The botnet would need to have a lot of very fancy GPUs at its disposal. Not impossible, but increasingly less plausible the more miners are added to the network. If you were trying to set up such a network, you would probably have to target high-end gaming devices. If you could do that, you would probably be more interested in mining bitcoin to sell it.
The botnet would need to have a lot of very fancy GPUs at its disposal.
The advantage of GPUs is they provide huge parallelization, and advantage botnets achieve by have lots of computers.
Not impossible, but increasingly less plausible the more miners are added to the network.
This doesn’t account for computing power per person, but I would guess that there are a lot more people who don’t secure their computers than people interested in bitcoin.
f you were trying to set up such a network, you would probably have to target high-end gaming devices.
There is no need to target only high end machines, the botnet would grab whatever unsecured computing resources it sees.
If you could do that, you would probably be more interested in mining bitcoin to sell it.
A bitcoin mining botnet could be repurposed to a bitcoin transaction forging botnet when the creation of bitcoins is slowed and stopped.
My point was that it would need to be a very large number of CPUs to compete with a single GPU. Thus a botnet with no high-end GPUs at its disposal would be at an extremely significant per-computer disadvantage against more conventional miners who are stacking four of them per box, and even more so against specialized miners who are utilizing custom-built ASICs.
Note also that the botnet would need to continue spoofing indefinitely in order to maintain the existence of the fake transactions, and that that all computers from which the fake information originates would be visible to as such anyone with an honest node. The history of transactions prior to the attack would not suddenly be lost, and the moment at which it begins would also be immediately known to the honest nodes.
My point was that it would need to be a very large number of CPUs to compete with a single GPU. Thus a botnet with no high-end GPUs at its disposal would be at an extremely significant per-computer disadvantage against more conventional miners who are stacking four of them per box, and even more so against specialized miners who are utilizing custom-built ASICs.
True, but a botnet with no (or few) high-end GPUs is not realistic, even if high-end GPUs are not specifically targeted.
Note also that the botnet would need to continue spoofing indefinitely in order to maintain the existence of the fake transactions
The botnets branches the honest line and spoofs a transaction making payment to an honest user for service. It needs to continue spoofing until that honest user accepts the transaction as valid and provides the service, at which point it can stop. The honest user at this point realizes he has been tricked, but can’t do much about it, except maybe implicate one easily replaceable machine in the botnet that was used as a public face for the transaction.
True, but a botnet with no (or few) high-end GPUs is not realistic, even if high-end GPUs are not specifically targeted.
How many high-end GPUs is realistic for a botnet? If it is higher than 500 to 1500, an attack could be feasible at the current hash rate. However the arms race for higher tech miners seems to be just beginning.
The botnets branches the honest line and spoofs a transaction making payment to an honest user for service. It needs to continue spoofing until that honest user accepts the transaction as valid and provides the service, at which point it can stop. The honest user at this point realizes he has been tricked, but can’t do much about it, except maybe implicate one easily replaceable machine in the botnet that was used as a public face for the transaction.
The moment the spoofing begins, every honest node is being lied about and knows it. This would make the community aware that half the computing power of the network is being provided by dishonest nodes controlled by some particular party. This in turn would create incentive for honest bitcoin users to purchase more specialized equipment to compete against them, or for additional botnets to attempt the same thing (which would grow progressively harder for as long as they do not cooperate). In short, it isn’t something that could be done subtly.
I am not sure, but to work with a really small, but easily available sample, my work computer, which was bought about a year ago and not optimized for having any sort of graphics card, came with a ATI Radeon HD4670, which according this hardware comparison, is within a factor of 20 as powerful at bitcoin mining as the best GPUs on the list. I nonconfidently (I would consider additional data strong evidence) expect a significant proportion of computers in a botnet would contain similar GPUs. It’s not clear to me how big the Bitcoin community is in terms of computing power (can this be estimated by current mining difficulty?), or whether a botnet could overpower it, but I wouldn’t dismiss the possibility because of GPUs.
The moment the spoofing begins, every honest node is being lied about and knows it. This would make the community aware that half the computing power of the network is being provided by dishonest nodes controlled by some particular party. This in turn would create incentive for honest bitcoin users to purchase more specialized equipment to compete against them, or for additional botnets to attempt the same thing (which would grow progressively harder for as long as they do not cooperate). In short, it isn’t something that could be done subtly.
My initial concern was based on statements on the Bitcoin website about the assumptions required for security. I am not able to find the page where I originally read that, which explained what an attack would look like. I have found this, which mentions the vulnerability in passing, but also mentions another exploit a botnet could more easily take advantage of, by controling the vast majority of the nodes in the network, it can isolate individual honest users and make fake transactions with them.
The botnet would need to have a lot of very fancy GPUs at its disposal. Not impossible, but increasingly less plausible the more miners are added to the network. If you were trying to set up such a network, you would probably have to target high-end gaming devices. If you could do that, you would probably be more interested in mining bitcoin to sell it.
The advantage of GPUs is they provide huge parallelization, and advantage botnets achieve by have lots of computers.
This doesn’t account for computing power per person, but I would guess that there are a lot more people who don’t secure their computers than people interested in bitcoin.
There is no need to target only high end machines, the botnet would grab whatever unsecured computing resources it sees.
A bitcoin mining botnet could be repurposed to a bitcoin transaction forging botnet when the creation of bitcoins is slowed and stopped.
My point was that it would need to be a very large number of CPUs to compete with a single GPU. Thus a botnet with no high-end GPUs at its disposal would be at an extremely significant per-computer disadvantage against more conventional miners who are stacking four of them per box, and even more so against specialized miners who are utilizing custom-built ASICs.
Note also that the botnet would need to continue spoofing indefinitely in order to maintain the existence of the fake transactions, and that that all computers from which the fake information originates would be visible to as such anyone with an honest node. The history of transactions prior to the attack would not suddenly be lost, and the moment at which it begins would also be immediately known to the honest nodes.
True, but a botnet with no (or few) high-end GPUs is not realistic, even if high-end GPUs are not specifically targeted.
The botnets branches the honest line and spoofs a transaction making payment to an honest user for service. It needs to continue spoofing until that honest user accepts the transaction as valid and provides the service, at which point it can stop. The honest user at this point realizes he has been tricked, but can’t do much about it, except maybe implicate one easily replaceable machine in the botnet that was used as a public face for the transaction.
How many high-end GPUs is realistic for a botnet? If it is higher than 500 to 1500, an attack could be feasible at the current hash rate. However the arms race for higher tech miners seems to be just beginning.
The moment the spoofing begins, every honest node is being lied about and knows it. This would make the community aware that half the computing power of the network is being provided by dishonest nodes controlled by some particular party. This in turn would create incentive for honest bitcoin users to purchase more specialized equipment to compete against them, or for additional botnets to attempt the same thing (which would grow progressively harder for as long as they do not cooperate). In short, it isn’t something that could be done subtly.
I am not sure, but to work with a really small, but easily available sample, my work computer, which was bought about a year ago and not optimized for having any sort of graphics card, came with a ATI Radeon HD4670, which according this hardware comparison, is within a factor of 20 as powerful at bitcoin mining as the best GPUs on the list. I nonconfidently (I would consider additional data strong evidence) expect a significant proportion of computers in a botnet would contain similar GPUs. It’s not clear to me how big the Bitcoin community is in terms of computing power (can this be estimated by current mining difficulty?), or whether a botnet could overpower it, but I wouldn’t dismiss the possibility because of GPUs.
My initial concern was based on statements on the Bitcoin website about the assumptions required for security. I am not able to find the page where I originally read that, which explained what an attack would look like. I have found this, which mentions the vulnerability in passing, but also mentions another exploit a botnet could more easily take advantage of, by controling the vast majority of the nodes in the network, it can isolate individual honest users and make fake transactions with them.