public inbox for bitcoindev@googlegroups.com
 help / color / mirror / Atom feed
From: Ethan Heilman <eth3rs@gmail•com>
To: "Kenshiro []" <tensiam@hotmail•com>,
	 Bitcoin Dev <bitcoin-dev@lists•linuxfoundation.org>
Subject: Re: [bitcoin-dev] Add a moving checkpoint to the Bitcoin protocol
Date: Fri, 2 Aug 2019 08:19:03 -0400	[thread overview]
Message-ID: <CAEM=y+UCdW2__nmQhWuL2FYvL6WKdBsF31WDFZUSdXPvgM2bvg@mail.gmail.com> (raw)
In-Reply-To: <DB6PR10MB183271245AAE84FB9AC96474A6DF0@DB6PR10MB1832.EURPRD10.PROD.OUTLOOK.COM>

[-- Attachment #1: Type: text/plain, Size: 3745 bytes --]

Attack 1:
I partition (i.e. eclipse) a bunch of nodes from the network this partition
contains no mining power . I then mine 145 blocks for this partition. I
don't even need 51% of the mining power because I'm not competing with any
other miners. Under this rule this partition will hardfork from the network
permanently. Under current rules this partition will be able to rejoin the
network as the least weight chain will be orphaned.

Attack 2:
I pre-mine 145 blocks. A node goes offline for 24 hours, when it rejoins I
feed it 145 blocks which fork off from the consensus chain. I have 24+24
hours to mine these 145 blocks so I should be able to do this with 25% of
the current hash rate at the time the node went offline. Under your rule
each of these offline-->online nodes I attack this way will hardfork
themselves from the rest of the network.

I believe a moving-checkpoint rule as describe above would make Bitcoin
more vulnerable to 51% attacks.

A safer rule would be if a node detects a fork with both sides of the split
having  length > 144 blocks, it halts and requests user intervention to
determine which chain to follow.  I don't think 144 blocks is a great
number to use here as 24 hours is very short. I suspect you could improve
the security of the rule by making the number of blocks a fork most reach
to halt the network proportional to the difference in time between the
timestamp in the block prior to the fork and the current time. I am **NOT**
proposing Bitcoin adopt such a rule.

NXT has a fundamentally different security model as it uses Proof-of-stake
rather than Proof-of-Work.

On Wed, Jul 31, 2019 at 2:37 PM Kenshiro [] via bitcoin-dev <
bitcoin-dev@lists•linuxfoundation.org> wrote:

> P.S.: To be clearer, in this example I set an N value of 144 blocks, which
> is approximately 24 hours.
>
> ------------------------------
> *From:* Kenshiro [] <tensiam@hotmail•com>
> *Sent:* Wednesday, July 31, 2019 16:40
> *To:* Alistair Mann <al@pectw•net>; Bitcoin Protocol Discussion <
> bitcoin-dev@lists•linuxfoundation.org>
> *Subject:* Re: [bitcoin-dev] Add a moving checkpoint to the Bitcoin
> protocol
>
> >>> How would a (potentially, state-sponsored) netsplit lasting longer
> than N be
> handled?
>
> It would be detected by the community much before reaching the reorg limit
> of N blocks (it's 24 hours) so nodes could stop until the netsplit is
> fixed.
>
> In the extreme case no one notice the network split during more than N
> blocks (24 hours) and there are 2 permanent forks longer than N, nodes
> from one branch could delete their local history so they would join the
> other branch.
>
> Regards,
>
>
> ------------------------------
> *From:* Alistair Mann <al@pectw•net>
> *Sent:* Wednesday, July 31, 2019 15:59
> *To:* Kenshiro [] <tensiam@hotmail•com>; Bitcoin Protocol Discussion <
> bitcoin-dev@lists•linuxfoundation.org>
> *Subject:* Re: [bitcoin-dev] Add a moving checkpoint to the Bitcoin
> protocol
>
> On Wednesday 31 Jul 2019 12:28:58 Kenshiro [] via bitcoin-dev wrote:
>
> > I would like to propose that a "moving checkpoint" is added to the
> Bitcoin
> > protocol. It's a very simple rule already implemented in NXT coin:
> >
> > - A node will ignore any new block under nodeBlockHeight - N, so the
> > blockchain becomes truly immutable after N blocks, even during a 51%
> attack
> > which thanks to the moving checkpoint can't rewrite history older than
> the
> > last N blocks.
>
> How would a (potentially, state-sponsored) netsplit lasting longer than N
> be
> handled?
> --
> Alistair Mann
>
> _______________________________________________
> bitcoin-dev mailing list
> bitcoin-dev@lists•linuxfoundation.org
> https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev
>

[-- Attachment #2: Type: text/html, Size: 7028 bytes --]

  parent reply	other threads:[~2019-08-02 12:19 UTC|newest]

Thread overview: 10+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2019-07-31 12:28 Kenshiro []
2019-07-31 13:59 ` Alistair Mann
2019-07-31 14:40   ` Kenshiro []
2019-07-31 14:53     ` Kenshiro []
2019-07-31 23:28       ` Alistair Mann
2019-08-01 10:17         ` Kenshiro []
2019-08-02 12:19       ` Ethan Heilman [this message]
2019-08-02 13:08         ` Kenshiro []
2019-08-03  0:51           ` LORD HIS EXCELLENCY JAMES HRMH
2019-08-03 10:35             ` Kenshiro []

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to='CAEM=y+UCdW2__nmQhWuL2FYvL6WKdBsF31WDFZUSdXPvgM2bvg@mail.gmail.com' \
    --to=eth3rs@gmail$(echo .)com \
    --cc=bitcoin-dev@lists$(echo .)linuxfoundation.org \
    --cc=tensiam@hotmail$(echo .)com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox