- Sep 18, 2015
- 62
- 114
Proposer: Tom Harding
Submitted on: 11/27/2016
[edit: Sponsor: freetrader]
Summary:
The implementation of BUIP001's EB/AD emergent blocksize consensus has a "sticky gate" behavior. While not widely understood, the sticky gate has a significant effect on BU nodes' ability to resist attacks from a relatively small fraction of dedicated hashrate opposition.
This BUIP seeks to revert the "sticky gate" to resist this type of attack.
Rationale:
The sticky gate is triggered by local observation of an accept-depth (AD) override to an excessive block (EB). The "gate" opens when a count of AD blocks are mined on top of an excessive block; it lets those blocks through. The "sticky" part is that once opened, the gate sticks open for 144 blocks. During that time, BU allows any size block for 144 more blocks -- about one full day.
While the gate is fundamental to BU emergent consensus, it should not be sticky. Risk is introduced by the combination of published AD values and the daylong period devoid of blocksize checks, which present attacker a way to disrupt the BU chain.
Attacker's challenge is to create an excessive block, followed by AD confirming blocks, before honest BU nodes can create a competing chain of length AD+1. If an attacker can succeed in this, he has 144 blocks which are permitted to be any size at all.
Attacker then submits as many enormous blocks as possible, to make them a permanent part of the BU chain, straining all BU users, possibly fragmenting the chain and/or pushing some users off the network. Alternatively, he submits large blocks of various sizes, in an attempt to maximize fragmentation when nodes come back online after 144 blocks.
Attacker's likelihood of success during a single attempt to open the sticky gate depends on the hashrate fraction q (of total BU hashrate) that he dedicates to this purpose. The probability of success for AD=5 is as follows (review of this is very welcome):
AD=5
q P[success]
0.05 0.00000580135
0.10 0.000295706
0.15 0.00265686
0.20 0.0116542
0.25 0.0343275
0.30 0.0782248
0.35 0.148684
0.40 0.246502
0.45 0.366877
0.50 0.5
0.55 0.633123
0.60 0.753498
Attacker is free to make another attempt, as soon as one attempt fails. Such failure will take at most 11 blocks, so attacker can try approximately 13 times per day. Therefore an attacker with 20% hashrate has a worst-case success rate of approximately a 14% chance of successfully overwhelming AD=5 within one day. The risk introduced by the sticky gate is very high.
The goal of the sticky gate is to avoid nodes getting stuck when the network moves to a larger block size. But the risk is unacceptable. Instead of this automatic security reduction, regular nodes should consider a higher EB value than they might otherwise use. Miners should continue to immediately alert technical staff any time an invalid block with valid PoW is seen for any reason, not just excessive block size. Invalid blocks are very rare and always deserve close immediate attention.
Specification:
Revert to the behavior that is documented in BUIP001 and that was effective until March 8, 2016.
Implementation:
An implementation of the reversion is available in PR#169.
Submitted on: 11/27/2016
[edit: Sponsor: freetrader]
Summary:
The implementation of BUIP001's EB/AD emergent blocksize consensus has a "sticky gate" behavior. While not widely understood, the sticky gate has a significant effect on BU nodes' ability to resist attacks from a relatively small fraction of dedicated hashrate opposition.
This BUIP seeks to revert the "sticky gate" to resist this type of attack.
Rationale:
The sticky gate is triggered by local observation of an accept-depth (AD) override to an excessive block (EB). The "gate" opens when a count of AD blocks are mined on top of an excessive block; it lets those blocks through. The "sticky" part is that once opened, the gate sticks open for 144 blocks. During that time, BU allows any size block for 144 more blocks -- about one full day.
While the gate is fundamental to BU emergent consensus, it should not be sticky. Risk is introduced by the combination of published AD values and the daylong period devoid of blocksize checks, which present attacker a way to disrupt the BU chain.
Attacker's challenge is to create an excessive block, followed by AD confirming blocks, before honest BU nodes can create a competing chain of length AD+1. If an attacker can succeed in this, he has 144 blocks which are permitted to be any size at all.
Attacker then submits as many enormous blocks as possible, to make them a permanent part of the BU chain, straining all BU users, possibly fragmenting the chain and/or pushing some users off the network. Alternatively, he submits large blocks of various sizes, in an attempt to maximize fragmentation when nodes come back online after 144 blocks.
Attacker's likelihood of success during a single attempt to open the sticky gate depends on the hashrate fraction q (of total BU hashrate) that he dedicates to this purpose. The probability of success for AD=5 is as follows (review of this is very welcome):
AD=5
q P[success]
0.05 0.00000580135
0.10 0.000295706
0.15 0.00265686
0.20 0.0116542
0.25 0.0343275
0.30 0.0782248
0.35 0.148684
0.40 0.246502
0.45 0.366877
0.50 0.5
0.55 0.633123
0.60 0.753498
Attacker is free to make another attempt, as soon as one attempt fails. Such failure will take at most 11 blocks, so attacker can try approximately 13 times per day. Therefore an attacker with 20% hashrate has a worst-case success rate of approximately a 14% chance of successfully overwhelming AD=5 within one day. The risk introduced by the sticky gate is very high.
The goal of the sticky gate is to avoid nodes getting stuck when the network moves to a larger block size. But the risk is unacceptable. Instead of this automatic security reduction, regular nodes should consider a higher EB value than they might otherwise use. Miners should continue to immediately alert technical staff any time an invalid block with valid PoW is seen for any reason, not just excessive block size. Invalid blocks are very rare and always deserve close immediate attention.
Specification:
Revert to the behavior that is documented in BUIP001 and that was effective until March 8, 2016.
Implementation:
An implementation of the reversion is available in PR#169.
Last edited by a moderator: