Ninjastic
PostEdited versionsQuotes to this post
Post
Topic
Board Bitcoin Discussion
Re: F.R.O.N.T. Attack Vector and What the Bitcoin Devs are doing to prevent it.
by
mnmShadyBTC
on 12/10/2014, 22:21:16 UTC
Quote from: h4xx0r on October 08, 2014, 11:48:54 AM
Quote from: 51percemt on October 08, 2014, 03:55:41 AM
Quote from: h4xx0r on October 08, 2014, 02:18:15 AM
Quote from: 51percemt on October 08, 2014, 02:12:13 AM
Quote from: giszmo on October 07, 2014, 03:55:05 AM
Interesting attack indeed but h4xx0r who did you quote with the idea of giving to the next miner a share of your coinbase tx? It's trivial to give to the next miner outside the coinbase transaction by sending the reward as a transaction using one of the current inputs. Sure, then you have to scrape the bitcoins from elsewhere.

To recap the attack in laymen's terms:

If somebody paid 10,000BTC in transaction fees, miners would not care about block rewards for the next 10,000/25=400 blocks. Any miner that thinks it could outrun the biggest other miner would try to do so. If there is a draw between the top miners, such a battle could take a long time. If the top miners hold 10% of the mining power, they might try even when the other had a head start and was slowly building a chain that's growing faster than the own chain as they could still call their friends of other pools to team up catch that guy, essentially to the point where all miners took one side or the other and the weaker group gives up.

Also the attack does only work if the biggest selfish miner is bigger than the total of his run-up competitor with all non-selfish miners, so it assumes a pretty corrupt mining landscape.

The attack's effects:

During such an episode, massive re-orgs would happen, clients would act strangely, Finney attacks would be slightly easier etc. and we would have a slightly higher level of drama. And we will never know who sponsored that drama Wink but it would not be a cheap endeavor.
In additional to Danny's point above, you also have the issue that someone would need to incur the financial burden to pay these TX fees in the first place. There would be little economic benefit for someone to offer such a large TX fee, especially considering that the benefactor of such attack is unclear (therefore anyone attempting to profit off of an attack may or may not actually benefit in the event such attack is successful in slowing down the network).

IMO this attack vector would be something that is very easy to fix - simply fork the blockchain to institute a maximum TX fee on a per block and per TX basis, the max TX fee on a block basis could be a rolling average (plus some additional margin) of the last 'n' blocks and the max TX fee on a TX basis could be "x" times the min recommended TX fee, and if a TX would warrant larger then the max TX fee then the TX can be split up into smaller TXs.
it would be a State actor or a someone who stands to lose alot to a technology like bitcoin who would carry out an attack like this. The purpose of the post isn't fear it's education. i think the goal is clear. a currency not controlled or easily defeated by malicious actors.
Bitcoin does not pose a serious threat to any major government that would have these kind of resources. Also for the amount of money that it would take to start an attack (to give a large TX fee to the miners) would be better spent on miners (either buying them outright or renting hashpower) to be used to attack the network via other means as a lot would need to take place at once in order for this attack to work

Well, so what you're saying is. the attack is possible, but its like getting struck by lighting or the stars aligning? we all know those things have never happened, so therefore we should do nothing about this attack. Shall bitcoin endure stupidity, at the hands of incapable curators? If so, then whoa is bitcoin.
To say that this is possible is like saying that the miners could go "on strike" in a way similar to how unions go on strike. It is not a real threat.

Quote from: h4xx0r on October 12, 2014, 10:16:07 PM
Again, that is not adequate justification for allowing the vulnerability to exist. you find a vulnerability, you patch it and you move on
In theory someone could get really lucky and guess the private key of all of the addresses that contain bitcoin, however the chances of this happening are very small. Do you think we should patch the possibility of people being able to "guess" someone's private key?