pull down to refresh
Or they thought the Apache Kid Rock jerkoff should be investigated....
Edit: shit, they actually dispel that theory in the article. Not sure if that impresses me or makes me more sad.
So what were the findings? Isn't this the definition of a Sybil attack?
AI:
A Sybil attack in Bitcoin occurs when a single entity creates and controls a large number of pseudonymous identities (nodes) to gain a disproportionate influence over the network. The name comes from the book Sybil, a case study of a woman diagnosed with multiple personality disorder.
Mechanism of the Attack
In a peer-to-peer network, nodes rely on their "neighbors" to relay transactions and blocks.
In a Sybil attack:
- The attacker floods the network with fake nodes.
- They attempt to surround a target node so that all of its incoming and outgoing connections are linked to the attacker's controlled nodes.
- Once isolated, the target node can be fed false information or blocked from seeing legitimate transactions.
Potential Impact on Bitcoin
While a Sybil attack cannot directly steal Bitcoin or change the rules of the protocol (like creating new coins), it can lead to several disruptions:
- Double-Spending: By isolating a node, an attacker can prevent it from seeing a transaction that has already been spent elsewhere, making a second transaction appear valid.
- Information Censorship: The attacker can refuse to relay blocks or transactions to the victim, effectively "blacking out" their view of the blockchain.
- Privacy Erosion: Controlling multiple nodes allows the attacker to monitor transaction flows and deanonymize users by tracking which IP addresses broadcast which transactions.
How Bitcoin Prevents Sybil Attacks
Bitcoin does not use identity-based security (which is easy to fake). Instead, it uses Proof of Work (PoW).
- Resource Cost: Creating a "fake" node is cheap, but gaining the power to influence the ledger (mining) requires physical hardware and electricity. An attacker cannot "fake" computational power.
- Node Connectivity: Bitcoin Core nodes are designed to connect to multiple disparate peers. It is difficult and computationally expensive for an attacker to successfully surround a node that has diverse connections across the global network.
- No Voting Power: Unlike Proof of Stake or other consensus mechanisms where "one identity = one vote," Bitcoin consensus is governed by the longest chain of cumulative PoW. Creating a million Sybil nodes does not grant an attacker the ability to rewrite the blockchain.
Right, that made no sense at all. And what was the point of using all of those nodes to signal for BIP-110?
Another bone to pick with wording and oversimplification from the 4/1 daily briefing:
"P2PKH (standard addresses) are only vulnerable if you reuse addresses, because the public key is revealed when you spend."
Segwit addresses, legacy/nested/native/native multisig are only ever vulnerable to quantum attack, assuming a CRQC existed, which it doesn't, during the short time it takes from when a transaction is signed and broadcast and when it is included in a block. That's going to be ~10 minutes. From that point forward the funds are safe at rest forever, assuming the receive address wasn't reused from a previous send address.
This is the part that I think gets glossed over that people don't understand. The term "reused address" isn't clarified. You can send funds over and over and over to the same address and that receiving address is in no way vulnerable to quantum attack, except during the delay between broadcast and confirmation as discussed. The "reuse" part of the warning is specific to reuse of a SENDING address. Once a transaction is sent from an address the public key, or the witness script for multisig, are revealed and permanent on the blockchain. If you were to send funds back to that send address THEN those specific funds (UTXO) would be vulnerable at rest. The reusing of a send address as a receive address would have to be done manually because every modern wallet on the planet uses fresh addresses for send/receive/change. Basically you would have to be deliberately stupid to create a situation were a PORTION of your funds were susceptible to an attack that doesn't exist.
"Address reuse" is a nebulous term and gets confused and conflated with privacy concerns that are separate from the quantum risk.
Checking out the site and reading the daily briefing.
On the Google thing from yesterday, your mention of it here and in the 3/31 briefing, please help me understand where I'm wrong.
Google is not predicting that a quantum computer will break ECDSA in three years. They are setting an aggressive 2029 deadline to finish upgrading their own internal servers to ensure they are protected well before the hardware actually matures. The actual risk is not that a quantum computer will exist in 2029. The risk is that if hardware advances faster than the 15-to-40-year estimate, Bitcoin's slow governance model mathematically guarantees it will be caught flat-footed, leaving the estimated 6.8 million BTC sitting in exposed legacy addresses completely defenseless. Do I have the right of it? Your mention here and today's briefing make it sound as if you are making the claim that Google has defacto said Bitcoin has three years to upgrade or the 6+ million coins are guaranteed forfeit.
Also, would be helpful if you'd publish the daily briefing as an RSS feed.
I think he dropped off before seeing your question. Just a point about part of your question: Bitcoin Core supports the three most recent major versions of the Bitcoin software. So currently 28, 29 and 30. 28 would roll off once 31 is released and so on.
bitcoincore.org/en/lifecycle/
Bitaxe and an Umbrel Home. You can run your full node and mine directly to your own public-pool.io instance. That will get you started.
Betteridge's Law of Headlines
"Any headline that ends in a question mark can be answered by the word no."
Why not just put your support and resources into Knots? It's built on Core and espouses to perform the same protection of Bitcoin's monetary properties? You've been a big proponent of Knots throughout the OP_Return and BIP-110 debates. Why do you feel it necessary to form what sounds like an identical derivative client?
Because they aren't looking for solutions, they are looking for "purity".