How Consensus Drives Bitcoin - Freedom to Tinker

Hijacking Bitcoin: Routing Attacks on Cryptocurrencies

Date: 2017-03-24
Author(s): Maria Apostolaki, Aviv Zohar, Laurent Vanbever

Link to Paper

As the most successful cryptocurrency to date, Bitcoin constitutes a target of choice for attackers. While many attack vectors have already been uncovered, one important vector has been left out though: attacking the currency via the Internet routing infrastructure itself. Indeed, by manipulating routing advertisements (BGP hijacks) or by naturally intercepting traffic, Autonomous Systems (ASes) can intercept and manipulate a large fraction of Bitcoin traffic. This paper presents the first taxonomy of routing attacks and their impact on Bitcoin, considering both small-scale attacks, targeting individual nodes, and large-scale attacks, targeting the network as a whole. While challenging, we show that two key properties make routing attacks practical: (i) the efficiency of routing manipulation; and (ii) the significant centralization of Bitcoin in terms of mining and routing. Specifically, we find that any network attacker can hijack few (<100) BGP prefixes to isolate ~50% of the mining power---even when considering that mining pools are heavily multi-homed. We also show that on-path network attackers can considerably slow down block propagation by interfering with few key Bitcoin messages. We demonstrate the feasibility of each attack against the deployed Bitcoin software. We also quantify their effectiveness on the current Bitcoin topology using data collected from a Bitcoin supernode combined with BGP routing data. The potential damage to Bitcoin is worrying. By isolating parts of the network or delaying block propagation, attackers can cause a significant amount of mining power to be wasted, leading to revenue losses and enabling a wide range of exploits such as double spending. To prevent such effects in practice, we provide both short and long-term countermeasures, some of which can be deployed immediately.

[1] “A Next-Generation Smart Contract and Decentralized Application Platform ,”
[2] “Bitcoin Blockchain Statistics,”
[3] “bitnodes,”
[4] “Bitnodes. Estimating the size of Bitcoin network,”
[5] “CAIDA Macroscopic Internet Topology Data Kit.”
[6] “Dyn Research. Pakistan hijacks YouTube.”
[7] “FALCON,”
[8] “FIBRE,”
[9] “Litecoin ,”
[10] “RIPE RIS Raw Data,”
[11] “Routeviews Prefix to AS mappings Dataset (pfx2as) for IPv4 and IPv6.”
[12] “Scapy.”
[13] “The Relay Network,”
[14] “ZCash,”
[15] A. M. Antonopoulos, “The bitcoin network,” in Mastering Bitcoin. O’Reilly Media, Inc., 2013, ch. 6.
[16] H. Ballani, P. Francis, and X. Zhang, “A Study of Prefix Hijacking and Interception in the Internet,” ser. SIGCOMM ’07. New York, NY, USA: ACM, 2007, pp. 265–276.
[17] A. Boldyreva and R. Lychev, “Provable Security of S-BGP and Other Path Vector Protocols: Model, Analysis and Extensions,” ser. CCS ’12. New York, NY, USA: ACM, 2012, pp. 541–552.
[18] J. Bonneau, A. Miller, J. Clark, A. Narayanan, J. A. Kroll, and E. W. Felten, “Sok: Research perspectives and challenges for bitcoin and cryptocurrencies,” in Security and Privacy (SP), 2015 IEEE Symposium on. IEEE, 2015, pp. 104–121.
[19] P. Bosshart, D. Daly, G. Gibb, M. Izzard, N. McKeown, J. Rexford, C. Schlesinger, D. Talayco, A. Vahdat, G. Varghese et al., “P4: Programming protocol-independent packet processors,” ACM SIGCOMM Computer Communication Review, vol. 44, no. 3, pp. 87–95, 2014.
[20] C. Decker and R. Wattenhofer, “Information propagation in the bitcoin network,” in Peer-to-Peer Computing (P2P), 2013 IEEE Thirteenth International Conference on. IEEE, 2013, pp. 1–10.
[21] ——, Bitcoin Transaction Malleability and MtGox. Cham: Springer International Publishing, 2014, pp. 313–326. [Online]. Available:
[22] M. Edman and P. Syverson, “As-awareness in tor path selection,” in Proceedings of the 16th ACM Conference on Computer and Communications Security, ser. CCS ’09, 2009.
[23] I. Eyal, “The miner’s dilemma,” in 2015 IEEE Symposium on Security and Privacy. IEEE, 2015, pp. 89–103.
[24] I. Eyal and E. G. Sirer, “Majority is not enough: Bitcoin mining is vulnerable,” in Financial Cryptography and Data Security. Springer, 2014, pp. 436–454.
[25] N. Feamster and R. Dingledine, “Location diversity in anonymity networks,” in WPES, Washington, DC, USA, October 2004.
[26] J. Garay, A. Kiayias, and N. Leonardos, “The bitcoin backbone protocol: Analysis and applications,” in Advances in Cryptology-EUROCRYPT 2015. Springer, 2015, pp. 281–310.
[27] A. Gervais, G. O. Karama, V. Capkun, and S. Capkun, “Is bitcoin a decentralized currency?” IEEE security & privacy, vol. 12, no. 3, pp. 54–60, 2014.
[28] A. Gervais, H. Ritzdorf, G. O. Karame, and S. Capkun, “Tampering with the delivery of blocks and transactions in bitcoin,” in Proceedings of the 22Nd ACM SIGSAC Conference on Computer and Communications Security, ser. CCS ’15. New York, NY, USA: ACM, 2015, pp. 692–705.
[29] P. Gill, M. Schapira, and S. Goldberg, “Let the Market Drive Deployment: A Strategy for Transitioning to BGP Security,” ser. SIGCOMM ’11. New York, NY, USA: ACM, 2011, pp. 14–25.
[30] S. Goldberg, M. Schapira, P. Hummon, and J. Rexford, “How Secure Are Secure Interdomain Routing Protocols,” in SIGCOMM, 2010.
[31] E. Heilman, A. Kendler, A. Zohar, and S. Goldberg, “Eclipse attacks on bitcoin’s peer-to-peer network,” in 24th USENIX Security Symposium (USENIX Security 15), 2015, pp. 129–144.
[32] Y.-C. Hu, A. Perrig, and M. Sirbu, “SPV: Secure Path Vector Routing for Securing BGP,” ser. SIGCOMM ’04. New York, NY, USA: ACM, 2004, pp. 179–192.
[33] J. Karlin, S. Forrest, and J. Rexford, “Pretty Good BGP: Improving BGP by Cautiously Adopting Routes,” in Proceedings of the Proceedings of the 2006 IEEE International Conference on Network Protocols, ser. ICNP ’06. Washington, DC, USA: IEEE Computer Society, 2006, pp. 290–299.
[34] E. K. Kogias, P. Jovanovic, N. Gailly, I. Khoffi, L. Gasser, and B. Ford, “Enhancing bitcoin security and performance with strong consistency via collective signing,” in 25th USENIX Security Symposium (USENIX Security 16). Austin, TX: USENIX Association, 2016, pp. 279–296.
[35] J. A. Kroll, I. C. Davey, and E. W. Felten, “The economics of bitcoin mining, or bitcoin in the presence of adversaries.” Citeseer.
[36] A. Miller, J. Litton, A. Pachulski, N. Gupta, D. Levin, N. Spring, and B. Bhattacharjee, “Discovering bitcoin’s public topology and influential nodes.”
[37] S. J. Murdoch and P. Zielinski, “Sampled traffic analysis by Internet- ´ exchange-level adversaries,” in Privacy Enhancing Technologies: 7th International Symposium, PET 2007, N. Borisov and P. Golle, Eds. Springer-Verlag, LNCS 4776, 2007, pp. 167–183.
[38] K. Nayak, S. Kumar, A. Miller, and E. Shi, “Stubborn mining: Generalizing selfish mining and combining with an eclipse attack,” IACR Cryptology ePrint Archive, vol. 2015, p. 796, 2015.
[39] T. Neudecker, P. Andelfinger, and H. Hartenstein, “A simulation model for analysis of attacks on the bitcoin peer-to-peer network,” in IFIP/IEEE International Symposium on Internet Management. IEEE, 2015, pp. 1327–1332.
[40] P. v. Oorschot, T. Wan, and E. Kranakis, “On interdomain routing security and pretty secure bgp (psbgp),” ACM Trans. Inf. Syst. Secur., vol. 10, no. 3, Jul. 2007.
[41] A. Pilosov and T. Kapela, “Stealing The Internet. An Internet-Scale Man In The Middle Attack.” DEFCON 16.
[42] Y. Rekhter and T. Li, A Border Gateway Protocol 4 (BGP-4), IETF, Mar. 1995, rFC 1771.
[43] M. Rosenfeld, “Analysis of hashrate-based double spending,” arXiv preprint arXiv:1402.2009, 2014.
[44] A. Sapirshtein, Y. Sompolinsky, and A. Zohar, “Optimal selfish mining strategies in bitcoin,” CoRR, vol. abs/1507.06183, 2015.
[45] E. B. Sasson, A. Chiesa, C. Garman, M. Green, I. Miers, E. Tromer, and M. Virza, “Zerocash: Decentralized anonymous payments from bitcoin,” in 2014 IEEE Symposium on Security and Privacy. IEEE, 2014, pp. 459–474.
[46] B. Schlinker, K. Zarifis, I. Cunha, N. Feamster, and E. Katz-Bassett, “Peering: An as for us,” in Proceedings of the 13th ACM Workshop on Hot Topics in Networks, ser. HotNets-XIII. New York, NY, USA: ACM, 2014, pp. 18:1–18:7.
[47] J. Schnelli, “BIP 151: Peer-to-Peer Communication Encryption,” Mar. 2016,
[48] X. Shi, Y. Xiang, Z. Wang, X. Yin, and J. Wu, “Detecting prefix hijackings in the Internet with Argus,” ser. IMC ’12. New York, NY, USA: ACM, 2012, pp. 15–28.
[49] Y. Sompolinsky and A. Zohar, “Secure high-rate transaction processing in bitcoin,” in Financial Cryptography and Data Security. Springer, 2015, pp. 507–527.
[50] Y. Sun, A. Edmundson, L. Vanbever, O. Li, J. Rexford, M. Chiang, and P. Mittal, “RAPTOR: Routing attacks on privacy in TOR.” in USENIX Security, 2015.
[51] A. Tonk, “Large scale BGP hijack out of India,” 2015,
[52] ——, “Massive route leak causes Internet slowdown,” 2015,
[53] L. Vanbever, O. Li, J. Rexford, and P. Mittal, “Anonymity on quicksand: Using BGP to compromise TOR,” in ACM HotNets, 2014.
[54] Z. Zhang, Y. Zhang, Y. C. Hu, and Z. M. Mao, “Practical defenses against BGP prefix hijacking,” ser. CoNEXT ’07. New York, NY, USA: ACM, 2007.
[55] Z. Zhang, Y. Zhang, Y. C. Hu, Z. M. Mao, and R. Bush, “iSPY: Detecting IP prefix hijacking on my own,” IEEE/ACM Trans. Netw., vol. 18, no. 6, pp. 1815–1828, Dec. 2010.
submitted by dj-gutz to myrXiv [link] [comments]

New paper: Research Perspectives and Challenges for Bitcoin and Cryptocurrencies | Andrew Miller | Mar 02 2015

Andrew Miller on Mar 02 2015:
We (Joseph Bonneau, myself Arvind Narayanan, Jeremy Clark, Ed Felten,
Josh Kroll -- from Stanford, Maryland, Concordia, Princeton) have
written a “systemization” paper about Bitcoin-related research. It’s
going to appear in the Oakland security conference later this year
(IEEE Security and Privacy) but we wanted to announce a draft to this
community ahead of time.
One of the main goals of our work is to build a bridge between the
computer science research community and the cryptocurrency community.
Many of the most interesting ideas and proposals for Bitcoin come from
this mailing list and forums/wikis/irc channels, where many academic
researchers simply don’t know to look! In fact, we started out by
scraping all the interesting posts/articles we could find and trying
to figure out how we could organize them. We hope our paper helps some
of the best ideas and research questions from the Bitcoin community
bubble up and inspires researchers to build on them.
We didn’t limit our scope to Bitcoin, but we also decided not to
provide a complete survey of altcoins and other next-generation
cryptocurrency designs. Instead, we tried to explain all the
dimensions along which these designs differ from Bitcoin.
This effort has roughly been in progress over two years, though it
stopped and restarted several times along the way.
If anyone has comments or suggestions, we still have a week before the
final version is due, and regardless we plan to continue updating our
online version for the forseeable future.
submitted by bitcoin-devlist-bot to bitcoin_devlist [link] [comments]

RESTAURANTE BITCOIN - YouTube I'm A Teenage Bitcoin Millionaire - YouTube Bitcoin explained and made simple  Guardian Animations ... Inside a Bitcoin mine that earns $70K a day - YouTube HO COMPRATO BITCOIN? 💰 - YouTube

Ed Felten, Mitbegründer von Offchain Labs, wirft in einer Frage und Antwort mehr Licht auf Arbitrum und seine Vorteile für die Nutzer Die Skalierbarkeit, eines der Hauptprobleme intelligenter Verträge in der Blockchain von Ethereum, ist genau das, was Arbitrum mit seinen Off-Chain-Lösungen zu lösen versucht. Ed Felten erläuterte in einem AMA auf YouTube die Vorteile […] Justin Sun ... limit my search to r/Bitcoin. use the following search parameters to narrow your results: subreddit:subreddit find submissions in "subreddit" author:username find submissions by "username" find submissions from "" url:text search for "text" in url selftext:text search for "text" in self post contents self:yes (or self:no) include (or exclude) self posts nsfw:yes (or ... Bitcoin Tutorial. Joseph Bonneau. Princeton University (edited and abridged by Bruce Maggs) Thanks to Andrew Miller, Arvind Narayanan, Jeremy Clark, Joshua Kroll, Ed Felten. Bitcoin Today (October 15, 2014) One Bitcoin (BTC) is worth about $394. Every ten minutes, one Bitcoin miner, selected at random, is given a reward when the block chain is extended by one block. In 2009, the reward was 50 ... Ed Felten, Mitbegründer von Offchain Labs, wirft in einer Frage und Antwort mehr Licht auf Arbitrum und seine Vorteile für die Nutzer. Die Skalierbarkeit, eines der Hauptprobleme intelligenter Verträge in der Blockchain von Ethereum, ist genau das, was Arbitrum mit seinen Off-Chain-Lösungen zu lösen versucht. The bitcoin blockchain is a public ledger that records bitcoin transactions. [90] It is implemented as a chain of blocks, each block containing a hash of the previous block up to the genesis block [lower-alpha 4] of the chain. A network of communicating nodes running bitcoin software maintains the blockchain. [36]: 215–219 Transactions of the form payer X sends Y bitcoins to payee Z are ...

[index] [24220] [18581] [16279] [10598] [11680] [26204] [41674] [47488] [39946] [19425]


18- year-old Erik Finman made his own rules when he invested in Bitcoin and left high school to start his own business Share your videos with friends, family, and the world Thanks for watching! For donations: Bitcoin - 1CpGMM8Ag8gNYL3FffusVqEBUvHyYenTP8 Video per parlare in maniera chiara e semplice dei Bitcoin, dato che se ne sente tanto parlare ma non vengono mai spiegati bene per comprare bitcoin (è un li... Exploring the revolutionary Bitcoin digital currency. It doesn't need banks or to be printed. It can be transferred in a second to anywhere in the world. Wit...