When Bitcoin ceases to be Bitcoin (the 2nd death)

When Bitcoin ceases to be Bitcoin (the 2nd death)

The post originally appears on Medium and we republished with permission.

On the 18th of November, 2018, deadalnix pushed the following commit to the bitcoin-abc repository which was publicly released yesterday: https://github.com/Bitcoin-ABC/bitcoin-abc/commit/917d65774c40c6bfad500a660e581c8ea5e20df0

The theory behind this is a defense against hostile reorganizations (there is no actual evidence of such actions having been taken) with a rolling checkpoint system. A block was finalized once it had received ten confirmations — even if an alternate chain had more proof-of-work, if it conflicted with a checkpoint, the node would not switch over to the longest chain.

In doing do Amaury Sechet has not only abandoned any pretense of Bitcoin ABC following the Bitcoin model of blockchain security. He has opened it up to new attacks that require centralised decision-making to engage in permissioned mining by ignoring the longest chain to defend against. If the below attacks are carried out it will not be miners that decide which transactions are considered canonical according to bitcoin rules, but a central committee most likely made up of Amaury, Jihan and Roger.

It is important to note that at this time none of the other ABC compatible implementations include this change. It appears that it was implemented unilaterally and without consultation by Amaury Sechet in a continuation of a well established pattern. This is the past, present and future of ABC coin.

If ABC want to go down this road and implement the rest of their roadmap that is their prerogative. But please do not try to call it Bitcoin whilst undermining the most fundamental principles that make Bitcoin what it is.

Overview of the Commit

There are two chains — an honest chain (that follows the majority of the mining consensus), and a shadow chain (that follows the attacker).

The game theory behind the defense is that if a hostile miner produces the shadow chain, once it diverges from the honest chain by more than ten blocks it is considered useless, as it cannot reorganize the honest chain — even if it has more work. The attacker would give up and stop extending the shadow chain.

Checkpoints are maintained by node operations themselves, and this behavior of checkpointing is enabled on all nodes by default.


The Double-Spend Attack

If an attacker controls more than 50 percent of the processing power driving the ABC blockchain, they can submit a set of 10 blocks to the network by reorganizing the ten honest blocks. If this attack is executed at the same time as the network finds the 10th block in that submitted a sequence (and thereby selecting it as an honest checkpoint), it can cause ABC to suffer a chain split. ABC is currently open to being maliciously hard forked.

Since not all information gets propagated over the network at the exact same time, some nodes will see a 10-block reorganization — which they will reject — and others will see a 9-block reorganization, which they will accept. The network will then fork into two.

If there is two exchanges on different forks, an attacker is able to sell the same coin twice on both exchanges for a double-spend attack.

The Sybil Attack

Cost of Attack: ❤0K (Rental Hash)

minority hash rate miner can perform a network attack. Normally, if they mine ten blocks in a sequence and submit their own blocks for processing while ignoring other miner’s blocks, it becomes a minority chain split that nodes (who only recognize the longest chain) will inevitably ignore. However, if a node that is out of sync reconnects to the network — for instance, if it has gone offline for a few hours — it could receive data related to the wrong blockchain first, leading to the real chain being rejected from that point onward. The attacker would then have full control over what transaction a node accepts, and what can be exploited to execute double-spend attacks.

As a rule of thumb in developing node infrastructure, you cannot rely on the timestamped data to be synced with other nodes.

Note: The original white paper appeared to imply that the ability for nodes to be switched off, and then verify what happened when it was offline, was important:

“Nodes can leave and rejoin the network at will, accepting the proof-of-work chain as proof of what happened while they were gone.”

BCHABC requires a node to be online 24×7.


FURTHER GAME THEORY

Bob and Alice are trading BTC for BCH.

Bob says he sent Alice the BTC, so Alice should send the BCH. Alice starts up her full node that has been online during the day and syncs the latest blocks. When her node has stopped syncing, it says that Alice received BTC — she then sends Bob BCH. Later, she finds out that she has synced a malicious 10-block fork that has become immutable, and the actual BTC she received were spent on something else on the main chain.

While the attack relies on Bob getting the malicious 10-block fork to Alice before another honest miner has sent her the real chain, there are ways to optimize this scenario. For instance, he may be spawning Sybil nodes to maximize his odds of this happening.

In a typical Bitcoin scenario, Sybil attacks are hard to perform because just one of the nodes you connect to needs to be honest for the attackers to fail. In this case, an attacker just has to get to you first. Furthermore, if an attacker is able to place his node in closer proximity to you or the seed nodes, he can optimize his chances of you getting a response from him faster than the honest nodes. This attack doesn’t need to rely on partitioning to work. Bob could be the owner of several block explorers, too, so even if Alice double-checked, Bob could still be able to trick her.

Bob may have even generated more blocks than 10. He could have 16 blocks. He would feed Alice 6 others using a 10-minute average Poisson distribution.

While this attack is in theory absurd, with enough money on the line, this attack could be executed.


Solution

Disable finalizing during the initial block download, and only enable it after the most active chain has been fully synced for x amount of hours.

Conclusion

The most fundamental principle of Bitcoin confirmation is proof of work, that is underpinned by proof of investment. By enabling the investment of miners to be sidestepped that fundamental principal is thrown out the window. It is now up to a central authority to decide and once you take that step there is no longer any need for a block chain. A MySQL database will achieve the same result.

This is an ill thought out change executed in an incredibly rushed and reckless manner with almost zero chance it was properly tested. The fact that a new consensus rule can be introduced in such a unilateral manner by a single developer is alarming. What is more alarming is that one developer can throw out the entire foundation of Bitcoin security without opposition. This is the future of ABC coin. In August last year Bitcoin died on the BTC chain with the introduction of Segwit. It survived in the form of Bitcoin Cash until yesterday when it was killed off again by Bitcoin ABC. If Bitcoin SV had not stood it’s ground and preserved the rules of Bitcoin in SV, yesterday would have been the last day Bitcoin existed in this world.

Exchanges selling BCHABC could be conducting fraud

Exchanges selling BCHABC could be conducting fraud

In anticipation of the Bitcoin Cash hard fork last week, two cryptocurrencies were launched—BCHABC and BCHSV. Each corresponded to one of the two camps that were pushing BCH’s divide, but only one has the potential to be considered a fraudulent pump-and-dump scheme—BCHABC.

Medium user “Without Fear” provides a considerable amount of data to support that belief in a recent thread on the social media platform. Before anyone goes off the deep end and accuses Without Fear of being nothing more than a puppet for BCHSV, it would be in their best interest to read the post and understand better the scenario.

Without Fear points out that, prior to the hard fork, “[W]e have hash that wasn’t mining BCH before the fork, which means that (without looking at it) this is either pragmatic hash that makes money by selling the ABC coins they mine, or hash rented by the people who wanted or believed in the ABC ruleset. However it became clear after the following announcement by Bitcoin.com that a lot of the hash that would mine BCHABC the day of the fork would be stolen hash from Bitcoin.com pool miners.”

The author goes on to show that there have been a number of mining pools that have stolen hash from their customers in order to point them to BCHABC proponent Bitcoin.com, including Antpool, viaBTC and BTC.TOP, creating a pool that post’s author refers to as BABV. This hash, asserts Without Fear, is unstable and is being mined against the market’s wishes—it is forced hash.

He also shows how the Kraken exchange is trying to manipulate public sentiment. Kraken is backed by Bitcoin.com’s Roger Ver and recently stated that it will support BCHSV, but warned that Bitcoin SV “should be seen as an extremely high risk investment, citing several “red flags”: BCHSV has no wallets that support replay protection, it has no support in major block explorers and because miners are subsidized or operating at a loss, among others. This is a blatant disregard of the facts and a manipulation of the truth. Neither BCHSV nor BCHABC offer replay protection and BCHSV most definitely has support in block explorers. There is no evidence to support the fact that BCHSV miners are being subsidized, whereas Without Fear provides several examples of how BCHABC is subsidized. Ver himself has even admitted to it, telling CoinGeek’s Calvin Ayre that Bitcoin.com can subsidize BCHABC with 4000 petahashes for a decade.

So, where does this leave us? BABV is a pool that is creating hash that is supposed to be mined elsewhere, but whose components have been pointed by the pool operators—not the miners—to mine BCHABC in an attempt to signal market strength. As Without Fear correctly ascertains, “However, this is not real demand, the machine owners never asked or consented to mine BCHABC. This is being done behind their back while they are paid as if machines are mining BTC, or whatever is most profitable.”

In the absence of true market demand, the forced hash will revert to its original source and BCHABC will, by default, stop progressing. Explains Without Fear, “Considering that ABC hash support was 800 when the BCH price was around $500 and that the current BCHABC price is less than $300, such plunge in hash would spiral out of control and lead to a full halt in what these exchanges have labelled as the “BCH” chain. The portfolios of people who held BCH before the fork would now be worth zero while the BCHSV chain keeps being mined.”

Without Fear’s advice is simple and insightful: “[S]teer clear of exchanges that try to sell ABC as ‘BCH’ as ABC is extremely unstable and not comparable to your BCH holdings.”