So as far as I understand Bitcoin ABC recently added deep reorg protection in the sense that every block with depth 10 or more becomes immutable and protected from chain reorganisation. This in particular means that a node will stay on a minority chain if switching to the majority chain requires a reorg of 10 or more blocks. In the following I outline some thoughts on a possible attack which exploits this behaviour to irreversibly split the network.
The assumption of this attack is that there is an attacker with a significant share of the hash power at his disposal (which in my understanding is also the assumption that lead to the implementation of deep reorg protection in the first place). The attack takes place as follows:
-
At the current block X the attacker starts mining a private chain (called attack chain in the following), competing with the chain build by the honest miners (called honest chain in the following).
-
Given a sufficient share of the hash rate the attacker has a chance to reach a chain of length 10 (measured from X), before the honest miners do. If he fails he simply abandons his chain and starts again.
-
If he succeeds he waits for the honest chain to reach length 9 (again measured from X) and when it does he tries to find the 10th block on the honest chain first. Again given a sufficient share of the hash rate he has a chance for being successful.
-
If he is successful he publishes his private chain to one half of his network connections and the newly found 10th block the the other half. (More elaborately he would probably give the private chain a small head start due to the larger propagation time.)
-
All nodes receiving the private chain first are currently 9 blocks away from X (which is where the honest chain and the attack chain diverge), therefore they will allow a reorg to the attack chain as it is one block longer and the reorg depth is below 10. After the reorg X is at depth 10, therefore the deep replay protection prevents switching back to the honest chain.
-
All nodes receiving the 10th block on the honest chain first will append said block to their chain, thereby moving X to depth 10. Consequently the deep reorg protection prevents those nodes to ever switch to the attack chain.
-
If the attacker is able to simultaneously publish the attack chain and the 10th block on the honest chain to a large number of nodes, the network will split into two parts, one following the honest chain and one following the attack chain. The deep reorg protection prevents both parts of the network to rejoin, causing an irreversible chain split (apart from manual interaction and consent finding).
The immediate effects are speculation, but chaos and severe drop in usability, value and trust in the Bitcoin Cash network is guaranteed. Possibly even worse than what would happen in case of a deep reorg.
It is in the middle of the night here, so i skip doing the Math on the success probabilities of this attack. However I conjecture that chances become very reasonable if the attacker has 50% or more of the hash rate.
[link] [comments]
source https://www.reddit.com/r/btc/comments/9zamrh/network_split_attack_why_i_think_abcs_reorg/
No comments:
Post a Comment