My point was that it would need to be a very large number of CPUs to compete with a single GPU. Thus a botnet with no high-end GPUs at its disposal would be at an extremely significant per-computer disadvantage against more conventional miners who are stacking four of them per box, and even more so against specialized miners who are utilizing custom-built ASICs.
True, but a botnet with no (or few) high-end GPUs is not realistic, even if high-end GPUs are not specifically targeted.
Note also that the botnet would need to continue spoofing indefinitely in order to maintain the existence of the fake transactions
The botnets branches the honest line and spoofs a transaction making payment to an honest user for service. It needs to continue spoofing until that honest user accepts the transaction as valid and provides the service, at which point it can stop. The honest user at this point realizes he has been tricked, but can’t do much about it, except maybe implicate one easily replaceable machine in the botnet that was used as a public face for the transaction.
True, but a botnet with no (or few) high-end GPUs is not realistic, even if high-end GPUs are not specifically targeted.
How many high-end GPUs is realistic for a botnet? If it is higher than 500 to 1500, an attack could be feasible at the current hash rate. However the arms race for higher tech miners seems to be just beginning.
The botnets branches the honest line and spoofs a transaction making payment to an honest user for service. It needs to continue spoofing until that honest user accepts the transaction as valid and provides the service, at which point it can stop. The honest user at this point realizes he has been tricked, but can’t do much about it, except maybe implicate one easily replaceable machine in the botnet that was used as a public face for the transaction.
The moment the spoofing begins, every honest node is being lied about and knows it. This would make the community aware that half the computing power of the network is being provided by dishonest nodes controlled by some particular party. This in turn would create incentive for honest bitcoin users to purchase more specialized equipment to compete against them, or for additional botnets to attempt the same thing (which would grow progressively harder for as long as they do not cooperate). In short, it isn’t something that could be done subtly.
I am not sure, but to work with a really small, but easily available sample, my work computer, which was bought about a year ago and not optimized for having any sort of graphics card, came with a ATI Radeon HD4670, which according this hardware comparison, is within a factor of 20 as powerful at bitcoin mining as the best GPUs on the list. I nonconfidently (I would consider additional data strong evidence) expect a significant proportion of computers in a botnet would contain similar GPUs. It’s not clear to me how big the Bitcoin community is in terms of computing power (can this be estimated by current mining difficulty?), or whether a botnet could overpower it, but I wouldn’t dismiss the possibility because of GPUs.
The moment the spoofing begins, every honest node is being lied about and knows it. This would make the community aware that half the computing power of the network is being provided by dishonest nodes controlled by some particular party. This in turn would create incentive for honest bitcoin users to purchase more specialized equipment to compete against them, or for additional botnets to attempt the same thing (which would grow progressively harder for as long as they do not cooperate). In short, it isn’t something that could be done subtly.
My initial concern was based on statements on the Bitcoin website about the assumptions required for security. I am not able to find the page where I originally read that, which explained what an attack would look like. I have found this, which mentions the vulnerability in passing, but also mentions another exploit a botnet could more easily take advantage of, by controling the vast majority of the nodes in the network, it can isolate individual honest users and make fake transactions with them.
True, but a botnet with no (or few) high-end GPUs is not realistic, even if high-end GPUs are not specifically targeted.
The botnets branches the honest line and spoofs a transaction making payment to an honest user for service. It needs to continue spoofing until that honest user accepts the transaction as valid and provides the service, at which point it can stop. The honest user at this point realizes he has been tricked, but can’t do much about it, except maybe implicate one easily replaceable machine in the botnet that was used as a public face for the transaction.
How many high-end GPUs is realistic for a botnet? If it is higher than 500 to 1500, an attack could be feasible at the current hash rate. However the arms race for higher tech miners seems to be just beginning.
The moment the spoofing begins, every honest node is being lied about and knows it. This would make the community aware that half the computing power of the network is being provided by dishonest nodes controlled by some particular party. This in turn would create incentive for honest bitcoin users to purchase more specialized equipment to compete against them, or for additional botnets to attempt the same thing (which would grow progressively harder for as long as they do not cooperate). In short, it isn’t something that could be done subtly.
I am not sure, but to work with a really small, but easily available sample, my work computer, which was bought about a year ago and not optimized for having any sort of graphics card, came with a ATI Radeon HD4670, which according this hardware comparison, is within a factor of 20 as powerful at bitcoin mining as the best GPUs on the list. I nonconfidently (I would consider additional data strong evidence) expect a significant proportion of computers in a botnet would contain similar GPUs. It’s not clear to me how big the Bitcoin community is in terms of computing power (can this be estimated by current mining difficulty?), or whether a botnet could overpower it, but I wouldn’t dismiss the possibility because of GPUs.
My initial concern was based on statements on the Bitcoin website about the assumptions required for security. I am not able to find the page where I originally read that, which explained what an attack would look like. I have found this, which mentions the vulnerability in passing, but also mentions another exploit a botnet could more easily take advantage of, by controling the vast majority of the nodes in the network, it can isolate individual honest users and make fake transactions with them.