Forgot your password?
typodupeerror
Bitcoin Math Microsoft

Researchers Locate Flaw In Bitcoin Protocol 191

Posted by Unknown Lamer
from the path-of-least-information dept.
An anonymous reader writes "Researchers at Microsoft Research and Cornell identified a potential flaw in Bitcoin's transaction propagation. In a recent paper they show how miner nodes in the Bitcoin network have an incentive not to relay transactions to the rest of the network, and propose to implement a scheme that rewards nodes [PDF] for relaying messages."
This discussion has been archived. No new comments can be posted.

Researchers Locate Flaw In Bitcoin Protocol

Comments Filter:
  • by CmdrPony (2505686) on Tuesday November 15, 2011 @06:19AM (#38057642)
    They seem to do lot of cool stuff. From that Courier tablet to studying Bitcoin. Even while Microsoft doesn't realize their R&D section has a great amount of potential, it's actually the only major company in the industry that does have such research center. I wish I worked there :-P
    • Re: (Score:3, Insightful)

      by Anonymous Coward

      Well, IBM do have a fairly large research division too.

    • by somersault (912633) on Tuesday November 15, 2011 @06:28AM (#38057694) Homepage Journal

      You're the guy that said he worked in marketing yesterday. Why is it that all UIDs over 2,000,000 seem to do marketing for MS?

      • Re: (Score:2, Interesting)

        by qxcv (2422318)

        I think the real question here is why all UIDs under 2,000,000 don't do marketing for MS. But seriously, their R&D department do some pretty cool stuff. Even though MS manage to churn out nine-nines of crap products, occasionally they still come out with something awesome that they manage to get to market (think Kinect). Shame they spend the rest of their time suing their competitors, churning out garbage like Windows and spreading FUD.

        • Re: (Score:3, Interesting)

          by drinkypoo (153816)

          But seriously, their R&D department do some pretty cool stuff. Even though MS manage to churn out nine-nines of crap products, occasionally they still come out with something awesome that they manage to get to market (think Kinect).

          The problem with that idea is that Kinect was a 90%+ finished product when they bought it. They polished it for use with the 360, it always takes them some time to fuck up a new technology sufficiently for their branding, and kicked it out the door. And it's taking them how long to kick out a PC version even though hobbyists have been doing it all along? Microsoft is pathetic at everything but illegally exploiting their opportunities and believing otherwise is ignorant at best.

          • But seriously, their R&D department do some pretty cool stuff. Even though MS manage to churn out nine-nines of crap products, occasionally they still come out with something awesome that they manage to get to market (think Kinect).

            The problem with that idea is that Kinect was a 90%+ finished product when they bought it.

            That's strange, isn't this EXACTLY the sort of thing people praise Apple for? I mean hell, two weeks ago that's exactly what I heard journalists waxing poetic about with Steve Jobs.

            • by drinkypoo (153816)

              The problem with that idea is that Kinect was a 90%+ finished product when they bought it.

              That's strange, isn't this EXACTLY the sort of thing people praise Apple for? I mean hell, two weeks ago that's exactly what I heard journalists waxing poetic about with Steve Jobs.

              People who aren't me. Check my posting history, I got plenty of downmods right after Jobs died for saying the things that RMS eventually said about Jobs (I don't believe in "too soon" or "sacred") and then I got more for supporting RMS' article. Luckily I got more up than down. That doesn't mean that the groupthink agrees with me, but it does suggest that the groupthink is not as aligned as you seem to think it is.

          • by tlhIngan (30335) <(ten.frow) (ta) (todhsals)> on Tuesday November 15, 2011 @01:06PM (#38061422)

            The problem with that idea is that Kinect was a 90%+ finished product when they bought it. They polished it for use with the 360, it always takes them some time to fuck up a new technology sufficiently for their branding, and kicked it out the door.

            Problem is, the final 10% polishing is actually pretty damn hard. If you've done software development, getting to the point where the basic features work is really quick. But getting to the point where it's releasable and usable takes a lot of effort.

            It's one thing that Apple is known for (most innovations that are "cool" are at the 90% stage, but it still takes a ton of effort to get it to the stage where people other than geeks and engineers can USE it).

            For Kinect, the final 10% would involve packaging (how does Kinect look, and will it fit with the rest of the equipment?), fitting the stuff inside the package (does it fit? Does the enclosure need redesign?), and more importantly, manufacturability.

            Sticking a reference design in a box is not easy. A lot of work is required in order to be able to build in huge volumes - are the parts available in quantity (and cheaply)? Can it be assembled easily or are there fiddly calibration bits that'll take time to work? Are there simple pass/fail criterion?

            It takes a lot of work. For open-source, you can abandon it after the 90% point (and most stuff is - the final work is the boring dull stuff no one wants to do), but it's not going to fly for commercial products that you want people to buy. And they know when a product was skimped on.

            Heck, even the UI of a product is important, and Kinect took some beating there.

            (It's why you get reviews on "solidness" - a minor detail but relates to build quality, ditto with use of "cheap plastic" or worse yet, "cheap feeling plastic".) It's that final 10% that Apple is well reknown for, and if it was easy, well, Apple would be dead and there would be tons of products with well designed UIs and very nice casings and such.

            • by drinkypoo (153816)

              For Kinect, the final 10% would involve packaging (how does Kinect look, and will it fit with the rest of the equipment?)

              which is subjective; I think it looks lame, but that's my own personal opinion.

              fitting the stuff inside the package (does it fit? Does the enclosure need redesign?),

              They made the package for the camera. Srsly?

              and more importantly, manufacturability.

              Which is the kind of thing that Microsoft has proven themselves to be bad at time and again with flaky hardware. Unless that's just planned obsolescence, in which case they have merely proven themselves to be bastards time and again, which we knew anyway.

              Heck, even the UI of a product is important, and Kinect took some beating there.

              IOW, they failed.

        • by Chrisq (894406)

          do marketing for MS. But seriously, their R&D department do some pretty cool stuff. Even though MS manage to churn out nine-nines of crap products, occasionally they still come out with something awesome that they manage to get to market (think Kinect).

          On other occasions they just patent it so that nobody else will

          • Re: (Score:3, Funny)

            by rtfa-troll (1340807)

            This;

            The stability of the current desktop computer market is so important to Microsoft that they will practically never actually innovate. They have an R&D department for two reasons. 1) To keep the ideas away from other companies by patenting them and then not licensing them onward 2) To keep the good people away from other companies by using them to create patents.

            The reason not to work for Microsoft R&D is that, whilst you will be comfortable, well fed and well off, you will lead an empty

            • The reason not to work for Microsoft R&D is that, whilst you will be comfortable, well fed and well off, you will lead an empty life and they will suck your soul out of you.

              Isn't that pretty much how employment in general works?

              • The reason not to work for Microsoft R&D is that, whilst you will be comfortable, well fed and well off, you will lead an empty life and they will suck your soul out of you.

                Isn't that pretty much how employment in general works?

                For some employers more so than for others, I feel :)

                The GP/GGP's comments seem about right to me. I always did wonder how MS Research could do so much cool stuff, and yet have so little of it make it to market with any of the coolness still attached.

        • I got bored of the Wii gimmick and PS Move pretty quick. So I didn't even bother buying Kinect for my 360. How is it any better? I'm not interested in dancing games, and while I used to fantasize about full body motion fighting games as a teenager, I know now that doing that doing that type of violent motion without any resistance (ie a punching bag or opponent) is pretty bad for your joints in the long run.

          MS do manage to hit on good ideas every now and then, and it's good that they have a research lab. Th

          • by CmdrPony (2505686)
            I don't own Kinect myself, but my parents do. I do own Wii, and to be honest, Kinect is way nicer to use. For one, you don't need to hold any controller. Secondly, it seems to register your movements much better than Wii does. MS probably wouldn't had come up with it if it wasn't for Wii, but they did it so much better. I haven't tested PS Move so cannot comment on that, but it seems to be controller based like Wii.
            • by DrXym (126579)
              PS Move works like a Wii Plus remote, but is more accurate. The remote relays it's pitch, rotation etc. and the PS3 does some simply geometry to track the ball on the end to work out it's exact position in space. It's remarkably accurate. That said there haven't been many standout titles for it. Like Kinect, most games only include a move experience as some kind of afterthought, e.g. a mini game or whatever, or throw it in as an alternative control scheme. I tried the controls with Killzone 3 and thought i
            • by gstoddart (321705)

              I don't own Kinect myself, but my parents do. I do own Wii, and to be honest, Kinect is way nicer to use. For one, you don't need to hold any controller. Secondly, it seems to register your movements much better than Wii does

              My biggest problem with Kinect is that it is apparently impossible to create a decent golf game with it.

              Apparently, it can't read what you're doing with your wrists ... unless they made it so you were holding a controller.

              I was really hoping for a decent golf game. :-P

          • by DrXym (126579)
            Kinect isn't any better. Defenders will claim how it's oh so much more than an EyeToy but the net result is a glorified EyeToy. Most of the games rely on you performing simplistic exaggerated body motions and as may be expected not many traditional games map onto simplistic exaggerated body motions.

            So due to the nature and limitations of the device it has sunk almost immediately into a morass of shovelware with dance & fitness games massively over represented and others which have throwaway mini games

            • by CmdrPony (2505686)

              The main buzz for the tech appears to be from hackers who discovered you can do some neat things with a camera with some depth finding capabilities.

              And Microsoft actually responded to that a lot differently than Sony or Nintendo - They're bringing Kinect support to PC as well, and have released API's to use it.

              • by DrXym (126579) on Tuesday November 15, 2011 @08:42AM (#38058416)
                And Sony haven't done that? Oh wait they did [playstation.com].
              • The Wii control works on PC out of the factory, no need for anything fancy, except for bluetooth. People just don't use it a lot (except, maybe, on media centers) because it doesn't make much sense.

                Microsoft is on a different situation, because the kinetic would be usefull on a PC (for some really targeted applications), and because it prohibited people from using it that way. Now you are trying to make MS backtracking from that prohibition sound as if it was making some incredible innovation. That simply i

            • Well, untill we have direct neural interfaces, any game input system will be (and currently is) a limited kind of toy. Old directional plus buttons joystic leads to 2D interaction, even when the game tries to create a 3D environment, stearing wells and pistol lead to car and shooting games, respectively, the Wii control restrics the games to very coarse movements, and so on.

              In the end, it is ok that the kinetic is a false movement plataform. It happens to be quite fun, at least sporadicaly (I don't own one)

            • What I want to see is Kinect controls integrated into games with otherwise "traditional" control schemes. I imagine an FPS that still uses a controller for the main action, but utilizes head tracking with the Kinect; you would still control your aiming, shooting, and moving with the controller, but could peek around a corner in the game by moving your head to the side. Couple this with a 3D TV, and you've got yourself an incredibly immersive experience.
          • by EdZ (755139) on Tuesday November 15, 2011 @08:36AM (#38058366)

            I got bored of the Wii gimmick and PS Move pretty quick. So I didn't even bother buying Kinect for my 360. How is it any better?

            It's not. All three non-haptic (don't give me that "vibration is feedback" claptrap!) motion gaming controllers are absolutely horrible to use.

            However, the Kinect is an amazing machine vision system. SLAM, 3d scanning, etc, all for something the size of a Toblerone you can buy off-the-shelf for cheap.

        • I think the real question here is why all UIDs under 2,000,000 don't do marketing for MS.

          Stupid question. We're too old.

        • I think the real question here is why all UIDs under 2,000,000 don't do marketing for MS.

          Authenticity.

      • That's about how long it took MS to find out about Slashdot.
    • Like IBM have had for years you mean ....IBM is a small company that produces software and some other stuff ...

      It's research department is quite well known ... five Nobel Prizes, four Turing Awards, nine National Medals of Technology, and five National Medals of Science.

      Courier Tablet - sorry no-one seems to have heard of it, is that anything like the iPad or the Galaxy Tablet ?

    • it's actually the only major company in the industry that does have such research center. I wish I worked there :-P

      Google X might be larger, if anyone knew where it was....

    • Yeah and that's great and all, if you just want to crap out useless prototypes that never actually go anywhere(the BitCoin research is pretty cool though)... heaven forbid you have an idea that threatens Office, Windows or the Xbox divisions.

      Life at Microsoft R&D must be some bizarre sisyphean effort that's somehow rewarding when you *almost* get that boulder up the hill.

  • Yes but (Score:4, Funny)

    by koan (80826) on Tuesday November 15, 2011 @06:23AM (#38057660)

    It still sounds like a better system than our current financial institutions.

  • by Anonymous Coward on Tuesday November 15, 2011 @06:33AM (#38057722)

    Only a small fraction of bitcoin nodes (e.g. 1%) are mining nodes, and they all relay transactions as relaying transactions is very cheap to do. The problem they're describing clearly does not exist. If it did someday turn out to be an issue you can address it by users handing their transactions directly to various miners, you don't need some crazy complicated reward scheme.

    It's also not news— their contribution isn't insight on incentives but a complicated sibyl resistant reward scheme for trees (which the bitcoin network is not) which requires doubling the cost of forwarding a transaction every two hops it takes. (By making every node perform a great many additional cryptographic signatures and checks in order to track the reward)

    • by makomk (752139)

      Only a small fraction of bitcoin nodes (e.g. 1%) are mining nodes, and they all relay transactions as relaying transactions is very cheap to do.

      The problem is what happens if relaying transactions becomes less cheap - that is to say, if Bitcoin actually gets adopted and the transaction volume skyrockets.

    • "The flaw pointed out in (this) paper is that there is a negative incentive for miners to forward Bitcoin transactions." This is a big derp on the part of these researchers.

      There might be 20 pools collectively mining, and maybe 100+ people mining by themselves at this time. They currently have more processing power than the top 10 supercomputers in the world put together. Miners strengthen the blockchain record of past transactions against cryptographic forgery, but their processing power is not what distr

  • summary (Score:5, Insightful)

    by petermgreen (876956) <plugwash@@@p10link...net> on Tuesday November 15, 2011 @06:39AM (#38057746) Homepage

    If a LARGE proportion of bitcoin nodes are run by assholes who refuse to distribute transactions then the network may fall apart.

    This system seems to add a lot of complexity to solve something that has not proven a problem.

    • A bug can exist without it immediately causing problems. It's generally best to fix things before they become a problem, not afterwards.

      • by Ginger Unicorn (952287) on Tuesday November 15, 2011 @08:17AM (#38058270)
        which is ironic considering this is coming from microsoft
      • True but equally the cost of a fix must be weighed against the benefit of that fix. This "fix" seems to be high cost (dramatically increasing the cost of forwarding a block) for dubious benefit.

        Even if the asshole density got to high for transactions to propogate through random public connections i'm sure people would form other arragenements for getting transactions to miners.

        The researchers haven't even made it clear (at least from my reading of the paper, please tell me if I missed something) if they thi

    • by ultranova (717540)

      This system seems to add a lot of complexity to solve something that has not proven a problem.

      No, this system adds a lot of complexity to tie every transaction to an IP address. The goal is surveillance, the stated purpose is just a thinly veiled excuse.

  • by Anonymous Coward on Tuesday November 15, 2011 @06:40AM (#38057758)

    This doesn't really make sense. Clients forward transactions as well as miners (and typical clients are connected to 8 other clients, making it a very well connected network).

    Granted, there is no incentive to forward transactions, but if nobody forwards transactions then the network won't work so ultimately it's in the self interest of all users to do so. Some miners may decide not to do so, in the hope that they will be the one who solves the block and get the transaction fee. But they are not actually gaining anything by doing so. They are making other miners potentially miss out on transaction fees but it doesn't improve their chances of winning the block and therefore getting the fee and there is no way they can know what transactions other miners have picked up through other routes via the network.

    I think the conclusion is wrong; while there is no incentive to forward the transaction (beyond stability of the network), there is also no obvious disincentive to do so as the cost is tiny (the cost of the bandwidth to forward it)

    • sounds like the same awesome plan as sitting on a poker machine.
    • by drinkypoo (153816) <martin.espinoza@gmail.com> on Tuesday November 15, 2011 @07:13AM (#38057932) Homepage Journal

      They are making other miners potentially miss out on transaction fees but it doesn't improve their chances of winning the block and therefore getting the fee and there is no way they can know what transactions other miners have picked up through other routes via the network.

      If it hurts the other guy and it doesn't hurt you then there is an incentive not to forward any more transactions than you have to. If it hurts you and other guy at the same time then you can do it selectively, any time it will hurt him more. If everyone were altruistic, you'd be right. They aren't, so you aren't.

      • It's not about altruism, it's about longer term incentives. If Bitcoin fails to work properly because people hoard transactions then the worth of your own Bitcoin using business and stored value goes down.

        There are plenty of other responses possible to this problem though, if it ever actually happens (nobody has observed people failing to relay transactions for profit today). One is to simply have rebroadcast nodes that don't verify transactions or blocks and thus are very cheap to run, which simply ensure

        • by drinkypoo (153816)

          I didn't say it couldn't be solved, I said there are incentives to behave in this fashion, and therefore it is a flaw in the implementation of bitcoin, but a much smaller one than that bitcoins represent waste instead of production or wealth.

          • ... than that bitcoins represent waste instead of production or wealth.

            I don't understand your point. How do traditional notes/coins represent production and wealth instead of waste. There is no intrinsic value in the notes I currently hold, there is only value in the idea that I can swap it for something else.

    • A big part of the problem is likely to be people like me who started playing around with Bitcoin out of curiosity and then just gave up because I didn't really care and couldn't see the point. I suspect there's a lot of people like me, and hence a lot of "dead nodes" in the system.
      • by Rogerborg (306625)
        Even the bitcoin true believers on their forums have admitted that the number of nodes is dropping. The total "market value" of all the bitcoins in existence is essentially insignificant and designed to stay that way. You'd (seriously) be better off posting baggies of gold dust around if you want a universal, untraceable currency.
    • by makomk (752139)

      Actually, for various reasons Bitcoin appears to be quite badly connected. Pools have seen block propagation times across the networks of over a minute, and I don't think anyone's even bothered to measure transaction propagation because it doesn't currently matter much to the miners.

  • So we need some new method or entity to help move bitcoin from one place to another? Perhaps something like.. banks and insurance companies and derivatives etc? I don't like where this is headed :)

  • by Dunbal (464142) *
    Getting ready to watch bitcoin plunge the rest of the way to zero. Just over $2 now. Anyone who lost money in bitcoin must be told : "seriously, what were you thinking?"
  • by mathimus1863 (1120437) on Tuesday November 15, 2011 @08:33AM (#38058342)
    Shame on you slashdot. This is a disgustingly misleading headline that has absolutely nothing to do with the paper. The paper is only offering recommendations for the future, based on some incorrect assumptions about the network (which is that there will be difficulty in propagating transactions). This is not a "flaw" in the protocol.

    The Bitcoin network is well-connected and the only nodes that have incentive not to forward txs make up a tiny percentage of the network (less than 1%). Even if they were the only nodes on the network, the network is designed so that users can locate them, and it costs nothing for a user to forward their transaction to many/all of them. This is completely a non-issue.
  • Say it ain't so!
    /sarcasm
  • the more rules and regulations need to be put into place to stop abuse.

    Like actual currency.

"And do you think (fop that I am) that I could be the Scarlet Pumpernickel?" -- Looney Tunes, The Scarlet Pumpernickel (1950, Chuck Jones)

Working...