0

Is it possible to steal proof-of-work answer from a miner who has insecure machine? Consider a miner who has insecure machine found correct answer of proof-of-work and an adversary steals this it and broadcasts to the whole of network to receive the related reward. Is it possible? and if so, what the solution? I do not mean "sealing block" but I mean "stealing nonce" i.e. the answer of pow for a "unique block". Consicer two miners (rational and honest) are working on a the same block. If honest miner can find correct nonce then rational steals this nonce and propagates it in entire network.

Questioner
  • 1,151
  • 8
  • 23
  • I do not mean "sealing block" but I mean "stealing nonce" i.e. the answer of pow for a "unique block". Consicer two miners (rational and honest) are working on a the same block. If honest miner can find correct nonce then rational steals this nonce and propagates it in entire network. – Questioner Sep 26 '17 at 14:31
  • @ Murch I do not mean "sealing block" but I mean "stealing nonce" i.e. the answer of pow for a "unique block". Consicer two miners (rational and honest) are working on a the same block. If honest miner can find correct nonce then rational steals this nonce and propagates it in entire network. – Questioner Sep 26 '17 at 14:39
  • Same problem: The nonce is only the correct solution in the context of a specific block candidate. And the block candidate contains a coinbase transaction that is specific to the miner, as it pays out the reward to the miner. You cannot steal the nonce, because it won't solve your block candidate that would be sending the reward do yourself. – Murch Sep 26 '17 at 23:15

1 Answers1

3

The proof-of-work is the fact that the hash of the block is a low number, when you interpret the hash as a long 256-bit number. If you change anything in the block then the hash changes and is very unlikely to be low enough (below the target), so the proof-of-work is gone. And quite right, you did not do any work to create that modified block.

So you can't modify the block after it is mined, which means you cannot change the bitcoin address that this block sends its miner income (new coins and transaction fees) to.

You cannot steal the miner income from a block after the block is mined.

However, if a mining pool server is insecure you could hack into it and make the mining pool mine blocks that pay your bitcoin address instead of their own.

You could also make individual miners in a pool mine for you instead of themselves. They wouldn't even need to have an insecure system. BGP routing attacks have been used to hijack miners before, making them connect to the hacker's server instead of the mining pool server they want to connect to. See https://www.wired.com/2014/08/isp-bitcoin-theft/ This could be mitigated by using TLS, just like web servers use TLS (https addresses).

So there are multiple ways to steal from miners, but doing something with a block that is already mined is not one of them.

Dr.Haribo
  • 8,439
  • 10
  • 43
  • 62
  • @ Dr.Haribo, I do not mean "sealing block" but I mean "stealing nonce" i.e. the answer of pow for a "unique block". – Questioner Sep 26 '17 at 14:28
  • Without the rest of the block the nonce is just some 32-bit number. Completely worthless. Sure you can call it the answer for a block. The answer for a block paying someone else, not you. – Dr.Haribo Sep 26 '17 at 14:51
  • @ Dr.Haribo, But I have the rest of block. Consider me and you are lokking for related nonce for block "b" (so, both of us have block "b" and block "b" is the head of blockchain), then you can find correct nonce before me, but your machine is insecure and so I'm monitoring yout machine. As a result, I can broadcast your nonce in the entire network. (pow inequation is : if (hash of "b" + nonce) < T then pow succeeded) – Questioner Sep 26 '17 at 15:31
  • You can't broadcast a nonce, only a whole block. And the block that the nonce works with says "pay DrHaribo". If you change the block to say "pay sas" then the block isn't valid anymore. – Dr.Haribo Sep 26 '17 at 15:33
  • You can't steal your neighbor's key to rob a bank. Their key only works on their door, not the bank. – Dr.Haribo Sep 26 '17 at 15:33
  • @ Dr.Haribo' I am stealing your nonce when you find it and when nonce is not signed. Please explain more clear your answers. I do change block "b" i.e. head of blockchain and your nonce is created based on hash of block "b". – Questioner Sep 26 '17 at 16:02
  • Nonces are not signed, they are just 32-bit numbers – Dr.Haribo Sep 26 '17 at 16:02
  • @ Dr.Haribo, I do change block "b" i.e. head of blockchain and your nonce is created based on hash of block "b". – Questioner Sep 26 '17 at 16:05
  • Right. You change the block, the hash is no longer under the target. Invalid block. You broadcast it but noone wants it. – Dr.Haribo Sep 26 '17 at 16:06
  • @ Pieter Wuille , Do you agree with me? – Questioner Sep 26 '17 at 16:07
  • @ Dr.Haribo, Sorry, but I sense you're repeating your sentences. consider pow inequation is i.e. If hash of ("b" + nonce) < T then pow succeeded. – Questioner Sep 26 '17 at 16:08
  • I build a block, putting together some transactions. In the first transaction (the coinbase) I specify that miner income should be paid to my bitcoin address. I try to modify parts of the block (the nonce or other parts) to get a hash that is below the target. I find one. I now have a valid block that pays me. If you get the block you can't do anything with it. If you change ANY part then the hash will be above the target, so the block is invalid. – Dr.Haribo Sep 26 '17 at 16:10
  • So sure, you can steal my block data, but if you change the part where the block says where the miner income should go to, then it's not a valid block anymore. You now have to start over, change the nonce or other parts, try to find a hash below the target. You accomplished nothing. – Dr.Haribo Sep 26 '17 at 16:11
  • @ Dr.Haribo, Thus, you mean : "for a unique blockchain that network has a consensus on it, there is not a unique nonce and everybody find a different answer" right? – Questioner Sep 26 '17 at 16:15
  • Everyone are trying to build their own blocks, putting together the data they want to put in the block. They are trying many billions of variations of the block every second. Not just changing the nonce, that would only last a split second. They build billions of blocks per second and check to see if any of them have a hash below the current target on the bitcoin network. That's what mining is. – Dr.Haribo Sep 26 '17 at 16:16
  • @ Dr.Haribo, So we must change inequation of PoW : If hash of ("b" + nonce) < T ? – Questioner Sep 26 '17 at 16:28
  • The proof-of-work is the fact that I found a block where hash("pay drharibo" + nonce + other-stuff) < target. If you change ANY part of the hashed data, it will no longer be < target. So you no longer have a proof-of-work. – Dr.Haribo Sep 26 '17 at 16:31
  • @sas - Dr. Haribo was quite clear in his explanations. Perhaps you should read some more about how Bitcoin works? The wiki is a good source for this - https://en.bitcoin.it/wiki/. – Meni Rosenfeld Sep 26 '17 at 21:31