PbjewA9fL9Dy1 LTC: LKi773RBuPepQH8E6Zb1ponoCvgbU7hHmd EMC: EK1773RxUes1HX1YAGMZ1xVYBBRUCqfDoF BQC: bK1773R1APJz4yTgRkmdKQhjhiMyQpJgfN
-ck
Moderator
Legendary
*
Offline Offline

Activity: 2002


Ruu \o/


View Profile WWW
October 26, 2012, 06:27:40 AM
 #16

Certainly this is a real danger with a proxy pool...
but only if the proxy pool is using PPS, otherwise it would harm much. i wonder if anyone already created some patches for miners to do this...
Indeed, but they could easily redirect shares to a PPS should they feel malicious.

Primary developer/maintainer for cgminer and ckpool/ckproxy.
Pooled mine at kano.is, solo mine at solo.ckpool.org
-ck
K1773R
Legendary
*
Offline Offline

Activity: 1526


/dev/null


View Profile
October 26, 2012, 07:09:30 AM
 #17

Certainly this is a real danger with a proxy pool...
but only if the proxy pool is using PPS, otherwise it would harm much. i wonder if anyone already created some patches for miners to do this...
Indeed, but they could easily redirect shares to a PPS should they feel malicious.
or a proxy pool just simply switches to another PPS pool to kill it and pay the surpases. this could be really nasty

[GPG Public Key]  [Devcoin Builds]  [BBQCoin Builds]  [Multichain Blockexplorer]  [Multichain Blockexplorer - PoS Coins]  [Ufasoft Miner Linux Builds]
BTC/DVC/TRC/FRC: 1K1773RbXRZVRQSSXe9N6N2MUFERvrdu6y ANC/XPM AK1773RTmRKtvbKBCrUu95UQg5iegrqyeA NMC: NK1773Rzv8b4ugmCgX789PbjewA9fL9Dy1 LTC: LKi773RBuPepQH8E6Zb1ponoCvgbU7hHmd EMC: EK1773RxUes1HX1YAGMZ1xVYBBRUCqfDoF BQC: bK1773R1APJz4yTgRkmdKQhjhiMyQpJgfN
dust
Hero Member
*****
Offline Offline

Activity: 840



View Profile WWW
October 26, 2012, 07:22:47 AM
 #18

This attack has the advantage of keeping the difficulty artificially low.  It is economically advantageous to the attacker if they control > (share_difficulty / difficulty) of the network.

Cryptocoin Mining Info | OTC | PGP | Twitter | freenode: dust-otc | BTC: 1F6fV4U2xnpAuKtmQD6BWpK3EuRosKzF8U
Meni Rosenfeld
Donator
Legendary
*
Offline Offline

Activity: 1890



View Profile WWW
October 26, 2012, 08:02:53 AM
 #19

I'd like to remind everyone that block withholding can be used for a profitable attack against non-PPS pools, called "Lie in wait". I estimate the max profit can be achieved from it to be multiplying the rewards by (1 + h/(4H)), where h is the attacker's hashrate and H is the network's total hashrate. And, if block withholding ever becomes a problem one solution is to modify the protocol to allow oblivious shares.

This attack has the advantage of keeping the difficulty artificially low.  It is economically advantageous to the attacker if they control > (share_difficulty / difficulty) of the network.
Almost. If the difficulty / share_difficulty is D, then by doing this they lose 1/D, and assuming everyone's hashrate stays the same, they difficulty drops by h/H meaning they get h/H, so this is indeed profitable if (h/H)>(1/D).

But if the difficulty goes down, mining becomes more profitable and people will add more hashrate. So the difference between the old and new equilibrium will not be as large as h/H, maybe it will be h/(2H). With this assumption you'd need twice as much hashrate to make this profitable.

1EofoZNBhWQ3kxfKnvWkhtMns4AivZArhr   |   Who am I?   |   bitcoin-otc WoT
Bitcoil - Exchange bitcoins for ILS (thread)   |   Israel Bitcoin community homepage (thread)
Analysis of Bitcoin Pooled Mining Reward Systems (thread, summary)  |   PureMining - Infinite-term, deterministic mining bond
dree12
Legendary
*
Offline Offline

Activity: 1232



View Profile
November 14, 2012, 03:00:42 AM
 #20

But if the difficulty goes down, mining becomes more profitable.
Not if the pools begin increasing fees to compensate, which they inevitably will.
Pages: [1] 2 »  All
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!