[messaging] Do Blockchains solve Zooko's triangle? (was: Another Take At Public Key Distribution)

Tao Effect contact at taoeffect.com
Tue Sep 15 16:05:41 PDT 2015

While watching one of the Scaling Bitcoin talks I was reminded of this thread and wanted to add a note for accuracy about this “attack”:

It’s actually harder to pull off than I described. Both Namecoin and Blockstore (apparently) use two transactions per registration to virtually eliminate all possibility of this ever happening. The first transaction stakes claim to a name but does not reveal what it is. The second transaction must be sent some time later (in Namecoin, it’s recommended to wait 12 blocks), referencing the first and revealing what the actual key and value of the registration were.

Thus to pull off this “attack” it’s not enough to do a 24/7 MITM, you would also need to mine a fake blockchain by yourself continuously while waiting for someone to register a name. This is detectable because such a MITM would be unable to match the difficulty requirement of the main blockchain and thus would start producing an alternative blockchain that would show a dramatic decrease in difficulty (several orders of magnitude probably).

There’s really only one scenario that I can imagine this attack being pulled off, and that would be if the NSA/GCHQ were the #1 miner on the Namecoin network. All for the small possibility of catching you registering something and stealing it from you. lol. Heh, if that were to happen they would have 51%+ of the mining power and would probably choose to use their power in a more productive way.

Greg Slepak

Please do not email me anything that you are not comfortable also sharing with the NSA.

> On Jul 23, 2015, at 6:22 PM, Tao Effect <contact at taoeffect.com <mailto:contact at taoeffect.com>> wrote:
>> I've just demonstrated how an attacker can perform a man-in-the-middle attack which lets them publish a malicious key under a name that the victim assumes is theirs. You don't care?
>> An attacker who can mine a Namecoin fork in Alice's view of split-brain world could convince Alice she's successfully claimed the name.
> What you are describing implies a persistent, 24/7 MITM on Alice’s network, waiting for Alice to register her name (assuming she hasn’t already).
> That already, by itself, is pretty much not going to ever happen simply because it is too costly. There are far cheaper attacks this adversary could do to Alice.
> So I put such targeted attacks on a local network outside of the realm of practical feasibility.
> Also, even if this happened, Alice’s client could detect the attack the second she moved outside of the MITM’d network.
> So, the only real option left is for a persistent, 24/7 global MITM. At that point you are no longer dealing with the Internet anymore. You might as well smash Alice’s computer with a brick and declare a successful “attack” on Namecoin.
>> This is particularly easy right now because very few people are mining Namecoin. Since there's so little actual Namecoin mining going on […]
> Namecoin is merge-mined with Bitcoin.
> - Greg
> --
> Please do not email me anything that you are not comfortable also sharing with the NSA.
> _______________________________________________
> Messaging mailing list
> Messaging at moderncrypto.org <mailto:Messaging at moderncrypto.org>
> https://moderncrypto.org/mailman/listinfo/messaging

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://moderncrypto.org/mail-archive/messaging/attachments/20150915/481cf74b/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 841 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://moderncrypto.org/mail-archive/messaging/attachments/20150915/481cf74b/attachment.sig>

More information about the Messaging mailing list