I don't understand how your proposal will work for decentralized pools - can you explain it more concretely?
On Monday, June 04, 2012 8:49:48 PM Mike Koss wrote:With decentralized pools, the attacker does have access to the block, and can
> As I understand the attack, the attacker gets compensated for the shares
> they earn, but the pool will be denied any valid blocks found. The
> attacker DOES NOT have access to the Bitcoins earned in the unreported
> block (only the mining pool has access to the Coinbase address and
> transactions in the block).
potentially submit it to the Bitcoin network directly bypassing the pool if it
benefits them to do so.
Because of the above, there is a possibility an attacker can make a profit.
> So it's a zero-net-cost attack for the attacker (but no chance of making a
> profit) to hurt the pool operator.
There are other modes of detection, but nobody has bothered to implement them
> The only way to detect such an attack now is to look for "unlucky" miners;
> at the current difficulty, you can't detect this cheat until many millions
> of shares have been earned w/o a qualifying block. Since an attacker can
> also create many fake identities, they can avoid detection indefinitely by
> abandoning each account after a million earned shares.
since attackers can easily do a simple workaround in an arms race.
With my proposal, miners can find shares, but won't know if it's a valid block
> I don't understand your proposal for fixing this. You would have to come
> up with a scheme where:
>
> - The miner can detect a qualifying hash to earn a share.
> - Not be able to tell if the hash is for a valid block.
until the subsequent block is also found (that subsequent block might not end
up being a real block in the big picture).
This only works for centralized pools, which are contrary to the health of the
> The way I would do this is to have a secret part (not shared with the
> miners) of a block that is part of the merkle hash, which is also used in a
> secondary hash. Difficulty is then divide into two parts: the first,
> solved by the miner (earning a "share" - e.g., 1 in 4 Billion hashes). And
> a second, solved by the pool (1 in Difficulty shares). A valid block would
> have to exhibit a valid Share Hash AND a valid Pool Hash in order to be
> accepted.
Bitcoin network. Decentralized pools cannot have a secret.