Bitcoinâs open-source developers donât agree on many things, but youâd be forgiven if you thought something best known as an âattackâ might be one of them.
Still, thereâs a divide forming in conversation surrounding bitcoinâs long-standing âtimewarp attackâ â and for good reason. First and foremost, Blockstream co-founder Mark Friedenbach recently found that the exploit could be harnessed to help bitcoin scale â that is, reach more users and process more transactions faster, if developers embrace and implement the idea.
But since its unveiling last week, the discovery has driven a shift in the conversation around the attack, meant to describe how miners might submit blocks featuring timestamps that are larger than they should be to push down the difficulty of creating new blocks (a trick that could help them to earn and collect more bitcoin rewards).
The result is that prominent thinkers in the bitcoin development community now appear split on an issue thatâs been the subject of discussion since 2012..
Greg Maxwell, a Blockstream co-founder and one of bitcoinâs most prominent developers, for example, recently called for a fix to the long-standing bitcoin attack on the bitcoin mailing list, the leading gathering point for development conversation globally. Maxwell has been silent on Friedenbachâs proposal specifically, but the call did occur after chatter began about the research, formally called âforward blocks.â
As a result, this divide might be likely to continue.
Friedenbachâs research, after all, proposes an idea that developers seeking to secure the protocol find enticing: It allows bitcoinâs block size to be increased without asking all of those operating the software to upgrade. (Seeing as this minor parameter has been a hot point of contention among the community for so long, some see it as a sort of âbreakthrough.â)
That said, some argue Friedenbachâs new research makes fixing the attack even more pressing.
To begin, however, it helps to understand why the attack exists to begin with.
Individual actors (miners) on the network report the time an event happens â when a transaction was made or when a block was created. So, thereâs a small chance someone can manipulate the time a little bit, even while following the rules of the bitcoin code that network nodes are constantly checking.
As such, miners report blocks with the wrong time on occasion. Itâs easy to tell because every once in a while, a block rolls in with a timestamp thatâs earlier than the block before it (essentially appearing out of order).
To explore why this happens, blockchain analysis company Chainalysis recently pulled together a report exploring how the error rates have changed over time.
âThe declining error over time in timestamps reflects the evolution of people getting involved,â Gradwell, who co-authored the report, told CoinDesk, arguing that according to the data, timestamp errors seem to âspikeâ when the mining industry sees a technology shift.
For example, when miners started joining together to form âpoolsâ early on in 2012 the percentage of timestamp errors rose to 8 percent of timestamps.
Gradwell argues that this data suggests the errors are accidental, rather than done for malicious reasons, as miners need to get used to new equipment.
The timewarp âattackâ is a bit different, though, in that it requires much more specific manipulation by miners who twist the rules in the hopes of earning money. This can happen when miners collude together to report incorrect timestamps that are farther apart, messing with the rate at which blocks can be mined.
Luckily, this attack is difficult to execute.
âI, and I assume others, havenât put a big priority into fixing this vulnerability because it requires a majority [of mining] hashrate and could easily be blocked if someone started using it,â Maxwell said.
In the case where one group of miners were to collect most of the hashrate, a time attack would be the least of bitcoinâs worries. (âAnd then there will be other problems,â as Chainalysis chief economist Philip Gradwell put it in conversation with CoinDesk.)
For one, it would mean centralization of the network. And the main thing that is supposed to set bitcoin apart from other cryptocurrencies is that it isnât controlled by any one entity. Not to mention, at this point, the miners in power would be able to perform whatâs known as a â51 percent attack,â thereby using their numbers to exert influence over the network.
But even if itâs difficult to execute, developers see it as a problem, one that can be fixed easily if so desired.
In his call for proposals, Maxwell mentioned that he had an idea that he tried out on bitcoinâs testnet years ago, but he wants to make sure there isnât some other, better idea out there before plugging away at his fix.
âBefore I dust off my old fix and perhaps prematurely cause fixation on a particular approach, I thought it would be useful to ask the list if anyone else was aware of a favorite backwards compatible timewarp fix proposal they wanted to point out,â Maxwell continued.
âBackwards compatibleâ is key here. The requirement is for the change to not have a chance of splitting the network.
At Maxwellâs request, a few different proposals have trickled in.
Bitcoin Core contributor Johnson Lau put forward a couple of ideas, both good and bad, to show the tradeoffs of various approaches. He argued that the most ânaiveâ approach would be to just require a block to not submit a time lower than the block before it.
But since this would require a certain type of change, it could lead bitcoinâs software to split into two versions. Lau argues the trick is finding a solution that decreases the likelihood of a timewarp attack, while also not risking a split.
âThe aim is to find a [time value] which is small-enough-to-prohibit-time-warp-attack, but also big-enough-to-avoid-split,â he said, adding that he thinks this can be accomplished with a âweakerâ version of this naive approach.
Lauâs idea even sparked a little philosophical discussion about âsoft forks,â a backwards-compatible way of making such a code change in bitcoin, and how different types can have different consequences.
âIn general, soft forks are better when they donât cause orphaning on non-upgraded miners,â wrote BitTorrent creator Bram Cohen, whoâs been focusing his developer efforts on cryptocurrency these days.
All in all, though, he supported Lauâs proposal, but argued for a time window of three hours. âIt suffers from still allowing the attack a little bit, but three hours out of every two weeks seems like no big deal,â Cohen said.
Another developer, Scott Roberts, submitted a proposal that turned out to not be âoff the markâ for bitcoin in particular, he told CoinDesk. In the end, he agrees with Cohen, though he thinks three hours might be âtoo tight.â
âI donât know what the decision will be, but I think the fix is as simple as limiting timestamps to plus or minus something like three to 24 hours from the previous timestamp,â Roberts said.
But the problem is that eradicating the time warp attack would ruin forward blocks.
ââFixingâ the time-warp attack in the sense of making time warp impossible would prevent entirely forward blocks from achieving on-chain scaling. It might still be worth deploying for the proof-of-work upgrade or increase censorship resistance of sharding,â Friedenbach told CoinDesk, adding:
âBut the main advantage [of scaling bitcoin] which excites people would be gone.â
Thinking about this, Friedenbach came up with another proposal, one that would preserve forward blocks, but would expunge the âworst exploitsâ of the timewarp attack. He went on to argue it âcould be deployed early to prevent reckless exploitation of the time-warp bug,â he added.
But many bitcoin technologists seem unsure that pure forward blocks are worth preserving.
Blockstream CEO Adam Back argues that while he thinks itâs interesting research, heâs not sure the community would support it.
âI think itâs useful to explore the technical possibilities, which is what Mark has done. But the main limitation is, will there be consensus for making a big tradeoff of decentralization, censorship-resistance and self-validation cost for brute-force layer1 scale,â Back told CoinDesk.
While forward blocks are interesting because they increase bitcoinâs capacity without a hard fork, a type of change that could split bitcoin in two, itâs still forceful.
And since forcing through a change that not everyone wants and could decrease decentralization was a key reason why the community fought so zealously in bitcoinâs years-long scaling debate, Back argues the community wouldnât take this type of a change lightly either.
He went as far as to argue that âthere are likely simpler, less hacky approachesâ than Friedenbachâs to boost bitcoinâs layer-one scale.
With this type of criticism still rolling in, it seems to be an ongoing discussion, as Friedenbach continues to argue forward blocks are worth preserving as a tool:
âThe dangerous outcomes of the time-warp bug can be prevented without fixing the bug entirely, and therefore without blocking off forward blocks or related scaling solutions.â
Clock photo by Srikanta H. U (@srikanta) on Unsplash
