| > For a relatively small cost, the blockchain could be flooded with bogus junk to DoS. It's certainly possible for a government to pay to consume the available space in a blockchain with a very small capacity limit such as Bitcoin has, but I think you miss the very important dynamics that undermine this attack vector - namely that such an attack is a wealth transfer from the attacker to the defender. This is antifragility at its finest. Let's say that some acronym-agency decided to "spam" the blockchain as you suggest. The result would not be a "DoS-like" disruption to the mining or node network itself, but just an increase in the cost to make a transaction (we've seen this in the so-called "spam attacks" on the Bitcoin blockchain in the last year). Beyond a certain transaction cost, the demand for space in the blockchain will just diffuse to a competing crypto with cheaper transactions and be harder to trace. Oops. Moreover, in the meantime, the attacker is simply transferring his wealth to the miners in the form of artificially high fees. The miners will happily accept the attackers money and use it to build more mining capacity. If blocks stay full, eventually miners will decide to mine larger blocks, raising the cost of the attack. How polite of the attacker to pay the mining network to build out capacity to handle his attack! The result is that all the activity you hoped to suppress just diffuses to other cryptos and becomes harder to track. Meanwhile the attacker is subsidizing a better mining network. That's a bad attack. Relaxing (or removing) the block size constraint doesn't help the attacker. With a higher constraint, the attacker must spend more to fill up the blockchain, raising the cost of the attack and increasing the wealth transfer from the attacker to the miner. Bitcoin clients like Bitcoin Unlimited that would make the limit a dynamic variable create a whole new wrinkle for the attacker: because such a limit is an emergent network property, the attack cannot even really be accurately planned or budgeted - the attacker literally has to hit a moving target. But let's say our attacker doesn't care about plan or budget. As the attacker fills space on our "Unlimited" blockchain, blocks could bloat to the maximum size tolerated by a supermajority of the node network - the "emergent" blocksize limit. This is exactly the same size the "preplanned" blocksize limit would eventually ratchet up to in a sustained block-filling attack, the only difference is the mechanism used to raise the limit. IOW, if you think this "spam attack" through - regardless of the block size limit - the network will automatically adjust to make the cost of the attack as expensive as possible, minimizing the disruption to normal users and maximizing the wealth transfer from the attacker to the miner. The fact that blockchain "spam attacks" are actually wealth transfers from the attacker to the mining network is the primary reason why these events cannot even be correctly viewed as "attacks" - these are paying customers! A blockchain spam attack is exactly like trying to shut down Starbucks by planting a million stooges at every store to purchase lattes so that regular customers can't shop there. Starbucks gets rich from all the money the attacker is feeding it, and organic demand for coffee just shifts to other stores. TL;DR I think there's no such thing as a blockchain spam attack - the worst that an attacker could do might be to raise transaction prices on the Bitcoin blockchain and keep them artificially high for long enough that demand for Bitcoin transactions eventually collapses and (counterproductively for our attacker) goes to other cryptos. |
Great comparison IMO