> Could someone surround my node with malicious nodes and put me on a forked chain?
Yes. You can’t know about blocks you don’t hear about. However:
1. Unless they can match the hashing power of the rest of the network, they can only publish new blocks to you at a very low rate (e.g. every 100 minutes if they have 10% of the hashing power)
2. If you connect to just a single node which tells the truth, you will discard the forked chain (again, unless the attackers can match the hash rate of the rest of the network)
All in all, proof-of-work makes it pretty easy for you to notice that something weird is happening.
> How does bitcoin protect against this from happening by accident?
You can prevent nodes from connecting to you (no inbound connections), such that you choose (randomly) which nodes to connect to. Choose a sufficiently high node count, and you’re almost certain that you don’t select a group of coordinating malicious nodes.
Side note: It would also be interesting to analyze the impact of this attack in the context of a proof-of-stake blockchain. I assume, although I’m not certain, that the attacked node would just consider the current stakers as defunct if the attackers don’t deliver blocks from them, and that the attackers would be able to become the new stakers, since the attackers would be able to censor competing staking transactions.
> You can prevent nodes from connecting to you (no inbound connections), such that you choose (randomly) which nodes to connect to. Choose a sufficiently high node count, and you’re almost certain that you don’t select a group of coordinating malicious nodes.
This sounds suspiciously like either a) choosing who to trust in advance, which negates one of the few benefits of blockchain-based cryptocurrencies that I accept exist (even if I don’t value it highly); or b) relying on random numbers being both fair and not being tampered with, even though over-reliance on that is one of the common failure modes with cryptography in general.
>b) relying on random numbers being both fair and not being tampered with, even though over-reliance on that is one of the common failure modes with cryptography in general.
If you are interested I was an author on a paper which looked at the probability of choosing bad nodes, how an attacker could manipulate this and what bad things an attacker can do once they partition you from the network. Many of the countermeasures and security enhancements we proposed are now in Bitcoin making the network harder to attack.
> Could someone surround my node with malicious nodes and put me on a forked chain?
Thanks for this paper, it’s a really excellent read and explains the eclipse attack really well. I would love to track down some similarly structured papers.
> relying on random numbers being both fair and not being tampered with
You can easily validate that a block is valid and has the correct PoW. For this to work an attacker needs to be mining valid blocks (expensive) and partition the bitcoin network in a way that nodes can't talk to each other (mission impossible). Then the attacker needs to make use of this split chain so that a double spend can occur. I wouldn't be that worried.
Yes. You can’t know about blocks you don’t hear about. However:
1. Unless they can match the hashing power of the rest of the network, they can only publish new blocks to you at a very low rate (e.g. every 100 minutes if they have 10% of the hashing power)
2. If you connect to just a single node which tells the truth, you will discard the forked chain (again, unless the attackers can match the hash rate of the rest of the network)
All in all, proof-of-work makes it pretty easy for you to notice that something weird is happening.
> How does bitcoin protect against this from happening by accident?
You can prevent nodes from connecting to you (no inbound connections), such that you choose (randomly) which nodes to connect to. Choose a sufficiently high node count, and you’re almost certain that you don’t select a group of coordinating malicious nodes.
Side note: It would also be interesting to analyze the impact of this attack in the context of a proof-of-stake blockchain. I assume, although I’m not certain, that the attacked node would just consider the current stakers as defunct if the attackers don’t deliver blocks from them, and that the attackers would be able to become the new stakers, since the attackers would be able to censor competing staking transactions.