Discussion:
A solution may solve Block Withholding Attack
(too old to reply)
潘志彪 via bitcoin-dev
2017-10-03 15:52:16 UTC
Permalink
Raw Message
Here is a solution may solve Block Withholding Attack. The general idea is
came from Aviv Zohar(***@cs.huji.ac.il), I made it work for Bitcoin.
Anyway, thanks Aviv.

=====================

DIFF_1 = 0x00000000FFFF0000000000000000000000000000000000000000000000000000;

Diff = DIFF_1 / target

this is equal to

Diff = DIFF_1 / (target - 0) or Diff = DIFF_1 / abs(target - 0)

now, we change diff algo to below:

New_Diff = DIFF_1 / abs(target - offset)

Offset is 32 bytes, like uint256 in Bitcoin, range is [0, 2^256),
define: offset_hash = DSHA256(offset).

we need to do a little change to the merkle root hash algo, put the
offset_hash as a tx hash in the front of tx hashes.

[offset_hash, coinbase_tx_hash, tx01_hash, tx02_hash, 
 , tx_n_hash]

Actually could put offset_hash in any place in the array of hashes.

network_hash_range = network_hash_end - network_hash_begin

miner_hash_range = miner_hash_end - miner_hash_begin

The offset value MUST between network_hash_begin/end or
miner_hash_begin/end.

Loading Image...

When mining pool send a job to miners, put the PoW hash range
(miner_hash_begin/end) in the job. So if the miners find a hash which value
is between [miner_hash_begin, miner_hash_end], means it's SHOULD be a
valid share, could submit the share to the pool. If the hash value is
between [network_hash_begin, network_hash_end] means find a valid block.

The network_diff is much much high than the miner's diff, means the
network_hash_range is much much smaller than miner_hash_range. By now,
a typical miner's pool diff is around 16K, network diff is 1123863285132,
so miner_hash_range is at least million times bigger than
network_hash_range.
The miners only know miner_hash_range, it's impossible for cheat miners
to find out which share could make a valid block or not.

Problems:
1. it's a hard fork.
2. will make existed asic dsha256 chips useless, but I think it's only a
small change to make new asic chips based on existed tech.
James Hilliard via bitcoin-dev
2017-10-06 14:36:15 UTC
Permalink
Raw Message
There have been some other proposals to deal with this such as
https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2012-June/001506.html
that may be possible to implement in existing miners.

On Tue, Oct 3, 2017 at 9:52 AM, 潘志彪 via bitcoin-dev
Post by 潘志彪 via bitcoin-dev
Here is a solution may solve Block Withholding Attack. The general idea is
Anyway, thanks Aviv.
=====================
DIFF_1 = 0x00000000FFFF0000000000000000000000000000000000000000000000000000;
Diff = DIFF_1 / target
this is equal to
Diff = DIFF_1 / (target - 0) or Diff = DIFF_1 / abs(target - 0)
New_Diff = DIFF_1 / abs(target - offset)
Offset is 32 bytes, like uint256 in Bitcoin, range is [0, 2^256),
define: offset_hash = DSHA256(offset).
we need to do a little change to the merkle root hash algo, put the
offset_hash as a tx hash in the front of tx hashes.
[offset_hash, coinbase_tx_hash, tx01_hash, tx02_hash, … , tx_n_hash]
Actually could put offset_hash in any place in the array of hashes.
network_hash_range = network_hash_end - network_hash_begin
miner_hash_range = miner_hash_end - miner_hash_begin
The offset value MUST between network_hash_begin/end or
miner_hash_begin/end.
https://user-images.githubusercontent.com/514951/31133378-e00d9ca2-a891-11e7-8c61-73325f59f6ed.JPG
When mining pool send a job to miners, put the PoW hash range
(miner_hash_begin/end) in the job. So if the miners find a hash which value
is between [miner_hash_begin, miner_hash_end], means it's SHOULD be a
valid share, could submit the share to the pool. If the hash value is
between [network_hash_begin, network_hash_end] means find a valid block.
The network_diff is much much high than the miner's diff, means the
network_hash_range is much much smaller than miner_hash_range. By now,
a typical miner's pool diff is around 16K, network diff is 1123863285132,
so miner_hash_range is at least million times bigger than
network_hash_range.
The miners only know miner_hash_range, it's impossible for cheat miners
to find out which share could make a valid block or not.
1. it's a hard fork.
2. will make existed asic dsha256 chips useless, but I think it's only a
small change to make new asic chips based on existed tech.
_______________________________________________
bitcoin-dev mailing list
https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev
Kevin Pan via bitcoin-dev
2017-10-08 09:28:32 UTC
Permalink
Raw Message
But I think this one is simpler and better than Luke's.

And now is different like 2012, pools need be more independ today. Pools
want
to express their opinion or standpoint. Some of can't do that like remove
the
NYA tag and one the reason is the Block Withholding Attack.

Kevin Pan
Post by James Hilliard via bitcoin-dev
There have been some other proposals to deal with this such as
https://lists.linuxfoundation.org/pipermail/bitcoin-dev/
2012-June/001506.html
that may be possible to implement in existing miners.
On Tue, Oct 3, 2017 at 9:52 AM, 朘志圪 via bitcoin-dev
Post by 潘志彪 via bitcoin-dev
Here is a solution may solve Block Withholding Attack. The general idea
is
Post by 潘志彪 via bitcoin-dev
Anyway, thanks Aviv.
=====================
DIFF_1 = 0x00000000FFFF0000000000000000000000000000000000000000000000
000000;
Post by 潘志彪 via bitcoin-dev
Diff = DIFF_1 / target
this is equal to
Diff = DIFF_1 / (target - 0) or Diff = DIFF_1 / abs(target - 0)
New_Diff = DIFF_1 / abs(target - offset)
Offset is 32 bytes, like uint256 in Bitcoin, range is [0, 2^256),
define: offset_hash = DSHA256(offset).
we need to do a little change to the merkle root hash algo, put the
offset_hash as a tx hash in the front of tx hashes.
[offset_hash, coinbase_tx_hash, tx01_hash, tx02_hash, 
 , tx_n_hash]
Actually could put offset_hash in any place in the array of hashes.
network_hash_range = network_hash_end - network_hash_begin
miner_hash_range = miner_hash_end - miner_hash_begin
The offset value MUST between network_hash_begin/end or
miner_hash_begin/end.
https://user-images.githubusercontent.com/514951/
31133378-e00d9ca2-a891-11e7-8c61-73325f59f6ed.JPG
Post by 潘志彪 via bitcoin-dev
When mining pool send a job to miners, put the PoW hash range
(miner_hash_begin/end) in the job. So if the miners find a hash which
value
Post by 潘志彪 via bitcoin-dev
is between [miner_hash_begin, miner_hash_end], means it's SHOULD be a
valid share, could submit the share to the pool. If the hash value is
between [network_hash_begin, network_hash_end] means find a valid block.
The network_diff is much much high than the miner's diff, means the
network_hash_range is much much smaller than miner_hash_range. By now,
a typical miner's pool diff is around 16K, network diff is 1123863285132,
so miner_hash_range is at least million times bigger than
network_hash_range.
The miners only know miner_hash_range, it's impossible for cheat miners
to find out which share could make a valid block or not.
1. it's a hard fork.
2. will make existed asic dsha256 chips useless, but I think it's only a
small change to make new asic chips based on existed tech.
_______________________________________________
bitcoin-dev mailing list
https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev
Loading...