[Cryptography] Yet another way to create Blockchain misery

[Phillip Hallam-Baker]

On Wed, Jan 5, 2022 at 5:21 PM Christian Huitema <huitema at huitema.net>
wrote:

> On 1/5/2022 9:59 AM, Phillip Hallam-Baker wrote:
>
> > Any party that has a majority of the active mining capacity can play a
> > range of games to maintain their control. They can mine a hundred blocks
> > ahead and only release blocks to trump claims by rival miners. If your
> > objective is to stall the chain, the optimum strategy is to wait until a
> > rival faction has made a claim and then release as many blocks as you
> need
> > from your stash to erase them. You time the release of blocks so as to
> > manipulate the work factor in your favor so that the only way a rival can
> > seize control is to also mine multiple blocks ahead and stash them. But
> you
> > join the other mining co-ops...
>
> OK, so I see what the bitcoin documentation says  about the "target":
> "For reasons of stability and low latency in transactions, the network
> tries to produce one block every 10 minutes. Every 2016 blocks (which
> should take two weeks if this goal is kept perfectly), every Bitcoin
> client compares the actual time it took to generate these blocks with
> the two week goal and modifies the target by the percentage difference.
> This makes the proof-of-work problem more or less difficult. A single
> retarget never changes the target by more than a factor of 4 either way
> to prevent large changes in difficulty."
>
> The attack that you describe requires playing with that algorithm, for
> example storing a large number of hashes and releasing them at once, so
> the Bitcoin clients would be induced to increase the difficulty. That
> will create a temporary blip. But then the attacker will have to keep
> doing that for a long time, because otherwise the clients will
> automatically lower the target. That seems to require a lot of computing
> capacity.
>

The attack is working at two levels, deny rewards to other miners and cause
the value of existing coins to decline.

I am not going to run my miners continuously, but I am going to run them
for several weeks so that I can mine ahead. During this period, I am only
going to release blocks just after another miner claims them. so it will be
clear that a fork is in progress. I am going to vary the length of time
until I end the fork.

Point is that as long as I have plenty of blocks ahead of everyone else,
the only way they can grab control back is by persuading enough miners who
suspended operations to bring their rigs back on line and run their rigs
for as long as it takes to recapture the chain. And I am going to
demoralize them by letting them think they have succeeded, then dash their
hopes.

Eventually, I am going to start a 2016 block period with 2016 blocks in
hand. At this point, I am going to aim to wind down the difficulty to the
lowest possible level, slowing release of my blocks for as long as
possible, stalling the chain. After 2 weeks, I know that the difficulty if
going to drop in the future, but only I can mine at the reduced difficulty
because only I know the last block in the secret chain.

Remember that every other active miner is working for zero return and the
only way that the chain advances at all is if someone else is willing to
mine for no reward. I don't ever release a block unless I am forced to to
maintain control of the chain. I am going to reduce my costs as much as
possible by continuously winding down the difficulty.


Simultaneously, I am going to double spend against coins that I have been
awarded. That has to damage confidence in BTC. As of course does the fact
that nobody has been able to transact since the attack started.

Empty headed journalists writing credulous puff pieces in which the brave
new Libertopian ubermenchen topple the world's financial markets pivot and
write equally vacuous pieces 'NFTs: How tech fell for a Monkey Laundering
scheme', 'Even gorilla marketing couldn't sell NFTs'. Instead of talking
about the yachts or their supercars, CryptoBros are taking their perp walks
as the collapse of one Ponzi precipitates the collapse of the next.


As the price of BTC falls, I only switch the rigs on at the start of a
difficulty period to mine out the 2016 blocks, then I sit and wait while
the good guys with a mining rig try to restart the chain at their own
expense. The miners for profit are only going to do this if they can see a
future return and only if they have sufficient cash flow to keep their
operations running.

How long can the chain keep going if the time between blocks falls to an
hour? a day?

Remember that every time the good guys with a cryptorig win a block, I take
it away from them. And I am just trying to spin out my 2016 blocks for as
long as I can then mine like crazy. My opponents are the masochist miners
mining for free just to regain control of the chain. If the masochists take
an hour a block, its going to be three months before anyone gets to make a
transaction.

How long do I have to own the chain for the value of BTC to drop to $0? Not
very long after all, there are no transactions going on so it's been quite
a while since any money moved in a BTC trade.


Why would anyone believe there is a significant probability of BTC going to
the moon at this point?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://www.metzdowd.com/pipermail/cryptography/attachments/20220105/e5899e58/attachment.htm>