

作者: 菠菜期权 | 来源:发表于2017-08-07 15:12 被阅读444次

说明按: 由于stratum协议里下发的只有merkle branch,没有能组包的数据,只有tx hash,所以攻击者也得不到什么好处,损人不利己。



If I understand the technical process (for most mining pools) correctly, a participant in a mining pool is given block data to combine with a nonce to try to solve the block. If they get close (but not close enough to give the actual solution) to solving a block, they have solved a "share", and at that point return proof-of-work to the mining pool to receive a share of the final payout when the block is solved.


However, the participant performing the mining DOES know if they actually solve the block. At this point, a malicious miner running custom mining software could potentially choose to not send the solution to the pool. I think I have seen this referred to as a "solution withholding attack".


How vulnerable are pools and pool-miners to this threat?

[Edit]: Also, what can pools do to detect or deter this threat?



回答者:David Schwartz

Every pool is vulnerable to the threat. And there's pretty much nothing they can do about it other than perhaps to try to force their miners to use a closed source mining program that they try to make tamper-proof.


Your analysis is precisely correct. Miners know when they only found a share versus when they solved a block. A malicious miner could submit shares but withhold solved blocks.


The consequences of this depend on the payout model the mining pool uses. If, for example, the pool uses a fixed pay per share, such a miner is robbing the pool operator. But he does no harm to the other miners. If it uses most of the other distribution schemes, such a miner is robbing the other miners since he is being paid out of solved blocks and never contributes to the number of solved blocks. The amount of harm he does is typically proportional to the amount of hashing power he has.


This attack is typically undetectable because it just appears to be ordinary bad luck. An attacker can use a large number of distinct user names so it wouldn't appear suspicious that no blocks had been solved.


There are generally two motives for such an attack, depending on the payout plan the pool uses. One would simply be to make the pool operator lose money. In a PPS plan, you would get paid normally for your mining, all of which would be a straight loss to the pool operator. With other payout plans, making the pool seem unlucky (and thus driving away miners from that pool) could be a part of the motive. You still get paid for your shares, so the cost to launch such an attack (assuming you were already going to mine) is not that much.


The consensus is that such attacks are likely to remain rare and generally insignificant. The payout for the attack is simply too small and it's not an effective way to bankrupt a pool or get miners to desert a pool unless it's a particularly small pool, in which case there's generally no point.


Note that it is not possible for an attacker to submit any blocks he finds himself and keep the profits. To earn shares, he must attempt to solve the blocks the pool asks him to solve, and those will payout to the pool operator.





