📅 Original date posted:2014-10-06
📝 Original message:Comments between lines...
On 06/10/2014 03:42 a.m., Alex Mizrahi wrote:
> .....
>
> This doesn't require protocol changes(*) and can be simply
> incorporated into a piece of code which decides what to do when a
> transaction with unusually large fee appears. (I.e. it will
> automatically share the fee, and others will recognize that). And if
> the biggest miner has 25% of all hashrate, sharing 25% of your loot
> doesn't sound that bad.
The problem with this approach is that once the bitcoind has been
modified to allow this sharing of the high-tx fee by delegation, then
the same system can be used for an attack.
Let's call a system that makes the Optimum Rational Best-chain Selection
for maximizing profit "ORBS", just to give it a name. The system assures
that the best chain chosen is always the optimum in terms of profit,
taking into account fee delegation and all the game-theoretic incentives
derived. It's only a theoretical abstraction, but could be approximated
in practice.
The attack is called Chained Kickback DOuble-spend attack (or “CHAKIDO”)
and is an extension of Bonneau's kickback attack. Basically the attack
is to create the ORBS patch, and start convincing miners to use it,
sending some probe high-fees tx.
Once you have ORBS working in a majority of the mining nodes, you can
perform a double-spend against a target like an exchange by:
- Buy some btc X
- Send those btc to an exchange (suppose the exchange requires 6
confirmations) in a transaction TX
- Immediately convert those btc to an alt-coin, and collect the alt-coins
- Create a high fee tx that is a double-spend of TX having a high fee Y
such that Y < X but Y triggers a ORBS reorganization.
- Profit
(This rollback attack was performed against whitecoin, I think)
This attack gets terrible powerful if there is no subsidy. You may need
500 blocks of confirmation to protect from a 10 BTC spend with current
fees and no subsidy. This is because once 100% of the nodes use ORBS,
the fee delegation is linear (it doesn't grow exponentially with the
number of blocks). So ORBS should never be implemented without
additional protective measures in merchant applications.
If we had a closed formula for ORBS, then all merchants could compute
the minimum confirmation blocks such that always Y > X, but such formula
involves many unknowns which would need to be dynamically estimated, and
also it should take into account the number of simultaneous payment
attempts.
My conclusions are:
- We should never allow ORBS to be implemented unless merchants are also
aware of it. If are aware of ORBS then Bitcoin with no subsidy will be
become a terrible slow payment system so ...
- We could implement the protections that work even if some nodes
implement ORBS, such as fee and burn btc sharing, as I described before
- Or we need some high percentage of miners to be irrational, to force
ORBS fee delegation have an exponential decay.
Best regards,
Sergio.
Sergio Lerner [ARCHIVE] /
npub1vr…nc7jf
2023-06-07 15:26:17
in reply to nevent1q…ld4s
Author Public Key
npub1vrm6r7z5yreclgndkf90fqesh5vqpmfmaucks32zv0w0emmz4r8qznc7jfPublished at
2023-06-07 15:26:17Event JSON
{
"id": "bb12b31d2da4802217f61d74c1e8d96ca0e6a8681f15d1058c6af1e421114212",
"pubkey": "60f7a1f85420f38fa26db24af48330bd1800ed3bef3168454263dcfcef62a8ce",
"created_at": 1686151577,
"kind": 1,
"tags": [
[
"e",
"590f9f3d77c6f5062e55d15ba45a9b74b0defc52c9a34a6bbe0fbacdb4f439c6",
"",
"root"
],
[
"e",
"2fc4cdc3bb4fa860901f62cc15d836e2184f5a6d1a8e11bc04a8451d661114c7",
"",
"reply"
],
[
"p",
"83939e4391e74ab1f02f783131a30a24db681188b72b90da8bce3dcaa763c8b4"
]
],
"content": "📅 Original date posted:2014-10-06\n📝 Original message:Comments between lines...\n\nOn 06/10/2014 03:42 a.m., Alex Mizrahi wrote:\n\u003e .....\n\u003e\n\u003e This doesn't require protocol changes(*) and can be simply\n\u003e incorporated into a piece of code which decides what to do when a\n\u003e transaction with unusually large fee appears. (I.e. it will\n\u003e automatically share the fee, and others will recognize that). And if\n\u003e the biggest miner has 25% of all hashrate, sharing 25% of your loot\n\u003e doesn't sound that bad.\nThe problem with this approach is that once the bitcoind has been\nmodified to allow this sharing of the high-tx fee by delegation, then\nthe same system can be used for an attack.\nLet's call a system that makes the Optimum Rational Best-chain Selection\nfor maximizing profit \"ORBS\", just to give it a name. The system assures\nthat the best chain chosen is always the optimum in terms of profit,\ntaking into account fee delegation and all the game-theoretic incentives\nderived. It's only a theoretical abstraction, but could be approximated\nin practice.\n\nThe attack is called Chained Kickback DOuble-spend attack (or “CHAKIDO”)\nand is an extension of Bonneau's kickback attack. Basically the attack\nis to create the ORBS patch, and start convincing miners to use it,\nsending some probe high-fees tx.\nOnce you have ORBS working in a majority of the mining nodes, you can\nperform a double-spend against a target like an exchange by:\n- Buy some btc X\n- Send those btc to an exchange (suppose the exchange requires 6\nconfirmations) in a transaction TX\n- Immediately convert those btc to an alt-coin, and collect the alt-coins\n- Create a high fee tx that is a double-spend of TX having a high fee Y\nsuch that Y \u003c X but Y triggers a ORBS reorganization.\n- Profit\n(This rollback attack was performed against whitecoin, I think)\n\nThis attack gets terrible powerful if there is no subsidy. You may need\n500 blocks of confirmation to protect from a 10 BTC spend with current\nfees and no subsidy. This is because once 100% of the nodes use ORBS,\nthe fee delegation is linear (it doesn't grow exponentially with the\nnumber of blocks). So ORBS should never be implemented without\nadditional protective measures in merchant applications.\nIf we had a closed formula for ORBS, then all merchants could compute\nthe minimum confirmation blocks such that always Y \u003e X, but such formula\ninvolves many unknowns which would need to be dynamically estimated, and\nalso it should take into account the number of simultaneous payment\nattempts.\n\nMy conclusions are:\n- We should never allow ORBS to be implemented unless merchants are also\naware of it. If are aware of ORBS then Bitcoin with no subsidy will be\nbecome a terrible slow payment system so ...\n- We could implement the protections that work even if some nodes\nimplement ORBS, such as fee and burn btc sharing, as I described before\n- Or we need some high percentage of miners to be irrational, to force\nORBS fee delegation have an exponential decay.\n\nBest regards,\nSergio.",
"sig": "1dd60526a07c80855194e782b6c8b131ed41a9be104f84c47bd5b9bfb4616d06f24073cb95928bf74fa97d57f1c01a82a18f33b3e273ff270595ed9ecc70814c"
}