Search content
Sort by
Showing 15 of 15 results by riggasconi
You can't spend 400 BTC 80 times in 1 hour. If you control a majority of the generation you could spend them twice an an hour (assuming merchants require 6 confirmations).
Why ?
Hi theymos,
thanks for the very technical answer.
Why should an attacker want to go back, instead of just being faster than the honest network in producing a longer chain ?
1) Why do you say that a "backspend" is a better double-spending than a second spend towards a second recipient ?
2) How could a future Bitcoin client ever be protected from the double-spending exploit that currently affects Bitcoin ?
thanks for the very technical answer.
No. Rewriting old blocks requires you to generate them again. So if you want to go back 6 blocks, you have to do the work required to generate them with the current difficulty and continue to compete against legitimate generators.
Why should an attacker want to go back, instead of just being faster than the honest network in producing a longer chain ?
Quote
That's much more difficult. A future version of Bitcoin will probably let the second recipient identify this attack immediately, since it is easy to see. A more likely attack is one where the second spend is back to the attacker.
1) Why do you say that a "backspend" is a better double-spending than a second spend towards a second recipient ?
2) How could a future Bitcoin client ever be protected from the double-spending exploit that currently affects Bitcoin ?
Hi Gavin,
thanks for the explanation.
Are you saying that:
a) an attacker should announce a block chain where the spend is never acknowledged ?
b) the attacker should announce a block chain where the spend is acknowledged, and where another opposite transaction is, too ?
c) the attacker should announce a block chain where the spend is acknowledged, but the recipient is not the merchant address anymore but the/a attarcker's address ?
Would you agree on this description of the attack ?
"So in summary the attack works like this: the first BTCs spend happens in, say, block 105000. After the merchant acknowledges it and delivers the good/service to the attacker, the attacker's malicious network releases a new block 105000 and as many blocks after it as needed to make it the longest chain. Now the whole network (honest clients included) acknowledges that the attacker holds the coin because there is no record of first the transaction according to the majority of CPUs. Then the BTCs are spent again, and the process is repeated many times."
I feel that your point is: the transaction can't just disappear.
Ummm ... are you sure ? Could you be specific as which numbers are wrong in my Quora question ? According to my calculations, the ROI of such attack would be extremely positive.
thanks for the explanation.
You can:
Spend bitcoins once. Then wait for them to be confirmed by the rest of the network as many times as the merchant requires, while secretly working on another version of the block chain where you did NOT spend them. Your secret block chain should be longer than the network's, since you control 51% of the generating power.
So you announce your secret block chain, and instead of sending those coins to a merchant you include a transaction where you send them to yourself. YEAH! you just ripped off the merchant! Wahoo!
Spend bitcoins once. Then wait for them to be confirmed by the rest of the network as many times as the merchant requires, while secretly working on another version of the block chain where you did NOT spend them. Your secret block chain should be longer than the network's, since you control 51% of the generating power.
So you announce your secret block chain, and instead of sending those coins to a merchant you include a transaction where you send them to yourself. YEAH! you just ripped off the merchant! Wahoo!
Are you saying that:
a) an attacker should announce a block chain where the spend is never acknowledged ?
b) the attacker should announce a block chain where the spend is acknowledged, and where another opposite transaction is, too ?
c) the attacker should announce a block chain where the spend is acknowledged, but the recipient is not the merchant address anymore but the/a attarcker's address ?
Quote
You cannot rip off two merchants with the same bitcoins-- one or the other of the transactions will be seen as valid.
And you cannot "unspend" the transaction to the merchant-- if you don't spend it SOMEWHERE, the merchant's bitcoin node will re-announce it to the network and all the other nodes will consider those bitcoins "spent, just waiting to be included in the next generated block."
And you cannot "unspend" the transaction to the merchant-- if you don't spend it SOMEWHERE, the merchant's bitcoin node will re-announce it to the network and all the other nodes will consider those bitcoins "spent, just waiting to be included in the next generated block."
Would you agree on this description of the attack ?
"So in summary the attack works like this: the first BTCs spend happens in, say, block 105000. After the merchant acknowledges it and delivers the good/service to the attacker, the attacker's malicious network releases a new block 105000 and as many blocks after it as needed to make it the longest chain. Now the whole network (honest clients included) acknowledges that the attacker holds the coin because there is no record of first the transaction according to the majority of CPUs. Then the BTCs are spent again, and the process is repeated many times."
I feel that your point is: the transaction can't just disappear.
Quote
If you run the numbers again with the realistic double-spend scenario, you'll see crime doesn't pay. There is no way you can rent enough hashing power to commit a profitable double-spend attack.
If you can steal the hashing power (maybe you're a bot farmer), then if you run the numbers you'll find it is more profitable to just generate blocks and sell the bitcoins rather than try to somehow get stuff trying to double-spend.
If you can steal the hashing power (maybe you're a bot farmer), then if you run the numbers you'll find it is more profitable to just generate blocks and sell the bitcoins rather than try to somehow get stuff trying to double-spend.
Ummm ... are you sure ? Could you be specific as which numbers are wrong in my Quora question ? According to my calculations, the ROI of such attack would be extremely positive.
Hi Gavin,
thanks for your technical answer. You sound expert in the details of how Bitcoin works, I hope to learn more.
Satoshi Nakamoto writes in his white paper that it is not needed to control all of the bitcoin connections, but just a majority of them. Am I missing something ?
Please note that the attack I outline targets BTC users who are not pros.
thanks for your technical answer. You sound expert in the details of how Bitcoin works, I hope to learn more.
FreeMoney is absolutely right.
The only way to get 80 people to accept the same 400 bitcoins would be to control all of their bitcoin connections and feed them different versions of the block chain.
The only way to get 80 people to accept the same 400 bitcoins would be to control all of their bitcoin connections and feed them different versions of the block chain.
Satoshi Nakamoto writes in his white paper that it is not needed to control all of the bitcoin connections, but just a majority of them. Am I missing something ?
Quote
And THAT will be impossible, because the people you're trying to rip off (merchants selling stuff) are exactly the people with long-running, well-connected bitcoin nodes.
Please note that the attack I outline targets BTC users who are not pros.
Hi theymos
The attacker must hold a large amount of BTC in order to execute the attack. So he'll also be affected by the lower price. If he brings the price of BTC to 0, then his attack was pointless, since the money that he got back is now worthless.
I'm sorry but I don't understand your argument. The goal of the attacker is to harvest goods/services and have 0 BTCs at the end of the attack, but be plenty of goods/services. The attacker will therefore not suffer from the FRN/BTC ratio plummeting because of panic triggered when the the community realizes to have been hacked, which is after the attack is completed. I hope you agree with me.
-The BTCs owners could be very sad, because panic could trigger a drop in the FRN/BTC exchange ratio, triggering evaporation of purchasing power of their BTCs, e.g. their BTCs can buy much less goods and services than before the attack.
The attacker must hold a large amount of BTC in order to execute the attack. So he'll also be affected by the lower price. If he brings the price of BTC to 0, then his attack was pointless, since the money that he got back is now worthless.
I'm sorry but I don't understand your argument. The goal of the attacker is to harvest goods/services and have 0 BTCs at the end of the attack, but be plenty of goods/services. The attacker will therefore not suffer from the FRN/BTC ratio plummeting because of panic triggered when the the community realizes to have been hacked, which is after the attack is completed. I hope you agree with me.
HI freetx
Regarding your 3 other points:
1. Legal: Yes, .gov could make it illegal. However, think through your underlying premise a bit....any currency sufficiently open enough to be a "better" currency than current Central Bank currency would also be pressured via the same tactic. I mean with that premise (.gov will make it illegal), why try at all?
2. Competition: Great, I think competition would be outstanding. I don't think lots of us who support BTC actively think its going to be the "only" currency used. Whats wrong with having 10 active competing currencies? Doesn't that benefit mankind the most anyway? Moreover, due to the nature that BTC is purely electronic, there will always be instantaneous exchanges available to translate between BTC and the new XYZ currency of favor.
3. Infiltration: Again this is a 'so what?' sort of premise. Poor Linus should've never tried to create his own Linux operating system....after all IBM and MSFT may have tried to subjugate the process via its open development process.
I agree with you: the fact that governments, competitors and infiltration will attack Bitcoin should not be a reason not to fight. But my concern is: how will the FRN/BTC ratio be affected when such shocks happen ? This is very important for me and people to know: if I am to accept BTCs in exchange for my labour, I wanna know how likely it is that the result of my labour could plummet, and how much. I hope you have the same concern
Regarding your 3 other points:
1. Legal: Yes, .gov could make it illegal. However, think through your underlying premise a bit....any currency sufficiently open enough to be a "better" currency than current Central Bank currency would also be pressured via the same tactic. I mean with that premise (.gov will make it illegal), why try at all?
2. Competition: Great, I think competition would be outstanding. I don't think lots of us who support BTC actively think its going to be the "only" currency used. Whats wrong with having 10 active competing currencies? Doesn't that benefit mankind the most anyway? Moreover, due to the nature that BTC is purely electronic, there will always be instantaneous exchanges available to translate between BTC and the new XYZ currency of favor.
3. Infiltration: Again this is a 'so what?' sort of premise. Poor Linus should've never tried to create his own Linux operating system....after all IBM and MSFT may have tried to subjugate the process via its open development process.
I agree with you: the fact that governments, competitors and infiltration will attack Bitcoin should not be a reason not to fight. But my concern is: how will the FRN/BTC ratio be affected when such shocks happen ? This is very important for me and people to know: if I am to accept BTCs in exchange for my labour, I wanna know how likely it is that the result of my labour could plummet, and how much. I hope you have the same concern
Hi caveden
Absolutely. Please note that in the attack I outilned the targets are not moneychangers, nor banks, nor any BTC pro.
Please look at the numbers outlined in the Quora question for this.
I totally agree with you on a moral side. Criminal activities are a bad thing, and Bitcoin is an effort to liberate people from criminal-like monopolies. Unfortunately I think there will always be a country in the world where hacking Bitcoin is not considered illegal. On the other hand, I fear that Bitcoin will soon be rendered illegal in many countries.
In the best scenario you would attack some exchanges and get some cash, but then, that would identify you, since cash transfers are not anonymous. You wouldn't manage to make a positive ROI by doing cash-in-the-mail exchanges!
Absolutely. Please note that in the attack I outilned the targets are not moneychangers, nor banks, nor any BTC pro.
Quote
Seriously, I can't see how such an attack would be profitable.
Please look at the numbers outlined in the Quora question for this.
Quote
I bet that, if you're willing to engage in criminal activities, there are probably much better ROIs you could obtain with such an investment....
I totally agree with you on a moral side. Criminal activities are a bad thing, and Bitcoin is an effort to liberate people from criminal-like monopolies. Unfortunately I think there will always be a country in the world where hacking Bitcoin is not considered illegal. On the other hand, I fear that Bitcoin will soon be rendered illegal in many countries.
Hi Freemoney,
thanks for answering me with such detail.
I think you're referring to this:
I disagree. A slow attack can target slow-shipping goods/services coming from isolated community-unaware sellers. A fast attack can target immediate-delivery goods/services making sure the interval of being alerted is smaller than the duration of the attack.
Yes. That's exactly the business of a malicious attacker. The whole point of Bitcoin should be being resilient to malicious attacks.
You also add:
I disagree. The first scenario I outlined involves attacking just 80 providers accepting BTC, in 60 minutes.
The transactions involved in such attack would be worth around FRN ("USD") 160 each, which is surely not the entire stock of a shop owner, nor all the goods/services providable by a generic seller.
See the two points above.
The attack scenario is based on the current Bitcoin network status.
I disagree. As I said, it takes only 80 relatively small transactions to complete the attack, and it doesn't have to by central banks' currencies. If I were a merchant I would like to be 100% sure that I can't be ripped off if I accept BTC, regardless of what I'm selling. Am I wrong, or do merchants lack this insurance if they use BTC ?
In your last post you add:
I understand your argument. Why shouldn't the attacker be able to releases a new block and as many blocks after it as needed to make its malicious chain the longest chain after the merchant has delivered the good/service to him ?
Makes a lot of sense. The attacker should buy immediate-delivery or fast-delivery goods services, such as: face-to-face material goods (in real shops), virtual goods, music, movies, ebooks, etc. The more the Bitcoin network grows, the more stuff available to be stolen will be available. Also, please consider that the job of an attacker is to figure out these details, while a merchant should be insured that hacking the system is not an option on Bitcoin.
You're right, but you'll agree with me that the attack should consist of 80 small transactions, involving sellers who are not superalert as moneychangers or bankers are.
I agree. The goal of the attacker should not be to steal everything available in Bitcoin, but just enough to reap a positive ROI.
A technical question: isn't owning the majority of the CPU power enough to impose a malicious chain, regardless of the size and age of the network, and the consequent difficulty ?
thanks for answering me with such detail.
I don't think it is positive.
The rest of my post gave a bunch of reasons why the return is lower than at first glance.
The rest of my post gave a bunch of reasons why the return is lower than at first glance.
I think you're referring to this:
Quote
I have a few thoughts. An attacker isn't likely to want a bunch of services, those can't usually be resold easily. Goods will usually not ship until the next day so the attacker has to overcome the whole network for ~12 or more. Even if he pulls this off people will notice and many will be warned not to ship goods ordered after X time.
I disagree. A slow attack can target slow-shipping goods/services coming from isolated community-unaware sellers. A fast attack can target immediate-delivery goods/services making sure the interval of being alerted is smaller than the duration of the attack.
Quote
In addition to all the power that the attacker will have to buy or rent there will be a lot of planning involved. They need to search out what goods will ship fast enough to go out during their attack, if they can't hold on to the network for over a day this will only be certain parts of the world. They need to set up a place or places for delivery, and a way to resell the goods unless they are doing this for their own consumption. They need to find all the little exchanges and make accounts and set up bank accounts to send the money to, under different names I guess.
Yes. That's exactly the business of a malicious attacker. The whole point of Bitcoin should be being resilient to malicious attacks.
You also add:
Quote
Many types of merchants would be immune, many would be warned, etc.
I disagree. The first scenario I outlined involves attacking just 80 providers accepting BTC, in 60 minutes.
Quote
Shops are not going to mindlessly ship their entire stock without making sure nothing weird is going on.
The transactions involved in such attack would be worth around FRN ("USD") 160 each, which is surely not the entire stock of a shop owner, nor all the goods/services providable by a generic seller.
Quote
Even if they aren't savvy they are likely to know other bitcoin merchants. "Huh, all of your stuff was just bought too? Cool, I guess we're rich now."
See the two points above.
Quote
Bitcoin price is up about 6x since I got here and difficulty is up over 90x.
The attack scenario is based on the current Bitcoin network status.
Quote
The value of attack calculation is hard, but you aren't even looking at the right numbers. The attacker doesn't just get to turn bitcoins into cash via magic. He's going to flood exchanges and tip people off by buying to many sneakers. A lot of what you can do with bitcoin doesn't help him at all, so he can get a lot of credits at A Tale in the Desert, so what, doesn't help him at all. He can bet at bitcoinsportsbook, so what? The only thing valuable to him is the exchanges and they are likely to be the most alert to weird stuff.
I disagree. As I said, it takes only 80 relatively small transactions to complete the attack, and it doesn't have to by central banks' currencies. If I were a merchant I would like to be 100% sure that I can't be ripped off if I accept BTC, regardless of what I'm selling. Am I wrong, or do merchants lack this insurance if they use BTC ?
In your last post you add:
Quote
Your calculations are garbage. You cannot spend coins 80 times in an hour. The attacker has the power to rewrite a history that doesn't include him spending the coins, that is all. He can't simultaneously convince 80 people that they have the same coins.
I understand your argument. Why shouldn't the attacker be able to releases a new block and as many blocks after it as needed to make its malicious chain the longest chain after the merchant has delivered the good/service to him ?
Quote
In the slow shipping example you need to let the shipper think he has coins until after he ships, then you can pull them back. You can't do this 80 times in 2days. You would need about 40 days if people are shipping same day.
Makes a lot of sense. The attacker should buy immediate-delivery or fast-delivery goods services, such as: face-to-face material goods (in real shops), virtual goods, music, movies, ebooks, etc. The more the Bitcoin network grows, the more stuff available to be stolen will be available. Also, please consider that the job of an attacker is to figure out these details, while a merchant should be insured that hacking the system is not an option on Bitcoin.
Quote
If you try to spend them twice in an hour at, say, MtGox you won't ever get credit and can't get dollars because he waits for 6 confirmations. If you go for 2 hours you can spend them there twice this will not get you double your money because you will be bidding the price down by buying quickly which you will have to do since your cover is blown when you stop paying $8560/hr. Not to mention that Mtgox (the only site with anywhere near enough bids to get your 'investment' back) has some max withdrawal per day.
You're right, but you'll agree with me that the attack should consist of 80 small transactions, involving sellers who are not superalert as moneychangers or bankers are.
Quote
Once again, the reason this is not profitable is that you have to match the entire network, but you only get a little tiny slice of the flow, not "everything conceivably for sale for bitcoins"
I agree. The goal of the attacker should not be to steal everything available in Bitcoin, but just enough to reap a positive ROI.
Quote
And this attack does not get more profitable as USD/BTC increases. Difficulty has been increasing faster than price for a long time. It is getting more costly at a faster rate than the payout is growing.
A technical question: isn't owning the majority of the CPU power enough to impose a malicious chain, regardless of the size and age of the network, and the consequent difficulty ?
I don't really see how you'd get a positive ROI if you factor in the previous assertion "the price would plummet"
As I wrote above, I'm happy and eager to learn what I don't know about BTC, and I love the spirit of it. Unfortunately, according to the calculations on http://www.quora.com/Is-Bitcoin-doomed-to-fail it looks like the ROI of such attack would be positive.
After such an attack:
-The attacker is happy, because he now owns good and services with intrinsic value.
-The BTCs owners could be very sad, because panic could trigger a drop in the FRN/BTC exchange ratio, triggering evaporation of purchasing power of their BTCs, e.g. their BTCs can buy much less goods and services than before the attack.
Quote
That cannot be done. The transaction will not look valid to any clients no matter if it is in the longest chain or not. The attacker cannot send coins from a public address that he does not have the private key for. The way this attack works is that a legitament spend happens in, say, block 105000. After the merchant acknowledges it the attacker releases a new 105000 and as many blocks after it as needed to make it the longest chain. Now the network knows the attacker holds the coin because there is no record of the transaction.
Thanks for explaining this, I've edited my question to correct how BTCs can be double-spent in the attack.
Quote
In short, I don't think a for-profit attack is likely.
Why, if the ROI of such an attack is positive ?
Quote
Government attacks are where the risk is imo, damaging stuff is a lot more viable when you are using other peoples money. We have some advantages though, government is slow to act and difficulty is growing exponentially at least for now.
If the ROI of an attack is positive now, it will be positive at any given time, since minting is not involved in such an attack scenario. Instead, given the FRN/BTC ratio is growing exponentially, the likelihood of such an attack would grow exponentially with time.
Quote
I didn't think of this when I was writing my last post, but doesn't this make it difficult for even someone with ~60% to double spend and make it look good for a whole day? Going all the way back a whole day would take about 5 days if you were writing 6 blocks for every 5. Am I thinking correctly?
The attacker is spending BTCs, and then creating a fake payback from the recipient to himself with his malicious subnet closing blocks faster than the honest subnet, therefore the malicious block chain is regarded by every client as the best one.
I have a few thoughts. An attacker isn't likely to want a bunch of services, those can't usually be resold easily. Goods will usually not ship until the next day so the attacker has to overcome the whole network for ~12 or more. Even if he pulls this off people will notice and many will be warned not to ship goods ordered after X time. Gambling sites don't make a great target, because you win bitcoins, which will be devalued if you are successful. The exchanges are probably the most fertile ground, but major
exchanges (where the most money will be available) will have the best detection of funny business.
In addition to all the power that the attacker will have to buy or rent there will be a lot of planning involved. They need to search out what goods will ship fast enough to go out during their attack, if they can't hold on to the network for over a day this will only be certain parts of the world. They need to set up a place or places for delivery, and a way to resell the goods unless they are doing this for their own consumption. They need to find all the little exchanges and make accounts and set up bank accounts to send the money to, under different names I guess. LR makes this pretty easy though.
exchanges (where the most money will be available) will have the best detection of funny business.
In addition to all the power that the attacker will have to buy or rent there will be a lot of planning involved. They need to search out what goods will ship fast enough to go out during their attack, if they can't hold on to the network for over a day this will only be certain parts of the world. They need to set up a place or places for delivery, and a way to resell the goods unless they are doing this for their own consumption. They need to find all the little exchanges and make accounts and set up bank accounts to send the money to, under different names I guess. LR makes this pretty easy though.
You can have a fast attack scenario targeting fast-shipping goods and services, and a slow-attack scenario targeting slow-shipping goods and services.
Quote
Do you mean that after an attack people will stop using bitcoin?
No. I mean the FRN/BTC exchange ratio would plummet, therefore goods and service providers will ask for more BTCs for the same goods and services, therefore the purchasing power in the hands of a BTC owner evaporates.
Hi guys,
Again, I love the spirit of Bitcoin and I hope the attack I'm outlining in public helps the Bitcoin project to better understand possible points of failure. Unfortunately, based on your answers I'm starting to believe that the attack outlined in my Quora question (please check the latest edit at http://www.quora.com/Is-Bitcoin-doomed-to-fail) is both technically feasible and economically profitable. This is scary. Correct me if I'm wrong, since I need to know this before deciding whether to invest some money to buy BTCs or not.
To theymos:
As noted by Freemoney, it's too late: goods and services are already in the hands of the attacker.
He should buy them before the attack.
The attack should target less-sofisticated users who don't check all the forums at every given transaction. The transactions should be prepared before the attack, so that the provider is already ready to sell to the attacker before the attack starts.
Yes, it is reasonable to assume that the price of BTC will plummet. Unfortunately goods and services are already in the hands of the attacker. This means that the attacker looses nothing, while every BTC owner sees the value earned true labour or mining evaporate before his very eyes.
Again, I love the spirit of Bitcoin and I hope the attack I'm outlining in public helps the Bitcoin project to better understand possible points of failure. Unfortunately, based on your answers I'm starting to believe that the attack outlined in my Quora question (please check the latest edit at http://www.quora.com/Is-Bitcoin-doomed-to-fail) is both technically feasible and economically profitable. This is scary. Correct me if I'm wrong, since I need to know this before deciding whether to invest some money to buy BTCs or not.
To theymos:
Quote
Some obstacles, however:
- It is possible for the double-spends to be removed if the community can come to an agreement about which transactions were real.
- It is possible for the double-spends to be removed if the community can come to an agreement about which transactions were real.
As noted by Freemoney, it's too late: goods and services are already in the hands of the attacker.
Quote
- The attacker needs to actually own enough BTC in order to double-spend them.
He should buy them before the attack.
Quote
- The attack will take a few hours, which is enough for many people to notice. Satoshi might broadcast an alert.
The attack should target less-sofisticated users who don't check all the forums at every given transaction. The transactions should be prepared before the attack, so that the provider is already ready to sell to the attacker before the attack starts.
Quote
- The price will plummet after the attack, reducing the profit.
Yes, it is reasonable to assume that the price of BTC will plummet. Unfortunately goods and services are already in the hands of the attacker. This means that the attacker looses nothing, while every BTC owner sees the value earned true labour or mining evaporate before his very eyes.
Hi guys, I'm glad you're taking time to answer my question on Quora. I just edited it and corrected some details such as the hypothesis of "stealing" BTCs with the hypothesis of double-spending BTCs. Still, I'm very curious about your answer on the first of 4 points, given it looks like the most controversial of all. The other 3 also do concern me, in terms of fluctuations in the value of BTC: how much value will evaporate with government regulation, better forking, community infiltration, etc ? 10%, 30%, 50% ?
Again, the question is here:
http://www.quora.com/Is-Bitcoin-doomed-to-fail
Again, the question is here:
http://www.quora.com/Is-Bitcoin-doomed-to-fail