Author: Tom Harding 2014-10-28 17:38:07
Published on: 2014-10-28T17:38:07+00:00
Gregory Maxwell has proposed an attack on Bitcoin in which a malicious miner can simultaneously flood other miners with orthogonal double spends that he doesn't mine himself. The attack is based on transmitting three transactions to two miners at the same time, thus creating a situation where Miner A knows about tx1a before Miner B, and Miner B delays his block until he knows about tx1a. The attacker tries to make it so that everyone else has a tx1a conflict that Miner A does not have. This attack can add something to the risk of including tx1 when a double-spend is known, but Miner A can neutralize his risk by excluding any tx1 known to be double-spent. However, Miner A has additional information - he knows how soon he received tx2 after receiving tx1a. The attack has little chance of success if any of the malicious transactions are sent 10 seconds apart from each other. If the 1->2 transmit gap is large, mempools will agree on 1. If 1->2 gap is small, but the gap to 3 is large, mempools will agree on the 1-2 pair, but possibly have the order reversed. Either way, mempools won't disagree on the existence of 1 unless the 1->3 gap is small. It will be possible to quantify and target the risk of including tx1a to an arbitrarily low level based on the local measurement of the time gap to tx2, and an effective threshold won't be very high. The attack highlights yet again that the shorter the timeframe, the greater the risk.
Updated on: 2023-06-09T03:40:16.146819+00:00