A few days ago I posted some potential issues with BU. In this post I will take a deeper dive into one of the issues raised.
Illustration of an attack block (choosing the median EB)
BU parameter data from last 2,000 blocks:
500 blocks – MG=2MB, EB=2MB, AD=4, Cumulative hashrate 25%
250 blocks – MG=2MB, EB=3MB, AD=6, Cumulative hashrate 37.5%
250 blocks – MG=2MB, EB=3MB, AD=25, Cumulative hashrate 50%
Possible malicious block size = 3.1MB, which splits the hashrate into two large groups
500 blocks – MG=2MB, EB=5MB, AD=3, Cumulative hashrate 75%
250 blocks – MG=2MB, EB=6MB, AD=16, Cumulative hashrate 87.5%
250 blocks – MG=2MB, EB=32MB, AD=2, Cumulative hashrate 100%
For any distribution of EB, there exists a median figure, which could split the hashrate.
Some responses to the above scenario from /r/btc are summarized below, along with my follow up concerns.
1 – Such a scenario would not exist
I assume that this means the miners do not ever set a variety of different values for EB. If this is the case, what is the point of BU? Either miners have a distribution of values for EB and this attack vector exists, or they do not, and therefore BU is pointless.
2 – Miners are not stupid, they will not let the above situation persist
I assume this could mean that if the above scenario occurs, miners will manually adjust their BU parameters to ensure the miners all converge on one chain. This seems to be a change in security model that requires mining operator to be online communicating and making decisions, rather than simply choosing which code to run. BU can therefore be considered a reduction in the level of automation. This could be a change in security model, that may be less reliable and less robust than the current system. In my view, this manual system may not scale well.
3 – 51% of miners would not collude to do such an attack
The attack does not require the collusion of 51% of miners. The attacker only needs a miner to produce one block, at any time, to split the hashrate
4 – Miners are not malicious, therefore they will not do this attack
As explained above, the attack only requires one block to be viable, this is different to the 51% of miners we had to assume are honest before BU. (This may be an oversimplification).
5 – Even if the above attack does work, it does not matter as one chain will eventually win
It is true that one chain may eventually win. However, the above has made a double spend attack easier and increases wasted work, making the chain less secure. If the larger block chain wins, it may take a while for the issue to be resolved, depending on miner’s AD settings. The resolution process could be disruptive to users.
6 – The scenario above is no different to what happens with the current Bitcoin Core system
I am not sure I understand this. Currently a rule is either enforced strictly or does not exist at all. The "partial" enforcement of a rule, like BU does with the blocksize seems to be a new concept. Currently there is no gradual scale of which blocksize miners will enforce, allowing an attacker to choose any arbitrary point on the scale to split the network.