### Rating (1--4): + 3: Weak Accept -- This paper may have flaws, but I would not argue against it at a major conference ### What did this paper do well? + Providing a good study of BGP network attacks on Bitcoin + Good evaluation of the attack + Recommending a good set of countermeasures ### Where did this paper fall short? + The feasibility of hijacking a particular ISP to broadcast false BGP information in a partition attack is not quite persuasive. + There are quite a large number of assumptions. The big one is assuming the attacker has the control of a BGP broadcast source. Another assumption is about the correlation between the number of BGP attacks and the effectiveness of this attack on bitcoin. The author mentioned thousands of BGP attacks were performed everyday but there are ASes that are more vulnerable than others and some ASes have agreements with each other on how to deal with certain situations. 100 to 447 nodes being attacked in a month is not a significant number (not mentioning the spread of those nodes) + Delay attack doesn't work well with mining pools which are very common nowadays. Some mining pools are so powerful (both on processing power and network connectivities/redundancies) that they can mine several blocks consecutively. ### What did you learn from reading this paper? + Partitioning attack procedure (verifiable) + Delay attack + Leakage points ### What questions do you have about the paper or the area? + If Bitcoin is highly centralized (more than 60% of mining power is within 3 ISPs), then how deep is the impact of this kind of attack? (note that Partition attack is heavily relied on BGP attack) + How hard is it to get into a BGP network and start broadcasting false information (relating to partitioning attack)? + How much of a bandwidth will be needed for an attack to really isolate a good chunk of nodes (let's say, for DOS attack)? + Delay attack is "up to 20 minutes" which averages to 2 blocks which is below the recommended safe level (4 to 6 blocks) recommended for important bitcoin transactions. Is the delay attack really effective? (regarding double spending exploits) + What is "selfish mining" attack? + How common are intra-AS and/or intra-pool?
