John Dillon [ARCHIVE] on Nostr: đ
Original date posted:2013-06-28 đ Original message:-----BEGIN PGP SIGNED ...
đ
Original date posted:2013-06-28
đ Original message:-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
On Fri, Jun 28, 2013 at 9:05 AM, Mike Hearn <mike at plan99.net> wrote:
>> I see some of the the other things that were concerning for me at the
>> time are still uncorrected though, e.g. no proxy support (so users
>> can't follow our recommended best practices of using it with Tor),
>
> Yeah. That's not the primary privacy issue with bitcoinj though. I'm
> much, much more concerned about leaks via the block chain than the
> network layer. Especially as Tor is basically a giant man in the
> middle, without any kind of authentication you can easily end up
> connected to a sybil network without any idea. I'd be surprised if Tor
> usage was very high amongst Bitcoin users.
Tor does not act as a particularly effective man in the middle for nodes
that support connections to hidden services because while your
connections to standard Bitcoin nodes go through your exit node, the
routing path for each hidden service peer is independent. Having said
that we should offer modes that send your self-generated transactions
out via Tor, while still maintaining non-Tor connections.
Anyway Sybil attacks aren't all that interesting if you are the one
sending the funds, and receivers are reasonably well protected simply
because generating false confirmations is extremely expensive and very
difficult to do quickly. After all, you always make the assumption that
nearly all hashing power in existence is honest when you talk about
replace-by-fee among other things, and that assumption naturally leads
to the conclusion that generating false confirmations with a sybil
attack would take more than long enough that the user would be
suspicious that something was wrong long before being defrauded.
I'd be surprised if anyone has ever bothered with a false confirmation
sybil attack. I wouldn't be the slightest bit surprised if the NSA is
recording all the Bitcoin traffic they can for future analysis to find
true transaction origins. Which reminds me, again, we need node-to-node
connections to be encrypted to at least protect against network-wide
passive sniffiing.
Regarding usage I would be interested to hear from those running Bitcoin
nodes advertising themselves as hidden services.
> It's not a library limitation anyway, it's a case of how best to
> present information to a user who is not familiar with how Bitcoin
> works. "Safe" and "Not safe" is still a rather misleading distinction
> given the general absence of double spends against mempool
> transactions, but it's still a lot more meaningful than "2 confirms"
For what it is worth I ran a double-spend generator a month or so ago
against the replace-by-fee node that Peter setup and I found that a
small number of the double-spends did in fact appear to be mined under
replace-by-fee rules.
Specifically the generator would create a transaction from confirmed
inputs, wait 60-180 seconds (randomized) to allow for full propagation,
and then create a double-spend if the transaction hadn't already been
mined. The transactions were randomized to look like normal traffic,
including occasional bets to Satoshidice and similar for fun. (for the
record the script had no way of knowing if a bet won and would happily
attempt to double-spend wins) Fees for the replacement were power-law
distributed IIRC, with some occasionally set to be quite hefty.
Though possibly just an artifact of unusually slow transaction
propagation it appeared that about 0.25% of hashing power was following
replace-by-fee rules. (not including transactions involving gambling, I
know Eligius and perhaps others block such transactions from their
mempools making double-spends easy to accomplish by including
Satoshidice outputs)
I'm actually surprised by that figure myself given Peter Todd and I
haven't made a serious attempt yet to get miners to use replace-by-fee
rules. An interesting experiment would be to advertise that money is
being given away by such a tx generator in the mining forum, although I
would prefer to see solid mempool support for the "scorched-earth"
double-spend countermeasure first; Peter sounds like he has some great
ideas there, although as usual I am seeing very little in the way of
code. :)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
iQEcBAEBCAAGBQJRzWCOAAoJEEWCsU4mNhiPwhgH/ic/OJMCYwdIuEM2ArSAEQRY
l5bqafMYMcC/KE9xqZ1HVkLJ9Zg57MQ8VZw95WOsmRgNA0v1xIoCyREjI84QkCIq
R/hOgS97eJc+XXnPBVoB4Jadq5LQ6jNpJo7cmiLJjCEmE6rTxLZBBT4P3eQw8oIn
WAd7X7utP7/QAkjhaWB9FsfWT8QZseqpSPv8WucRftsRCABurzuD+eSfpRqYwk2z
XBD0zO+EyAtu6hB3dRAFhqnhVfEcOLJCtXpm76WO574H4AZ/8EN+HozLJSUtylCq
j1NZnpj/6pdFh2v5Pid4HEMEvuNNX60u6iXGJ560PUsdKmOh+LEhUBLKd9acJTw=
=QtjI
-----END PGP SIGNATURE-----
Published at
2023-06-07 15:04:05Event JSON
{
"id": "5b8919f5ae079eef981d3fc61554331cc0e9e8b738126037fef98bc99c13b76a",
"pubkey": "a0b592adfee20cad7bb28c238a9fc1fccf4511a458be8e3d96b00c914c8c3564",
"created_at": 1686150245,
"kind": 1,
"tags": [
[
"e",
"5ec662796ac6f7c2f8d4618ee0bafe23cd8003de44ad7e1121634fb73b588358",
"",
"root"
],
[
"e",
"aad4262eea6997099c9efadcf1ba31ceb4046ea14b88dbea70aeac8261284f45",
"",
"reply"
],
[
"p",
"f2c95df3766562e3b96b79a0254881c59e8639f23987846961cf55412a77f6f2"
]
],
"content": "đ
Original date posted:2013-06-28\nđ Original message:-----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\nOn Fri, Jun 28, 2013 at 9:05 AM, Mike Hearn \u003cmike at plan99.net\u003e wrote:\n\u003e\u003e I see some of the the other things that were concerning for me at the\n\u003e\u003e time are still uncorrected though, e.g. no proxy support (so users\n\u003e\u003e can't follow our recommended best practices of using it with Tor),\n\u003e\n\u003e Yeah. That's not the primary privacy issue with bitcoinj though. I'm\n\u003e much, much more concerned about leaks via the block chain than the\n\u003e network layer. Especially as Tor is basically a giant man in the\n\u003e middle, without any kind of authentication you can easily end up\n\u003e connected to a sybil network without any idea. I'd be surprised if Tor\n\u003e usage was very high amongst Bitcoin users.\n\nTor does not act as a particularly effective man in the middle for nodes\nthat support connections to hidden services because while your\nconnections to standard Bitcoin nodes go through your exit node, the\nrouting path for each hidden service peer is independent. Having said\nthat we should offer modes that send your self-generated transactions\nout via Tor, while still maintaining non-Tor connections.\n\nAnyway Sybil attacks aren't all that interesting if you are the one\nsending the funds, and receivers are reasonably well protected simply\nbecause generating false confirmations is extremely expensive and very\ndifficult to do quickly. After all, you always make the assumption that\nnearly all hashing power in existence is honest when you talk about\nreplace-by-fee among other things, and that assumption naturally leads\nto the conclusion that generating false confirmations with a sybil\nattack would take more than long enough that the user would be\nsuspicious that something was wrong long before being defrauded.\n\nI'd be surprised if anyone has ever bothered with a false confirmation\nsybil attack. I wouldn't be the slightest bit surprised if the NSA is\nrecording all the Bitcoin traffic they can for future analysis to find\ntrue transaction origins. Which reminds me, again, we need node-to-node\nconnections to be encrypted to at least protect against network-wide\npassive sniffiing.\n\nRegarding usage I would be interested to hear from those running Bitcoin\nnodes advertising themselves as hidden services.\n\n\u003e It's not a library limitation anyway, it's a case of how best to\n\u003e present information to a user who is not familiar with how Bitcoin\n\u003e works. \"Safe\" and \"Not safe\" is still a rather misleading distinction\n\u003e given the general absence of double spends against mempool\n\u003e transactions, but it's still a lot more meaningful than \"2 confirms\"\n\nFor what it is worth I ran a double-spend generator a month or so ago\nagainst the replace-by-fee node that Peter setup and I found that a\nsmall number of the double-spends did in fact appear to be mined under\nreplace-by-fee rules.\n\nSpecifically the generator would create a transaction from confirmed\ninputs, wait 60-180 seconds (randomized) to allow for full propagation,\nand then create a double-spend if the transaction hadn't already been\nmined. The transactions were randomized to look like normal traffic,\nincluding occasional bets to Satoshidice and similar for fun. (for the\nrecord the script had no way of knowing if a bet won and would happily\nattempt to double-spend wins) Fees for the replacement were power-law\ndistributed IIRC, with some occasionally set to be quite hefty.\n\nThough possibly just an artifact of unusually slow transaction\npropagation it appeared that about 0.25% of hashing power was following\nreplace-by-fee rules. (not including transactions involving gambling, I\nknow Eligius and perhaps others block such transactions from their\nmempools making double-spends easy to accomplish by including\nSatoshidice outputs)\n\nI'm actually surprised by that figure myself given Peter Todd and I\nhaven't made a serious attempt yet to get miners to use replace-by-fee\nrules. An interesting experiment would be to advertise that money is\nbeing given away by such a tx generator in the mining forum, although I\nwould prefer to see solid mempool support for the \"scorched-earth\"\ndouble-spend countermeasure first; Peter sounds like he has some great\nideas there, although as usual I am seeing very little in the way of\ncode. :)\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.11 (GNU/Linux)\n\niQEcBAEBCAAGBQJRzWCOAAoJEEWCsU4mNhiPwhgH/ic/OJMCYwdIuEM2ArSAEQRY\nl5bqafMYMcC/KE9xqZ1HVkLJ9Zg57MQ8VZw95WOsmRgNA0v1xIoCyREjI84QkCIq\nR/hOgS97eJc+XXnPBVoB4Jadq5LQ6jNpJo7cmiLJjCEmE6rTxLZBBT4P3eQw8oIn\nWAd7X7utP7/QAkjhaWB9FsfWT8QZseqpSPv8WucRftsRCABurzuD+eSfpRqYwk2z\nXBD0zO+EyAtu6hB3dRAFhqnhVfEcOLJCtXpm76WO574H4AZ/8EN+HozLJSUtylCq\nj1NZnpj/6pdFh2v5Pid4HEMEvuNNX60u6iXGJ560PUsdKmOh+LEhUBLKd9acJTw=\n=QtjI\n-----END PGP SIGNATURE-----",
"sig": "ff17d158532f4e4ef76a9aeccb3b74aa3453ca922aad12367be5f841d0c050191694be296b6a05b398566a86674654fd9714ebba8c91391e95dc9d600a819214"
}