Topic: 51% attack (Read 5157 times)

I agree.  I no longer think this idea is workable.  It will create more problems than it solves.

In fact, it is ironic: it would add further heterogeneity [in block acceptance criteria] as a "solution" for the problems originally caused by heterogeneity in certain miners' TX mempool acceptance criteria:  

https://bitcointalksearch.org/topic/m.6407793
https://bitcointalksearch.org/topic/m.6407938

This only works if the service accepts double-spends from everyone. I'd have thought the service was more likely to restrict double-spends to favoured individuals. For example, it could require some pattern in transaction outputs, so that only people who knew how to create that pattern could make double-spends. That knowledge could be traded on underground bulletin boards, rather like how credit card numbers are traded today.

The honest miners could attempt to figure out and replicate the patterns, and then we get an arms race with the patterns getting ever more subtle.

I'm not saying it's a bad idea, necessarily, but it's far from a panacea.

Yes, I think so.  For the Mike H idea #1 to work, the majority of the hash power must agree (otherwise you will lose money as Danny pointed out).  If the majority of the hash power agrees, then it's effectively a rule that's been added on top of the Satoshi protocol. 

I can see why extra rules are probably a bad thing, but it's not completely clear to me why they are necessarily a bad thing.  I guess perhaps since you are at risk of 51% attack no matter what the rules are, why risk a loss of confidence from added complexity?

We are both looking to add protocol rules?

 a 51% attack can create longest chain and then be able to mine 100% of blocks, not just 51% of blocks.

Average confirmation time for transactions goes from 10 minutes to 20 minutes and that's a paralyzing disaster worse than a double spend?

I just mean the same problem of "how to come to consensus in a decentralized manner." 

Empty blocks in the context of a 51% attack.  That paralyzes bitcoin.  Much worse than a double spend.

How is it the same problem?  And can you summarize/restate the essense of what he said?

LOL, but I've already convinced myself that nothing can or should be done about empty blocks.  And I guess it is really the same problem, isn't it?  So I think I'm now 90% convinced by what Danny said.  

And to me it seems intuitive that something could be done in a decentralized manner to prevent empty blocks or excluded transactions, but I could be wrong also.

There is no general solution to the Two General's Problem.  Bitcoin is a practical implementation where consensus is achieved by working on the longest chain.  Consensus can be achieved in other ways, however.  

I am not saying that Mike Hearn's idea (#1 only--#2 seems really bad) is necessarily a good one.  It's just that I'm still not fully convinced that it's a bad one.  

Bitcoin fans monitor and Bitcoin Foundation also manages  and monitor this issue, so  should avoid that. do not worry

Thanks Danny.  I'd say I'm 75% convinced.  The missing 25% is due to my belief that it would be both "obvious" and "independently verifiable" that a certain miner is operating an out-of-band double spend service.  If both these conditions hold, then it seems intuitive that something could be done in a decentralized manner.  Perhaps I am wrong, however.

People can believe what they want, but it doesn't make it possible to solve the Byzantine General's Problem without actually solving the Byzantine General's Problem, which is what "a technique to reliably detect malicious blocks created by double-spend services" means.

No.

51% should be utilized to block stolen funds and recreate those coins so 21M coins will always be in the network.

If each participating miner (or mining pool) implements your idea independently (searches for the double-spend services themselves, and makes their own determinations from their own double-spend attempts which blocks to ignore), then it's dangerous to the income and profitability of the individual miners (or pools).

It is likely that some miners will find some services, and other miners will find other services.  As such, they will waste time mining blocks that won't earn them income, while the rest of the network that hasn't discovered the particular service they are blacklisting continues on without them.  Additionally, if they happen to solve a block while mining a fork that won't make it, they lose out on the block reward they could have had if they had solved a block on the consensus chain.

Additionally, since there are likely to be many services that some miners find and others don't, the blockchain is likely to always be in a state of multiple competing blocks that are all trying to orphan all the others.  This significantly reduces the hashpower that an attacker would need to outpace the rest of the network with their own chain.  If an attacker can create a situation where there are regularly 5 different blocks that are all being treated by equal portions of the network as the last "valid" block, an attacker only needs 17% of the total hash power of the network to continuously outpace the network (instead of 51%).

If, instead of having each miner (or pool) independently search out and choose which blocks they want to try to ignore, you have some centralized service that provides the block blacklist that all miners are supposed to adhere to, then you've introduced a centralization to the decentralized network that can be abused.  The service can become malicious and (for a secret fee) allow some malicious blocks through, or even block some non-malicious blocks.  The service can segregate the network into as many competing forks as it likes by offering each segment a different block blacklist.

Because all of these repercussions result in reduced income for the honest miners (or pools), it will be difficult to convince any of them to take up your consensus destroying ideas.  As such, you'll be left occasionally ignoring blocks on your own, and drastically reducing your revenues wasting hash power on blocks that will never be part of the consensus chain.  Because mining is so competitive, reductions in revenue will almost certainly result in financial loss that will eventually deplete your capital until you can no longer operate.

I'm not sure about that Justus.  Only 20% of respondents believe that out-of-band double spend services are not complicit in fraud (https://bitcointalksearch.org/topic/when-does-it-become-fraud-the-ethics-of-bitcoin-mining-and-zero-confirm-txs-502571).  If I send these services trial double spends and detect the block with the transaction that I know to be fraudulent, based on the results of my poll only 20% of the bitcoin community would disagree with me.  So I think it is a valid concept and that one might achieve enough consensus to implement this.  

Do you think this is dangerous somehow?

Here's what I'm wondering, Danny.  Imagine I'm a miner that control 5% of global hash power.  I have an employee who is always looking for out-of-band double-spend services.  Whenever he learns of a new service like this, he sends it one "test double-spend" every block.  If I see a block that includes the TX that I personally know to be a pseudo double spend attempt, I choose not to mine upon it.  Otherwise, our behaviour is unchanged.  If the block I rejected as malicious is built upon (i.e., not enough miners implemented my rule set), then I give up and start mining on the longest chain.  

Now imagine I talk about this idea at conferences, over IRC, here at the forum, and start a website dedicated to the cause. Perhaps I am able to convince others to implement the same rule set.  Every block I mine is not a waste, as normally I am working to extend the longest chain.  The only block rewards at risk are when I detect a block that I personally know to come from a malicious double-spend service.  But I think these blocks should be rare, and eventually disappear completely if they are rarely extended (the double-spend services would go out of business).

I don't see the flaw in my logic here.  It seems that this may work and that if it did that it would be a good thing.  Do you think this idea is dangerous some how?

Just a reminder:

A 51% attack cannot break any existing protocol rules, only enforce it's own new rules on top of them, as long as they do not conflict.  Attempting to do otherwise is actually a hard fork where only the attacker is mining.  It will not merge with the "real" blockchain.  The rest of the network will continue happily on the real chain and not even notice the conflicting chain since it is not recognized by bitcoind (unless they update to the attacker's modified version).