网赚论坛

 找回密码
 免费注册
查看: 208|回复: 0
打印 上一主题 下一主题

转载一篇关于“针对Core可能发生的51%攻击”的文章,不是很敢翻译 ...

[复制链接]

16

主题

16

帖子

64

积分

Ⅰ级财主

Rank: 1

积分
64
跳转到指定楼层
楼主
发表于 2018-2-2 14:13:35 | 只看该作者 回帖奖励 |倒序浏览 |阅读模式
原文:
https://bitcoinmagazine.com/arti ... -51-attack-bitcoin/


Although it is hard to say how big the chance actually is, Bitcoin Unlimitedminers may soon start mining bigger blocks. If they do, they will diverge from the current Bitcoin protocol to split off to a new blockchain. This could also result in two separate currencies, by many exchanges referred to as “BTC” and “BTU.”

However, it increasingly seems that not everyone in favor of a Bitcoin Unlimited hard fork wants to settle for a coin-split. Instead, several prominent Bitcoin Unlimited proponents have indicated that it may be better to ensure only their chain survives. This is probably also the only chance it has to be widely considered the “real” Bitcoin rather than a “spinoff altcoin.”

To ensure that only one chain survives, they have suggested that the (original) Bitcoin blockchain can be made unusable. That way it would die off and only the Bitcoin Unlimited chain would remain.

Specifically, if miners favorable toward Bitcoin Unlimited are able to overpower the remaining Bitcoin miners with a majority of hashrate, it’s been suggested they could launch a 51% attack.

Here is a brief overview.

Former Bitcoin Lead Developer Gavin Andresen

Gavin Andresen is the former lead developer ofBitcoin Core (then called Bitcoin-QT or simply “Bitcoin”). He has since contributed toBitcoin XT andBitcoin Classic. He nowendorses Bitcoin Unlimited — though he does not contribute to the project nor is he a member.

Although Andresen has in the pastargued that a “minority chain” would be unlikely to sustain itself, he now acknowledges such a chain could, in fact, survive. As such, he noted on Twitter last February that “preventing a minority-hashrate fork from confirming any transactions is a good idea.”



Follow

Gavin Andresen @gavinandresen

Preventing a minority-hashrate fork from confirming any transactions is a good idea. Nakomoto Consensus != unanimity.

2:40 AM - 5 Feb 2017




  • 3333 Retweets

    5959 likes












More recently, on Reddit, Andresen elaborated on what the most effective way to attack the original Bitcoin chain would be. The former lead developerwrote:

“It would be even more destructive to mine an 11-block-long empty chain, then wait until the slow chain gets 9 blocks until announcing it to the network. Or keep them guessing; choose a chain length at random, from 1 to some secret N, and orphan that many blocks at a time. Allow a couple normal blocks, then do it again.

“It would be impossible for exchanges to know how many confirmations were safe for deposits and would be a nightmare for their withdrawal accounting.”

Additionally, he said he wasn’t sure whether such an attack would be immoral or not.

“I’m not even sure this kind of thing should be considered immoral — majority hashpower acting selfishly for their own economic benefit (both short and long term) is the basic incentive structure that makes Bitcoin work.”

And last weekend, Andresen on Twitter further distanced himself from a moral endorsement of such an attack. Instead,echoingcomments he made on Reddit, Andresen claimed to have merely been exercising adversarial thinking.



Follow

Gavin Andresen @gavinandresen

Pointing out all the ways majority hashpower might mess with a minority chain is good adversarial thinking; don't shoot the messenger.

12:07 AM - 26 Mar 2017




  • 3232 Retweets

    133133 likes












Though he did add that an attack is very likely to happen.


26 Mar
Hubert @h_msln

.@gavinandresen aaaaaAAAAaaaah so it was just as a thought exercice... of course...




Follow

Gavin Andresen @gavinandresen

@h_msln no, not just a thought exercise, it is very likely to happen.

Whether is is moral or not is the thought exercise.

1:50 AM - 27 Mar 2017




  • 22 Retweets

    44 likes











BTC.TOP Pool Operator Jiang Zhuoer

BTC.TOP is a relatively new Chinese mining pool. Launched in late 2016, the pool currently controls some 5 percent of hash power on the Bitcoin network.

BTC.TOP is operated by Jiang Zhuoer, a former employee at China Mobile in Shanghai. Much like several other small mining pools that have appeared over the past six months, BTC.TOP has been signaling support for Bitcoin Unlimited.

In aninterview with Cryptocoins News in March, Zhuoer was the first who explicitly said a 51% attack against the original Bitcoin blockchain, if it were to survive after Bitcoin Unlimited miners split off, is on the table.

“We have prepared $100 million USD to kill the small fork of CoreCoin, no matter what [proof-of-work] algorithm, sha256 or scrypt or X11 or any other GPU algorithm,” he said, of course referring to the continuation of the current Bitcoin protocol as “CoreCoin.”

The different hash algorithms mentioned by Zhuoer refer to a potential proof-of-work algorithm change Bitcoin users could deploy if the chain is attacked; a “nuclear” defense some Bitcoin Core developershavesuggested may be proposed in such a scenario. (Whether this should still be considered “Bitcoin” or yet another spinoff altcoin is subject to different debate.)

“Show me your money,” Zhuoer added. “We very much welcome a CoreCoin change to [proof of stake].”

(If no proof-of-work algorithm succeeds in deterring the attack, a proof-of-stake consensus algorithm — where coin holders rather than miners vote on the longest chain — may be an alternative solution. But since this is unproven and perhaps insecure, this seems highly unlikely.)

Bitcoin Unlimited Chief Scientist Peter Rizun

Peter Rizun (better known as “Peter R”) refers to himself as the chief scientist of Bitcoin Unlimited, and has been one of the driving forces as the project’s secretary.

Last week, Rizun, along with bitcoin.com business developer Jake Smith, visited the offices ofCoinbase andBitPay to promote Bitcoin Unlimited. Coming back from these visits, Rizun published ablog post on Medium. The message Rizun said he had gotten from these companies is that a hard fork to larger blocks should be “decisive and absolute.”

Rizun described three levels of “anti-split protection” that could accomplish this. The first is an explanation of how mining would probably be unprofitable on the original Bitcoin chain — decreasing the odds of the chain surviving in the first place.

The second level, however, is a type of 51% attack on a minority of miners. Once a majority of hash power signals support for Bitcoin Unlimited, Rizun wrote, the majority could reject (“orphan”) any blocks that do not signal this support.

“Miners will orphan the blocks of non-compliant miners prior to the first larger block to serve as a reminder to upgrade. Simply due to the possibility of having blocks orphaned, all miners would be motivated to begin signaling for larger blocks once support definitively passes 51%. If some miners hold out (e.g., they may not be paying attention regarding the upgrade), then they will begin to pay attention after losing approximately $15,000 of revenue due to an orphaned block.”

(It should be noted that this attack can betrivially subverted. Especially now that the attack is known, miners can, and probably will, signal fake support. Indeed, at least one small pool has literally “signaled support” with apoop emoticon.)

If the original Bitcoin blockchain survives even after these two levels, Rizun explained that a subset of miners in favor of Bitcoin Unlimited could disrupt this chain by exclusively producing empty blocks on the original chain. This would prevent any and all transactions from confirming as long as the attack is ongoing.

“To address the risk of coins being spent on this chain (replay risk), majority miners will deploy hash power as needed to ensure the minority chain includes only empty blocks after the forking point.”

And in line with the strategy described by Gavin Andresen:

“This can easily be accomplished if the majority miners maintain a secret chain of empty blocks  —  built off their last empty block  —  publishing only as much of this chain as necessary to orphan any non-empty blocks produced on the minority chain.”

(This attack can be waited out until the attacker’s funds run out, and perhaps dismantled altogether. Discussion on potential strategies is ongoing on theBitcoin-development mailing list. And of course, there is the potential of a proof-of-work algorithm change.)

While noting that he doesn’t necessarily endorse the strategy, Rizun predicted that a coin-split would be avoided in this way: a “safe upgrade procedure,” he later noted on Reddit.

Rizun alsosubmitted his ideas to the Bitcoin-development mailing list. (Where it was, unsurprisingly,forcefullydismissed.)

Bitmain Co-CEO Jihan Wu

Jihan Wu is the co-CEO of Chinese ASIC-hardware producer Bitmain. AntPool is Bitmain’s mining pool, and BTC.com, another mining pool, is a subsidiary of Bitmain.

Wu is avocal proponent of Bitcoin Unlimited as well, and announced toBloomberg that he would switch the hash power in his pool to Bitcoin Unlimited in anticipation of a hard fork — which he has since indeed done. (Though, notably, BTC.com has not.)

And in an interview withForbes, Wu said he wouldn’t rule out attacking the Bitcoin blockchain, or, “undermining Core” as it is described in the article.

“It may not be necessary to attack it,” he said. “But to attack it is always an option.”

Thanks to Libbitcoin lead developer Eric Voskuil for feedback.
回复

使用道具 举报

您需要登录后才可以回帖 登录 | 免费注册

本版积分规则

广告合作|Archiver|手机版|小黑屋|财富吧

GMT+8, 2024-11-1 23:37 , Processed in 0.374401 second(s), 35 queries , Gzip On.

Powered by Discuz! X3.1

© 2014-2021 财富吧

快速回复 返回顶部 返回列表