From: ZmnSCPxj <ZmnSCPxj@protonmail.com>
To: Ruben Somsen <rsomsen@gmail.com>,
Bitcoin Protocol Discussion
<bitcoin-dev@lists.linuxfoundation.org>
Subject: Re: [bitcoin-dev] PoW fraud proofs without a soft fork
Date: Mon, 09 Sep 2019 04:14:07 +0000 [thread overview]
Message-ID: <uVQNn9hhpqlQuS-RzrUkpClVtegMRUoyIL6ITaYfNkjd_XYyu9Fh9vdAeLguzOyOrNx5FtuHk7yyZAdivqCVR2PKzF_PsoWJlsSY9oJTF7s=@protonmail.com> (raw)
In-Reply-To: <CAPv7TjaE1wF-25R=LaOES33A78ovDAp9-waiC7n5YLJnMmNs9A@mail.gmail.com>
Good morning Ruben,
> One might intuitively feel that the lack of a commitment is unsafe,
> but there seems to be no impact on security (only bandwidth). The only
> way you can be fooled is if all peers lie to you (Sybil), causing you
> to follow a malicious minority chain. But even full nodes (or the
> committed version of PoW fraud proofs) can be fooled in this way if
> they are denied access to the valid most PoW chain. If there are
> additional security concerns I overlooked, I’d love to hear them.
I think it would be better to more precisely say that:
1. In event of a sybil attack, a fullnode will stall and think the blockchain has no more miners.
2. In event of a sybil attack, an SPV, even using this style, will follow the false blockchain.
This has some differences when considering automated systems.
Onchain automated payment processing systems, which use a fullnode, will refuse to acknowledge any incoming payments.
This will lead to noisy complaints from clients of the automated payment processor, but this is a good thing since it warns the automated payment processor of the possibility of this attack occurring on them.
The use of a timeout wherein if the fullnode is unable to see a new block for, say, 6 hours, could be done, to warn higher-layer management systems to pay attention.
While it is sometimes the case that the real network will be unable to find a new block for hours at a time, this warning can be used to confirm if such an event is occurring, rather than a sybil attack targeting that fullnode.
On the other hand, such a payment processing system, which uses an SPV with PoW fraud proofs, will be able to at least see incoming payments, and continue to release product in exchange for payment.
Yet this is precisely a point of attack, where the automated payment processing system is sybilled and then false payments are given to the payment processor on the attack chain, which are double-spent on the global consensus chain.
And the automated system may very well not be able to notice this.
Regards,
ZmnSCPxj
next prev parent reply other threads:[~2019-09-09 4:14 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-09-08 3:39 [bitcoin-dev] PoW fraud proofs without a soft fork Ruben Somsen
2019-09-09 4:14 ` ZmnSCPxj [this message]
2019-09-09 4:47 ` Dragi Bucukovski
2019-09-09 6:53 ` Ruben Somsen
2019-09-09 6:58 ` ZmnSCPxj
2019-09-11 4:58 ` Ruben Somsen
2019-09-16 16:48 ` David A. Harding
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='uVQNn9hhpqlQuS-RzrUkpClVtegMRUoyIL6ITaYfNkjd_XYyu9Fh9vdAeLguzOyOrNx5FtuHk7yyZAdivqCVR2PKzF_PsoWJlsSY9oJTF7s=@protonmail.com' \
--to=zmnscpxj@protonmail.com \
--cc=bitcoin-dev@lists.linuxfoundation.org \
--cc=rsomsen@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox