📅 Original date posted:2012-06-04
📝 Original message:I don't understand how your proposal will work for decentralized pools -
can you explain it more concretely?
What would the new block header look like?
What is required for a share to to be earned?
What is required for a block to be valid (added to Block Chain)?
I don't think I understand what you mean by NextBlockCandidate. Perhaps a
concrete example using difficulty 1.7 million would be instructive.
On Mon, Jun 4, 2012 at 2:05 PM, Luke-Jr <luke at dashjr.org> wrote:
> On Monday, June 04, 2012 8:49:48 PM Mike Koss wrote:
> > As I understand the attack, the attacker gets compensated for the shares
> > they earn, but the pool will be denied any valid blocks found. The
> > attacker DOES NOT have access to the Bitcoins earned in the unreported
> > block (only the mining pool has access to the Coinbase address and
> > transactions in the block).
>
> With decentralized pools, the attacker does have access to the block, and
> can
> potentially submit it to the Bitcoin network directly bypassing the pool
> if it
> benefits them to do so.
>
> > So it's a zero-net-cost attack for the attacker (but no chance of making
> a
> > profit) to hurt the pool operator.
>
> Because of the above, there is a possibility an attacker can make a profit.
>
> > The only way to detect such an attack now is to look for "unlucky"
> miners;
> > at the current difficulty, you can't detect this cheat until many
> millions
> > of shares have been earned w/o a qualifying block. Since an attacker can
> > also create many fake identities, they can avoid detection indefinitely
> by
> > abandoning each account after a million earned shares.
>
> There are other modes of detection, but nobody has bothered to implement
> them
> since attackers can easily do a simple workaround in an arms race.
>
> > I don't understand your proposal for fixing this. You would have to come
> > up with a scheme where:
> >
> > - The miner can detect a qualifying hash to earn a share.
> > - Not be able to tell if the hash is for a valid block.
>
> With my proposal, miners can find shares, but won't know if it's a valid
> block
> until the subsequent block is also found (that subsequent block might not
> end
> up being a real block in the big picture).
>
> > The way I would do this is to have a secret part (not shared with the
> > miners) of a block that is part of the merkle hash, which is also used
> in a
> > secondary hash. Difficulty is then divide into two parts: the first,
> > solved by the miner (earning a "share" - e.g., 1 in 4 Billion hashes).
> And
> > a second, solved by the pool (1 in Difficulty shares). A valid block
> would
> > have to exhibit a valid Share Hash AND a valid Pool Hash in order to be
> > accepted.
>
> This only works for centralized pools, which are contrary to the health of
> the
> Bitcoin network. Decentralized pools cannot have a secret.
>
--
Mike Koss
CTO, CoinLab
(425) 246-7701 (m)
A Bitcoin Primer <http://coinlab.com/a-bitcoin-primer.pdf>; - What you need
to know about Bitcoins.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/attachments/20120604/2e959c8a/attachment.html>;
Mike Koss [ARCHIVE] /
npub1ds…r0vwj
2023-06-07 10:11:44
in reply to nevent1q…m4tc
Author Public Key
npub1ds6uhns4wgqe6guczwe5t05ccx9hgzjsw2xxuuv3mmugfjsc5pvqer0vwjPublished at
2023-06-07 10:11:44Event JSON
{
"id": "b03a3294ddbe0d0e0a66159630453577af8a841ac6374a3a4e2b4d6e9a537510",
"pubkey": "6c35cbce1572019d239813b345be98c18b740a50728c6e7191def884ca18a058",
"created_at": 1686132704,
"kind": 1,
"tags": [
[
"e",
"a41c266ea909ede278d0ffa091090bff630df3ebf392d5fdee34cf65c8588463",
"",
"root"
],
[
"e",
"d39c3c8deea292acad3fe07fad714bca0b1d21522ba78c0ab8f5428704995d30",
"",
"reply"
],
[
"p",
"6ac6a519b554d8ff726a301e3daec0b489f443793778feccc6ea7a536f7354f1"
]
],
"content": "📅 Original date posted:2012-06-04\n📝 Original message:I don't understand how your proposal will work for decentralized pools -\ncan you explain it more concretely?\n\nWhat would the new block header look like?\n\nWhat is required for a share to to be earned?\n\nWhat is required for a block to be valid (added to Block Chain)?\n\nI don't think I understand what you mean by NextBlockCandidate. Perhaps a\nconcrete example using difficulty 1.7 million would be instructive.\n\nOn Mon, Jun 4, 2012 at 2:05 PM, Luke-Jr \u003cluke at dashjr.org\u003e wrote:\n\n\u003e On Monday, June 04, 2012 8:49:48 PM Mike Koss wrote:\n\u003e \u003e As I understand the attack, the attacker gets compensated for the shares\n\u003e \u003e they earn, but the pool will be denied any valid blocks found. The\n\u003e \u003e attacker DOES NOT have access to the Bitcoins earned in the unreported\n\u003e \u003e block (only the mining pool has access to the Coinbase address and\n\u003e \u003e transactions in the block).\n\u003e\n\u003e With decentralized pools, the attacker does have access to the block, and\n\u003e can\n\u003e potentially submit it to the Bitcoin network directly bypassing the pool\n\u003e if it\n\u003e benefits them to do so.\n\u003e\n\u003e \u003e So it's a zero-net-cost attack for the attacker (but no chance of making\n\u003e a\n\u003e \u003e profit) to hurt the pool operator.\n\u003e\n\u003e Because of the above, there is a possibility an attacker can make a profit.\n\u003e\n\u003e \u003e The only way to detect such an attack now is to look for \"unlucky\"\n\u003e miners;\n\u003e \u003e at the current difficulty, you can't detect this cheat until many\n\u003e millions\n\u003e \u003e of shares have been earned w/o a qualifying block. Since an attacker can\n\u003e \u003e also create many fake identities, they can avoid detection indefinitely\n\u003e by\n\u003e \u003e abandoning each account after a million earned shares.\n\u003e\n\u003e There are other modes of detection, but nobody has bothered to implement\n\u003e them\n\u003e since attackers can easily do a simple workaround in an arms race.\n\u003e\n\u003e \u003e I don't understand your proposal for fixing this. You would have to come\n\u003e \u003e up with a scheme where:\n\u003e \u003e\n\u003e \u003e - The miner can detect a qualifying hash to earn a share.\n\u003e \u003e - Not be able to tell if the hash is for a valid block.\n\u003e\n\u003e With my proposal, miners can find shares, but won't know if it's a valid\n\u003e block\n\u003e until the subsequent block is also found (that subsequent block might not\n\u003e end\n\u003e up being a real block in the big picture).\n\u003e\n\u003e \u003e The way I would do this is to have a secret part (not shared with the\n\u003e \u003e miners) of a block that is part of the merkle hash, which is also used\n\u003e in a\n\u003e \u003e secondary hash. Difficulty is then divide into two parts: the first,\n\u003e \u003e solved by the miner (earning a \"share\" - e.g., 1 in 4 Billion hashes).\n\u003e And\n\u003e \u003e a second, solved by the pool (1 in Difficulty shares). A valid block\n\u003e would\n\u003e \u003e have to exhibit a valid Share Hash AND a valid Pool Hash in order to be\n\u003e \u003e accepted.\n\u003e\n\u003e This only works for centralized pools, which are contrary to the health of\n\u003e the\n\u003e Bitcoin network. Decentralized pools cannot have a secret.\n\u003e\n\n\n\n-- \nMike Koss\nCTO, CoinLab\n(425) 246-7701 (m)\n\nA Bitcoin Primer \u003chttp://coinlab.com/a-bitcoin-primer.pdf\u003e - What you need\nto know about Bitcoins.\n-------------- next part --------------\nAn HTML attachment was scrubbed...\nURL: \u003chttp://lists.linuxfoundation.org/pipermail/bitcoin-dev/attachments/20120604/2e959c8a/attachment.html\u003e",
"sig": "6e293eb7249ec5719ac7a3f300e8a0eadd3a7b281b50ae759fd30f076943dac23211bde003ac4a2fc830a1d52a971ed4fd4cdfe9be0818a79a29d8bb8e3a263d"
}