It seems a week does not go by that the end of bitcoin is not predicted. Most recently Ittay Eyal and Emin Gun Sirer of Cornell University wrote a paper describing how "Selfish Miners" might be able to subvert the network to their own purpose. The regular news publishers quicklyjumped on the article to spread their own version of the story.

While some of these harbingers of doom are technically correct (as is the case of the Cornell University paper as far as I can tell) it seems the gap between possibility and practicality often gets overlooked.

This was in my opinion eloquently illustrated by Peter Todd, a bitcoin developer who wrote a nice bit on the Bitcoin-DEV mailing list outlining an new flaw in the bitcoin network that gave me a bit of a laugh and I thought I would share it (with permission);-

"Here's a perfectly plausible worst-case scenario, that could be

happening right now: RAND High Frequency Trading Corp (a subsidiary of

General Evil) has a low-latency network of fiber,

line-of-sight microwave, and some experimental line-of-site neutrino

links criss-crossing the globe. They can get data to and from any point

on this planet faster than anyone else. Of course, in addition to their

spectacular network they have an immense amount of computing power, as

well as exotic overclocked liquid nitrogen bathed CPU's that run at

clockspeeds double what commercial hardware can do; in short, they have

access to scalar performance no-one else has. Of course, they like to

keep a healthy reserve so 99% of all this fancy gear is constantly

idle. Whatever, they can afford it.

RAND just hired a bunch of fresh MIT graduates, the best of the best.

Problem is the best of the best tends to make not so best mistakes, so

RAND figures a Training Exercise is in order. Fortunately for them the NSA (a

subsidiary of General Evil) slipped a rootkit into my keyboard a week or

so ago - probably that time when I woke up in that farmers field with a

*splitting* headache - and are reading what I'm typing right now.

I go on to explain how an excellent training exercise for these fresh

MIT graduates would be to implement this nifty attack some Cornell

researchers came up with. It's really simple, elegant even, but to do it

best what you really want is the kind of low-latency network a

high-frequency-trading corporation would have. I then point out how a

good training exercise ideally is done in a scenario where there is

genuine risk and reward, but where the worst-case consequences are

manageable - new hires to tend to screw up. (I then go on to explain my

analog electronics background, and squeeze in some forced anecdote about

how I blew up something worth a lot of money owned by my employers at

some point in the distant past)

Unfortunately for the operators of BTC Guild, one of these new MIT grads

happens to have a: passed General Evil's psych screening with flying

colors, and b: have spent too much time around the MIT Kidnappng Club.

He decides it'd be easier to just kidnap the guy running BTC Guild than

fill out the paperwork to borrow RAND's FPGA cluster, so he does.

As expected the attack runs smoothly: with 30% of the hashing power,

neutrino burst generator/encoders's rigged around the globe to fire the

moment another pool gets a block, and the odd DoS attack for fun, they

quickly make a mockery of the Bitcoin network, reducing every other

miners profitability to zero in minutes. The other miners don't have a

hope: their blocks have to travel the long way, along the surface of

the earth, while RAND's blocks shave off important milliseconds by

taking the direct route.

Of course, this doesn't go unnoticed, er, eventually: 12 hours later the

operators of GHash.IO, Eligius, slush, Bitminter, Eclipse and ASICMiner

open their groggy eyes and mutter something about how that simulcast

Tuesday party really shouldn't have had an open bar... or so much coke.

They don't even notice that the team from BTC Guild has vanished, but

they do notice a YouTube video of Gavin right on bitcoin.org doing his

best Spock impression, er, I mean appealing for calm and promising that

Top Men are working on the issue of empty blocks as we speak. Meanwhile

CNN's top headline reads "IS THIS THE END OF BITCOIN?!?!"

It takes another hour for the Aspirin's to finally kick in, but

eventually all get on IRC and start trying to resolve the issue -

seems that whenever any of them produce a block, somehow by incredible

coincidence someone else finds another block first. After a few rounds

of this they're getting suspicious. (if they weren't all so hung-over

they might have also found suspicious the fact that whenever they found

a block they saw a sudden blue flash - Cherenkov radiation emitted when

those neutrinos interacted with the vitreous humour in their eyeballs)

It's quickly realized that "somehow" BTC Guild isn't affected...

GHash.IO and Eligius, 22% and 13% of the hashing power respectively,

decide to try a little experiment: they peer to each other and only each

other through an encrypted tunnel and... hey, no more lucky blocks!

slush, 7% of the hashing power is invited to the peering group next,

followed by Bitminter, 6%, and Eclipse, 2%, and finally ASICMiner, 1%,

for a grand total of... 51% of the hashing power!

Of course, just creating blocks isn't useful for users, they need to be

distributed too, so someone quickly writes up a "one-way firewall" patch

that allows the group's blocks to propagate to the rest of the network.

Blocks created by anyone else are ignored.

It takes a few more hours, but eventually the attacker seems to run out

of blocks, and transaction processing returns to normal, albeit a little

slow. (20 min block average) Of course, soon there's a 3,000 post thread

on bitcointalk complaining about the "centralized pool cartel", but

somehow life goes on.

The next day Gavin goes on CNN, and gives a lovely interview about how

the past two days events show how the strength of the Bitcoin network is

in the community. For balance they interview this annoying "Peter Todd"

guy from "Keep Bitcoin Free!" who blathers on about how relying on

altruism or something will doom the Bitcoin network in the long run.

After the interview Gavin respectfully points out that maybe next time

they find a so called "developer" with a ratio of bitcointalk posts to

actual lines of code in the Bitcoin git repository better than one

hundred to one. The producer just wishes that "Mike Hearn" guy was

available; at least he's got a sense of fashion, sheesh!

Anyway, I'm out of space for my little story, but yeah, the ending

involves a group of now-rich pool operators who decide to start a large

financial services and data networking company, oh, and time-travel..."

Peter later sent me a message saying (referring to the Cornell Paper);-

"To be clear, the attack is real as far as we know, and may very well

pose a serious threat to Bitcoin in the future. However right now

we should take advantage of the fact that nearly all Bitcoin miners

would be willing to co-operate to stop an attack, and use that time to

give developers a chance to carefully think about this issue, as well as

others like it. We have plenty of time to come up with good solutions

that have proven themselves through thorough analysis, peer review, and

testing. Sure, this process won't happen overnight, but we can afford to

take the time to do things right, rather than rush out an ill-thought

fix."

I must admit that I have even used reductio ad absurdum in describing some of bitcoin's (well documented) vulnerabilities but I thought Peters new vulnerability deserved a greater audience than just the bitcoin-dev mailing list. Perhaps we will see it referenced by CNN in the future.