Author Topic: How to attack Bitcoin Mining  (Read 6697 times)

0 Members and 1 Guest are viewing this topic.

Offline Empirical1

  • Hero Member
  • *****
  • Posts: 884
    • View Profile
Mineforeman conceded and blamed heavy medication...

Step 4)  Don't submit winning hashes, reducing the REVENUE of competitors by 3%

When mining you don't know if you have the winning hash until after you submit it (sometimes not even then).

Neil

Hi Neil, thanks for the input. This is the latest response I've got from BM on the forum  https://bitsharestalk.org/index.php?topic=7003.msg94085#msg94085

Your absolutely right of coarse, the miner could 'guess' what shares may solve a block without too much trouble.

Neil

P.S. I blame a head cold, I took some pseudoephedrine about an hour or two ago and I just realized I am not thinking all that straight.... I think I will stop doing test restores of VM's as well before I do some damage :P .


Wasermann added some good examples of where this may already have happened

Step 4)  Don't submit winning hashes, reducing the REVENUE of competitors by 3%

When mining you don't know if you have the winning hash until after you submit it (sometimes not even then).

Neil
There are some modified versions of mining software (I believe it was cgminer) that can be set so that found blocks are not submitted to the pool. There was a miner in China earlier this year that was mining on the eligius pool, withheld what should have been several blocks (they would have been expected to find several blocks verses what they actually found); it ended up costing the pool several hundred BTC. There was also likely a similar attack on BTC guild that lasted several months before that as their luck was way below what it should have been.

Conversation ended. Don't think I'll bump it, Bitcoin is on shaky enough ground as it is.

I was already of the opinion it was extremely vulnerable because you only had to get to two people and there was also no certainity ghash.io wasn't already malevolent.

Having said that, I guess you could argue that for the next 3-6 months at the very least DPOS can still be thwarted for the short to medium term by getting to one person and/or location.

Offline bytemaster

It is a losing proposition for me as I have nothing to gain by "controlling" the bitcoin network.  The attack would take commitment and an "exit strategy".
For the latest updates checkout my blog: http://bytemaster.bitshares.org
Anything said on these forums does not constitute an intent to create a legal obligation or contract between myself and anyone else.   These are merely my opinions and I reserve the right to change them at any time.

Offline tonyk

  • Hero Member
  • *****
  • Posts: 3308
    • View Profile
  It is an interesting thing to discuss, but I don't think BM is doing this.  At least I hope not  ;)

I am not saying he is doing it. But he is giving the idea to whoever wants (and can afford to buy so much hashing power) to do it. NXTers for the most part believe NXT will take over BTC one day, so we are not in total lack of candidates to do this....
« Last Edit: August 18, 2014, 09:17:31 pm by tonyk »
Lack of arbitrage is the problem, isn't it. And this 'should' solves it.

Offline gamey

  • Hero Member
  • *****
  • Posts: 2253
    • View Profile
Bah.  Miners are an irrational lot.  The guys still doing it aren't going to stop just because they're not making money.  It is an interesting thing to discuss, but I don't think BM is doing this.  At least I hope not  ;)

I've mentioned ghash.io and how their behavior is questionable in that it seems to be a lead up to something.  They subsidize their pool by their ridiculous hash market.

A pool could say you iterate your hash values using function X.  Then they could give you winning blocks (nonces?) to test your honesty.  Then of course you could monitor the blockchain directly and realize when you're getting a fake winner.  Perhaps they could take an already submitted winner and send it out to miners ?
I speak for myself and only myself.

Offline bytemaster

Quote
I think Bytemaster's attack has to do with simply depriving the pool and yourself of the winning hash.

Exactly.
For the latest updates checkout my blog: http://bytemaster.bitshares.org
Anything said on these forums does not constitute an intent to create a legal obligation or contract between myself and anyone else.   These are merely my opinions and I reserve the right to change them at any time.

Offline liondani

  • Hero Member
  • *****
  • Posts: 3737
  • Inch by inch, play by play
    • View Profile
    • My detailed info
  • BitShares: liondani
  • GitHub: liondani
EDIT: O hay, Bytemaster is really quick.

Yes, that is the only thing that partially concerns me. Shouldn't  he first convert all the AGS' BTC in BTSX before revealing the attack?

Maybe he did... and that explains the hit on BTC price  :P

Offline tonyk

  • Hero Member
  • *****
  • Posts: 3308
    • View Profile
EDIT: O hay, Bytemaster is really quick.

Yes, that is the only thing that partially concerns me. Shouldn't  he first convert all the AGS' BTC in BTSX before revealing the attack?
Lack of arbitrage is the problem, isn't it. And this 'should' solves it.

Offline thisisausername

When mining you don't know if you have the winning hash until after you submit it (sometimes not even then).

This is not quite true.  You always know when you have a winning hash, however (as far as I know,) this cannot be exploited.

Mining is just hashing headers and seeing if they're above the difficulty, however the header includes things such as every transaction to be included in the block.  This includes the 25 BTC reward to either the pool or you.  Since you compute the hash you always know before the pool whether it is above the difficulty or not.

So, if you're hashing for a pool and submitting occasional work, you need to set that part of the header to say that the reward should go to the pool if the difficulty is right.  Otherwise the pool has no reason to accept your shares.  If you do find a winning hash with the 25 BTC transaction going to the pool, you cannot simply change that one address because that will also change the hash and it will (almost certainly) no longer be above the difficulty.

I think Bytemaster's attack has to do with simply depriving the pool and yourself of the winning hash.

EDIT: O hay, Bytemaster is really quick.
Pjo39s6hfpWexsZ6gEBC9iwH9HTAgiEXTG

Offline bytemaster

You know if your hash might produce a block.

You are not "submitting billions of hashes to the pool" you are only submitting hashes below a certain threshold.  Simply don't return any hash below the current block chain difficulty to the pool.

You still end up submitting a lot of "work shares" but no "work shares" that might qualify as a winning hash.

It is impossible for the pools to efficiently distribute the "search process" while keeping the target of the search a "secret".   The miner needs to know they found the "secret" before they decided to broadcast it to the pool.  Because the miner is the one who knows the hash first and must DECIDE to broadcast then the miner is in control.

Effectively everyone who mines "work shares" but never shares anything that could also claim a block is earning income from the pool without actually helping to secure the network or increasing the Bitcoin difficulty.   

An attacker who can mine more efficiently than everyone else can perform this attack on the network.

Suppose the average profitability of miners is 5% and someone is able to mine with 10% margins.   They can attack the pool by doing "negative mining".  With "negative mining" they will "earn 5%" while their competitors are forced to eat losses or stop mining all together. 

With positive mining you end up increasing the bitcoin difficulty and pushing out competition.  With negative mining you end up decreasing the bitcoin difficulty while earning the same profit.   

Bitcoin difficulty is a function of the profitability of mining.  When mining in a pool it is a function of the pool payout.   If the attacker can reduce the payout of all public pools, then it will reduce the profitability of all small miners to the point where they stop mining and the network difficulty drops. 

The end result is that all pools must go private or have very stringent verification processes for people to join the pool.
For the latest updates checkout my blog: http://bytemaster.bitshares.org
Anything said on these forums does not constitute an intent to create a legal obligation or contract between myself and anyone else.   These are merely my opinions and I reserve the right to change them at any time.

Offline Empirical1

  • Hero Member
  • *****
  • Posts: 884
    • View Profile
Quote
withholding shares can be be detected with some smart heuristics

Is it possible for a pool to discern you're witholding winning hashes and block your hashing power specifically from a pool?

If you divide your attack hash power among 1000 accounts, then the probability that any one of those accounts would find a block in a given a given year is effectively 0.  No way to distinguish "unlucky" from "withholding" without a large enough sample size.   Keep the accounts small enough and you will be indictable.   (Sybil Attack)

Thanks. The latest feedback from https://bitcointalk.org/index.php?topic=744926.0


Step 4)  Don't submit winning hashes, reducing the REVENUE of competitors by 3%

When mining you don't know if you have the winning hash until after you submit it (sometimes not even then).

Neil

Offline bytemaster

Quote
withholding shares can be be detected with some smart heuristics

Is it possible for a pool to discern you're witholding winning hashes and block your hashing power specifically from a pool?

If you divide your attack hash power among 1000 accounts, then the probability that any one of those accounts would find a block in a given a given year is effectively 0.  No way to distinguish "unlucky" from "withholding" without a large enough sample size.   Keep the accounts small enough and you will be indictable.   (Sybil Attack)
For the latest updates checkout my blog: http://bytemaster.bitshares.org
Anything said on these forums does not constitute an intent to create a legal obligation or contract between myself and anyone else.   These are merely my opinions and I reserve the right to change them at any time.

Offline Empirical1

  • Hero Member
  • *****
  • Posts: 884
    • View Profile
As you're part of their pool though you would receive $27 million. So you may be at a loss too but only a $1 million or two and for that you get to make the main mining pool unprofitable.

This lets you drive hashers to your competitive pool which could then easily accumulate 51% hashing power.

I think it's something like that.

I think the shortfall is made up in the merge mining so you're not actually losing money.

You are purchasing control of the Bitcoin network for a cost much less than 51%

Yes, MUCH less. Seems pretty epic.

Edit: Apologies, I hope no-one minds, but I re-posted it on the Bitcoin forum https://bitcointalk.org/index.php?topic=744926.0

The only potentially constructive feedback I've seen so far is

Quote
withholding shares can be be detected with some smart heuristics

Is it possible for a pool to discern you're witholding winning hashes and block your hashing power specifically from a pool?
« Last Edit: August 18, 2014, 06:18:59 pm by Empirical1 »

Offline bytemaster

As you're part of their pool though you would receive $27 million. So you may be at a loss too but only a $1 million or two and for that you get to make the main mining pool unprofitable.

This lets you drive hashers to your competitive pool which could then easily accumulate 51% hashing power.

I think it's something like that.


I think the shortfall is made up in the merge mining so you're not actually losing money.

You are purchasing control of the Bitcoin network for a cost much less than 51%
For the latest updates checkout my blog: http://bytemaster.bitshares.org
Anything said on these forums does not constitute an intent to create a legal obligation or contract between myself and anyone else.   These are merely my opinions and I reserve the right to change them at any time.

Offline Riverhead

As you're part of their pool though you would receive $27 million. So you may be at a loss too but only a $1 million or two and for that you get to make the main mining pool unprofitable.

This lets you drive hashers to your competitive pool which could then easily accumulate 51% hashing power.

I think it's something like that.


I think the shortfall is made up in the merge mining so you're not actually losing money.

Offline Empirical1

  • Hero Member
  • *****
  • Posts: 884
    • View Profile
I must be missing the forest for the trees. Would a pool even notice a 3% hit to their profits? Or is it that it's 3% of their total revenue and their margins are less than 3% therefore pushing them into a red position?

Some very rough number crunching shows that it would take about $4.5MM USD to gain 3% of the total BTC hash. Assuming a pool large enough to make this attack worth while has 20% of the BTC hashing power you're looking at under a million dollars in HW. Pocket change considering the $7BB USD market cap of BTC.

I think it would be a 3% hit to their revenue not their profits.

If there were a $1 Billion in new coins made a year then a pool with 30% hash power could expect to earn $300 million in revenue. However Bitcoin margins are tight. How tight I don't know but I doubt they're making more than $15-30 million profit.

Your 3% secret hash power not submitting winning hashes would take $30 million of revenue from them, making them unprofitable.

As you're part of their pool though you would receive $27 million. So you may be at a loss too but only a $1 million or two and for that you get to make the main mining pool unprofitable.

This lets you drive hashers to your competitive pool which could then easily accumulate 51% hashing power.

I think it's something like that.