(not sure if you meant this to go to the list, my apologies if not)

On Mon, Nov 04, 2013 at 10:50:25AM -0500, Ittay wrote:
> On Mon, Nov 4, 2013 at 10:46 AM, Peter Todd <p...@petertodd.org> wrote:
> > On Mon, Nov 04, 2013 at 10:25:19AM -0500, Ittay wrote:
> > > Peter - how can you guarantee that the majority mines on the non-selfish
> > > block?
> >
> > Of course, it may be the case that competing near-block headers are
> > found, but no matter: as long as miners switch to the block with the
> > most hashing power, this forms a feedback effect that quickly brings
> > everyone to consensus. With everyone mining to extend the same block,
> > there's nothing the selfish miner can do; there's no disagreement to
> > exploit.
> >
> This is not the exploit! The majority you create might just as well follow
> the previously-private block, so we're back in square one.

Right, but the thing is, if all miners quickly come to consensus and are
all mining on the same block, there's nothing the attacker can exploit
in the first place.

Suppose Alice the attacker is 100 blocks ahead of the main network
somehow. We'll say the other miners are working to extend block n, and
she's in posession of 100 blocks extending that. She also has just under
50% of the hashing power.

Now when the main network finds a block n+1, Alice can do one of two
things: she can publish her own n+1 block, or she can do nothing. If she
does nothing, the main network will find block n+2 faster than she finds
n+101, so eventually she loses. Thus she has to publish.

In your attack she publishes to a subset of nodes strategicly, splitting
the hashing power between nodes working to extend her n+1, and the other
n+1 found. However, with near-target headers, very quickly all hashing
power will come to consensus and all work to extend the same block,
either theirs or Alice's. Given that they have the majority, they will
find another block faster on average than Alice can extend her lead, and
thus eventually Alice will lose.

Now there is still a slight advantage for Alice in that it takes some
time for the whole network to come to consensus, but this is a much
slimmer margin, maybe a few percentage points, so at best Alice might
need, say, 45% of the total hashing power.


Attachment: signature.asc
Description: Digital signature

Android is increasing in popularity, but the open development platform that
developers love is also attractive to malware creators. Download this white
paper to learn more about secure code signing practices that can help keep
Android apps secure.
Bitcoin-development mailing list

Reply via email to