diff options
| author | Raystonn . <raystonn@hotmail.com> | 2015-06-08 13:07:59 -0700 |
|---|---|---|
| committer | bitcoindev <bitcoindev@gnusha.org> | 2015-06-08 20:08:15 +0000 |
| commit | 47024226a589b973d0f1383e8b9cd04c3259ced4 (patch) | |
| tree | 068c9ed2095075dca138bd3875a71a9e5dc1750d | |
| parent | a8575e960c05d116a27082d71e12468e326657fc (diff) | |
| download | pi-bitcoindev-47024226a589b973d0f1383e8b9cd04c3259ced4.tar.gz pi-bitcoindev-47024226a589b973d0f1383e8b9cd04c3259ced4.zip | |
[Bitcoin-development] New attack identified and potential solution described: Dropped-transaction spam attack against the block size limit
| -rw-r--r-- | 03/d42036acb4d17a8f2f54d0151f1eb1332111eb | 135 |
1 files changed, 135 insertions, 0 deletions
diff --git a/03/d42036acb4d17a8f2f54d0151f1eb1332111eb b/03/d42036acb4d17a8f2f54d0151f1eb1332111eb new file mode 100644 index 000000000..70875b02a --- /dev/null +++ b/03/d42036acb4d17a8f2f54d0151f1eb1332111eb @@ -0,0 +1,135 @@ +Received: from sog-mx-3.v43.ch3.sourceforge.com ([172.29.43.193] + helo=mx.sourceforge.net) + by sfs-ml-4.v29.ch3.sourceforge.com with esmtp (Exim 4.76) + (envelope-from <raystonn@hotmail.com>) id 1Z23LD-0002Cn-85 + for bitcoin-development@lists.sourceforge.net; + Mon, 08 Jun 2015 20:08:15 +0000 +Received-SPF: pass (sog-mx-3.v43.ch3.sourceforge.com: domain of hotmail.com + designates 65.55.34.204 as permitted sender) + client-ip=65.55.34.204; envelope-from=raystonn@hotmail.com; + helo=COL004-OMC4S2.hotmail.com; +Received: from col004-omc4s2.hotmail.com ([65.55.34.204]) + by sog-mx-3.v43.ch3.sourceforge.com with esmtps (TLSv1:AES256-SHA:256) + (Exim 4.76) id 1Z23LC-0004BI-Av + for bitcoin-development@lists.sourceforge.net; + Mon, 08 Jun 2015 20:08:15 +0000 +Received: from COL131-DS25 ([65.55.34.199]) by COL004-OMC4S2.hotmail.com over + TLS secured channel with Microsoft SMTPSVC(7.5.7601.22751); + Mon, 8 Jun 2015 13:08:08 -0700 +X-TMN: [CMv3MvztATh2JpcuvbsQhHdR0ilBVnMC] +X-Originating-Email: [raystonn@hotmail.com] +Message-ID: <COL131-DS25374BEFA76744E26EB8CBCDBF0@phx.gbl> +From: "Raystonn ." <raystonn@hotmail.com> +To: "Bitcoin Dev" <bitcoin-development@lists.sourceforge.net> +References: <5574E39C.3090904@thinlink.com> +In-Reply-To: <5574E39C.3090904@thinlink.com> +Date: Mon, 8 Jun 2015 13:07:59 -0700 +MIME-Version: 1.0 +Content-Type: text/plain; format=flowed; charset="UTF-8"; reply-type=original +Content-Transfer-Encoding: 7bit +X-Priority: 3 +X-MSMail-Priority: Normal +Importance: Normal +X-Mailer: Microsoft Windows Live Mail 15.4.3555.308 +X-MimeOLE: Produced By Microsoft MimeOLE V15.4.3555.308 +X-OriginalArrivalTime: 08 Jun 2015 20:08:08.0548 (UTC) + FILETIME=[D688A240:01D0A226] +X-Spam-Score: 0.6 (/) +X-Spam-Report: Spam Filtering performed by mx.sourceforge.net. + See http://spamassassin.org/tag/ for more details. + 0.2 STOX_REPLY_TYPE STOX_REPLY_TYPE + -1.5 SPF_CHECK_PASS SPF reports sender host as permitted sender for + sender-domain + 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider + (raystonn[at]hotmail.com) + -0.0 T_RP_MATCHES_RCVD Envelope sender domain matches handover relay + domain + -0.0 SPF_PASS SPF: sender matches SPF record + -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/, + no trust [65.55.34.204 listed in list.dnswl.org] + 1.9 STOX_REPLY_TYPE_WITHOUT_QUOTES STOX_REPLY_TYPE_WITHOUT_QUOTES +X-Headers-End: 1Z23LC-0004BI-Av +Subject: [Bitcoin-development] New attack identified and potential solution + described: Dropped-transaction spam attack against the block + size limit +X-BeenThere: bitcoin-development@lists.sourceforge.net +X-Mailman-Version: 2.1.9 +Precedence: list +List-Id: <bitcoin-development.lists.sourceforge.net> +List-Unsubscribe: <https://lists.sourceforge.net/lists/listinfo/bitcoin-development>, + <mailto:bitcoin-development-request@lists.sourceforge.net?subject=unsubscribe> +List-Archive: <http://sourceforge.net/mailarchive/forum.php?forum_name=bitcoin-development> +List-Post: <mailto:bitcoin-development@lists.sourceforge.net> +List-Help: <mailto:bitcoin-development-request@lists.sourceforge.net?subject=help> +List-Subscribe: <https://lists.sourceforge.net/lists/listinfo/bitcoin-development>, + <mailto:bitcoin-development-request@lists.sourceforge.net?subject=subscribe> +X-List-Received-Date: Mon, 08 Jun 2015 20:08:15 -0000 + +When implemented, the block size limit was put in place to prevent the +potential for a massive block to be used as an attack to benefit the miner +of that block. The theory goes that such a massive block would enrich its +miner by delaying other miners who are now busy downloading and validating +that huge block. The original miner of that large-block would be free to +continue hashing the next block, giving it an advantage. + +Unfortunately, this block size limit opened a different attack. Prior to +the limit, any attempt to spam the network by anyone other than someone +mining their own transactions would have been economically unfeasible. As +every transaction would have a fee, there would have been a real cost for +every minute of spam. The end result would have been a transfer of wealth +from spammer to Bitcoin miners, which would have harmed the spammers and +encouraged further mining of Bitcoin, a very antifragile outcome. + +But now we have the block size limit. Things are very different with this +feature in place. The beginning of a spam attack on the Bitcoin network +will incur transaction fees, just like before. But if spam continues at a +rate exceeding the block size limit long enough for transactions to be +dropped from mempools, the vast majority of spam transaction fees will never +have to be paid. In fact, as real users gain in desperation and pay higher +fees to get their transactions through in a timely manner, the spammers will +adjust their fees to minimize the cost of the attack and maximize +effectiveness. Using this method, they keep their fees at a point that +causes most of the spam transactions to be dropped without confirmation +(free spam), while forcing a floor for transaction fees. Thus, while spam +could be used by attackers to disable the network entirely, by paying +high-enough fees to actually fill the blocks with spam, it can also be used +by a single entity to force a transaction fee floor. Real users will be +forced to pay a transaction fee higher than the majority of the spam to get +their transactions confirmed. So this is an effective means for a minority +of miners to force higher fees through spam attacks, even in the face of +benevolent miners who would not support a higher fee floor by policy. +Miners would simply have no way to fix this, as they can only put in the +transactions that will fit under the block size limit. + +In the face of such a spam attack, Bitcoin's credibility and usability would +be severely undermined. The block size limit enables this attack, and I now +argue for its removal. But we can't just remove it and ignore the problem +that it was intended to address. We need a new fix for the large-block +problem described in the first paragraph that does not suffer from the +dropped-transaction spam-attack problem that is enabled by the block size +limit today. My proposal is likely to be controversial, and I'm very much +open to hearing other better proposals. + +Large blocks created by a miner as a means to spam other miners out of +competition is a problem because miners do not pay fees for their own +transactions when they mine them. They collect the fees they pay. This +breaks the economic barrier keeping people from spamming the network, as the +spamming is essentially free. The proposed fix is to add a new rule on how +fees are handled. Some amount of every fee should be considered as burned +and can never be spent. I will propose 50% of the fee here, but there may +be better numbers that can be discovered prior to putting this into place. +If we'd like miners to continue to collect the same fees after this change, +we can suggest the default fee per transaction to be doubled. Half of every +fee would be burned and disappear forever, effectively distributing the +value of those bitcoins across the entire money supply. The other half +would be collected by the miner of the block as is done today. This +solution would mean large blocks would cost a significant number of bitcoin +to create, even when all of the transactions are created by the miner of +that block. For this to work, we'd need to ensure a minimum fee is paid for +most of the transactions in every block, and the new transaction fee rule is +in place. Then the block size limit can be removed. + +Raystonn + + + |