
“Alister Maclin” can break Bitcoin on command - davidgerard
http://motherboard.vice.com/read/i-broke-bitcoin
======
ceocoder
Somewhat unrelated - for those who don't know Alistair MacLean[1] was a
novelist, mostly war thrillers, adventures. My grandpa - a voracious reader
and a retired judge spent most of his retirement reading and walking, he
turned me on to Alistair MacLean by describing his experience of reading _Ice
Station Zebra_ (based on the north pole) as if "you feel the chill in your
bones as you read it". So I read that, and ever sing book Alistair MacLean has
authored. These were the first novels I read in English. After going through
entire works of Alistair MacLean, I went through pretty much any other book I
can get my hands on. And the _best_ part was finishing something, going
downstairs to grandpa's room and telling him, his response was almost always -
"oh yes, I read that in 19XX, love the character X doing something with Y".

Reading the title of the post was a pang of nostalgia, I can still remember
him telling me about Ice Station Zebra, Night Without End, Where Eagles Dare,
Guns of Navarone, Force 10 from Navarone. I miss him.

[1]
[https://en.wikipedia.org/wiki/Alistair_MacLean](https://en.wikipedia.org/wiki/Alistair_MacLean)

------
Uptrenda
I've never seen a more FUD headline than that. Got to love the journalistic
sensationalism at play here.

To clear this up: the technique in the article is literally what we use in
unit tests to check that our TX-based event code won't break under
malleability. It's something that Bitcoin developers have been writing code
around forever (and warning about just as long.) So truly: if there's anyone
out there still writing code that assumes static TXIDs they really do deserve
what's coming to them.

As I see it: the attack reaches critical mayhem in a similar way to accepting
zero-conf transactions in that what you have is a consensus problem. The
specific fix for TX malleability is to watch transactions based on their
meaning, not their TXID (in this case "meaning" is looking at the inputs,
outputs, version, timelock, etc to produce equivalent transactions.) And of
course: don't accept zero-confirmation transactions.

Here's some of my ultra-1337 Python code for producing the "attack" just for
laughs:

def mutate_tx(tx_hex):

    
    
        """
        Mutates a raw transaction using TX malleability in the scriptSig (specifically, the OP codes.) This function shouldn't be used beyond testing as it uses an ugly eval() hack.
    
        https://en.bitcoin.it/wiki/Transaction_Malleability
        """
        tx = CTransaction.deserialize(binascii.unhexlify(tx_hex))
        script_sig = repr(tx.vin[0].scriptSig)[9:]
        script_sig = eval("CScript([OP_1, OP_DROP, " + script_sig)
        tx.vin[0].scriptSig = script_sig
        return b2x(tx.serialize())
    

As you can see, there's nothing to it. Just a clueless attention whore
claiming to an even more clueless journalist that he can break Bitcoin.

~~~
phpnode
I think the article is confusing two different issues, the malleability
attacks and the dust attacks. Amaclin seems to be behind the dust attack,
which is a cheap way to DoS the blockchain by causing blocks to reach the
maximum number of SIGOPS with dust transactions, preventing real transactions
from going through.

More details here:
[https://bitcointalk.org/index.php?topic=1166928.0](https://bitcointalk.org/index.php?topic=1166928.0)

------
troncheadle
I'm interested to hear more about his claims that bitcoin uses more energy
than other forms of currency. Can anyone speak to that?

~~~
pjc50
The proof-of-waste system means that, at market equilibrium, the cost of
burning electricity to mine one block and get the 25 bitcoin reward should be
equal to the cost of buying it on the open market.

Currently this works out as about $7 of electricity per transaction.
[https://blockchain.info/charts/cost-per-
transaction](https://blockchain.info/charts/cost-per-transaction)

~~~
lifeisstillgood
That is per block yes? And each block has upto 01Mb of transactions?

~~~
pjc50
As fryguy says, that's $7 _per transaction_ , $12,000 per block.

Amusingly as bitcoin gets more successful and the price rises, the system gets
less efficient to compensate.

~~~
aminok
That is not how it works. The system gets more efficient as transaction volume
increases. The only reason the cost of running the network relative to the
number of transactions currently comes out to $7 per tx is that much of the
revenue miners earn is from the block subsidy of 25 BTC per 10 minutes. The
subsidy is a constant, and therefore as tx volume increases, the total cost of
running the network relative to the number of txs decreases.

~~~
bduerst
No, _that 's_ not how it works.

Transaction volume doesn't increase with efficiency. Blocksize is capped at
1MB, and any new efficiency goes into the hashing algorithms, not the size.
The Bitcoin network has always only been able to handle 1 MB of transactions
every 10 minutes (~7 tx/s) and always will at this rate.

~~~
aminok
No, it is not. Efficiency increases with transaction volume. That transaction
volume is currently capped at 1 MB is a separate issue from whether efficiency
improves with transaction volume.

It's possible there is a misunderstanding here with me interpreting "gets more
successful" as seeing its transaction volume increase, and you interpreting it
to mean something else.

~~~
bduerst
You can't fit more transactions into 1,048,576 bytes with more efficiency.
It's pretty clear.

------
ForHackernews
Is there source code for the attack script anywhere? It would be interesting
to see if a decentralized currency can stand up to a decentralized attack.

------
api
Seems like a pretty easy attack, so I expect to see it executed by others for
profit.

~~~
davidgerard
Is there much profit to be made? To me the recent "stress tests" look very
like disgruntled hodlers messing around for shits and giggles, and
demonstrating that it costs only a few thousand dollars in bitcoins to break
transaction processing.

(Love the crackier theories that /r/buttcoin are banker shills. If only banks
could get hold of a few thousand dollars somewhere ...)

~~~
kbar13
surely if you have a large short position on bitcoin, you may profit as people
lose confidence?

~~~
pjc50
It's not as easy to take out a short position as it sounds.

~~~
nosuchthing
With all the bitcoin fanatics who are convinced bitcoins are inherently rare
and thus destined to increase in value, there are certainly opportunities for
short options.

