0

Assuming Bitcoin had a different method for selecting winning nodes and controlling block time creation, please describe step-by-step how the Bitcoin network would be vulnerable to various attacks. How would it play out?

Preferred format:

  1. Bad Actor is selected as winning node
  2. Bad Actor makes changes to an Old Block
  3. Bad Actor re-hashes affected block segments, from Old Block to Last Block — (now possible due to low cost)
  4. Bad Actor processes New Block

Please continue...

Curious Cyrus
  • 1
  • 1
  • 2
    Bitcoin does not select a node as a "winner". The truth is agreed to be the longest chain. – JBaczuk Aug 03 '18 at 15:17
  • By "winning node" I mean the node that completes the mathematical puzzle first. My question suggests evaluating a scenario where POW is essentially eliminated. However, since POW also serves to select a "winning node" to process a new block, as well as setting the time window (10 minutes), this hypothetical assumes alternative mechanisms provide those functions, absent POW. – Curious Cyrus Aug 03 '18 at 15:48

2 Answers2

1

It think you have your steps of an exploit wrong. It sounds like you are trying to describe a 51% attack, but are ignoring several factors

First off, step 1 isn't required for steps 2-4 to occur. A bad actor could make changes to an old block (for example, removing a transaction) and then perform the proof of work on that block and all the blocks on top. Winning the current block isn't required until all the blocks on top of the edited one are computed and caught up to the current block height (or really chainwork). So the order of the attack would be step 2, step 3.

Step 4 also isn't really required. Once the attacker has a longer chain than the rest of the network, she can simply publish their blocks, and other nodes will perform a reorganization. Whether it's the attacker or someone else that wins the next block doesn't matter. The edit of a previous block has already occurred, and the attack is complete.

So, in your preferred format:

  1. Bad Actor makes changes to an Old Block
  2. Bad Actor re-hashes affected block segments, from Old Block to Last Block — (now possible due to low cost)
  3. Attack complete

The problem with this is that you are assuming that only the attacker has the reduced cost for PoW. If everyone has access to cheaper hashing, then it doesn't matter that the attacker has access, because she would still have to out-compete the rest of the network combined. Also, even if the attacker is the only one with access, there's only a limited amount of blocks she can reasonably recompute in a timeframe. Every 2,016 blocks the difficulty is recalculated based on the amount of time that it took to calculate the previous 2,016 blocks. If a decent number of those blocks were calculated in secret at this much higher rate, it will increase the difficulty even for blocks calculated in secret. At some point, the attacker would be making her own job harder.

You may want to read this question to understand better: What can an attacker with 51% of hash power do?

Jestin
  • 8,812
  • 1
  • 22
  • 32
0

What would happen if PoW cost were drastically reduced

Blocks would be mined much faster (block time would be much lower). This would have side effects like more orphaned blocks, but to attack the network you'd have to make changes to a much higher number blocks. Effectively the total amount of work would be the same.

What would happen if PoW cost were [eliminated]

An attacker could:

  1. Edit the entire history of transactions in their favor.
  2. No need to redo proof of work because it's not required.
  3. Hope other nodes accept this block among the inevitable barrage of other blocks because there's no consensus requirements if PoW is eliminated.

Note: This would be limited to removing transactions because if the attacker wanted to change values of transactions, they would have to actually resign the transactions, and that would require the private key of the original sender.

JBaczuk
  • 7,388
  • 1
  • 13
  • 34
  • JBaczuk, thanks for your response. This scenario assumes there are alternative mechanisms for: 1) regulating block time creation and 2) hashing blocks (i.e. previous block hash, Merkle tree hash, etc.). The POW's hashing function would be preserved for security (linking blocks, etc.), but the computationally intensive search for a nonce would be eliminated. Given these parameters, how could bad actors attack the system? Thanks again! – Curious Cyrus Aug 03 '18 at 17:30
  • what is an alternative to hashing a block without actually hashing a block? – JBaczuk Aug 03 '18 at 17:37
  • Let me rephrase. What would happen if POW difficulty was drastically reduced, but block creation could still be maintained at 10 minutes through some other mechanism? – Curious Cyrus Aug 03 '18 at 18:22
  • It depends on that mechanism. Is a random node selected every 10 minutes? Sybil attack. Is it a random block hash selected every 10 minutes? How do you agree on the random block hash? How can you know how to attack a system that isn't defined? – JBaczuk Aug 03 '18 at 18:38