[Cryptography] Bitcoin attack

Wed Nov 6 10:25:48 EST 2013

2013/11/5 Marcel Popescu <mdpopescu at gmail.com>

> Have you guys seen this? http://arxiv.org/abs/1311.0243
>
> I'm a layman in the field, I have no clue on how to analyze it. I'm just
> bringing it up in case anyone else here cares about the subject.
>

It seems pretty correct to me. Although I find it very hard to believe in
the light of the vested 50% minimum attack speed.

The "of any size" claim is definitely too strong and they admit it
themselves. If you mine too slowly you're wasting so many blocks to attempt
to get to 2 blocks ahead the costs outweigh the benefits. It seems though
that the balance point may be around 1/4th of the network. And that anyone
higher than could profit greatly from this technique. I can't quite pierce
through their verbosity and see if they made mistakes in obtaining their
1/4th number.

Their algorithm is rather hard to read. Why code against the previous
difference and not the current difference? Weird. In fact the whole thing
qualifies for "hard to read" if you ask me.

I'm not sure if this exploit is a big problem. 1/4th is still "good
enough". Seriously worse than 50% though. Picking a random current block
does make the network less effective in mining overall as more work will be
spend on mining not-the-first-block. That implies that you'll be worse off
too, but I'm not 100% on that. I can see collaborations between pools (to
prefer each others' blocks) to be very profitable too. And not solvable at
all.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20131106/0479f72a/attachment.html>