BitShares Forum
Main => General Discussion => Topic started by: bytemaster on August 16, 2014, 04:46:57 am
-
Step 1) Buy 3% of the hash power (secretly)
Step 2) Set up a mining pool that merge mines Namecoin (or other alts) and auto sells for BTC, thus charging a negative fee
Step 3) Once your pool has enough hash power (3-4%), point your secret hash power at top mining pool
Step 4) Don't submit winning hashes, reducing the REVENUE of competitors by 3%
Step 5) Continue to subsidize your pool with BTC earned from competitors pools
Result: Competitors pools become unprofitable and your pool is the only profitable option, your pool gets 51%
Step 6) Randomly Orphan blocks produced by other pools (cutting into their profits more, increasing your hash power further as people are forced to join your pool or eat losses on their hardware investment)
The cost of the attack is an order of magnitude cheaper than buying 51% hash power and assumes only that a large number of miners are in this to earn profits today and not to hold BTC. You appeal to their short-term greed, their thin margins, or their cash flow constraints to force them to join you to avoid losses.
The only way to combat this is to have 51% of the hash power in private pools.
-
Brilliant! !
When do we start? ;)
-
When do you start?
-
What makes you think it hasn't already started?
-
Do I misunderstand something? Won't the three % lost by the other pool be incurred by your own pool? So you will not be able to maintain profitability beyond the pool that you are attacking. I do not think merge mining will subsidize much and it can always be done by the pool that is being attacked.
-
Do I misunderstand something? Won't the three % lost by the other pool be incurred by your own pool? So you will not be able to maintain profitability beyond the pool that you are attacking. I do not think merge mining will subsidize much and it can always be done by the pool that is being attacked.
You have 3% secret hash power... you lose 3% on your 3%, but those mining in your pool lose nothing. You then take your 97% BTC earned from your 3% miners and use it to subsidize those mining on your pool.
-
Oh I thought you were redirecting your pool's hashes to attack ... but you're just using the initial 3 %. I do wonder how long it would take for the 3 % to not be written off to variance. And I suspect this type of thing might be going on already and could always be done to your pool.
-
Whoa...
-
+5%
-
I have not understand it, but it seems cool!
are you beginning the attack? ;D
-
If I have 1% of hashpower for a pool and keep the winning hashes to myself then that means I lower my own expectation by 1%. So it costs me very little to do, but hurts the whole pool for 1%. So you can attack pools this way. You lose very little but you can actually hurt a pool significantly.
It would be a dirty game. If you are heavy into bitcoin mining there are reports about which pools are under expectation etc.
-
jaw
__
floor
-
I must be missing the forest for the trees. Would a pool even notice a 3% hit to their profits? Or is it that it's 3% of their total revenue and their margins are less than 3% therefore pushing them into a red position?
Some very rough number crunching shows that it would take about $4.5MM USD to gain 3% of the total BTC hash. Assuming a pool large enough to make this attack worth while has 20% of the BTC hashing power you're looking at under a million dollars in HW. Pocket change considering the $7BB USD market cap of BTC.
-
I must be missing the forest for the trees. Would a pool even notice a 3% hit to their profits? Or is it that it's 3% of their total revenue and their margins are less than 3% therefore pushing them into a red position?
Some very rough number crunching shows that it would take about $4.5MM USD to gain 3% of the total BTC hash. Assuming a pool large enough to make this attack worth while has 20% of the BTC hashing power you're looking at under a million dollars in HW. Pocket change considering the $7BB USD market cap of BTC.
I think it would be a 3% hit to their revenue not their profits.
If there were a $1 Billion in new coins made a year then a pool with 30% hash power could expect to earn $300 million in revenue. However Bitcoin margins are tight. How tight I don't know but I doubt they're making more than $15-30 million profit.
Your 3% secret hash power not submitting winning hashes would take $30 million of revenue from them, making them unprofitable.
As you're part of their pool though you would receive $27 million. So you may be at a loss too but only a $1 million or two and for that you get to make the main mining pool unprofitable.
This lets you drive hashers to your competitive pool which could then easily accumulate 51% hashing power.
I think it's something like that.
-
As you're part of their pool though you would receive $27 million. So you may be at a loss too but only a $1 million or two and for that you get to make the main mining pool unprofitable.
This lets you drive hashers to your competitive pool which could then easily accumulate 51% hashing power.
I think it's something like that.
I think the shortfall is made up in the merge mining so you're not actually losing money.
-
As you're part of their pool though you would receive $27 million. So you may be at a loss too but only a $1 million or two and for that you get to make the main mining pool unprofitable.
This lets you drive hashers to your competitive pool which could then easily accumulate 51% hashing power.
I think it's something like that.
I think the shortfall is made up in the merge mining so you're not actually losing money.
You are purchasing control of the Bitcoin network for a cost much less than 51%
-
As you're part of their pool though you would receive $27 million. So you may be at a loss too but only a $1 million or two and for that you get to make the main mining pool unprofitable.
This lets you drive hashers to your competitive pool which could then easily accumulate 51% hashing power.
I think it's something like that.
I think the shortfall is made up in the merge mining so you're not actually losing money.
You are purchasing control of the Bitcoin network for a cost much less than 51%
Yes, MUCH less. Seems pretty epic.
Edit: Apologies, I hope no-one minds, but I re-posted it on the Bitcoin forum https://bitcointalk.org/index.php?topic=744926.0
The only potentially constructive feedback I've seen so far is
withholding shares can be be detected with some smart heuristics
Is it possible for a pool to discern you're witholding winning hashes and block your hashing power specifically from a pool?
-
withholding shares can be be detected with some smart heuristics
Is it possible for a pool to discern you're witholding winning hashes and block your hashing power specifically from a pool?
If you divide your attack hash power among 1000 accounts, then the probability that any one of those accounts would find a block in a given a given year is effectively 0. No way to distinguish "unlucky" from "withholding" without a large enough sample size. Keep the accounts small enough and you will be indictable. (Sybil Attack)
-
withholding shares can be be detected with some smart heuristics
Is it possible for a pool to discern you're witholding winning hashes and block your hashing power specifically from a pool?
If you divide your attack hash power among 1000 accounts, then the probability that any one of those accounts would find a block in a given a given year is effectively 0. No way to distinguish "unlucky" from "withholding" without a large enough sample size. Keep the accounts small enough and you will be indictable. (Sybil Attack)
Thanks. The latest feedback from https://bitcointalk.org/index.php?topic=744926.0
Step 4) Don't submit winning hashes, reducing the REVENUE of competitors by 3%
When mining you don't know if you have the winning hash until after you submit it (sometimes not even then).
Neil
-
You know if your hash might produce a block.
You are not "submitting billions of hashes to the pool" you are only submitting hashes below a certain threshold. Simply don't return any hash below the current block chain difficulty to the pool.
You still end up submitting a lot of "work shares" but no "work shares" that might qualify as a winning hash.
It is impossible for the pools to efficiently distribute the "search process" while keeping the target of the search a "secret". The miner needs to know they found the "secret" before they decided to broadcast it to the pool. Because the miner is the one who knows the hash first and must DECIDE to broadcast then the miner is in control.
Effectively everyone who mines "work shares" but never shares anything that could also claim a block is earning income from the pool without actually helping to secure the network or increasing the Bitcoin difficulty.
An attacker who can mine more efficiently than everyone else can perform this attack on the network.
Suppose the average profitability of miners is 5% and someone is able to mine with 10% margins. They can attack the pool by doing "negative mining". With "negative mining" they will "earn 5%" while their competitors are forced to eat losses or stop mining all together.
With positive mining you end up increasing the bitcoin difficulty and pushing out competition. With negative mining you end up decreasing the bitcoin difficulty while earning the same profit.
Bitcoin difficulty is a function of the profitability of mining. When mining in a pool it is a function of the pool payout. If the attacker can reduce the payout of all public pools, then it will reduce the profitability of all small miners to the point where they stop mining and the network difficulty drops.
The end result is that all pools must go private or have very stringent verification processes for people to join the pool.
-
When mining you don't know if you have the winning hash until after you submit it (sometimes not even then).
This is not quite true. You always know when you have a winning hash, however (as far as I know,) this cannot be exploited.
Mining is just hashing headers and seeing if they're above the difficulty, however the header includes things such as every transaction to be included in the block. This includes the 25 BTC reward to either the pool or you. Since you compute the hash you always know before the pool whether it is above the difficulty or not.
So, if you're hashing for a pool and submitting occasional work, you need to set that part of the header to say that the reward should go to the pool if the difficulty is right. Otherwise the pool has no reason to accept your shares. If you do find a winning hash with the 25 BTC transaction going to the pool, you cannot simply change that one address because that will also change the hash and it will (almost certainly) no longer be above the difficulty.
I think Bytemaster's attack has to do with simply depriving the pool and yourself of the winning hash.
EDIT: O hay, Bytemaster is really quick.
-
EDIT: O hay, Bytemaster is really quick.
Yes, that is the only thing that partially concerns me. Shouldn't he first convert all the AGS' BTC in BTSX before revealing the attack?
-
EDIT: O hay, Bytemaster is really quick.
Yes, that is the only thing that partially concerns me. Shouldn't he first convert all the AGS' BTC in BTSX before revealing the attack?
Maybe he did... and that explains the hit on BTC price :P
-
I think Bytemaster's attack has to do with simply depriving the pool and yourself of the winning hash.
Exactly.
-
Bah. Miners are an irrational lot. The guys still doing it aren't going to stop just because they're not making money. It is an interesting thing to discuss, but I don't think BM is doing this. At least I hope not ;)
I've mentioned ghash.io and how their behavior is questionable in that it seems to be a lead up to something. They subsidize their pool by their ridiculous hash market.
A pool could say you iterate your hash values using function X. Then they could give you winning blocks (nonces?) to test your honesty. Then of course you could monitor the blockchain directly and realize when you're getting a fake winner. Perhaps they could take an already submitted winner and send it out to miners ?
-
It is an interesting thing to discuss, but I don't think BM is doing this. At least I hope not ;)
I am not saying he is doing it. But he is giving the idea to whoever wants (and can afford to buy so much hashing power) to do it. NXTers for the most part believe NXT will take over BTC one day, so we are not in total lack of candidates to do this....
-
It is a losing proposition for me as I have nothing to gain by "controlling" the bitcoin network. The attack would take commitment and an "exit strategy".
-
Mineforeman conceded and blamed heavy medication...
Step 4) Don't submit winning hashes, reducing the REVENUE of competitors by 3%
When mining you don't know if you have the winning hash until after you submit it (sometimes not even then).
Neil
Hi Neil, thanks for the input. This is the latest response I've got from BM on the forum https://bitsharestalk.org/index.php?topic=7003.msg94085#msg94085
Your absolutely right of coarse, the miner could 'guess' what shares may solve a block without too much trouble.
Neil
P.S. I blame a head cold, I took some pseudoephedrine about an hour or two ago and I just realized I am not thinking all that straight.... I think I will stop doing test restores of VM's as well before I do some damage :P .
Wasermann added some good examples of where this may already have happened
Step 4) Don't submit winning hashes, reducing the REVENUE of competitors by 3%
When mining you don't know if you have the winning hash until after you submit it (sometimes not even then).
Neil
There are some modified versions of mining software (I believe it was cgminer) that can be set so that found blocks are not submitted to the pool. There was a miner in China earlier this year that was mining on the eligius pool, withheld what should have been several blocks (they would have been expected to find several blocks verses what they actually found); it ended up costing the pool several hundred BTC. There was also likely a similar attack on BTC guild that lasted several months before that as their luck was way below what it should have been.
Conversation ended. Don't think I'll bump it, Bitcoin is on shaky enough ground as it is.
I was already of the opinion it was extremely vulnerable because you only had to get to two people and there was also no certainity ghash.io wasn't already malevolent.
Having said that, I guess you could argue that for the next 3-6 months at the very least DPOS can still be thwarted for the short to medium term by getting to one person and/or location.