Hi ZmnSCPxj, Thank you for your comments. You raise an important point that I should clarify.
>1. In event of a sybil attack, a fullnode will stall and think the blockchain >has no more miners. You can still attack the full node by feeding it a minority PoW chain, then it won't stall. >2. In event of a sybil attack, an SPV, even using this style, will follow the >false blockchain. Correct, but this false blockchain does need to have valid PoW. So in both cases valid PoW is required to fool nodes. The one difference is that for a full node, the blocks themselves also need to be valid (except for the fact that they are in a minority chain), but the end result is still that a victim can be successfully double spent and lose money. I hope this clarifies why I consider the security for these two situations to be roughly equivalent. In either situation, victims can be fooled into accepting invalid payments. Cheers, Ruben On Mon, Sep 9, 2019 at 6:14 AM ZmnSCPxj <zmnsc...@protonmail.com> wrote: > > Good morning Ruben, > > > > One might intuitively feel that the lack of a commitment is unsafe, > > but there seems to be no impact on security (only bandwidth). The only > > way you can be fooled is if all peers lie to you (Sybil), causing you > > to follow a malicious minority chain. But even full nodes (or the > > committed version of PoW fraud proofs) can be fooled in this way if > > they are denied access to the valid most PoW chain. If there are > > additional security concerns I overlooked, I’d love to hear them. > > > I think it would be better to more precisely say that: > > 1. In event of a sybil attack, a fullnode will stall and think the > blockchain has no more miners. > 2. In event of a sybil attack, an SPV, even using this style, will follow > the false blockchain. > > This has some differences when considering automated systems. > > Onchain automated payment processing systems, which use a fullnode, will > refuse to acknowledge any incoming payments. > This will lead to noisy complaints from clients of the automated payment > processor, but this is a good thing since it warns the automated payment > processor of the possibility of this attack occurring on them. > The use of a timeout wherein if the fullnode is unable to see a new block > for, say, 6 hours, could be done, to warn higher-layer management systems to > pay attention. > While it is sometimes the case that the real network will be unable to find a > new block for hours at a time, this warning can be used to confirm if such an > event is occurring, rather than a sybil attack targeting that fullnode. > > On the other hand, such a payment processing system, which uses an SPV with > PoW fraud proofs, will be able to at least see incoming payments, and > continue to release product in exchange for payment. > Yet this is precisely a point of attack, where the automated payment > processing system is sybilled and then false payments are given to the > payment processor on the attack chain, which are double-spent on the global > consensus chain. > And the automated system may very well not be able to notice this. > > Regards, > ZmnSCPxj _______________________________________________ bitcoin-dev mailing list bitcoin-dev@lists.linuxfoundation.org https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev
