core: Added new TD strategy which mitigate the risk for selfish mining

Assuming the following scenario where a miner has 15% of all hashing
power and the ability to exert a moderate control over the network to
the point where if the attacker sees a message A, it can't stop A from
propagating, but what it **can** do is send a message B and ensure that
most nodes see B before A. The attacker can then selfish mine and
augment selfish mining strategy by giving his own blocks an advantage.

This change makes the time at which a block is received less relevant
and so the level of control an attacker has over the network no longer
makes a difference.

This change changes the current td algorithm `B_td > C_td` to the new
algorithm `B_td > C_td || B_td == C_td && rnd < 0.5`.
This commit is contained in:
Jeffrey Wilcke 2016-01-12 11:54:29 +01:00
parent b6d88a0e9f
commit 5b283663b4
2 changed files with 17 additions and 6 deletions

View File

@ -725,14 +725,18 @@ func (self *BlockChain) writeHeader(header *types.Header) error {
if ptd == nil {
return ParentError(header.ParentHash)
}
td := new(big.Int).Add(header.Difficulty, ptd)
localTd := self.GetTd(self.currentHeader.Hash())
externTd := new(big.Int).Add(header.Difficulty, ptd)
// Make sure no inconsistent state is leaked during insertion
self.mu.Lock()
defer self.mu.Unlock()
// If the total difficulty is higher than our known, add it to the canonical chain
if td.Cmp(self.GetTd(self.currentHeader.Hash())) > 0 {
// Second clause in the if statement reduces the vulnerability to selfish mining.
// Please refer to http://www.cs.cornell.edu/~ie53/publications/btcProcFC.pdf
if externTd.Cmp(localTd) > 0 || (externTd.Cmp(localTd) == 0 && mrand.Float64() < 0.5) {
// Delete any canonical number assignments above the new head
for i := header.Number.Uint64() + 1; GetCanonicalHash(self.chainDb, i) != (common.Hash{}); i++ {
DeleteCanonicalHash(self.chainDb, i)
@ -753,7 +757,7 @@ func (self *BlockChain) writeHeader(header *types.Header) error {
self.currentHeader = types.CopyHeader(header)
}
// Irrelevant of the canonical status, write the header itself to the database
if err := WriteTd(self.chainDb, header.Hash(), td); err != nil {
if err := WriteTd(self.chainDb, header.Hash(), externTd); err != nil {
glog.Fatalf("failed to write header total difficulty: %v", err)
}
if err := WriteHeader(self.chainDb, header); err != nil {
@ -1060,14 +1064,18 @@ func (self *BlockChain) WriteBlock(block *types.Block) (status writeStatus, err
if ptd == nil {
return NonStatTy, ParentError(block.ParentHash())
}
td := new(big.Int).Add(block.Difficulty(), ptd)
localTd := self.GetTd(self.currentBlock.Hash())
externTd := new(big.Int).Add(block.Difficulty(), ptd)
// Make sure no inconsistent state is leaked during insertion
self.mu.Lock()
defer self.mu.Unlock()
// If the total difficulty is higher than our known, add it to the canonical chain
if td.Cmp(self.GetTd(self.currentBlock.Hash())) > 0 {
// Second clause in the if statement reduces the vulnerability to selfish mining.
// Please refer to http://www.cs.cornell.edu/~ie53/publications/btcProcFC.pdf
if externTd.Cmp(localTd) > 0 || (externTd.Cmp(localTd) == 0 && mrand.Float64() < 0.5) {
// Reorganize the chain if the parent is not the head block
if block.ParentHash() != self.currentBlock.Hash() {
if err := self.reorg(self.currentBlock, block); err != nil {
@ -1081,7 +1089,7 @@ func (self *BlockChain) WriteBlock(block *types.Block) (status writeStatus, err
status = SideStatTy
}
// Irrelevant of the canonical status, write the block itself to the database
if err := WriteTd(self.chainDb, block.Hash(), td); err != nil {
if err := WriteTd(self.chainDb, block.Hash(), externTd); err != nil {
glog.Fatalf("failed to write block total difficulty: %v", err)
}
if err := WriteBlock(self.chainDb, block); err != nil {

View File

@ -44,6 +44,9 @@ var (
"TRANSCT__RandomByteAtTheEnd",
"BLOCK__ZeroByteAtTheEnd",
"TRANSCT__ZeroByteAtTheEnd",
"ChainAtoChainB_blockorder2",
"ChainAtoChainB_blockorder1",
}
/* Go client does not support transaction (account) nonces above 2^64. This