1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
|
Received: from sog-mx-1.v43.ch3.sourceforge.com ([172.29.43.191]
helo=mx.sourceforge.net)
by sfs-ml-2.v29.ch3.sourceforge.com with esmtp (Exim 4.76)
(envelope-from <btcdev@quinnharris.me>) id 1Vdp5K-0002Lp-LW
for bitcoin-development@lists.sourceforge.net;
Tue, 05 Nov 2013 22:26:54 +0000
Received-SPF: pass (sog-mx-1.v43.ch3.sourceforge.com: domain of quinnharris.me
designates 67.223.164.214 as permitted sender)
client-ip=67.223.164.214; envelope-from=btcdev@quinnharris.me;
helo=fza.durangomail.com;
Received: from fza.durangomail.com ([67.223.164.214])
by sog-mx-1.v43.ch3.sourceforge.com with esmtp (Exim 4.76)
id 1Vdp5J-0003je-97 for bitcoin-development@lists.sourceforge.net;
Tue, 05 Nov 2013 22:26:54 +0000
Received: from localhost (localhost [127.0.0.1])
by fza.durangomail.com (Postfix) with ESMTP id 8D8EE1E03F5
for <bitcoin-development@lists.sourceforge.net>;
Tue, 5 Nov 2013 15:07:23 -0700 (MST)
X-Virus-Scanned: amavisd-new at fza.durangomail.com
Received: from fza.durangomail.com ([127.0.0.1])
by localhost (fza.durangomail.com [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id gxnZSsW__t-t
for <bitcoin-development@lists.sourceforge.net>;
Tue, 5 Nov 2013 15:07:19 -0700 (MST)
Received: from localhost (localhost [127.0.0.1])
by fza.durangomail.com (Postfix) with ESMTP id 899FD1E03FF
for <bitcoin-development@lists.sourceforge.net>;
Tue, 5 Nov 2013 15:07:19 -0700 (MST)
DKIM-Filter: OpenDKIM Filter v2.7.1 fza.durangomail.com 899FD1E03FF
X-Virus-Scanned: amavisd-new at fza.durangomail.com
Received: from fza.durangomail.com ([127.0.0.1])
by localhost (fza.durangomail.com [127.0.0.1]) (amavisd-new, port 10026)
with ESMTP id qI__ci5ndpAT
for <bitcoin-development@lists.sourceforge.net>;
Tue, 5 Nov 2013 15:07:19 -0700 (MST)
Received: from [192.168.0.109] (pc-149-184-100-190.cm.vtr.net
[190.100.184.149])
by fza.durangomail.com (Postfix) with ESMTPSA id DD66C1E03F5
for <bitcoin-development@lists.sourceforge.net>;
Tue, 5 Nov 2013 15:07:18 -0700 (MST)
Message-ID: <52796C14.5070300@quinnharris.me>
Date: Tue, 05 Nov 2013 19:07:16 -0300
From: Quinn Harris <btcdev@quinnharris.me>
User-Agent: Mozilla/5.0 (X11; Linux i686;
rv:24.0) Gecko/20100101 Thunderbird/24.1.0
MIME-Version: 1.0
To: bitcoin-development@lists.sourceforge.net
References: <N1-9eAtMHauq2@Safe-mail.net>
In-Reply-To: <N1-9eAtMHauq2@Safe-mail.net>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
X-Spam-Score: -1.6 (-)
X-Spam-Report: Spam Filtering performed by mx.sourceforge.net.
See http://spamassassin.org/tag/ for more details.
-1.5 SPF_CHECK_PASS SPF reports sender host as permitted sender for
sender-domain
-0.0 SPF_PASS SPF: sender matches SPF record
0.0 URIBL_BLOCKED ADMINISTRATOR NOTICE: The query to URIBL was blocked.
See
http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block
for more information. [URIs: safe-mail.net]
-0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from
author's domain
0.1 DKIM_SIGNED Message has a DKIM or DK signature,
not necessarily valid
-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature
X-Headers-End: 1Vdp5J-0003je-97
Subject: Re: [Bitcoin-development] Possible Solution To SM Attack
X-BeenThere: bitcoin-development@lists.sourceforge.net
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: <bitcoin-development.lists.sourceforge.net>
List-Unsubscribe: <https://lists.sourceforge.net/lists/listinfo/bitcoin-development>,
<mailto:bitcoin-development-request@lists.sourceforge.net?subject=unsubscribe>
List-Archive: <http://sourceforge.net/mailarchive/forum.php?forum_name=bitcoin-development>
List-Post: <mailto:bitcoin-development@lists.sourceforge.net>
List-Help: <mailto:bitcoin-development-request@lists.sourceforge.net?subject=help>
List-Subscribe: <https://lists.sourceforge.net/lists/listinfo/bitcoin-development>,
<mailto:bitcoin-development-request@lists.sourceforge.net?subject=subscribe>
X-List-Received-Date: Tue, 05 Nov 2013 22:26:54 -0000
I don't think choosing the block with the lowest hash is the best
option. The good and bad miners have an equal probability of finding a
lower hash. But after Alice finds a block she can easily determine the
probability that someone else will find a lower hash value that meets
the difficulty requirement. This can be used to judge if its best to
start working on the next block or work on finding a lower value hash to
increase the chance her block is used.
Its better if the block is chosen in a way that doesn't let Alice know
the probability her block will be chosen. One simple possibility is to
start at the least significant bit of the hash and whichever has a 1 is
chosen and if both bits are the same the next bit is used.
This should be pseudo random and not give Alice any knowledge ahead of
time if her block will be chosen. This would prevent the network hash
power from being split between two branches unlike each node choosing a
random block.
Quinn
On 11/05/2013 05:51 PM, colj@Safe-mail.net wrote:
> Preliminary:
> Alice has the ability to hear of a block before all other miners do.
>
> The Problem:
> Say Alice built a block, A1, from previous block 0. She doesn't let other miners know about it. She then works on A2 with previous block A1. Bob on the other hand is still working on B1 with previous block 0. Bob now finds a block and he broadcasts it. The assumption here is Alice will be the first miner to hear of this block and she will send her previously mined block, A1, to all other miners. By the time Bobs block arrives to other miners majority of them will already have received Block A1 and Bobs block will most likely be orphaned. Alice revealed her block, A1, only when Bob broadcast his block. This means she has been mining on block A2 with previous block A1 for longer than any other miner thus gaining an advantage without increasing her hash rate.
>
> What We Know:
> Alice has gained an advantage with time. She mines longer on the valid block.
> In order for this attack to work Alice must reveal her previously mined block as late as possible, gaining her the most time spent working on the valid block. Since she has such good view of the Bitcoin network she can wait until a miner finds a block to release her previously mined block.
>
> The most obvious sign of this attack taking place is the timing. A miner will receive a block and very quickly hear of another block both built from the same previous block.
>
> The block that a miner hears first is the one which will be mined on.
>
> Possible Solution:
> If N amount of blocks built of the same previous block are received within a time frame of T mine on the block with the lowest hash.
>
> Logic:
> In order for Alice to pull of this attack she not only has to propagate her blocks first she must also ensure her blocks are of the smallest hash.
>
> Alice would now have to decrease her target to pull of this attack. Since she has a lower target it will take her longer to find a valid block negating her time advantage.
>
>
> colj
>
> ------------------------------------------------------------------------------
> November Webinars for C, C++, Fortran Developers
> Accelerate application performance with scalable programming models. Explore
> techniques for threading, error checking, porting, and tuning. Get the most
> from the latest Intel processors and coprocessors. See abstracts and register
> http://pubads.g.doubleclick.net/gampad/clk?id=60136231&iu=/4140/ostg.clktrk
> _______________________________________________
> Bitcoin-development mailing list
> Bitcoin-development@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/bitcoin-development
|