Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

It's funny that people are adopting BitCoin without any compelling evidence that it is safe. All alarm bells should go off when you hear "security without trust". I'm sure that if BitCoin will be taken seriously, Bruce Scheier will be happy to cause the first decentralized currency crash.

There are many things you can do to rip apart a peer-to-peer network. You start by generating a few million identities. Next, you start manipulating the peer sampling mechanisms to surround nodes with evil peers and create groups of evil peers ready to acknowledge transactions. Finally, you can convince surrounded nodes of pretty much anything (e.g., that the network is far smaller and younger than it actually is) unless they consult a trusted authority claiming otherwise.

Of course, if you had a trusted authority you wouldn't have to go through all this trouble and you could just let it sign a bunch of coins or even handle the full transactions. It would be just like every other currency, and now you know why.

By the way, anyone can rent a cheap, on-demand GPU farm from Amazon: http://aws.amazon.com/ec2/hpc-applications/



It's funny that people are adopting BitCoin without any compelling evidence that it is safe. All alarm bells should go off when you hear "security without trust". I'm sure that if BitCoin will be taken seriously, Bruce Scheier will be happy to cause the first decentralized currency crash. There are many things you can do to rip apart a peer-to-peer network. You start by generating a few million identities. Next, you start manipulating the peer sampling mechanisms to surround nodes with evil peers and create groups of evil peers ready to acknowledge transactions. Finally, you can convince surrounded nodes of pretty much anything (e.g., that the network is far smaller and younger than it actually is) unless they consult a trusted authority claiming otherwise.

The longest blockchain are accepted as the most authoritative. Unless the evil peers are able to generate enough mining power, they can't discard transactions.

While evil peers can refuse to transmit or rely transaction, it only took a single peer to connect to the authentic network.

Also notes that the bitcoin network do not use any form of identities other than IP addresses themselves. So the attackers would need access to million of IP addresses to create that many evil nodes.

Perhaps with an attack, it will be possible to disrupt transactions in the bitcoin network, but it will not be possible to steal money or make money disappear. However, it would need to be very carefully planned and executed.

By the way, anyone can rent a cheap, on-demand GPU farm from Amazon: http://aws.amazon.com/ec2/hpc-applications/

http://www.bitcoin.org/smf/index.php?topic=1795.0

You seem to not have done the math yet.


The longest blockchain are accepted as the most authoritative.

Why would the nodes be aware of the longest block chain?

Unless the evil peers are able to generate enough mining power, they can't discard transactions.

Lets, for the sake of the argument, assume they don't. What makes you so sure I can't make others do the work for me?

While evil peers can refuse to transmit or rely transaction, it only took a single peer to connect to the authentic network.

How do you know it's authentic?

Also notes that the bitcoin network do not use any form of identities other than IP addresses themselves. So the attackers would need access to million of IP addresses to create that many evil nodes.

or 0.0000000000000000000000000000001% of the IPv6 pool ;-)

but actually, BitCount identities are public/private key pairs and you can have them in an infinite amount: http://en.wikipedia.org/wiki/Bitcoin#Addresses

Also: http://www.bitcoin.org/wiki/doku.php?id=ip_address

You seem to not have done the math yet.

You seem to assume the value of BTC is not going to increase despite them becoming increasingly hard to generate. Are you saying you expect bitcoin to fail?


Why would the nodes be aware of the longest block chain?

You would need to control 100% of the network view of the node to fool the node.

Lets, for the sake of the argument, assume they don't. What makes you so sure I can't make others do the work for me?

You would need to gain access to tons of PCs to take over the network. Not to mention it get harder when the total hashing rate of the network continue to increase. Even then, it will be very noticeable that somebody is attempting to doublespend.

but actually, BitCount identities are public/private key pairs and you can have them in an infinite amount.

That have nothing to do with P2P identities.

How do you know it's authentic?

The longest blockchain is considered the most authentic.

Also: http://www.bitcoin.org/wiki/doku.php?id=ip_address

IP transactions are depreciated and disabled by default. They are also known to be insecure.

You seem to assume the value of BTC is not going to increase despite them becoming increasingly hard to generate. Are you saying you expect bitcoin to fail?

I acknowledge that Amazon could be profitable, but they are certainly worser option compared to buying ATI 5790s.


You seem to assume the value of BTC is not going to increase despite them becoming increasingly hard to generate.

/economics fail

Difficulty to generate bitcoins does not cause them to increase in value. Their increase in value drives up the investment in mining, which then drives up the difficulty.


I updated that forum post with new numbers showing that at the current difficulty it might cost over $700 to generate a single block, and at the estimated difficulty which will happen tomorrow, it will cost over $1000 to generate a single block.

Generating a block currently gives you 50 bitcoins that are worth about $45 at the current market price.


I guess you mean for CPU mining? Mining with a GPU is definitely profitable.

That's why the difficulty keeps increasing; mining is so lucrative that an ever increasing number of people are getting on board, which drives up the difficulty.


No, I was referring to mining on Amazon's GPU systems.


There is extensive discussion on the bitcoin forums about these attack vectors and others.

One thing I find interesting is how the p2p trust setup starts to model "reality" or psychology. The question "How do I know whats real?" has an overlap with the million-evil-peer scenario you described. If ten of your friends told you a bus was on fire in the next neighborhood, would you believe them? My point is the attack you're describing is so general that its beyond trying to fix with a particular p2p setup and we have to go with whats 'good enough'.

Thats the basis of the bitcoin system and probably many others. It asks "is this transaction real?" and its real if "most people say its real".

Whats even more interesting is that hard crypto enforces a very small number of properties of the bitcoin system. The hash rate difficulty control, the number of coins awarded for "mining", and others aspects are controlled by, as you have described, the majority installed base. Like a game of Othello or Reversi, majority rules.


> All alarm bells should go off when you hear "security without trust".

I agree and disagree. Your position assumes that national governments and banks are fully trustable. We just had a thread here yesterday about how it seems rather fishy that it takes banks several days to carry out a distributed transaction that increments/decrements two long integers across the Internet. Add in the various shenanigans US Congress and the Federal Reserve do with the federal budget and money supply, and the likely reality of wide-scale manipulation conspiracies by Wall Street. This and other issues does not add up to a picture of a perfectly trustable system. And it's the baseline against which you have to evaluate Bitcoin.

That said, your hypothetical attack scenarios are legitimate things to consider. I'm not qualified to speak about whether they are feasible or if counter-measures have already been designed into the system yet, or whether these are fatal flaws. I do think it's useful to consider new ways of dealing with financial transactions if there are opportunities to leverage new technology that lets us keep the baby while getting rid of the bathwater.




Consider applying for YC's Fall 2026 batch! Applications are open till July 27.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: