Slashdot Mirror

← Back to Stories (view on slashdot.org)

Bitcoin Protocol Vulnerability Could Lead To a Collapse

Posted by ryuzaki0 on from the prepare-for-the-bitcoin-baron dept.

First time accepted submitter stanga writes "Cornell researchers unveiled an attack on the Bitcoin mining protocol that enables selfish mining pools to earn more than their fair share. In a technical report the authors explain this attack can be performed by a pool of any size. Rational miners will join this pool to increase their benefits, creating a snowball effect that may end up with a pool commanding a majority of the system's mining power. Such a pool would be able to single-handedly control the blockchain, violating the decentralized nature of the increasingly successful Bitcoin. The authors propose a patch to the protocol that would protect the system from selfish mining pools smaller than 25% of the system. They also show that Bitcoin can never be safe from selfish mining pools larger than 33% of the network, whereas it was previously believed that only groups larger than 50% of the network were a threat to the system. The question is — can the miners operating today adopt the suggested fix and dismantle too-large pools before a selfish mining pool arises?"

38 of 256 comments (clear)

  1. The Wild West by mythosaz · · Score: 4, Insightful

    Bitcoins are the wild west...and that's why they're so exciting.

    I missed the gold rush, but there's still money to be made selling shovels and pans to those who think they didn't...

    1. Re:The Wild West by mythosaz · · Score: 2

      How can they be exciting?

      Volatility, regulation, deregulation, crashes when drug sites get busted, gambling sites... ...what's not to like?

    2. Re:The Wild West by TheCarp · · Score: 2

      Not only crashes but rebounds. Hell for someone who found out about it when it was worth pennies its been an amusing ride to watch! Silk road gets popped, boom drop. But it didn't go that far, it slid back...a few months? Then it rebounded, now its even higher.

      You look at its potential audience and, the whole bitcoin economy is still on the small side of what it could be....and divisible to 8 decimal places? I wouldn't count it down and out yet, it still has the most momentum and buy-in of any alternatives; there is serious advantage to being the first to market, even if you are not the best in the end.

      --
      "I opened my eyes, and everything went dark again"
    3. Re:The Wild West by TsuruchiBrian · · Score: 4, Interesting

      bitcoin doesn't have built in deflation. The deflation is caused by the influx of people due to increasing popularity. It is true that the problems that are solved to successfully mine bitcoin get harder over time, computers also get faster and more energy efficient over time. The upperbound of bitcoin value is kept in check by the electricity cost of mining bitcoins. This limits the size of bitcoin bubbles. The value of bitcoin is not purely speculative. There is a real world limit to how valuable they can be at any time.

    4. Re:The Wild West by TsuruchiBrian · · Score: 2

      who is selling the shovels and pans?

    5. Re:The Wild West by mysidia · · Score: 3, Insightful

      I missed the gold rush, but there's still money to be made selling shovels and pans to those who think they didn't...

      *Cough* Excuse me, while I move over and start mining Litecoin.

    6. Re:The Wild West by mysidia · · Score: 2

      who is selling the shovels and pans?

      You can pre-order your excavator from Butterfly labs. You will be lucky, if they fill your order within 24 months, by which time: the network hash rate will have increased so high, that you will have a net loss on your hands.

    7. Re:The Wild West by 93+Escort+Wagon · · Score: 5, Funny

      How can they be exciting? It already costs more in power bills than you make mining and you have to have specialist hardware (unless you're stealing cycles elsewhere or are a retard when it comes to money).

      Parents are paying the electricity bills and buying the computers.

      --
      #DeleteChrome
    8. Re:The Wild West by Pseudonym+Authority · · Score: 2

      Silk Road's bust caused the price to rise actually. I presume under the (likely correct) assumption that the federal bureaucracy will sit on them for several years at the very least, if they ever even get the authorization to sell them, if they find DPR's private keys (I haven't been following that story, so I don't know if they have or not; note that what they initially seized was the escrow wallet). It's about $100 above what it was when SR went down.

    9. Re:The Wild West by Agent+ME · · Score: 3, Insightful

      The point of Bitcoin isn't mining. Complaining that you can't make money mining is like criticizing the dollar because you don't have a dollar printing machine.

    10. Re:The Wild West by Arancaytar · · Score: 2

      Well, the loss of a wallet's private key removes its contents from circulation forever. Since the number of bitcoins is limited, any level of attrition will lead to long-term deflation.

    11. Re:The Wild West by Aighearach · · Score: 4, Interesting

      Computer sales use currency, but they are not themselves currency. A market segment can grow or shrink and supply and demand balance. People still need computers, and so there will still be a market.

      A currency with built-in deflation has perverse incentives. Your money will be worth more if you don't spend it; investment is discouraged. By not engaging in commerce with your money, you enrich yourself.

      Compare that to all the real currencies, which have inflation; it will be worth less in the future. If you want to save it, you need to put it to some sort of use; for example an interest-bearing savings account where your money is actually be loaned out to other parties. And if you want better gain than that, you invest in something with either a higher risk level, or a more specific purpose.

      If there was widespread adoption of a guaranteed-deflation currency, an early adopter who was heavily invested could set up trust accounts where their ancestors would have growing spending power, without the money in the trust even being invested in anything. A future where the world is controlled by the grandchildren of the current rich, a class of aristocrats who don't have to work, but rule the world. And the more new economic activity happens, the higher percentage the old money controls! New wealth will always be worth less than the old wealth for the same activity.

    12. Re:The Wild West by TsuruchiBrian · · Score: 2

      yes people losing private keys will eventually lead to deflation when we actually get close to the 21 million cap. Until then, the fact that bitcoins are disappearing due to lost wallets only has an effect if the cost of mining is significantly higher than the current price. Otherwise, it's cheaper to mine new bitcoins than it is to buy existing bitcoins in an environment when low supply compared to high demand.

      So yes bitcoin does have some deflation built in, but it is insignificant at the current time.

    13. Re:The Wild West by TsuruchiBrian · · Score: 2, Informative

      A very slow loss of bitcoins is not a problem, especially if the level of granularity left in the existing pool is enough to allow for small transactions. Even if half the bitcoins are lost, 10.5 million bitcoins translates to 105 trillion units of currency. This is about 15,000 units of currency per person on the earth. It's not ideal, but still pretty good.

      Consider the problem of people losing paper money. It's true that new money is issued to compensate for lost/destroyed money, but it doesn't go to the person that lost it. When bitcoins are lost, more can be mined. When the cap is nearly reached, then lost bitcoins will just make the other coins more valuable. This is equivalent to printing more bitcoins and distributing them proportionally among all bitcoin owners.

      You said that new coins should be issued under a majority vote, but what would this accomplish? It would simply cause a waste of more electricity to put more bitcoins in circulation. It doesn't really change anything. When mining actually stops, it will mark a point when resources are no longer wasted for the purpose of proving work.

    14. Re:The Wild West by Vintermann · · Score: 2

      The nice thing is that all of these currencies have a finite supply! (smirk)

      --
      xkcd is not in the sudoers file. This incident will be reported.
    15. Re:The Wild West by ultranova · · Score: 2, Insightful

      Computer sales use currency, but they are not themselves currency. A market segment can grow or shrink and supply and demand balance. People still need computers, and so there will still be a market.

      Computers sales use currency, and that currency will get more computing power the longer you wait; in effect, your money will be worth more tomorrow than today, which is by definition deflation. And yes, people need or at least want computers today - and that goes for anything else they might buy.

      A currency with built-in deflation has perverse incentives. Your money will be worth more if you don't spend it; investment is discouraged. By not engaging in commerce with your money, you enrich yourself.

      How many people invest their money as is, rather than using it on coffee or other things they don't actually need? Remember, that Starbucks latte doesn't just cost you its nominal price, but also all the money you could had earned if you spent it on stock market instead. And yet I'm to believe that would suddenly start mattering to people if inflation went below zero?

      Also, speaking of perverse incentives, inflationary currency actually encourages investment that has a negative return of investment, since that can still end up beating inflation. Such a business is doomed to failure, of course, yet inflationary currency incentivizes setting them up, thus wasting resources that could be used to set up more reasonable ones or even expand or maintain public infrastructure.

      Compare that to all the real currencies, which have inflation; it will be worth less in the future. If you want to save it, you need to put it to some sort of use; for example an interest-bearing savings account where your money is actually be loaned out to other parties. And if you want better gain than that, you invest in something with either a higher risk level, or a more specific purpose.

      And what is the actual result of this? Growth based on high-risk investments, where any bankruptcy makes every other investment even riskier, eventually resulting in a cascade failure, such as the current financial hulabaloo. Some people make out like bandits, if they are rich or clever enough to make their risks public while keeping profits private, but it's anything but good to people or economy in general.

      --

      Forget magic. Any technology distinguishable from divine power is insufficiently advanced.

    16. Re:The Wild West by compro01 · · Score: 2

      The problem is that bitcoins aren't infinitely divisible. With enough deflation, the smallest possible bitcoin value

      Actually, they are. The eight-decimal-places thing is pretty much arbitrary and the level of divisibility is open to modification in the future. Such a change would be a hard fork event and thus non-trivial to set up, but it is perfectly doable. If you've got most of the hashing network on board, it's possible to swap out basically any part of the bitcoin protocol. e.g. you could swap out the hashing algorithm in the event that something unfortunate happened to SHA256.

      --
      upon the advice of my lawyer, i have no sig at this time
    17. Re:The Wild West by Arancaytar · · Score: 2

      I could see a slight game-theoretical issue. If I believe that the currency will deflate in the long term (to an extent that beats interest rates in official currencies), then I have a strong incentive to hang onto what I have rather than spending or investing it. If everybody did that, we'd already deflate the currency in the present, which would be self-reinforcing.

      Maybe the only thing counteracting this right now is the fear that the currency might collapse entirely before it reaches this point. We can see that the Bitcoin price tends to rise at an ever-increasing rate, before suddenly collapsing back as people dump it. That's happened twice before as far as I'm aware (once at a low level in 2011; once from over $250 this year), and it's currently close to breaking the previous record high.

      Unlike shares (which are tied to the value of a company) or fiat currencies (tied to the economy of a country), Bitcoin is tied entirely to the expectations of the people who own or buy it. I don't expect the value to ever stabilize - it'll either rise when people think it won't collapse in the near future, or drop when people think it will.

  2. I wonder by cold+fjord · · Score: 3, Funny

    Did the "selfish mining pools" us a Greedy algorithm?

    --
    much of left-wing thought is a kind of playing with fire by people who don't even know that fire is hot - George Orwell
  3. The "middle manager" attack by slew · · Score: 4, Insightful

    Start with an intense desire to building your own private empire that you control.
    Hiding information from others to gain a competitive advantage.
    Populating other groups with spys to see what progress they are making.
    Eventually giving rational people no choice but to join your team or be crushed.

    I propose to call this the middle manager attack.

  4. NBD by hawkeyeMI · · Score: 5, Interesting

    This attack would be very, very difficult to achieve. Doesn't seem very worrying and I'm sure it'll be fixed well before it becomes an issue. There are already some pretty good discussions on /r/Bitcoin/ covering why it's not as big a deal as the sensational headline here makes it out to be.

    --
    Error 404 - Sig Not Found
    1. Re:NBD by hawkeyeMI · · Score: 4, Informative

      Here, sorry I was a lazy bum before. http://www.reddit.com/r/Bitcoin/comments/1puk1a/arxiv_paper_majority_is_not_enough_bitcoin_mining/

      --
      Error 404 - Sig Not Found
  5. Tinfoil hat by guruevi · · Score: 5, Interesting

    So that's what the NSA datacenter is for...

    --
    Custom electronics and digital signage for your business: www.evcircuits.com
  6. Is there a way to generate value besides mining? by deathcloset · · Score: 4, Interesting

    I fairly understand that for there to be value in bitcoin there must be scarcity and that this scarcity is created via the mining mechanisms. But what I wonder is if there be any other way to create value for a virtual currency?

    I ask because to me the most interesting thing about virtual currencies and specifically bitcoin is NOT the mining aspect, but rather the distributed database. The fact the hosting or provision of the database is fundamentally bound to the value-creation process seems to be the problem here. The problem seems not to necessarily be virtual currency or distributed databases themselves. The problem seems to be that value creation is based on artificial scarcity which can be manipulated through collusion.

    There has to be another way to establish value for a virtual currency.

  7. Wow. A really really unethical headline... by Anonymous Coward · · Score: 5, Informative

    Someone trying to buy some bitcoins for cheap?

    Here is the commentary from one of the Bitcoin core developers: https://bitcointalk.org/index.php?topic=324413.msg3476697#msg3476697

    This is an old known attack which is boring, made a little more interesting by also assuming that the attacker has sybil attacked the network and inserted itself between every node. The result is that they can mine a disproportionally large share of coins. Academically interesting, but not terribly significant.

    Mostly it's just another example that overly large pools are bad for the network, and that preventing sybil attacks (e.g. by miners setting up additional trusted peerings between each other) is useful.

  8. Technology can't cure human nature by Bob_Who · · Score: 2

    Gold, salt, silver, greenbacks, plastic, bitcoin. Take your pick, None of it cures society of thieves, bank robbers, or scoundrels. And anyone who guarantees your money is secure is probably complicit in its theft. There will always be ways to steal your coin. Bitcoin just limits who might steal it.

  9. Re:Yeah, Sure ... by khallow · · Score: 2

    because it's an underground currency that doesn't have any reliable defining body

    What do you mean by "defining body"? I googled it, but all I got was cosmetics. Your shampoo has "defining body".

  10. I prefer currency 1.0 by Crashmarik · · Score: 2

    AKA Gold.

    If someone has found a way to hack gold, they have had the good sense to keep quiet about it.

    1. Re:I prefer currency 1.0 by Anubis+IV · · Score: 3, Informative

      Kinda, except that gold was used to encase the highly-valuable latinum in Star Trek because gold was virtually worthless after it became possible to replicate it (unlike latinum, which could not be replicated). In contrast, the situation here is one of gold encasing a less valuable material. I know I'm stating the obvious, but this wouldn't be Slashdot if someone wasn't playing the pedant when it comes to Star Trek.

  11. Re:Is there a way to generate value besides mining by Anonymous Coward · · Score: 3, Interesting

    Maybe you don't? Proof of work is something you do that requires work and there must be an easy way to check that the work is done. Proof of work is suppose to be consistent. So if you want your work to be find a prime number larger than 1 trillion, after the number is found; then checking it is fast and easy. But finding it may have taken a long time. Finding it will take a long time if an identical machine tries the same work. So that is proof of work, two machines can confirm that finding that prime number takes work.

    Bitcoin is, for lack of better terms, pseudo-proof of work. The work is to guess a random number + some other bits of info and make a hash. Then keep trying random numbers until you find a hash with enough zeros in the front to meet the target. Two identical computers guessing numbers will end up with a different proof of work. One computer might guess the answer before the other. So how to do you gauge which machine really did the work? Well, the machine that won claims to be the winner and has a way for the other machine to check quickly. If the other machine had continued working, it might find a different answer that is also correct, but took longer. Why is its proof work any less valid than the machine that by luck found an answer first?

    So again, bitcoin is not proof of work in the true sense. It is proof of luck. The paper basically shows that proof of luck is really no good when you get people involved because it is just like the lottery. You can play the billion dollar powerball all by yourself and never win. But what if you could gather everyone in the country together into one large lotto pool, the winner would share the winnings with everyone. So even if everyone only got $1 from the lotto, you still got something right? No one would play the lottery if the "mega-pool" of people are always going to win. Bitcoin by contrast suffers from the exact same human produced issue. Case closed.

  12. Re:Is there a way to generate value besides mining by VortexCortex · · Score: 2

    Maybe you don't? Proof of work is something you do that requires work and there must be an easy way to check that the work is done.

    What sha1 hash salted with ABCDEF ends in the hex: 01234? 01235? 01236? Please show your work, and explain why your average workload to solve this type of problem will not be consistent?

  13. Re:The problem here is.... by Agent+ME · · Score: 2

    Bitcoin isn't intended to be a money-making investment tool.

  14. Ridiculously Over-Hyped by mathimus1863 · · Score: 3, Informative

    The headline is just plain FUD. The ideas presented in that paper are merely theoretical. Not only would it be extremely difficult to achieve the right conditions to execute the attack (at the expense of losing money when you fail), but the paper makes vast assumptions about the social response to it working. Basically, the conclusion was "if this works [which it probably won't], then everyone will collectively make decisions that destroy the network because that's the rational thing to do." Obviously, it's not so rational if people don't want to see the system collapse.

    This doesn't mean it should be ignored. It's an interesting "attack" that should be kept in mind as the protocol is developed further, but it's not even close to "bitcoin collapse". The headline is perhaps just wishful thinking of the submitter.

  15. Comment removed by account_deleted · · Score: 4, Interesting

    Comment removed based on user account deletion

  16. Re:Simple Fix by Teancum · · Score: 2

    There is already some timestamping in the Bitcoin protocol, and this kind of attack was at least considered once upon a time by Satoshi before he went and disappeared.

    The time stamp process within the Bitcoin protocol is more or less an average of what most of the clients say is the current time, and that protocol could be further refined in terms of eliminating outliers (one client or a small group of clients could in theory be rejected). At the very least you can program your own packet sniffer to flag curious blocks that may indicate some sort of attack like this is going on, even if in the protocol itself doesn't directly reject these kind of blocks.

    The needs of the Bitcoin protocol do not need a hyper accurate time stamp protocol like NTP (and especially not an atomic clock), but rather "good enough" (a time stamp +/- 15 minutes or so) is sufficient. I do think a minor tweak to the Bitcoin protocol could likely implement a modest protection against all but the worst offenders of this kind of attack. It does not need to be a 3rd party time stamping service but could be implemented within the existing communication protocol and remain decentralized.

  17. Re:Simple Fix by Teancum · · Score: 2

    Except that the time stamp is built into the hash that generated the block in the first place. In other words, if you say the block was mined just one second later (which BTW sometimes does happen.... some blocks are generated very quickly after the previous block), the time stamp much also include the hash "proof" where the time code is being used as a part of the verification that the "winning" hash has in fact been achieved.

    Unfortunately the current Bitcoin protocol doesn't really care when the blocks were generated, and many clients don't even bother with properly time stamping the blocks. I guess that could change though.

  18. Re:As someone else said there.. by Vintermann · · Score: 2

    Oh, the bitcoin community is perfectly OK with misconceptions (bitcoin is anonymous, you need to control 50% of the mining pool to cheat) as long as they prop up the price.

    --
    xkcd is not in the sudoers file. This incident will be reported.
  19. Re:Is there a way to generate value besides mining by fatphil · · Score: 2

    It's effectively a poisson distribution, in which case the standard deviation is significant in comparison to the average.

    Of course, the law of large numbers will converge a large enough number of individual poissons (or anythings) onto a normal distribution, but for bitcoin the proof of work is not for "a large enough number of" results, but for a single one. That single tweak - asking for 16 results that are 16 times easier, say - would increase the fairness, and decrease the luck aspect, significantly. Likewise it would make the generation rate far more predictable. Alas, I suspect it would have some other unwanted side-effects too

    --
    Also FatPhil on SoylentNews, id 863