Hacker News new | comments | show | ask | jobs | submit login
Ask HN: What happens to blockchain transactions in case of network partition?
55 points by raghuvamz 217 days ago | hide | past | web | favorite | 22 comments
I am keen on knowing the answer to this intriguing question.The closest thing i came across is this. https://bitcoin.stackexchange.com/questions/12207/countrywide-internet-isolation-inevitable-fork.

https://bitcoin.stackexchange.com/questions/12207/countrywide-internet-isolation-inevitable-fork




Some suggested reading on the subject.

I wrote a paper "Eclipse Attacks on Bitcoin’s Peer-to-Peer Network" [0] about maliciously partitioning the Bitcoin network. Much of the paper focuses on how to partition the network, but Section 1.1 Implications of eclipse attacks should give a good sense for how Bitcoin's security properties depend on the network not being partitioned.

"Hijacking Bitcoin: Routing Attacks on Cryptocurrencies" [1] also discusses network partitions and Bitcoin. As with Eclipse Attacks it focuses on both the how and the effects.

Interestingly blockchains built on Algorand [2] would not fork under a network partition they would just cease to create new blocks until the network is whole again.

[0]: "Eclipse Attacks on Bitcoin’s Peer-to-Peer Network" https://www.usenix.org/node/190891

[1]: "Hijacking Bitcoin: Routing Attacks on Cryptocurrencies" https://arxiv.org/abs/1605.07524

[2]: "Algorand: Scaling Byzantine Agreements for Cryptocurrencies" https://people.csail.mit.edu/nickolai/papers/gilad-algorand-...


Is an eclipse attack really realistic?

The issue is that bitcoin isn't really a 100% peer to peer network.

There are nodes that exist, such as the big mining nodes, that I can be pretty darn sure are honest nodes.

And the big miners all know each other on a first name basis. So it is not like you are going to be able to split them off of the network from each other.


The question we wanted to answer with the paper how much security against Eclipse attacks does the P2P network provide and how could it provide more security?

>There are nodes that exist, such as the big mining nodes, that I can be pretty darn sure are honest nodes.

Ghash.io the largest Bitcoin mining pool at the time performed mining attacks to steal money from Satoshi dice and at one point had more than 50% of the mining power. I would not trust a node just because a big miner is running it.

>And the big miners all know each other on a first name basis. So it is not like you are going to be able to split them off of the network from each other.

If all the big miners use a special network for block propagation, and they do, that network may go down or be compromised by malicious parties. The P2P network provides back up in the event that this takes place. Miners might be on a first name basis with each other but they are also competitors with each other. Bitcoin should not require that the Miners trust each other.

Many Bitcoin users are not Miners and so they would still be vulnerable to Eclipse attacks.


In a network partition of any kind (either due to a physical network partition, or a "virtual" partition caused by incompatible client software), the entire network gets duplicated.

Someone who had 27 bitcoins before the split gets 27 of each type of coin after the split.

Every transaction will be incorporated into one or both of the copies. Some transactions will depend on other transactions, and therefore as time passes, even a small difference in the sets of transactions applied to each copy will snowball into the majority of transactions ending up in only one tree.

There is a vulnerability in the bitcoin design here: Transactions from one partition can be replayed on the other tree at any time, now or the future. If someone sends you coins that only exist on one partition, but they later receive coins to the same address on the other partition, you can steal them by replaying the transaction.


The design of bitcoin is that this is resolved by one network's coins quickly becoming worthless. The only chain that matters is the one that most people believe is the right chain. The right chain is the one with the most committed blocks on it.

In the event of a partition, the partition with the most miners will almost certainly have the longest chain of committed blocks and be considered the right one.

*Note: I'm a hobbyist, not an expert on this. Please correct me if I'm wrong!


This is a common rebuttal but it seems to only make sense in a human timescale with assumptions of a lack of partitioning.

The miners are very fast, but have the same network as the rest of us for the most part. Disrupting that network renders the current system quite vulnerable to partitioning and if you can carefully partition the miners such that they're arguing among themselves, bitcoin effectively grinds to a halt and requires human intervention and negotiation to fix.

This is a statement not intended to be damning criticism btw. The proper failure mode for a distributed ledger IS to fail as a quorum takes place. Ultimately, bitcoin exists so long as it is more profitable for it to exist than for it to be destroyed. This is the case for most distributed systems.


the entire network gets duplicated.

Someone who had 27 bitcoins before the split gets 27 of each type of coin after the split.

This isn't good. This gives 3rd world authorities a potential motivation to create such a split for profit. The most likely scenario would involve stealing money from domestic addresses. In that case, it could be the case that the rest of the network doesn't care that much.


TLDR: The blockchain has the tools to resolve this situation but it would be a huge mess.

Longer:

The answers there are mostly right. If left to it's own devices, the fork will be resolved when the country gains access to the network again.

The way it would typically be resolved is that the chain that has done the most work (in a Proof of Work coin) will "win"... in practice this means the one with the longest chain and most transactions.

When this happens, the transactions in the blocks that roll back are likely to be added back to the mempool (in memory list of unconfirmed transactions) in which case they will probably still be added to a block. So for most legitimate transactions they might not notice.

However, there is a problem here. Adding hundreds of thousands of transactions to the mempool on many coins will cause huge problems.

Another problem is if the same output is spent on both forks. Called a double spend. In coins... each transaction has one of more inputs and one or more outputs. Outputs can then be used as inputs to other transactions. Each output can only be used as an input once.

If that happens, the transaction that was on the fork that lost will itself be lost since the network will reject it for trying to spend an already spent output.

Furthermore, if anyone travels from that country and connects to a network outside of it. They will eventually roll back and join the fork on that side of the partition as that partition will inevitable eventually have more "work done" than the one in the partition they left.

Now, if the country never gains internet access again. You effectively have two different coins. But you risk chaos as described above. One possible solution in that scenario is to "hard fork" and have everyone on one side of teh partition install a new blockchain client. Then it's official, they are two separate coins.


Here is the thing though

It is not just Internet access that the country has to stop.

The country has to permanently block off all INFORMATION.

This is because if anyone is able to transit the current block chain, in any way, even by smuggling it in through "sneaker net" then that block chain wins.

In practice, this means that you will no longer be able to trust 10 minute confirmation times. But, maybe you can trust month long confirmation times instead, as people slowly smuggle in blockchain information.


This is precisely why infrastructure companies and FIs build dedicated lines. They're much more resilient. Doing so for a network as large as bitcoin could be difficult though.


Will the miners in both partitions able to mine bitcoins parallely? In that case the average number of blocks mined would take a hit?


While technically any transaction made on one partition can be mined into a block in the other partition assuming that the outputs of the previous transaction (inputs to the new transaction) are available in both, in practice it is more likely that transactions from one partition will only end up in that partition and both forks will be very different in terms of which blocks they have.

Also, as another reply said, you'd have to have minors connected to both partitions.

That is why the fork with the most work wins. Not the fork with the longest chain. Otherwise you could just intentionally partition your machine. Mine a bunch of blocks offline (because difficulty will adjust down as block solve time increases) and then reconnect.


You couldn't mine in parallel without installing a miner for each partition.


As a practical matter, every Bitcoin-accepting business with a competent ops team will stop accepting transactions until Bitcoin's central authorities declare All Clear.

(This is phrased in a fashion which Bitcoiners will not appreciate but it is not incorrect. For precedent, see the hardfork around the 0.8 release.)


There are some weird assumptions in your question.

Assumption 1: a government is able to shut down its entire internet, and block off all electronic communications.

This assumption is fine. There are multiple historical examples of governments of doing this.

When a government does this though, there is no network split. A network split is when you have 2 networks that are cut off from one another. The government "shutting off the internet" does not create 2 networks. it make the population of the country have zero access to ANY network. Which means no split.

Which leads us to:

Assumption 2: A government is able to cut off access to the OUTSIDE internet, while also maintaining an INTERNAL network that can talk to each other, but not talk to the outside world.

This is basically impossible. There are no examples of governments being able to do this in any significant capacity.

Sure, there is some attempted internet censorship in countries like China, but the great firewall is extremely leaky. And even if it were 99% effective, 99% effective isn't good enough.

In order to partition the bitcoin network, you do not need to make it impossible for 99% of the population to get access to the outside world. You need to stop 100%, with no margin for error. This is because as soon as a SINGLE node is able to get access to the outside world, it can rebroadcast the information to all internal nodes.


Something I think is very cool about bitcoin is that fact that you can compare it directly to physical currency in a way that makes it easy to understand at a high level.

The block chain is essentially the same as a physical ledger that everyone (collectively) uses to confirm and record all transactions.

If everyone suddenly split (partitioned) in to 2 separate groups with 2 separate ledgers each 'everyone' (now that there are 2) would continue to use the ledger of their group.

I'm not sure if bitcoin makes any arrangements for 'merging' ledgers. My understanding is that among divergent chains the longest chain always 'wins' and any others are considered fraudulent.

So, once the two partitions are re-combined, when individuals reach out to 'everyone' and say "give me the latest version of the ledger" they would find the 2 competing ledgers and should choose to trust the one that is longer.



The accepted answer from a Bitcoin researcher sums up the merge problem pretty well; "As for the merge, this is still being discussed and we do not have a good contingency plan."

Okay.


Why would there be any need for a contingency plan?

Bitcoin needs an internet connection to work properly. If you don't have a functional internet connection then you don't get functional Bitcoin either, sucks to be you.


>> Why would there be any need for a contingency plan?

That question is probably best put the person that wrote the statement and mentioned that it was under discussion: Christian Decker. He is a published block chain researcher and may have a good answer for you.

https://arxiv.org/abs/1412.7935 http://www.tik.ee.ethz.ch/file/49318d3f56c1d525aabf7fda78b23... http://www.tik.ee.ethz.ch/file/7e4a7f3f2991784786037285f4876... http://www.tik.ee.ethz.ch/file/848064fa2e80f88a57aef43d7d595...


I wouldn't follow an answer from 4 years ago; the space moves incredibly fast (well with the exception of the scaling debate).


>> the space moves incredibly fast

What can you cite that demonstrates any change in the merge situation during the last 4 years?




Applications are open for YC Summer 2018

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | DMCA | Apply to YC | Contact

Search: