Ninjastic
PostEdited versionsQuotes to this post
Post
Topic
Board Development & Technical Discussion
Merits 1 from 1 user
Re: [bug?] Time Warp exploits. Why is the attack chain accepted?
by
Cryddit
on 16/05/2014, 16:04:24 UTC
⭐ Merited by mably (1)
When I went looking for the bug that allows time warp exploits, I found something related.  Not what I had been told the time warp exploit does, but something related to it.

If you can use timestamp lies in some way to trick or manipulate a difficulty adjustment algorithm,  an attack chain can arrive at the same timestamp as the main chain with many times more actual blocks, having used the same amount of hashing to get there. 

The result is that a 51% attack can use an attack chain with a STOOPID number of coins, rather than an attack chain that simply gets all the coins that the main chain issued to other miners while  the attack chain was built.

Bitcoin had an irregularity (really too slight to be called a bug) in its implementation of difficulty adjustment that allowed a certain type of fiddling, in that it adjusted difficulty every 2016 blocks, based on the 2015 intervals between those blocks; but once per difficulty adjustment, one interval between the end of one block and the beginning of the next was skipped by diff adjustment.  Thus, Bitcoin's difficulty adjustment algorithm could be manipulated by an attacker, but only by about a quarter of one percent per difficulty adjustment period, which is why it's an irregularity rather than a bug.  An attacker would do this by selecting that skipped interval to make a backward jump in time which difficulty adjustment wouldn't take into account.  This would be a 51% attack, in that he'd have to use hashing power equivalent to the hashing power of the entire legitimate network to form his attack chain.  In Bitcoin's case, the attacker would have to generate a chain that stretched through dozens of difficulty adjustment periods to have a really significant impact on Bitcoin's difficulty adjustment, and even if he had the multi-petahash infrastructure that would take, there'd be a checkpoint locking out his attack chain by the time he got the difficulty in his attack chain down significantly.

This irregularity became an outright bug in altcoins which shortened the adjustment interval to the point where this kind of manipulation could give an attacker nearly-arbitrary control over difficulty adjustments and block rates - in some cases even allowing the attacker to walk timestamps backward WHILE lowering difficulty, by making intervals shorter than 6 intervals (the 'median-of-last-11-blocks' rule guarantees nondecreasing timestamps only for adjustment periods longer than 6 intervals).  KGW and several other difficulty adjustment algorithms introduced new and different bugs that allowed the same kind of manipulation.  So this attack, applied to those alts, could instamine their entire remaining supply of coins in a 51% attack, and the very short difficulty adjustment periods made it feasible to form attack chains that invoked difficulty adjustment hundreds of times.

But none of these difficulty adjustment bugs would EVER have allowed an attack chain formed with less than 50% of hashing power to displace the main chain, assuming the routine I quoted above remained in place.  So the Time Warp attack as described to me is either not this attack, or the person who described it was simply wrong. 

Is that what the time warp has been all along?  Just a particular type of 51% attack?