undefined | Better HN

0 pointsRL_Quine6y ago0 comments

You're fundamentally missing the point somehow.

When you connect to a pool, you give them absolute trust over what you're mining using your hardware with the expectation that they will pay you for it later. In a route hijack, an attacker can replace the pool and announce their own work to you, and receive all results you produce. You can not distinguish this with the normal behavior of the pool and will be robbed, and your work can be used to do whatever the attacker wishes.

The output of the work being loosely "authenticated" with the pool by virtue of the work being non-transferable is entirely orthogonal. Nobody is going to be taking that because it's worthless, as you correctly point out. They're going to replace the work that's sent to you in the first place, because that's what makes sense.

0 comments

SilasX6y ago

Pretty sure I'm not missing the point, because that's exactly what I said, in different words.

I specifically agreed that, if you can replace the assignment given to the miners ("replace the pool and announce their own work to you"), and see the output, then you can steal the work. It was in this paragraph:

>>Okay I see what you mean about replacing the work assignments going to the miners -- if you could tell them to solve a different block/fingerprint (hash of new block + previous block) and receive their output, then you can steal their hashing power.

That is an agreement with your:

>In a route hijack, an attacker can replace the pool and announce their own work to you, and receive all results you produce.

That is me communicating agreement that that's the attack that "makes sense" as in your sentence here:

>They're going to replace the work that's sent to you in the first place, because that's what makes sense.

I made my original because it sounded like you were saying a miner not (separately) authenticating their output to the pool would be an issue, which I now see you (always) agreed is orthogronal; my only objection in the follow-up was that your comment was addressing something different than I originally raised:

>>>That's not correct in practice. There's no authentication of the work going to the miner at all, so an attacker can just change the destination before the miner even sees the work.

>>I was referring here to the solutions the miners send out.

So, if I agree with you on every question of what and where the threat is and is not, and said so with slightly different words than you did, what point do you think I'm fundamentally missing?

j / k navigate · click thread line to collapse