• Bitcoin Is Broken - How an attack would allow a small group of miners to reach majority
    47 replies, posted
[quote]Bitcoin is broken. And not just superficially so, but fundamentally, at the core protocol level. We're not talking about a simple buffer overflow here, or even a badly designed API that can be easily patched; instead, the problem is intrinsic to the entire way Bitcoin works. All other cryptocurrencies and schemes based on the same Bitcoin idea, including Litecoin, Namecoin, and any of the other few dozen Bitcoin-inspired currencies, are broken as well. Specifically, in a paper we placed on arXiv, Ittay Eyal and I outline an attack by which a minority group of miners can obtain revenues in excess of their fair share, and grow in number until they reach a majority. When this point is reached, the Bitcoin value-proposition collapses: the currency comes under the control of a single entity; it is no longer decentralized; the controlling entity can determine who participates in mining and which transactions are committed, and can even roll back transactions at will. This snowball scenario does not require an ill-intentioned Bond-style villain to launch; it can take place as the collaborative result of people trying to earn a bit more money for their mining efforts...[/quote] [url]http://hackingdistributed.com/2013/11/04/bitcoin-is-broken/[/url]
Pretty sure this is just some guy who doesnt understand how pools work, but I'll have to read the paper
Unless you produce >50% of the hash rate, the head of the main blockchain will move faster than any fork, which is rather problematic for this attack.
So, what's a bitcoin?
the problem with this scheme is it increasingly relies on a lot of people to pull it off, and the parties they identified as being able to do it have a vested interest in keeping forks down. I'm not that into bit coins but I do know with all the computing power being devoted to it, a fork is increasingly unlikely since mining rigs and mining boxes and servers have started devoting power to it. still if the fed wanted to crash bitcoin or some evil bond guy wanted to, this paper demonstrates that if they throw enough power at it to get ahead for a while they can derail the whole thing
"How an attack would allow a small group of miners to reach majority" Where "Small group" is 30-40% of all bit-coin miners.
Doesn't the government own the majority of the bitcoins now? Wouldn't this be a good thing if it was performed at this very second?
[QUOTE=Pat4ever;42765607]Doesn't the government own the majority of the bitcoins now? Wouldn't this be a good thing if it was performed at this very second?[/QUOTE] Which government and why would they own the majority of bitcoins?
[QUOTE=mobrockers;42765687]Which government and why would they own the majority of bitcoins?[/QUOTE] US govt after the silk road raid
Nowhere near the majority.
The article's point is that it was previously believed you needed 51% of the computing power of the bitcoin network to sucessfully execute an attack on the network with 100% accuracy, but the reality is you "only" need 25-35% of the computing power if you do it [I]just right[/I] and a certain way, and even then there is a chance the attack won't execute. An attack means you create a seperate blockchain of your own with your computing power, that forks from the "real" blockchain, but because there are so many miners validating these blocks the network reaches the conclusion that the fake blockchain is the real one. Bitcoin is far from doomed with this - 25-30% is still a fucking massive amount of computing power. Bitcoin is far from doomed - there is no way a single entitiy could control that amount of the computing power of the network anytime soon. The only thing that gets close to this is the mining pool BTCGuild, which is the largest mining pool for bitcoin and it contributes around 25% of the hashing power. "OH!! They could do the attack!". Not really, the only way for that to be possible is if everyone on BTCguild was in on it and tried the attack. Since they are only a mining pool, this won't happen. Hell BTCguild isn't even interested in this stuff, considering they limit the amount of members they get because at one point their pool solves 6 blocks in a row (which shouldn't be possible and is exactly how attacks could happen) and they want to prevent that from happening.
[QUOTE=maxumym;42765200]So, what's a bitcoin?[/QUOTE] Freedom in monetary form
[QUOTE=Mike Tyson;42765692]US govt after the silk road raid[/QUOTE] They're not the owners of the bitcoins. They're holding the bitcoins as evidence.
What if tons of computers would get infected with GPU miners though? I'm not an expert on this field so this may sound dumb, sorry
[QUOTE=DrogenViech;42765992]What if tons of computers would get infected with GPU miners though? I'm not an expert on this field so this may sound dumb, sorry[/QUOTE] That an obvious way to do it and there's a good chance that a plot to do just that is likely in progress as we speak.
[QUOTE=DrogenViech;42765992]What if tons of computers would get infected with GPU miners though? I'm not an expert on this field so this may sound dumb, sorry[/QUOTE] It'd be really really obvious. And computers are actually not very good at mining so they'd need to infect most of the ma-and-pop PC's on the internet to do it. Keep in mind when you mine BTC at full power on your computer you pretty much can't use it at all since your computer is 100% focusing on mining. You could do background mining I guess, but considering you need like two high end AMD video cards running 24/7 in crossfire at full power to even mine a modest amount of BTC, a virus would need to pretty much infect every single PC connected to the internet in the world to do this to any effect, and even then I doubt it would work. Also the attack mentioned in the article is still a 51% attack, its just the general idea behind it is if you have 25% of the computing power of the network it'll theoretically be easier to get miners not apart of your network to hop on and validate your fake blocks in the name of evil knowingly till you have 51% of the network validating your fake blocks. This will literally never happen and would be easy to see if someone was trying to do this.
[QUOTE=DaysBefore;42765816]Freedom in monetary form[/QUOTE] I thought that was the USD
[QUOTE=Mike Tyson;42765692]US govt after the silk road raid[/QUOTE] ~1% of bitcoins that they can't do a god damn thing with?
[QUOTE=Eudoxia;42767269]~1% of bitcoins that they can't do a god damn thing with?[/QUOTE] Well they could sell it off at a incredibly cheap rate and temporarily disturb the Bitcoin economy. But that's it.
[QUOTE=Van-man;42767316]Well they could sell it off at a incredibly cheap rate and temporarily disturb the Bitcoin economy. But that's it.[/QUOTE] The wallets are encrypted. They can't sell the bitcoins. EDIT: Also, Bitcoins are not legally recognized as currency, so its illegal for the FBI to sell them. You can't have it both ways!
[QUOTE=Eudoxia;42764982]Unless you produce >50% of the hash rate, the head of the main blockchain will move faster than any fork, which is rather problematic for this attack.[/QUOTE] That's only true on average, if there's enough jitter (which is likely because blocks aren't solved every few minutes) the selfish miner can get an advantage randomly relatively easily. The jitter is also somewhat important to the protocol as it ensures that the chain will "tip" towards one direction. It only needs to be two blocks ahead and then can always release the chain once others close in. If they manage to get three blocks they can release two once one is released and still stay one ahead while decreasing the effective global hash rate by 50% for that block. [editline]edit[/editline] The amount by which they can decrease the global hash rate they compete against scales slightly more than proportionally to their advance at low advances (with a limit of proportional scaling), so once they randomly get a decent head start (which is likely if you have 30% of the pool), it becomes easier to trap the network so all other work is wasted. (My math could be off with the scaling factor, but I'm sure a longer advance means they have to rely less on the jitter to keep it.)
[QUOTE=Eudoxia;42767450]The wallets are encrypted. They can't sell the bitcoins. EDIT: Also, Bitcoins are not legally recognized as currency, so its illegal for the FBI to sell them. You can't have it both ways![/QUOTE] Since it's not legally recognized currency, don't they have to destroy the physical evidence after a certain time? The seizing is then actually a good thing no? All those bitcoins taken out of circulation.
[QUOTE=mobrockers;42767605]Since it's not legally recognized currency, don't they have to destroy the physical evidence after a certain time? The seizing is then actually a good thing no? All those bitcoins taken out of circulation.[/QUOTE] It at least means they can't be used to 'crash the market' or whatever.
If a wallet is deleted, are those bitcoins substracted from the total mined or are those just lost forever?
So how many people here actually read the paper, which looks mathematically sound and was written by a [URL="http://www.cs.cornell.edu/people/egs/"]pretty well-qualified[/URL] Cornell professor, before calling BS? If you care about Bitcoin you should be reading, not assuming the professor is wrong and dismissing it out of hand.
[QUOTE=maxumym;42765200]So, what's a bitcoin?[/QUOTE] It's one of these [t]http://www.bbb.org/blog/wp-content/uploads/2013/05/bitcoin1.png[/t] If you download the image it counts as one coin, I have like 1,000,000 coins because I downloaded the image a lot I think it's how it works
[QUOTE=mobrockers;42767678]If a wallet is deleted, are those bitcoins substracted from the total mined or are those just lost forever?[/QUOTE] Just lost forever, Your wallet.dat file is the only way to acces them. If that's lost then noone will be able to acces those bitcoins ever. [editline]5th November 2013[/editline] [QUOTE=catbarf;42767702]So how many people here actually read the paper, which looks mathematically sound and was written by a [URL="http://www.cs.cornell.edu/people/egs/"]pretty well-qualified[/URL] Cornell professor, before calling BS? If you care about Bitcoin you should be reading, not assuming the professor is wrong and dismissing it out of hand.[/QUOTE] People aren't saying it's bullshit, the article actually makes sense but the writer states that it's easy however getting anywhere near the required computing power is pretty much impossible or not worth it at that point.
[QUOTE=Strontboer;42767736]Just lost forever, Your wallet.dat file is the only way to acces them. If that's lost then noone will be able to acces those bitcoins ever.[/QUOTE] I don't mean those bitcoins. There's a cap at 21mil bitcoins right? Will they keep counting toward that cap?
[QUOTE=Strontboer;42767736]People aren't saying it's bullshit, the article actually makes sense but the writer states that it's easy however getting anywhere near the required computing power is pretty much impossible or not worth it at that point.[/QUOTE] This. There are entire fields within computer science dedicated to studying things that can't happen (Gotta get me one of them Turing oracles).
[QUOTE=mobrockers;42767678]If a wallet is deleted, are those bitcoins substracted from the total mined or are those just lost forever?[/QUOTE] I don't think they're replaced. I think that just contributes to the overall deflation inherent in bitcoins. As more are lost, BTC can be modified to be divided more and more.
Sorry, you need to Log In to post a reply to this thread.