[Bitcoin-development] More denial-of-service prevention code to review

public inbox for bitcoindev@googlegroups.com
 help / color / mirror / Atom feed

From: Gavin Andresen <gavinandresen@gmail•com>
To: Bitcoin Dev <bitcoin-development@lists•sourceforge.net>
Subject: [Bitcoin-development] More denial-of-service prevention code to review
Date: Tue, 27 Sep 2011 13:12:09 -0400	[thread overview]
Message-ID: <CABsx9T24p5uP_jM4tsaDMsvQbM4tKnJ-wGHThVYeHiF7hdhecg@mail.gmail.com> (raw)

Pull request:
  https://github.com/bitcoin/bitcoin/pull/534

Denial-of-service prevention: orphan blocks

The attack this prevents: Generate valid "orphan" blocks and send them
to a bitcoin node. Orphan blocks are blocks that are not in the main
blockchain, and before this patch the bitcoin client would store an
arbitrary number of them in memory, in case they later became part of
the main chain.

Two checks are added:

1) Orphan blocks before the last blockchain lock-in are rejected, and
if the node sends enough of those obviously-not-part-of-the-main-chain
blocks it will be disconnected and banned.

2) Orphan blocks must have a plausible proof-of-work. It is impossible
for a difficulty 1.0 block to follow a difficulty 1-million block (it
would take at least 19 months for difficulty to drop from 1-million to
1). Orphan blocks with too-low proof-of-work are ignored, and if a
node sends ten of them it is disconnected/banned.

Requiring plausible proof-of-work for orphan blocks will make this
attack too expensive to attempt (you would have to generate valid
blocks at current difficulty).

-- 
--
Gavin Andresen

                 reply	other threads:[~2011-09-27 17:12 UTC|newest]

Thread overview: [no followups] expand[flat|nested]  mbox.gz  Atom feed

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=CABsx9T24p5uP_jM4tsaDMsvQbM4tKnJ-wGHThVYeHiF7hdhecg@mail.gmail.com \
    --to=gavinandresen@gmail$(echo .)com \
    --cc=bitcoin-development@lists$(echo .)sourceforge.net \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox