public inbox for bitcoindev@googlegroups.com
 help / color / mirror / Atom feed
From: Tier Nolan <tier.nolan@gmail.com>
Cc: Bitcoin Dev <bitcoin-dev@lists.linuxfoundation.org>
Subject: Re: [bitcoin-dev] We need to fix the block withholding attack
Date: Sun, 20 Dec 2015 15:30:09 +0000	[thread overview]
Message-ID: <CAE-z3OVfhUAouWmpvYGSdXBMcYo7n=0CP=yVcSy5T0kzAtWh2Q@mail.gmail.com> (raw)
In-Reply-To: <CAAt2M19QwL1AyH=pVARGa0zYKUtRM9hz8vXUzyZb05E5EhQMeA@mail.gmail.com>

[-- Attachment #1: Type: text/plain, Size: 1661 bytes --]

On Sun, Dec 20, 2015 at 12:42 PM, Natanael <natanael.l@gmail.com> wrote:

> If total difficulty is X and the ratio for full blocks to candidate blocks
> shared with the pool is Y, then the candidate block PoW now has to meet X/Y
> while hashing the candidate block PoW + the pool's commitment hash must
> meet Y, which together makes for X/Y*Y and thus the same total difficulty.


This gives the same total difficulty but miners are throwing away otherwise
valid blocks.

This means that it is technically a soft fork.  All new blocks are valid
according to the old rule.

In practice, it is kind of a hard fork.  If Y is 10, then all upgraded
miners are throwing away 90% of the blocks that are valid under the old
rules.

From the perspective of non-upgraded clients, the upgraded miners operate
at a 10X disadvantage.

This means that someone with 15% of the network power has a majority of the
effective hashing power, since 15% is greater than 8.5% (85% * 0.1).

The slow roll-out helps mitigate this though.  It gives non-upgraded
clients time to react.  If there is only a 5% difference initially, then
the attacker doesn't get much benefit.

The main differences are that there's a public key identifier the miners
> are told about in advance and expect to see in block templates, and that
> that now the pool has to publish this commitment value together with the
> block that also contains the commitment hash, and that this is verified
> together with the PoW.


I don't think public keys are strictly required.  Registering them with
DNSSEC is way over the top.  They can just publish the key on their website
and then use that for their identity.

[-- Attachment #2: Type: text/html, Size: 2401 bytes --]

  reply	other threads:[~2015-12-20 15:30 UTC|newest]

Thread overview: 47+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2015-12-19 18:42 [bitcoin-dev] We need to fix the block withholding attack Peter Todd
2015-12-19 19:30 ` Bob McElrath
2015-12-19 20:03 ` jl2012
2015-12-20  3:34 ` Chris Priest
2015-12-20  3:36   ` Matt Corallo
2015-12-20  3:43     ` Chris Priest
2015-12-20  4:44       ` Peter Todd
2015-12-26  8:12         ` Multipool Admin
2015-12-27  4:10           ` Geir Harald Hansen
2015-12-28 19:12           ` Peter Todd
2015-12-28 19:30             ` Emin Gün Sirer
2015-12-28 19:35               ` Multipool Admin
2015-12-28 19:33             ` Multipool Admin
2015-12-28 20:26             ` Ivan Brightly
2015-12-29 18:59               ` Dave Scotese
2015-12-29 19:08                 ` Jonathan Toomim
2015-12-29 19:25                 ` Allen Piscitello
2015-12-29 21:51                   ` Dave Scotese
2015-12-20  3:40   ` jl2012
2015-12-20  3:47     ` Chris Priest
2015-12-20  4:24       ` jl2012
2015-12-20  5:12         ` Emin Gün Sirer
2015-12-20  7:39           ` Chris Priest
2015-12-20  7:56             ` Emin Gün Sirer
2015-12-20  8:30               ` Natanael
2015-12-20 11:38           ` Tier Nolan
2015-12-20 12:42             ` Natanael
2015-12-20 15:30               ` Tier Nolan [this message]
2015-12-20 13:28           ` Peter Todd
2015-12-20 17:00             ` Emin Gün Sirer
2015-12-21 11:39               ` Jannes Faber
2015-12-25 11:15                 ` Ittay
2015-12-25 12:00                   ` Jonathan Toomim
2015-12-25 12:02                   ` benevolent
2015-12-25 16:11                   ` Jannes Faber
2015-12-26  0:38               ` Geir Harald Hansen
2015-12-28 20:02               ` Peter Todd
2015-12-26  8:23             ` Eric Lombrozo
2015-12-26  8:26               ` Eric Lombrozo
2015-12-26 15:33               ` Jorge Timón
2015-12-26 17:38                 ` Eric Lombrozo
2015-12-26 18:01                   ` Jorge Timón
2015-12-26 16:09               ` Tier Nolan
2015-12-26 18:30                 ` Eric Lombrozo
2015-12-26 19:34                   ` Jorge Timón
2015-12-26 21:22               ` Jonathan Toomim
2015-12-27  4:33                 ` Emin Gün Sirer

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to='CAE-z3OVfhUAouWmpvYGSdXBMcYo7n=0CP=yVcSy5T0kzAtWh2Q@mail.gmail.com' \
    --to=tier.nolan@gmail.com \
    --cc=bitcoin-dev@lists.linuxfoundation.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox