说明按: 由于stratum协议里下发的只有merkle branch,没有能组包的数据,只有tx hash,所以攻击者也得不到什么好处,损人不利己。
内容翻译自:http://bitcoin.stackexchange.com/questions/1338/how-is-block-solution-withholding-a-threat-to-mining-pools
问题:
If I understand the technical process (for most mining pools) correctly, a participant in a mining pool is given block data to combine with a nonce to try to solve the block. If they get close (but not close enough to give the actual solution) to solving a block, they have solved a "share", and at that point return proof-of-work to the mining pool to receive a share of the final payout when the block is solved.
如果我的理解正确,矿池将块和随机数分发给矿工。矿工提交的解虽然不是真正的解,但足够接近的话,矿池就认为矿工挖出了一个部分(share),矿池据此为矿工提供报酬。
However, the participant performing the mining DOES know if they actually solve the block. At this point, a malicious miner running custom mining software could potentially choose to not send the solution to the pool. I think I have seen this referred to as a "solution withholding attack".
然而,矿工是知道自己是不是挖到了真正解的(矿池不知道),所以,一个恶意的矿工可以运行一个自己开发的挖矿软件,该怎么挖怎么挖,但是碰到真正解的话就扣下不提交给矿池。这就是针对矿池的一种块代扣攻击。
How vulnerable are pools and pool-miners to this threat?
[Edit]: Also, what can pools do to detect or deter this threat?
这种攻击对矿池和矿工有怎样的威胁呢?
以及,矿池有没有什么措施来检测这种攻击。
回答者:David Schwartz
Every pool is vulnerable to the threat. And there's pretty much nothing they can do about it other than perhaps to try to force their miners to use a closed source mining program that they try to make tamper-proof.
每一个矿池都会受威胁,并且,除了让他们的矿工采用指定的闭源的挖矿软件外,没有什么太有效的办法。
Your analysis is precisely correct. Miners know when they only found a share versus when they solved a block. A malicious miner could submit shares but withhold solved blocks.
你的分析是对的,矿工是知道自己是否挖到真正解的,一个恶意的矿工可以只提交那些不含真正解的部分。
The consequences of this depend on the payout model the mining pool uses. If, for example, the pool uses a fixed pay per share, such a miner is robbing the pool operator. But he does no harm to the other miners. If it uses most of the other distribution schemes, such a miner is robbing the other miners since he is being paid out of solved blocks and never contributes to the number of solved blocks. The amount of harm he does is typically proportional to the amount of hashing power he has.
对矿池和矿工的威胁,取决于矿池的报酬分配模型。如果矿池是按照工作量给钱的,那么这种攻击不会伤害其他矿工,却会从矿池老板那里白领报酬。如果矿池是按比例分账的,那么块代扣攻击就危害其他矿工的利益,因为他从其他矿工的工作里取得收入。危害的大小取决于攻击者所拥有的计算量占矿池计算量的比例。
This attack is typically undetectable because it just appears to be ordinary bad luck. An attacker can use a large number of distinct user names so it wouldn't appear suspicious that no blocks had been solved.
这种攻击通常是检测不到的,因为可以简单地解释为运气不好。攻击者可以同时使用很多不重复的身份一起挖(这样每个身份的计算能力都不大),所以一块真实解也不提交并不会显得可疑。
There are generally two motives for such an attack, depending on the payout plan the pool uses. One would simply be to make the pool operator lose money. In a PPS plan, you would get paid normally for your mining, all of which would be a straight loss to the pool operator. With other payout plans, making the pool seem unlucky (and thus driving away miners from that pool) could be a part of the motive. You still get paid for your shares, so the cost to launch such an attack (assuming you were already going to mine) is not that much.
一般来说这种攻击背后有两种动机,取决于矿池的报酬分配方式。第一种动机很简单,就是让按计算量付报酬的矿池老板亏钱。另一种动机是,让按比例分配报酬的矿池变得“运气不好”,从而促使这个矿池里的矿工换矿池。攻击者这么干,自己的损失微乎其微,因为自己还是在挖矿的,虽然提交的都只是无用工作,但是报酬不会少。
The consensus is that such attacks are likely to remain rare and generally insignificant. The payout for the attack is simply too small and it's not an effective way to bankrupt a pool or get miners to desert a pool unless it's a particularly small pool, in which case there's generally no point.
目前的共识是,这样的攻击还是很稀少的,而且影响一般不大。攻击者手里的计算量太小了,不至于让矿池破产,或者让矿工放弃这个矿池。除非这个矿池很小。
Note that it is not possible for an attacker to submit any blocks he finds himself and keep the profits. To earn shares, he must attempt to solve the blocks the pool asks him to solve, and those will payout to the pool operator.
要注意的是,这种攻击并没有办法让攻击者独吞挖矿奖励。因为他挖的是矿池指定的块,而这些块的奖励是指向矿池的。
引用:http://tieba.baidu.com/p/3109549115