MIME-Version: 1.0
References: <CAEmzEcO51GEETunPBXuecpVtZCvH4rpvcNcLsYCrDaDH=3_qVQ@mail.gmail.com>
In-Reply-To: <CAEmzEcO51GEETunPBXuecpVtZCvH4rpvcNcLsYCrDaDH=3_qVQ@mail.gmail.com>
From: Mike Kelly <mikekelly321@gmail.com>
Date: Fri, 7 Feb 2020 13:55:29 +0000
Message-ID: <CANqiZJag1nk+O6PuOJs7JG02i2QNYV_KrxKyP2XSaqk+WSVtKw@mail.gmail.com>
To: Bitcoin Protocol Discussion <bitcoin-dev@lists.linuxfoundation.org>
Content-Type: multipart/alternative; boundary="000000000000b93eaf059dfcbefc"
Subject: Re: [bitcoin-dev] Purge attacks (spin on sabotage attacks)
Precedence: list

--000000000000b93eaf059dfcbefc
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

Since I raised this with Hasu in early Jan[0], I've been looking for ways
to eliminate transaction replacement that are consensus compatible (since
first safe seen is not). The best I could come up with is "Uncontested
Safe", which I've tried to sketch out in a brief medium article[1].

Am I retracing steps? Feedback would be appreciated.

[0] https://twitter.com/mikekelly85/status/1217590668735983622
[1] https://medium.com/@mikekelly85/uncontested-safe-protocol-e5af8c145f1

Cheers,
M

On Sat, Feb 1, 2020 at 10:12 PM ha su via bitcoin-dev <
bitcoin-dev@lists.linuxfoundation.org> wrote:

> Hi all,
>
> I think I discovered an interesting form of sabotage attack (possible for
> miners) that tries to create coordination disincentives among Bitcoin use=
rs
> - named after the dystopian movie The Purge, where all crime is legal for
> one night every year.
>
> TLDR
> * An attacker replaces the most recent blocks full of transactions with
> empty blocks.
> * Previously confirmed txns return into the mempool, where anyone with a
> minimum of technical knowledge or access to public tools can
> opportunistically double-spend their txns back to themselves. (the proces=
s
> is the same as double-spending regular zero-conf txns)
>
> The attack seems useful to undermine trust in Bitcoin's assurances, e.g.
> the future finality of transactions. It differs from other forms of
> sabotage (e.g. DoS by mining only empty blocks) in that it specifically
> disrupts the coordination process among users in response to the attack.
>
> By giving some users a chance to benefit from the attack, the attacker
> gives them a vested interest in staying on the attack chain. If enough
> users accept the invitation to double-spend, it might become harder to co=
me
> to consensus on how to deal with the attack.
>
> Purge attacks probably don=E2=80=99t constitute a bigger risk than other =
known
> forms of sabotage attacks, but seem like an interesting spin where the
> attacker specifically targets the pre-coordination of defenders.
>
> You can find the full report, incl. some mitigations against sabotage
> attacks, at
> https://blog.deribit.com/insights/destabilizing-bitcoin-consensus-with-pu=
rge-attacks/
>
> Your feedback is highly appreciated.
>
> Regards,
> Hasu
>
> _______________________________________________
> bitcoin-dev mailing list
> bitcoin-dev@lists.linuxfoundation.org
> https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev
>


--=20
Mike

http://twitter.com/mikekelly85
http://linkedin.com/in/mikekelly123

--000000000000b93eaf059dfcbefc
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr">Since I raised this with Hasu in early Jan[0], I&#39;ve be=
en looking for ways to eliminate transaction replacement that are consensus=
 compatible (since first safe seen is not). The best I could come up with i=
s &quot;Uncontested Safe&quot;, which I&#39;ve tried to sketch out in a bri=
ef medium article[1].<div><br></div><div>Am I retracing steps? Feedback wou=
ld be appreciated.<div><div><br></div><div>[0]=C2=A0<a href=3D"https://twit=
ter.com/mikekelly85/status/1217590668735983622">https://twitter.com/mikekel=
ly85/status/1217590668735983622</a></div><div>[1]=C2=A0<a href=3D"https://m=
edium.com/@mikekelly85/uncontested-safe-protocol-e5af8c145f1">https://mediu=
m.com/@mikekelly85/uncontested-safe-protocol-e5af8c145f1</a><br></div></div=
></div><div><br></div><div>Cheers,</div><div>M</div></div><br><div class=3D=
"gmail_quote"><div dir=3D"ltr" class=3D"gmail_attr">On Sat, Feb 1, 2020 at =
10:12 PM ha su via bitcoin-dev &lt;<a href=3D"mailto:bitcoin-dev@lists.linu=
xfoundation.org">bitcoin-dev@lists.linuxfoundation.org</a>&gt; wrote:<br></=
div><blockquote class=3D"gmail_quote" style=3D"margin:0px 0px 0px 0.8ex;bor=
der-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir=3D"ltr">Hi a=
ll,<br><br>I think I discovered an interesting form of sabotage attack (pos=
sible for miners) that tries to create coordination disincentives among Bit=
coin users - named after the dystopian movie The Purge, where all crime is =
legal for one night every year.<br><br>TLDR<br>* An attacker replaces the m=
ost recent blocks full of transactions with empty blocks. <br>* Previously =
confirmed txns return into the mempool, where anyone with a minimum of tech=
nical knowledge or access to public tools can opportunistically double-spen=
d their txns back to themselves. (the process is the same as double-spendin=
g regular zero-conf txns)<br><br>The attack seems useful to undermine trust=
 in Bitcoin&#39;s assurances, e.g. the future finality of transactions. It =
differs from other forms of sabotage (e.g. DoS by mining only empty blocks)=
 in that it specifically disrupts the coordination=C2=A0process among users=
 in response to the attack.=C2=A0<br><br>By giving some users a chance to b=
enefit from the attack, the attacker gives them a vested interest in stayin=
g on the attack chain. If enough users accept the invitation to double-spen=
d, it might become harder to come to consensus on how to deal with the atta=
ck.<br><br>Purge attacks probably don=E2=80=99t constitute a bigger risk th=
an other known forms of sabotage attacks, but seem like an interesting spin=
 where the attacker specifically targets the pre-coordination of defenders.=
<br><br>You can find the full report, incl. some mitigations against sabota=
ge attacks, at=C2=A0<a href=3D"https://blog.deribit.com/insights/destabiliz=
ing-bitcoin-consensus-with-purge-attacks/" target=3D"_blank">https://blog.d=
eribit.com/insights/destabilizing-bitcoin-consensus-with-purge-attacks/</a>=
<br><br>Your feedback is highly appreciated.<br><br>Regards,<br>Hasu<br><br=
></div>
_______________________________________________<br>
bitcoin-dev mailing list<br>
<a href=3D"mailto:bitcoin-dev@lists.linuxfoundation.org" target=3D"_blank">=
bitcoin-dev@lists.linuxfoundation.org</a><br>
<a href=3D"https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev" =
rel=3D"noreferrer" target=3D"_blank">https://lists.linuxfoundation.org/mail=
man/listinfo/bitcoin-dev</a><br>
</blockquote></div><br clear=3D"all"><div><br></div>-- <br><div dir=3D"ltr"=
 class=3D"gmail_signature"><div dir=3D"ltr"><div>Mike<br><br><a href=3D"htt=
p://twitter.com/mikekelly85" target=3D"_blank">http://twitter.com/mikekelly=
85</a><br><a href=3D"http://linkedin.com/in/mikekelly123" target=3D"_blank"=
>http://linkedin.com/in/mikekelly123</a></div></div></div>

--000000000000b93eaf059dfcbefc--