Dragi Bucukovski [ARCHIVE] on Nostr: š Original date posted:2019-09-09 š Original message:How much do I have in my ...
š
Original date posted:2019-09-09
š Original message:How much do I have in my account can you please tell me
Sent from my iPhone
> On 9 Sep 2019, at 2:14 pm, ZmnSCPxj via bitcoin-dev <bitcoin-dev at lists.linuxfoundation.org> wrote:
>
> Good morning Ruben,
>
>
>> One might intuitively feel that the lack of a commitment is unsafe,
>> but there seems to be no impact on security (only bandwidth). The only
>> way you can be fooled is if all peers lie to you (Sybil), causing you
>> to follow a malicious minority chain. But even full nodes (or the
>> committed version of PoW fraud proofs) can be fooled in this way if
>> they are denied access to the valid most PoW chain. If there are
>> additional security concerns I overlooked, Iād love to hear them.
>
>
> I think it would be better to more precisely say that:
>
> 1. In event of a sybil attack, a fullnode will stall and think the blockchain has no more miners.
> 2. In event of a sybil attack, an SPV, even using this style, will follow the false blockchain.
>
> This has some differences when considering automated systems.
>
> Onchain automated payment processing systems, which use a fullnode, will refuse to acknowledge any incoming payments.
> This will lead to noisy complaints from clients of the automated payment processor, but this is a good thing since it warns the automated payment processor of the possibility of this attack occurring on them.
> The use of a timeout wherein if the fullnode is unable to see a new block for, say, 6 hours, could be done, to warn higher-layer management systems to pay attention.
> While it is sometimes the case that the real network will be unable to find a new block for hours at a time, this warning can be used to confirm if such an event is occurring, rather than a sybil attack targeting that fullnode.
>
> On the other hand, such a payment processing system, which uses an SPV with PoW fraud proofs, will be able to at least see incoming payments, and continue to release product in exchange for payment.
> Yet this is precisely a point of attack, where the automated payment processing system is sybilled and then false payments are given to the payment processor on the attack chain, which are double-spent on the global consensus chain.
> And the automated system may very well not be able to notice this.
>
> Regards,
> ZmnSCPxj
> _______________________________________________
> bitcoin-dev mailing list
> bitcoin-dev at lists.linuxfoundation.org
> https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev
š Original message:How much do I have in my account can you please tell me
Sent from my iPhone
> On 9 Sep 2019, at 2:14 pm, ZmnSCPxj via bitcoin-dev <bitcoin-dev at lists.linuxfoundation.org> wrote:
>
> Good morning Ruben,
>
>
>> One might intuitively feel that the lack of a commitment is unsafe,
>> but there seems to be no impact on security (only bandwidth). The only
>> way you can be fooled is if all peers lie to you (Sybil), causing you
>> to follow a malicious minority chain. But even full nodes (or the
>> committed version of PoW fraud proofs) can be fooled in this way if
>> they are denied access to the valid most PoW chain. If there are
>> additional security concerns I overlooked, Iād love to hear them.
>
>
> I think it would be better to more precisely say that:
>
> 1. In event of a sybil attack, a fullnode will stall and think the blockchain has no more miners.
> 2. In event of a sybil attack, an SPV, even using this style, will follow the false blockchain.
>
> This has some differences when considering automated systems.
>
> Onchain automated payment processing systems, which use a fullnode, will refuse to acknowledge any incoming payments.
> This will lead to noisy complaints from clients of the automated payment processor, but this is a good thing since it warns the automated payment processor of the possibility of this attack occurring on them.
> The use of a timeout wherein if the fullnode is unable to see a new block for, say, 6 hours, could be done, to warn higher-layer management systems to pay attention.
> While it is sometimes the case that the real network will be unable to find a new block for hours at a time, this warning can be used to confirm if such an event is occurring, rather than a sybil attack targeting that fullnode.
>
> On the other hand, such a payment processing system, which uses an SPV with PoW fraud proofs, will be able to at least see incoming payments, and continue to release product in exchange for payment.
> Yet this is precisely a point of attack, where the automated payment processing system is sybilled and then false payments are given to the payment processor on the attack chain, which are double-spent on the global consensus chain.
> And the automated system may very well not be able to notice this.
>
> Regards,
> ZmnSCPxj
> _______________________________________________
> bitcoin-dev mailing list
> bitcoin-dev at lists.linuxfoundation.org
> https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev