From: gladoscc <admin+g@glados•cc>
To: Bitcoin Dev <bitcoin-dev@lists•linuxfoundation.org>
Subject: [bitcoin-dev] Soft fork fix for block withholding attacks
Date: Fri, 12 Feb 2016 22:31:56 +1100 [thread overview]
Message-ID: <CAL7-sS2vb5Aid-pTHHgJ0N9O8QYP=OR3HE1bVGw32LPm6W9SUA@mail.gmail.com> (raw)
In-Reply-To: <CAL7-sS1JhXAJ_hjUpLvnPWiwsf2hOwsaZdrq9negDPZiGs4nmg@mail.gmail.com>
[-- Attachment #1: Type: text/plain, Size: 1728 bytes --]
Here's a method of fixing block withholding attacks with a soft fork:
We require blocks to choose an arbitrary target, e.g. two bytes. We
redefine the block PoW target to be "less than the difficulty, with the
last two bytes being the target".
We require blocks to include a blinded hash of the target plus some junk
(which blinds it) in the coinbase. The miner cannot arbitrarily switch
targets.
The miner can now send the block header to hashers. Hashers do not know the
target, and hence must submit all shares that matches the first PoW
criteria (below difficulty) and delegate secondary verification to the
miner. With two bytes as the target, there are 65335 false positives for
every valid block.
Finally, we require miners to communicate a proof of their target hash (ie,
the junk they generated) in a non-hashed area of the block. This can be a
protocol extension. The target is already included in the hash as the last
two bytes.
This can be deployed as a soft fork with miner opt in, triggering across
many difficulty cycles. Initially, we soft fork to require the last bit of
the block hash to be zero. The next difficulty cycle, we require the last
two bits to be zero. We do this 16 times to get 2 bytes, and then we
actually activate targets.
By then, nominal difficulty would have been cut by 2^16 (65536), but the
block target makes mining each block 65536 times as hard. We do the
progression over 16 difficulty cycles to minimise increases in block
timings. We can be more specific and progress over even more difficulty
cycles through more clever soft fork rules.
For example, Vitalik detailed "timewalking" attacks that allow effective
granular lowering of the nominal difficulty.
Critique welcome.
[-- Attachment #2: Type: text/html, Size: 1913 bytes --]
next parent reply other threads:[~2016-02-12 11:31 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <CAL7-sS0NdZ4E7qwSs9TQdvsyqrzY0q847oM2cnwEYA3ciXCs4g@mail.gmail.com>
[not found] ` <CAL7-sS3QFGg_uj0UN+vPSE1Y3-XTj3HeCaPxERznpMfhvaj28A@mail.gmail.com>
[not found] ` <CAL7-sS2DqPF0Y7+UT7qGp==MJBmHmbQW5em+XFY8ZkVPuzCPcQ@mail.gmail.com>
[not found] ` <CAL7-sS2TMUg1KTPgitzMq61-4+ppzpZ7E_aEsbLXOuBYqU_q-g@mail.gmail.com>
[not found] ` <CAL7-sS1JhXAJ_hjUpLvnPWiwsf2hOwsaZdrq9negDPZiGs4nmg@mail.gmail.com>
2016-02-12 11:31 ` gladoscc [this message]
2016-02-12 15:34 ` Peter Todd
2016-02-12 16:09 ` Tier Nolan
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='CAL7-sS2vb5Aid-pTHHgJ0N9O8QYP=OR3HE1bVGw32LPm6W9SUA@mail.gmail.com' \
--to=admin+g@glados$(echo .)cc \
--cc=bitcoin-dev@lists$(echo .)linuxfoundation.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox