Author Topic: Discussion about my misunderstanding of the block-withholding pool attack.  (Read 2074 times)

0 Members and 1 Guest are viewing this topic.

Offline gamey

  • Hero Member
  • *****
  • Posts: 2253
    • View Profile
https://bitcointalk.org/index.php?topic=267181.0

It's a little old but it answers the question.  You cannot take a block created from the work a pool assigns you and submit it as your own.   Changing any of the inputs would invalidate the hash.   That's what you're talking about right?

Ok, after reading further into the thread.  I am wrong.  Toast was right.  You can withhold the block from the pool, but you can not move the hash elsewhere.  So it isn't a way to double your payout. Damn, I was curious to watch it all play out.

I knew something wrong.  It is just too obvious.  I guess I'lll fix my OP so no one is bothered reading all of it.  Sigh.
« Last Edit: May 11, 2014, 06:21:28 am by gamey »
I speak for myself and only myself.

Offline puppies

  • Hero Member
  • *****
  • Posts: 1659
    • View Profile
  • BitShares: puppies
https://bitcointalk.org/index.php?topic=267181.0

It's a little old but it answers the question.  You cannot take a block created from the work a pool assigns you and submit it as your own.   Changing any of the inputs would invalidate the hash.   That's what you're talking about right?
https://metaexchange.info | Bitcoin<->Altcoin exchange | Instant | Safe | Low spreads

Offline gamey

  • Hero Member
  • *****
  • Posts: 2253
    • View Profile
P2pool solves different problems.  It is sort of a DAC pool.  It keeps the pool operators honest but doesn't do much else.

It does not however have any mechanism to verify that you have only submitted a blocking hash.

I do not profess to be an expert in the stratum protocol but I do have a bit of experience dealing with it. 

As it currently is, a miner should be able to tell if any given hash will solve a block. (if not from the pool connection, then from a connection to their own bitcoind)  So they just withhold that and submit it directly to the coin's network through a 2nd channel thereby receiving the full block reward.  The proof of waste all goes to the pool.  So gametheory solution would have everyone do this until it gets to the point of solo-mining because everyone is cheating.

There was one suggestion of sending out fake getwork's that would have a solvable nonce.  (Sorry if I misuse terms)  However not every miner iterates the nonces the same way so that approach won't work too well.  Too many false positives.

You could do it statistically, but it takes too much data.

I can't remember if someone had a working detection system that would require a hard fork. Maybe I'll track down the thread on bitcointalk.  I find this very interesting.  If you wanted to attack POW you could basically release this exploit into the wild and any miner who reads forums would wise up.  It'd screw over some people, but it must already be happening.
« Last Edit: May 11, 2014, 05:41:00 am by gamey »
I speak for myself and only myself.

Offline puppies

  • Hero Member
  • *****
  • Posts: 1659
    • View Profile
  • BitShares: puppies
I'm not qualified to answer this,  but I recall an explanation from p2pool about why this wouldn't work with p2pool.  Perhaps the same mechanism would prevent it from working with other pools.   I'll try to find the explanation.
https://metaexchange.info | Bitcoin<->Altcoin exchange | Instant | Safe | Low spreads

Offline tonyk

  • Hero Member
  • *****
  • Posts: 3308
    • View Profile
If it was 10-15 years ago that is exactly what I would be doing. (Believe me with age coding becomes surprisingly unpleasant task, no matter the rewards).
Which simply means that not only it is possible, but I bet a lot of people are doing it as we write this and have been doing it for a long time.-> Doing solo-mining and submitting whatever qualifies as share to not one, but as many pools as they can…

So, to answer your question (not that this is the main issue here): do not expect any changes in regard to centralization/ decentralization any time soon.

Maaan... this/those Satoshi guy/s is/are pretty smart...Sigh.
« Last Edit: May 11, 2014, 06:40:46 am by tonyk »
Lack of arbitrage is the problem, isn't it. And this 'should' solves it.

Offline toast

  • Hero Member
  • *****
  • Posts: 4001
    • View Profile
  • BitShares: nikolai
I think you can mine without knowing the full block. You work on the digest but need to aubmit the whole block

Sent from my SCH-I535 using Tapatalk

Do not use this post as information for making any important decisions. The only agreements I ever make are informal and non-binding. Take the same precautions as when dealing with a compromised account, scammer, sockpuppet, etc.

Offline gamey

  • Hero Member
  • *****
  • Posts: 2253
    • View Profile
EDIT -  I misunderstood the attack.  While a person can punish a pool by withholding a block, they can not then submit that hash elsehwere for the block.  Toast was right.  Good to know you Bitshares guys are on top of things.  I should have reread a relevant thread again. I just got all excited. ;)  If any mod wants to delete this, feel free as it serves no purpose but clutter IMO.  My apologies.












Let me explain the exploit.  I wish I had the original thread from bitcointalk, but it was a conversation I just had that led me to these conclusions. 

Basically any miner of a pool can withhold blocks from the pool and submit them via a regular solomining setup.  This doubles your expectation if no one else is doing it with no real downside except it is basic thievery.

BTCGuild is supposedly running quite under expectation.  Hmmm..

This exploit will introduce some form of private pools that rely on a reputation system.  Even that would be a hard sell.  So outside of private pools, it forces people to go back to solo mining or to lose a lot of expectation due to being cheated. 

Solo mining doesn't work so well and will discourage a LOT of small time miners when they run bad for months or longer. 

The end result is the guys who don't have enough hashing power to solo mine without really high variance will be forced to use pools which are likely exploited or they give up in frustration.

So will this lead to centralization or decentralization?  After playing out the scenarios to me, I think it will lead to decentralization as pools just simply can not be as large as they once were.  They'll fragment as people form pools around some form of trust systems.  By necessity the pools will be smaller.  So we will have smaller pools and less people mining.  These trust systems could utilize historic data from a pool's accounts and their blocking vs hashing rates.  (You still would not have enough data IMO for most users with BTC)

Whether this is more or less decentralized is not 100% clear, but I tend to go with being more decentralized as pools themselves really are a security issue.

I suspect whatever the outcome is, POW is going to come out not looking so great.  :)

Thoughts ?  Is gamey confused again ?  If someone knows some threads with better explanations please post them. 

I did not read a reasonable way to work around this either. Multipools around scrypt/gpus are a different thing and not near as exploitable. However I really think BTC is stuck with this exploit and all the repercussions. 

Frankly I fear I am confused or I simply don't understand why this hasn't already become a huge problem.  Nice guy miners?
« Last Edit: May 11, 2014, 06:25:45 am by gamey »
I speak for myself and only myself.