Topic: Anyone else concerned about global hashrate? - page 2. (Read 3785 times)

First, have you seen how freakin' difficult it is to get users to upgrade their clients?  0.3.24 has been out forever, yet countless users are still using earlier versions, probably because they don't even know a new client is there, or don't feel like being inconvenienced by it when their current client already works.  It would take days to get everyone upgraded, and until then different users will be operating on different branches of the block chain. 

Second, if it happens once, what's to stop the same person from doing it again?  They still have 50%+ computing power, and wasting money may not be the primary concern of the attacker.  Perhaps they just want to disrupt the network...

Third, you can't possibly believe that such an event would not make headlines and cause catastrophic damage to the BTC network...?  The entire value of Bitcoin is based on people's confidence in the system, which is not well-correlated with the technical/security merit of the system.  MtGox and MyBitcoin had nothing to do with the merit of BTC, yet both did quite a bit of damage.  Let's see what happens when we throw a real security "breach" into the ring.

If someone tries that, an alert will be issued and payments will stop for as long as the botnet owner is willing to waste money. Once the botnet gives up, any damage they've caused will be reversed by hardcoding correct values into the client. Only a few people will end up losing money, and the botnet owner will be worse off than if they had stuck with normal botnet activities or legitimate mining.

I personally think that the fact that a majority of hashing power can overwhelm the network is a good thing. The unequal distribution of wealth, which makes this undemocratic, is a separate social issue in my mind. The alternative is a system that allows those who amass wealth to protect it indefinitely, which I think is dangerous. True, it means that those who have legitimately worked to earn their wealth loose protection, but it also means that the majority can reclaim wealth from malevolent dictators etc. This is political though and just my point of view.

My point is, I don't know if you can have a network that relies on the decision of the majority and still prevent governments and powerful people from being able to obtain that majority.

If I had control of a million zombies (which with a million zombies, you're probably just data-mining) it would be WAY more secure[*] to sell data (CC, Logins...etc) than to mine for Bitcoins.

[*] - I can't think of a better word. :\


[Edit]:
Think of it like this.

If you watch mobster movies about the group trying to buy a massive load of drugs/guns, they already know exactly where to buy from.
Now, think of it in the eyes of the seller (zombie controller)...they know who to sell to.

Groups in control of ~million zombies data-mining aren't looking to sell 1-2 $1.5 USA CC's, they are selling to others who are reselling them.
I've seen a stack 10k-50k /gumbled (USA, CAN, EUR...etc) go for $5k.

I agree that it's quite profitable for botnet owners to use the BTC network as it was designed to mine coins.  But it's feasible that someone, some time, might find it appealing execute a massive double-spend attack and make off with the cash/goods/whatever before the network crashes.  We are all familiar with how motivated some people are by short-term rewards... It only takes one time for this to crush the network, and I think we should all be concerned if there is any one person/organization that is capable of it.  That's a lot of power they're wielding, even if they have no ill-intentions towards the network.

But let's not focus on botnets, and focus on entities with a ton of resources:  perhaps governments that would feel more comfortable without the BTC network.  It's probably feasible for an existing US government agency to pull the trigger on this primarily with existing resources, they'd only need a little bit of preparation to distribute the software to all their computers.   

My point is, I think a one-million-computer threshold for breaking the network is too low.  If you consider the number of GPUs and/or FPGAs needed, it starts to look even easier.  And without a massive spike in BTC value, I only see this getting worse over time.

Just want to clear a few things up with botnets.

Most of the bigger botnets (anything more than 50k) probably don't use IRC.

In-fact, they probably are just compiled infections that run a miner pointing to a specific worker.
In which the pool owner can simply just delete that worker.

The best shot of a botnet owner (with more than 10k zombies) would be to create a private pool for all their infections to mine at.

I think whoever uses that botnet will make a lot more money mining bitcoins and selling them on the market than using it to try to take down Bitcoin.

I was doing some back-of-the-envelope math and realized that the current global hashrate makes me uneasy.  Current hashrate is about 13 THash/s.  Consider an "average" computer can do 5 MHash/s without a GPU.  A simple calculation reveals that it would take 2.6 million "average" computers to start rewriting the blockchain, double-spending and overall complete loss of confidence in BTC.   Now take into account that many of these computers have GPUs so that number is probably more like 1 million computers.    I'm concerned because, not only is this within scope of government agencies, but...

     'Indestructible' botnet snares 4.5 million computers
     'Gang of Six' Controls Botnet of 1.9 Million Computers   (actually, I believe this botnet was deactivated by the US government)
     Data-stealing botnet infects 2.3 million computers

All of these botnets could probably crush the BTC network.  There was already reports of botnets being used to mine BTC, but I'm not sure about any plans to attack it.  Obviously, I'd simply feel a lot more comfortable if it just wasn't feasible.   Three things we have going for us is: 

• (1) The security of Bitcoin should definitely receive credit for the fact that the botnet operators are mining coins like the rest of us, even if it's stolen hardware.  Obviously these botnets have a $#!+load of computing power, yet they can't/aren't using it to try to break the security of the network.
• (2) Bitcoin actually represents a possible benefit to the criminals running them, and they may not want to risk killing the network.  It may be more profitable to mine millions of dollars (and stealing wallets) and then use the same BTC network to move the millions of dollars around without trace.
• (3) The botnets that are mining to make BTC are actually increasing the difficulty.  When botnets compete, everyone else wins.

I'm concerned that, without any significant increases in BTC value, and thus incentives for miners to expand their mining hardware, the global hashrate is going to continue to wane at this vulnerable level.  It's great that only a very select few people/organizations in the world have this capability... but it only takes one to end it for all of us.  And it's only going to get worse over time:  once the rewards are halved, we'll probably see the exit of tons of miners from the network.   The only thing I can see truly making a difference here would be transaction fees.  But at the current tx/day quantities, there is no transaction fee scheme that could incentivise miners that would also be acceptable to the users. 

The more I think about it, the more it makes sense to have designed the network to have a constant generation rate at the beginning, and then switch to constant inflation rate.  This would guarantee that miners will have "economically constant" reward, forever.  Not to mention that many economists (whom I agree with) consider small, consistent inflation to be good for a currency/economy. 

Is there a reason to be more optimistic about this?