Received: from sog-mx-2.v43.ch3.sourceforge.com ([172.29.43.192] helo=mx.sourceforge.net) by sfs-ml-2.v29.ch3.sourceforge.com with esmtp (Exim 4.76) (envelope-from ) id 1SbMfj-0004zn-GM for bitcoin-development@lists.sourceforge.net; Mon, 04 Jun 2012 02:05:31 +0000 X-ACL-Warn: Received: from zinan.dashjr.org ([173.242.112.54]) by sog-mx-2.v43.ch3.sourceforge.com with esmtp (Exim 4.76) id 1SbMfi-0005tA-G4 for bitcoin-development@lists.sourceforge.net; Mon, 04 Jun 2012 02:05:31 +0000 Received: from ishibashi.localnet (unknown [97.96.85.141]) (Authenticated sender: luke-jr) by zinan.dashjr.org (Postfix) with ESMTPSA id D37AA56063B; Mon, 4 Jun 2012 02:05:24 +0000 (UTC) From: "Luke-Jr" To: Peter Vessenes Date: Mon, 4 Jun 2012 02:04:55 +0000 User-Agent: KMail/1.13.7 (Linux/3.2.12-gentoonestfix-intelwr; KDE/4.8.1; x86_64; ; ) References: <201206030052.17128.luke@dashjr.org> In-Reply-To: X-PGP-Key-Fingerprint: E463 A93F 5F31 17EE DE6C 7316 BD02 9424 21F4 889F X-PGP-Key-ID: BD02942421F4889F X-PGP-Keyserver: hkp://pgp.mit.edu MIME-Version: 1.0 Content-Type: Text/Plain; charset="iso-8859-15" Content-Transfer-Encoding: 7bit Message-Id: <201206040204.57503.luke@dashjr.org> X-Spam-Score: -0.0 (/) X-Spam-Report: Spam Filtering performed by mx.sourceforge.net. See http://spamassassin.org/tag/ for more details. -0.0 T_RP_MATCHES_RCVD Envelope sender domain matches handover relay domain X-Headers-End: 1SbMfi-0005tA-G4 Cc: Bitcoin Dev Subject: Re: [Bitcoin-development] Defeating the block withholding attack X-BeenThere: bitcoin-development@lists.sourceforge.net X-Mailman-Version: 2.1.9 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 04 Jun 2012 02:05:31 -0000 On Monday, June 04, 2012 1:43:42 AM Peter Vessenes wrote: > Does it have asymmetric payoff for an attacker, that is, over time does it > pay them more to spend their hashes attacking than just mining? That depends on the pool's reward scheme. Some complicated forms are capable of getting "bonus" earnings out of the pool. Under all systems, the attacker at least gains the "hurt the pool" benefit. Given the frequency of DDoS attacks on pools, it is clear there are people who will even pay for attacks that provide no other benefit than harming pools. Under all systems, the attacker doesn't lose out in any significant way. > My gut is that it pays less well than mining, meaning I think this is > likely a small problem in the aggregate, and certainly not something we > should try and fork the blockchain for until there's real pain. If we wait until there's real pain, it will be a painful fork. If we plan it 1-2 years out, people have time to upgrade on their own before it breaks. > Consider, for instance, whether it pays better than just mining bitcoins > and spending those on 'bonuses' for getting users to switch from a pool you > hate. With this attack, attackers can hurt the pool's "luck factor" *and* spend the bitcoins they earn to bribe users away.