oscar via bitcoin-dev
2017-12-22 08:26:12 UTC
Hello,
I'm not a bitcoin developer, but I'd like to receive feedback on what
I think is a serious problem. Hope I'm not wasting your time.
I'm also sure this was already discussed, but google doesn't give me
any good result.
Let me explain: I think that the current incentive system doesn't
really align with the way miners are distributed (not very
decentralized, due to pools and huge asic producers).
I think big miners are incentivized to spam the network with low(ish)
fee transactions, thereby forcing regular users into paying extremely
high fees to be able to get their transactions confirmed.
Obviously this is the result of insufficient mining decentralization,
but as I will try to show, such an attack could be profitable even if
you are controlling just 5-10% of the hashing power, which could
always be easy for a big player and with some collusion.
Let's look at some numbers: Loading Image...
These are 10 blocks mined yesterday, and they all have rewards hugely
exceeding the normal 12.5 mining output. Even taking the lowest value
of 20, it's a nice 60% extra profit for the miner. Let's say you
control 10% of the hashing power, and you spam enough transactions to
fill 144 blocks (1 day's worth) at 50 satoshi/byte, losing just 72 BTC
in fees.
(blocksize-in-bytes * fee-per-byte * Nblocks)/satoshis-in-btc => (1e6
* 50 * 144)/1e8 => 72
At the same time you will discover about 144*0.1=14.4 blocks per day.
Assuming the situation we see in the previous screenshot is what
happens when you have a mempool bigger than one day's worth of blocks,
you would get 20-12.5=7.5 extra BTC per block, which is 14.4*7.5=108
BTC, given your investment of 72 to spam the mempool. 32 btc extra
profit.
The big assumption here is that spamming 1 day of backlog in the
50satoshi/b range will get people to compete enough to push 7.5 btc of
fees in each block, but:
* https://jochen-hoenicke.de/queue/#30d this seems to confirm that
about half the mempool is in the 50satoshi/b range or less.
* https://blockchain.info/pools there are miners that control more than 10%
* if you get enough new real transactions, it's not necessary to spam
a full 144 blocks worth each day, probably just ~50 would be enough,
cutting the spam cost substantially
* other miners could be playing the same game, helping you spam and
further reduce the costs of the attack
* you actually get 10% of the fees back by avoiding mining your spam
transactions in your own blocks
* most of the spam transactions won't actually end up in blocks if
there is enough pressure coming from real usage
This seems to indicate that you would actually get much higher profit
margins than my estimates. **PLEASE** correct me if my calculations or
my assumptions are wrong.
You might also say that doing this would force users out of the
system, decreasing the value of btc and disincentivizing miners from
continuing. On the other hand, a backlogged mempool could create the
impression of high(er) usage and increase scarcity by slowing down
movements, which could actually push the price upwards.
Of course, it's impossible to prove that this is happening. But the
fact that it is profitable makes me believe that it is happening.
I see some solutions to this, all with their own downsides:
- increasing block size every time there is sustained pressure
this attack wouldn't work, but the downsides have already been
discussed to death.
- change POW
Not clear it would fix this, aside from stimulating terrible
infighting. Controlling 5 to 10% of the hashing power seems too easy,
and I don't think it would be practical to change pow every time that
happens, as it would prevent the development of a solid POW support.
- protocol level MAX transaction fee
I personally think this would totally invalidate the attack by making
the spam more expensive than the fees you would recover.
There already is a minimum fee accepted by the nodes, at 1 satoshi per
byte. The maximum fee could be N times the minimum, maybe 100-200.
Meaning a maximum of 1-2btc in total fee rewards when the block size
is 1mb. Of course the actual values need more analysis, but 2btc -
together with the deflationary structure - seems enough to continue
motivating miners, without giving unfair advantage.
Yes, this would make it impossible to spend your way out of a
congested mempool. But if the mempool stays congested after this
change, you could have a bigger confidence that it's coming from real
usage or from someone willfully burning money, making a block size
increase much more justified.
Hope to hear your opinion,
have a nice day.
oscar
I'm not a bitcoin developer, but I'd like to receive feedback on what
I think is a serious problem. Hope I'm not wasting your time.
I'm also sure this was already discussed, but google doesn't give me
any good result.
Let me explain: I think that the current incentive system doesn't
really align with the way miners are distributed (not very
decentralized, due to pools and huge asic producers).
I think big miners are incentivized to spam the network with low(ish)
fee transactions, thereby forcing regular users into paying extremely
high fees to be able to get their transactions confirmed.
Obviously this is the result of insufficient mining decentralization,
but as I will try to show, such an attack could be profitable even if
you are controlling just 5-10% of the hashing power, which could
always be easy for a big player and with some collusion.
Let's look at some numbers: Loading Image...
These are 10 blocks mined yesterday, and they all have rewards hugely
exceeding the normal 12.5 mining output. Even taking the lowest value
of 20, it's a nice 60% extra profit for the miner. Let's say you
control 10% of the hashing power, and you spam enough transactions to
fill 144 blocks (1 day's worth) at 50 satoshi/byte, losing just 72 BTC
in fees.
(blocksize-in-bytes * fee-per-byte * Nblocks)/satoshis-in-btc => (1e6
* 50 * 144)/1e8 => 72
At the same time you will discover about 144*0.1=14.4 blocks per day.
Assuming the situation we see in the previous screenshot is what
happens when you have a mempool bigger than one day's worth of blocks,
you would get 20-12.5=7.5 extra BTC per block, which is 14.4*7.5=108
BTC, given your investment of 72 to spam the mempool. 32 btc extra
profit.
The big assumption here is that spamming 1 day of backlog in the
50satoshi/b range will get people to compete enough to push 7.5 btc of
fees in each block, but:
* https://jochen-hoenicke.de/queue/#30d this seems to confirm that
about half the mempool is in the 50satoshi/b range or less.
* https://blockchain.info/pools there are miners that control more than 10%
* if you get enough new real transactions, it's not necessary to spam
a full 144 blocks worth each day, probably just ~50 would be enough,
cutting the spam cost substantially
* other miners could be playing the same game, helping you spam and
further reduce the costs of the attack
* you actually get 10% of the fees back by avoiding mining your spam
transactions in your own blocks
* most of the spam transactions won't actually end up in blocks if
there is enough pressure coming from real usage
This seems to indicate that you would actually get much higher profit
margins than my estimates. **PLEASE** correct me if my calculations or
my assumptions are wrong.
You might also say that doing this would force users out of the
system, decreasing the value of btc and disincentivizing miners from
continuing. On the other hand, a backlogged mempool could create the
impression of high(er) usage and increase scarcity by slowing down
movements, which could actually push the price upwards.
Of course, it's impossible to prove that this is happening. But the
fact that it is profitable makes me believe that it is happening.
I see some solutions to this, all with their own downsides:
- increasing block size every time there is sustained pressure
this attack wouldn't work, but the downsides have already been
discussed to death.
- change POW
Not clear it would fix this, aside from stimulating terrible
infighting. Controlling 5 to 10% of the hashing power seems too easy,
and I don't think it would be practical to change pow every time that
happens, as it would prevent the development of a solid POW support.
- protocol level MAX transaction fee
I personally think this would totally invalidate the attack by making
the spam more expensive than the fees you would recover.
There already is a minimum fee accepted by the nodes, at 1 satoshi per
byte. The maximum fee could be N times the minimum, maybe 100-200.
Meaning a maximum of 1-2btc in total fee rewards when the block size
is 1mb. Of course the actual values need more analysis, but 2btc -
together with the deflationary structure - seems enough to continue
motivating miners, without giving unfair advantage.
Yes, this would make it impossible to spend your way out of a
congested mempool. But if the mempool stays congested after this
change, you could have a bigger confidence that it's coming from real
usage or from someone willfully burning money, making a block size
increase much more justified.
Hope to hear your opinion,
have a nice day.
oscar