[bitcoin-dev] Significant losses by double-spending unconfirmed transactions

Matthieu Riou matthieu at blockcypher.com
Thu Jul 16 00:08:05 UTC 2015


On Wed, Jul 15, 2015 at 12:32 PM, Peter Todd <pete at petertodd.org> wrote:

>
> "In a Sybil attack the attacker subverts the reputation system of a
> peer-to-peer network by creating a large number of pseudonymous
> identities, using them to gain a disproportionately large influence."
>

Our "identities" aren't pseudonymous.

In the case of Bitcoin, there's something like 6,000 nodes, so if that
> 20% is achived via outgoing connections you'd have 600 to 1200 active
> outgoing connections using up network resources.  Meanwhile, the default
> is 8 outgoing connections - you're using about two orders of magnitude
> more resources.
>

You're not talking about a Sybil attack anymore, just resource use. We do
know how to change default configurations to offer more connections.

If you are achieving that via incoming connections, you're placing a big
> part of the relay network under central control. As we've seen in the
> case of Chainalysis's sybil attack, even unintentional confirguation
> screwups can cause serious and widespread issues due to the large number
> of nodes that can fail in one go. (note how Chainalysis's actions were
> described(1) as a sybil attack by multiple Bitcoin devs, including
> Gregory Maxwell, Wladimir van der Laan, and myself)
>

We're not Chainanalysis and we do not run hundreds of distinct nodes. Just
a few well-tuned ones.


> What you are doing is inherently incompatible with decentralization.
>

That's a matter of opinion. One could argue your actions and control
attempts hurt decentralization. Either way, no one should play the
decentralization police or act as a gatekeeper.

Question: Do you have relationships with mining pools? For instance, are
> you looking at contracts to have transactions mined to guarantee
> confirmations?
>

No, we do not. We do not know anyone else having such contracts. As you
know, Coinbase also denied having such contracts in place [1]. But you seem
to have more relationships with mining pools than we do.

Thanks,
Matthieu
CTO and Founder, BlockCypher

[1]
http://lists.linuxfoundation.org/pipermail/bitcoin-dev/2015-June/008864.html
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/attachments/20150715/d6778351/attachment.html>


More information about the bitcoin-dev mailing list