📅 Original date posted:2019-09-09
📝 Original message:Hi ZmnSCPxj,
Thank you for your comments. You raise an important point that I should clarify.
>1. In event of a sybil attack, a fullnode will stall and think the blockchain has no more miners.
You can still attack the full node by feeding it a minority PoW chain,
then it won't stall.
>2. In event of a sybil attack, an SPV, even using this style, will follow the false blockchain.
Correct, but this false blockchain does need to have valid PoW.
So in both cases valid PoW is required to fool nodes. The one
difference is that for a full node, the blocks themselves also need to
be valid (except for the fact that they are in a minority chain), but
the end result is still that a victim can be successfully double spent
and lose money.
I hope this clarifies why I consider the security for these two
situations to be roughly equivalent. In either situation, victims can
be fooled into accepting invalid payments.
Cheers,
Ruben
On Mon, Sep 9, 2019 at 6:14 AM ZmnSCPxj <ZmnSCPxj at protonmail.com> wrote:
>
> Good morning Ruben,
>
>
> > One might intuitively feel that the lack of a commitment is unsafe,
> > but there seems to be no impact on security (only bandwidth). The only
> > way you can be fooled is if all peers lie to you (Sybil), causing you
> > to follow a malicious minority chain. But even full nodes (or the
> > committed version of PoW fraud proofs) can be fooled in this way if
> > they are denied access to the valid most PoW chain. If there are
> > additional security concerns I overlooked, I’d love to hear them.
>
>
> I think it would be better to more precisely say that:
>
> 1. In event of a sybil attack, a fullnode will stall and think the blockchain has no more miners.
> 2. In event of a sybil attack, an SPV, even using this style, will follow the false blockchain.
>
> This has some differences when considering automated systems.
>
> Onchain automated payment processing systems, which use a fullnode, will refuse to acknowledge any incoming payments.
> This will lead to noisy complaints from clients of the automated payment processor, but this is a good thing since it warns the automated payment processor of the possibility of this attack occurring on them.
> The use of a timeout wherein if the fullnode is unable to see a new block for, say, 6 hours, could be done, to warn higher-layer management systems to pay attention.
> While it is sometimes the case that the real network will be unable to find a new block for hours at a time, this warning can be used to confirm if such an event is occurring, rather than a sybil attack targeting that fullnode.
>
> On the other hand, such a payment processing system, which uses an SPV with PoW fraud proofs, will be able to at least see incoming payments, and continue to release product in exchange for payment.
> Yet this is precisely a point of attack, where the automated payment processing system is sybilled and then false payments are given to the payment processor on the attack chain, which are double-spent on the global consensus chain.
> And the automated system may very well not be able to notice this.
>
> Regards,
> ZmnSCPxj
Ruben Somsen [ARCHIVE] /
npub1cn…qyeq0
2023-06-07 18:20:26
in reply to nevent1q…0xtj
Author Public Key
npub1cnrnujx86le38yu2jrt3la0yhewsrh2p2lucakv6mu28x7lm0rsq9qyeq0Published at
2023-06-07 18:20:26Event JSON
{
"id": "c7c86cf5767a1b0e2f2802bc6dd59f49a0f196ea351563ea8b2e3eec983d92cb",
"pubkey": "c4c73e48c7d7f313938a90d71ff5e4be5d01dd4157f98ed99adf14737bfb78e0",
"created_at": 1686162026,
"kind": 1,
"tags": [
[
"e",
"605f277ed4d92d7266551e544ef9f883d7bc15b8f188ec23d7382bb348970c4d",
"",
"root"
],
[
"e",
"19b64ed44edee4c3a04a2aac527e3db616d86e2aec7da9b1d7d04242157430cd",
"",
"reply"
],
[
"p",
"4c62af269745b5fe0764e5c5206f64f1d95002942178835e0c86c52235e498b6"
]
],
"content": "📅 Original date posted:2019-09-09\n📝 Original message:Hi ZmnSCPxj,\n\nThank you for your comments. You raise an important point that I should clarify.\n\n\u003e1. In event of a sybil attack, a fullnode will stall and think the blockchain has no more miners.\n\nYou can still attack the full node by feeding it a minority PoW chain,\nthen it won't stall.\n\n\u003e2. In event of a sybil attack, an SPV, even using this style, will follow the false blockchain.\n\nCorrect, but this false blockchain does need to have valid PoW.\n\nSo in both cases valid PoW is required to fool nodes. The one\ndifference is that for a full node, the blocks themselves also need to\nbe valid (except for the fact that they are in a minority chain), but\nthe end result is still that a victim can be successfully double spent\nand lose money.\n\nI hope this clarifies why I consider the security for these two\nsituations to be roughly equivalent. In either situation, victims can\nbe fooled into accepting invalid payments.\n\nCheers,\nRuben\n\nOn Mon, Sep 9, 2019 at 6:14 AM ZmnSCPxj \u003cZmnSCPxj at protonmail.com\u003e wrote:\n\u003e\n\u003e Good morning Ruben,\n\u003e\n\u003e\n\u003e \u003e One might intuitively feel that the lack of a commitment is unsafe,\n\u003e \u003e but there seems to be no impact on security (only bandwidth). The only\n\u003e \u003e way you can be fooled is if all peers lie to you (Sybil), causing you\n\u003e \u003e to follow a malicious minority chain. But even full nodes (or the\n\u003e \u003e committed version of PoW fraud proofs) can be fooled in this way if\n\u003e \u003e they are denied access to the valid most PoW chain. If there are\n\u003e \u003e additional security concerns I overlooked, I’d love to hear them.\n\u003e\n\u003e\n\u003e I think it would be better to more precisely say that:\n\u003e\n\u003e 1. In event of a sybil attack, a fullnode will stall and think the blockchain has no more miners.\n\u003e 2. In event of a sybil attack, an SPV, even using this style, will follow the false blockchain.\n\u003e\n\u003e This has some differences when considering automated systems.\n\u003e\n\u003e Onchain automated payment processing systems, which use a fullnode, will refuse to acknowledge any incoming payments.\n\u003e This will lead to noisy complaints from clients of the automated payment processor, but this is a good thing since it warns the automated payment processor of the possibility of this attack occurring on them.\n\u003e The use of a timeout wherein if the fullnode is unable to see a new block for, say, 6 hours, could be done, to warn higher-layer management systems to pay attention.\n\u003e While it is sometimes the case that the real network will be unable to find a new block for hours at a time, this warning can be used to confirm if such an event is occurring, rather than a sybil attack targeting that fullnode.\n\u003e\n\u003e On the other hand, such a payment processing system, which uses an SPV with PoW fraud proofs, will be able to at least see incoming payments, and continue to release product in exchange for payment.\n\u003e Yet this is precisely a point of attack, where the automated payment processing system is sybilled and then false payments are given to the payment processor on the attack chain, which are double-spent on the global consensus chain.\n\u003e And the automated system may very well not be able to notice this.\n\u003e\n\u003e Regards,\n\u003e ZmnSCPxj",
"sig": "5ee0704b523dce15413d4be7e467acb1979cc8dddf2858a63c3ba8218c5ed10e9a87de42bdc5ed7c2fca67cde7a2580675f2b9b6d971604dfcfb2b740053871e"
}