📅 Original date posted:2019-10-04
📝 Original message:On 10/4/19 1:20 AM, David A. Harding wrote:
> On Thu, Oct 03, 2019 at 05:38:36PM -0700, Braydon Fuller via bitcoin-dev wrote:
>> This paper describes a solution [to DoS attacks] that does not
>> require enabling or maintaining checkpoints and provides improved security.
>> [...]
>> The paper is available at:
>> https://bcoin.io/papers/bitcoin-chain-expansion.pdf
> [..] But I worry that the mechanisms could also be used to keep a node that
> synced to a long-but-lower-PoW chain on that false chain (or other false
> chain) indefinitely even if it had connections to honest peers that
> tried to tell it about the most-PoW chain.
Here is an example: An attacker eclipses a target node during the
initial block download; all of the target's outgoing peers are the
attacker. The attacker has a low work chain that is sent to the target.
The total chainwork for the low work chain is 0x09104210421039 at a
height of 593,975. The target is now in the state of a fully validated
low work dishonest chain. The target node then connects to an honest
peer and learns about the honest chain. The chainwork of the honest
chain is 0x085b67d9e07a751e53679d68 at a height of 593,975. The first
69,500 headers of the honest chain would have a delay, however the
remaining 52,4475 would not be delayed. Given a maximum of 5 seconds,
this would be a total delay of only 157 seconds.
Braydon Fuller [ARCHIVE] /
npub1fx…xxtaa
2023-06-07 18:21:01
in reply to nevent1q…yy4z
Author Public Key
npub1fx2eyw7avet7dut0slazcehwvrrlhjp2u9jc9zd92l7nexpxeahs4xxtaaPublished at
2023-06-07 18:21:01Event JSON
{
"id": "48b61014cb576d5fb3412b494b5b6a8f450206c700672d9b3ca36db84f451ef0",
"pubkey": "4995923bdd6657e6f16f87fa2c66ee60c7fbc82ae1658289a557fd3c9826cf6f",
"created_at": 1686162061,
"kind": 1,
"tags": [
[
"e",
"a9a6913f6fc9138fe7aab169ce2974e6f08bf4a75cd5918afea0770bbfe2c32f",
"",
"root"
],
[
"e",
"89d48f59a3859e5c024a31e59f11fa9aec71b79417e5df45bbdbbd857b87d0d0",
"",
"reply"
],
[
"p",
"d3574a24208f4e3d0821bb4a69a0c3ae842043d444fa5c4a8c49c369918a6fb2"
]
],
"content": "📅 Original date posted:2019-10-04\n📝 Original message:On 10/4/19 1:20 AM, David A. Harding wrote:\n\n\u003e On Thu, Oct 03, 2019 at 05:38:36PM -0700, Braydon Fuller via bitcoin-dev wrote:\n\u003e\u003e This paper describes a solution [to DoS attacks] that does not\n\u003e\u003e require enabling or maintaining checkpoints and provides improved security.\n\u003e\u003e [...] \n\u003e\u003e The paper is available at:\n\u003e\u003e https://bcoin.io/papers/bitcoin-chain-expansion.pdf\n\u003e [..] But I worry that the mechanisms could also be used to keep a node that\n\u003e synced to a long-but-lower-PoW chain on that false chain (or other false\n\u003e chain) indefinitely even if it had connections to honest peers that\n\u003e tried to tell it about the most-PoW chain.\n\nHere is an example: An attacker eclipses a target node during the\ninitial block download; all of the target's outgoing peers are the\nattacker. The attacker has a low work chain that is sent to the target.\nThe total chainwork for the low work chain is 0x09104210421039 at a\nheight of 593,975. The target is now in the state of a fully validated\nlow work dishonest chain. The target node then connects to an honest\npeer and learns about the honest chain. The chainwork of the honest\nchain is 0x085b67d9e07a751e53679d68 at a height of 593,975. The first\n69,500 headers of the honest chain would have a delay, however the\nremaining 52,4475 would not be delayed. Given a maximum of 5 seconds,\nthis would be a total delay of only 157 seconds.",
"sig": "638235b0a7c950811cc64a7198d778ca12453cdfafca1727a8d9de16eaf770c569476e6f677794f47b199b6517908d7500612a3336a92779a5eaf0f8e6d6e529"
}