From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from fraxinus.osuosl.org (smtp4.osuosl.org [140.211.166.137]) by lists.linuxfoundation.org (Postfix) with ESMTP id EA710C013E for ; Fri, 7 Feb 2020 13:55:42 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by fraxinus.osuosl.org (Postfix) with ESMTP id D2E768651A for ; Fri, 7 Feb 2020 13:55:42 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from fraxinus.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 38x8-fM3mBRa for ; Fri, 7 Feb 2020 13:55:42 +0000 (UTC) X-Greylist: domain auto-whitelisted by SQLgrey-1.7.6 Received: from mail-qk1-f169.google.com (mail-qk1-f169.google.com [209.85.222.169]) by fraxinus.osuosl.org (Postfix) with ESMTPS id 070C786451 for ; Fri, 7 Feb 2020 13:55:42 +0000 (UTC) Received: by mail-qk1-f169.google.com with SMTP id g195so2187829qke.13 for ; Fri, 07 Feb 2020 05:55:41 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to; bh=cBz7pCklvQ1FbBP4osC6zt2fgCcDHIvexGvej73yh9s=; b=PTcR2qiQOr75ZzTukxFIr2a+BWe0+E1H/VEU4W6QZa956/LQnCCczA4KjTLMZivJsc UznE46qAI2Bz1vpD2zGjFCosyU3TPE1FjR5+0bTrhUQnPa+kiX5SQ5kp1x1C0De2Ci+g 0C4e0S79fGwVfgdQyOmUrQgGIVfHkd523zORLqh7rfSoj6yz9486IZuaTn9RIBfICJYb DtGS1w8LcDPacSi3MjQPuA6wBPwZZ6BIe+LmsDiJJ7Gmq+JkQdw4rvirKjiSjx2yvSs7 7ElHXUcw0jkPLI/2dn3eHVslYuJEuM3E9Z0Z4JfJpiQKzS8Rxqbeso0FQ8+/VfLZBvdi jJdQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to; bh=cBz7pCklvQ1FbBP4osC6zt2fgCcDHIvexGvej73yh9s=; b=dTAU3K3U/yC7bsywEO5yooK9koLIuTHrKo3a096Ts7fZr8nDX3eS6GiG+O9HUb7qxa tfP9uMjKs2IMwETZNYcOyddkReMx8HMgj0THKktW5PGq2tZwAQVscUOUKh+BBnHf2J+V nPCi03YPAPs47OXFmpjNGKrKcWmgil/44SE7zWtxIFkXG+YceV4yzaHROLQRXDtAIObc 1Bgzt5Z0V834f5S316hk4zV3b+MXl4vlhP7w8fNmnT3ow8lFJ9bWgQIARVddtWDf1yvP fpYl6o9RmusmOQpAk/dgSswfmGnwaxShB6ybQIesPdGxANGhDTQ5GP0Xrq4tZEoq3Vd+ VYMg== X-Gm-Message-State: APjAAAUYED2bmgaiV+6HheJbkCaNtPK6PZPlAknPswiEzKm225n5BBJq 3XqBoMkllECbktMM4lgSkIthC6EbznS72EviWftzGvHLCQk= X-Google-Smtp-Source: APXvYqxX7mkcBNKFJCPbA5eFpPTVbhMoyHTYI6fohQ8RYtty0gOvdPZ0VkG5vyvO4ur9pvFHgSVkfQnzzqOMlAW3tP4= X-Received: by 2002:ae9:ee11:: with SMTP id i17mr7424506qkg.333.1581083740682; Fri, 07 Feb 2020 05:55:40 -0800 (PST) MIME-Version: 1.0 References: In-Reply-To: From: Mike Kelly Date: Fri, 7 Feb 2020 13:55:29 +0000 Message-ID: To: Bitcoin Protocol Discussion Content-Type: multipart/alternative; boundary="000000000000b93eaf059dfcbefc" X-Mailman-Approved-At: Fri, 07 Feb 2020 15:55:50 +0000 Subject: Re: [bitcoin-dev] Purge attacks (spin on sabotage attacks) X-BeenThere: bitcoin-dev@lists.linuxfoundation.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: Bitcoin Protocol Discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 07 Feb 2020 13:55:43 -0000 --000000000000b93eaf059dfcbefc Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Since I raised this with Hasu in early Jan[0], I've been looking for ways to eliminate transaction replacement that are consensus compatible (since first safe seen is not). The best I could come up with is "Uncontested Safe", which I've tried to sketch out in a brief medium article[1]. Am I retracing steps? Feedback would be appreciated. [0] https://twitter.com/mikekelly85/status/1217590668735983622 [1] https://medium.com/@mikekelly85/uncontested-safe-protocol-e5af8c145f1 Cheers, M On Sat, Feb 1, 2020 at 10:12 PM ha su via bitcoin-dev < bitcoin-dev@lists.linuxfoundation.org> wrote: > Hi all, > > I think I discovered an interesting form of sabotage attack (possible for > miners) that tries to create coordination disincentives among Bitcoin use= rs > - named after the dystopian movie The Purge, where all crime is legal for > one night every year. > > TLDR > * An attacker replaces the most recent blocks full of transactions with > empty blocks. > * Previously confirmed txns return into the mempool, where anyone with a > minimum of technical knowledge or access to public tools can > opportunistically double-spend their txns back to themselves. (the proces= s > is the same as double-spending regular zero-conf txns) > > The attack seems useful to undermine trust in Bitcoin's assurances, e.g. > the future finality of transactions. It differs from other forms of > sabotage (e.g. DoS by mining only empty blocks) in that it specifically > disrupts the coordination process among users in response to the attack. > > By giving some users a chance to benefit from the attack, the attacker > gives them a vested interest in staying on the attack chain. If enough > users accept the invitation to double-spend, it might become harder to co= me > to consensus on how to deal with the attack. > > Purge attacks probably don=E2=80=99t constitute a bigger risk than other = known > forms of sabotage attacks, but seem like an interesting spin where the > attacker specifically targets the pre-coordination of defenders. > > You can find the full report, incl. some mitigations against sabotage > attacks, at > https://blog.deribit.com/insights/destabilizing-bitcoin-consensus-with-pu= rge-attacks/ > > Your feedback is highly appreciated. > > Regards, > Hasu > > _______________________________________________ > bitcoin-dev mailing list > bitcoin-dev@lists.linuxfoundation.org > https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev > --=20 Mike http://twitter.com/mikekelly85 http://linkedin.com/in/mikekelly123 --000000000000b93eaf059dfcbefc Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
Since I raised this with Hasu in early Jan[0], I've be= en looking for ways to eliminate transaction replacement that are consensus= compatible (since first safe seen is not). The best I could come up with i= s "Uncontested Safe", which I've tried to sketch out in a bri= ef medium article[1].


On Sat, Feb 1, 2020 at = 10:12 PM ha su via bitcoin-dev <bitcoin-dev@lists.linuxfoundation.org> wrote:
Hi a= ll,

I think I discovered an interesting form of sabotage attack (pos= sible for miners) that tries to create coordination disincentives among Bit= coin users - named after the dystopian movie The Purge, where all crime is = legal for one night every year.

TLDR
* An attacker replaces the m= ost recent blocks full of transactions with empty blocks.
* Previously = confirmed txns return into the mempool, where anyone with a minimum of tech= nical knowledge or access to public tools can opportunistically double-spen= d their txns back to themselves. (the process is the same as double-spendin= g regular zero-conf txns)

The attack seems useful to undermine trust= in Bitcoin's assurances, e.g. the future finality of transactions. It = differs from other forms of sabotage (e.g. DoS by mining only empty blocks)= in that it specifically disrupts the coordination=C2=A0process among users= in response to the attack.=C2=A0

By giving some users a chance to b= enefit from the attack, the attacker gives them a vested interest in stayin= g on the attack chain. If enough users accept the invitation to double-spen= d, it might become harder to come to consensus on how to deal with the atta= ck.

Purge attacks probably don=E2=80=99t constitute a bigger risk th= an other known forms of sabotage attacks, but seem like an interesting spin= where the attacker specifically targets the pre-coordination of defenders.=

You can find the full report, incl. some mitigations against sabota= ge attacks, at=C2=A0https://blog.d= eribit.com/insights/destabilizing-bitcoin-consensus-with-purge-attacks/=

Your feedback is highly appreciated.

Regards,
Hasu
_______________________________________________
bitcoin-dev mailing list
= bitcoin-dev@lists.linuxfoundation.org
https://lists.linuxfoundation.org/mail= man/listinfo/bitcoin-dev


--
--000000000000b93eaf059dfcbefc--