Pages:
Author

Topic: Bitcoin Killswitch - page 2. (Read 3269 times)

hero member
Activity: 563
Merit: 500
August 02, 2014, 06:11:20 AM
#45
Without checkpoints a competing blockchain starting of the genesis block with a simple 7% difficulty growth per switch would be at the same length as the current blockchain. And just be running at ~ 300GH/s.

It would help if you learned how Bitcoin works.   "Longest chain" doesn't mean highest block height it means the chain consisting of valid blocks with the highest total cummulative difficulty.   Your chain with 7% difficulty growth every 2016 blocks would never be the longest chain.  There are no shortcuts to the longest chain.    The current longest chain is ~2^70 hashes worth of work.  The only way to make one longer would be to do more work.
Citation required (preferably a link to the source file).

In other words you are saying that if two chains started with the same hashrate and one chain mined at this rate constantly (2016 blocks per 14 days, or 4032 per 28 days) while an other one alternates between this hashrate and double the hashrate (thus creating the first 2016 blocks in 7 days and then 28 days thereafter, or 35 days per 4032 blocks) the later chain would be valid even if this is shorter since it has a higher "cumulative difficulty"?

So you are saying that an attacker with sufficient hashrate (e.g. a company or gov with access to a huge batch of next-gen asics) could just fork of an old block and create a new valid shorter chain as long as cumulative has rate is higher???

Yes.

Here's a thought experiment for you.  Imagine that the day Satoshi launched Bitcoin someone forked the blockchain, right from the Genesis block.  He's been mining, on a tiny computer, since that day.  On his chain, the difficulty never went much above 1, because he's the only miner - but his chain still produces one block every ten minutes.   He's been doing this since day 1, and his blockchain is about the same length as the real one.  It varies from time to time - sometimes his chain is a couple of blocks longer, sometimes a couple of blocks shorter.

Today, his chain is a couple of blocks longer than the public chain.  Today, he broadcasts all his blocks to the world.

In a naive world, his 313631 blocks would be considered longer than the official chain of 313629 blocks, and every client on the planet would immediately have a block reorganisation, and accept his chain as valid.

But Satoshi wasn't naive.  In the real world, his chain is worthless, because a block mined at difficulty 18 billion is considered to be 18 billion times more work than a block mined at difficulty 1.

Of course, there are all sorts of other reasons why the attack wouldn't work - you can never have a block reoganisation that goes back past the last checkpoint, and anyway, the average block interval on the public chain is significantly less than 10 minutes due to rising hash rate (so in reality the public chain would be longer in terms of block height anyway).  But I hope this example helps you see why Satoshi designed it this way.

roy
sr. member
Activity: 322
Merit: 250
August 02, 2014, 05:42:02 AM
#44
Without checkpoints a competing blockchain starting of the genesis block with a simple 7% difficulty growth per switch would be at the same length as the current blockchain. And just be running at ~ 300GH/s.

It would help if you learned how Bitcoin works.   "Longest chain" doesn't mean highest block height it means the chain consisting of valid blocks with the highest total cummulative difficulty.   Your chain with 7% difficulty growth every 2016 blocks would never be the longest chain.  There are no shortcuts to the longest chain.    The current longest chain is ~2^70 hashes worth of work.  The only way to make one longer would be to do more work.
Citation required (preferably a link to the source file).

In other words you are saying that if two chains started with the same hashrate and one chain mined at this rate constantly (2016 blocks per 14 days, or 4032 per 28 days) while an other one alternates between this hashrate and double the hashrate (thus creating the first 2016 blocks in 7 days and then 28 days thereafter, or 35 days per 4032 blocks) the later chain would be valid even if this is shorter since it has a higher "cumulative difficulty"?

So you are saying that an attacker with sufficient hashrate (e.g. a company or gov with access to a huge batch of next-gen asics) could just fork of an old block and create a new valid shorter chain as long as cumulative has rate is higher???
legendary
Activity: 1456
Merit: 1001
This is the land of wolves now & you're not a wolf
August 02, 2014, 04:20:18 AM
#43
Well hypothetically of there was a killswitch and it was triggered, it would kill bitcoin (hence the name killswitch). Most technically savvy people who read the code would have noticed this however.
legendary
Activity: 1904
Merit: 1037
Trusted Bitcoiner
July 31, 2014, 07:04:13 PM
#42

the majority overrule hashing power.

you know what i mean?
i'm wondering if you guys agree with this or not?
Whatever you seem to mean is not true. The hardcoded checkpoints decided by devs overrule overything.

say everyone wants to kick off a huge malicious miner off the network, ( it makes no sense for a miner to act maliciously but lets say it happening ), someone with like 30% hashing power start attacking, everyone wants to kick him off, the core is patched to block this miner, everyone upgrades because they wish it, and there you go, majority overruled hashing power.

point is hashing is just a way of achieving consensus in an automated way, and can be side swiped given "manual" consensus.

There is literally no way this would work. You could block IPs submitting blocks, or find another workaround.
BUT if this guy is really malicious, than he is watching everything very carefully and will be proactively changing his IP and setting to something different.

Also, there are "Red Alert" scenarios, that would fix malicious attacks in the shortterm, even 51% attacks, but there is nothing longterm!

exactly.

all i'm trying to say is that, its our network, and we choose how it works in every detail, just because someone has alot of hashing power doesn't give him any real, long term, power over the system, the will of the majority supersede all.
Bitcoin could as a last resort become a pure POS coin for a while too.

it doesn't need to

hashing power will ALWAYS service US, the moment it doesn't we ignore it
legendary
Activity: 1680
Merit: 1001
CEO Bitpanda.com
July 31, 2014, 06:59:08 PM
#41
Also, there are "Red Alert" scenarios, that would fix malicious attacks in the shortterm, even 51% attacks, but there is nothing longterm!

Sure there is. If we are being 51% attacked by a miner using SHA256 ASICS we could switch to another hashing algorithm. If we are being 51% attacked by some multi-purpose hardware that can efficiently run many hashing algorithms, then we can replace the POW system with something else.

While these kind of changes will be hard to swallow and you may have a hard time convincing people to make these kind of changes, they are always an option.

I meant longterm in the sence that we don't change from SHA256. The majority of hashpower will always win there longterm. But that is not an issue but foremost a feature.

You are absolutely right, in the end a switch to delegated proof of stake or something similar is a good alternative, though I hope it never get chosen out of a NEED due to an attack!
full member
Activity: 154
Merit: 100
July 31, 2014, 06:56:30 PM
#40
Also, there are "Red Alert" scenarios, that would fix malicious attacks in the shortterm, even 51% attacks, but there is nothing longterm!

Sure there is. If we are being 51% attacked by a miner using SHA256 ASICS we could switch to another hashing algorithm. If we are being 51% attacked by some multi-purpose hardware that can efficiently run many hashing algorithms, then we can replace the POW system with something else.

While these kind of changes will be hard to swallow and you may have a hard time convincing people to make these kind of changes, they are always an option.
legendary
Activity: 1680
Merit: 1001
CEO Bitpanda.com
July 31, 2014, 06:54:26 PM
#39

the majority overrule hashing power.

you know what i mean?
i'm wondering if you guys agree with this or not?
Whatever you seem to mean is not true. The hardcoded checkpoints decided by devs overrule overything.

say everyone wants to kick off a huge malicious miner off the network, ( it makes no sense for a miner to act maliciously but lets say it happening ), someone with like 30% hashing power start attacking, everyone wants to kick him off, the core is patched to block this miner, everyone upgrades because they wish it, and there you go, majority overruled hashing power.

point is hashing is just a way of achieving consensus in an automated way, and can be side swiped given "manual" consensus.

There is literally no way this would work. You could block IPs submitting blocks, or find another workaround.
BUT if this guy is really malicious, than he is watching everything very carefully and will be proactively changing his IP and setting to something different.

Also, there are "Red Alert" scenarios, that would fix malicious attacks in the shortterm, even 51% attacks, but there is nothing longterm!

exactly.

all i'm trying to say is that, its our network, and we choose how it works in every detail, just because someone has alot of hashing power doesn't give him any real, long term, power over the system, the will of the majority supersede all.
Bitcoin could as a last resort become a pure POS coin for a while too.
legendary
Activity: 1904
Merit: 1037
Trusted Bitcoiner
July 31, 2014, 06:52:29 PM
#38

the majority overrule hashing power.

you know what i mean?
i'm wondering if you guys agree with this or not?
Whatever you seem to mean is not true. The hardcoded checkpoints decided by devs overrule overything.

say everyone wants to kick off a huge malicious miner off the network, ( it makes no sense for a miner to act maliciously but lets say it happening ), someone with like 30% hashing power start attacking, everyone wants to kick him off, the core is patched to block this miner, everyone upgrades because they wish it, and there you go, majority overruled hashing power.

point is hashing is just a way of achieving consensus in an automated way, and can be side swiped given "manual" consensus.

There is literally no way this would work. You could block IPs submitting blocks, or find another workaround.
BUT if this guy is really malicious, than he is watching everything very carefully and will be proactively changing his IP and setting to something different.

Also, there are "Red Alert" scenarios, that would fix malicious attacks in the shortterm, even 51% attacks, but there is nothing longterm!

exactly.

all i'm trying to say is that, its our network, and we choose how it works in every detail, just because someone has alot of hashing power doesn't give him any real, long term, power over the system, the will of the majority supersede all. hashing power will ALWAYS service US, the moment it doesn't we ignore it
full member
Activity: 154
Merit: 100
July 31, 2014, 06:49:53 PM
#37
The easiest way to do this is by destroying every copy of the Blockchain in existance and inducing amnesia in every Bitcoin user.

Anything less than that will be rolled back. You can have a kill switch that works "temporarily" and may cause mass panic and losses for Bitcoin users, but whatever you do can be undone.
legendary
Activity: 1680
Merit: 1001
CEO Bitpanda.com
July 31, 2014, 06:47:49 PM
#36

the majority overrule hashing power.

you know what i mean?
i'm wondering if you guys agree with this or not?
Whatever you seem to mean is not true. The hardcoded checkpoints decided by devs overrule overything.

say everyone wants to kick off a huge malicious miner off the network, ( it makes no sense for a miner to act maliciously but lets say it happening ), someone with like 30% hashing power start attacking, everyone wants to kick him off, the core is patched to block this miner, everyone upgrades because they wish it, and there you go, majority overruled hashing power.

point is hashing is just a way of achieving consensus in an automated way, and can be side swiped given "manual" consensus.

There is literally no way this would work. You could block IPs submitting blocks, or find another workaround.
BUT if this guy is really malicious, than he is watching everything very carefully and will be proactively changing his IP and setting to something different.

Also, there are "Red Alert" scenarios, that would fix malicious attacks in the shortterm, even 51% attacks, but there is nothing longterm!
sr. member
Activity: 364
Merit: 250
July 31, 2014, 06:47:09 PM
#35

the majority overrule hashing power.

you know what i mean?
i'm wondering if you guys agree with this or not?
Whatever you seem to mean is not true. The hardcoded checkpoints decided by devs overrule overything.

say everyone wants to kick off a huge malicious miner off the network, ( it makes no sense for a miner to act maliciously but lets say it happening ), someone with like 30% hashing power start attacking, everyone wants to kick him off, the core is patched to block this miner, everyone upgrades because they wish it, and there you go, majority overruled hashing power.

point is hashing is just a way of achieving consensus in an automated way, and can be side swiped given "manual" consensus.

The majority of the hashing power must agree to this change.  So it's not that the "majority overruled hashing power".  It's just that the majority of the hashing power overruled the minority, as in any other double-spend attempt.
legendary
Activity: 1904
Merit: 1037
Trusted Bitcoiner
July 31, 2014, 06:44:20 PM
#34

the majority overrule hashing power.

you know what i mean?
i'm wondering if you guys agree with this or not?
Whatever you seem to mean is not true. The hardcoded checkpoints decided by devs overrule overything.

say everyone wants to kick off a huge malicious miner off the network, ( it makes no sense for a miner to act maliciously but lets say it happening ), someone with like 30% hashing power start attacking, everyone wants to kick him off, the core is patched to block this miner, everyone upgrades because they wish it, and there you go, majority overruled hashing power.

point is hashing is just a way of achieving consensus in an automated way, and can be side swiped given "manual" consensus.
legendary
Activity: 1680
Merit: 1001
CEO Bitpanda.com
July 31, 2014, 06:34:46 PM
#33
Basicly its a fairly hyptothetical question.

But lets, just for a moment assume bitcoin had something like a "kill-switch".
A method that, by design, would revert all transactions that have ever been done.

What would be the consequences?

Someone would fix it and relaunch it starting from the last "old" block. This would happen within hours after the incident.

This has actually happend once, where 184,000,000 bitcoins were created due to a floating integer bug.
sr. member
Activity: 364
Merit: 250
July 31, 2014, 06:31:29 PM
#32
Well, I always assumed "Speculation" meant speculating about price.  But I guess there are other kinds of speculation I had not co sidered. Well played!
donator
Activity: 1218
Merit: 1079
Gerald Davis
July 31, 2014, 06:12:56 PM
#31
Without checkpoints a competing blockchain starting of the genesis block with a simple 7% difficulty growth per switch would be at the same length as the current blockchain. And just be running at ~ 300GH/s.

It would help if you learned how Bitcoin works.   "Longest chain" doesn't mean highest block height it means the chain consisting of valid blocks with the highest total cummulative difficulty.   Your chain with 7% difficulty growth every 2016 blocks would never be the longest chain.  There are no shortcuts to the longest chain.    The current longest chain is ~2^70 hashes worth of work.  The only way to make one longer would be to do more work.

Quote
But this means the trust in the algorythm has been breached and instead the trust of "core developers" is required to include checkpoints.

The checkpoints are not necessary to prevent an attack.  An attacker however could waste a lot of time and resources of new bootstrapping nodes by feeding them giant worthless low difficulty chains. Any well connected node can identify the correct longest chain but time/resources spent validating a chain to find out it is inferior is still wasted time/resources. Checkpoints reduce the amount of resources an attacker could could cause a new node to waste.

The newest checkpoint is more than 7 months old.  That alone should help your realize it isn't a security mechanism.  I mean does anyone think limiting an attacker to "only" rolling back 7 months of the blockchain would be an effective defense?  Everyone is going to say "good thing for that checkpoint it limited us to only 7 months of double spends, had it been 8 months that might have shaken my confidence"?

sr. member
Activity: 322
Merit: 250
July 31, 2014, 05:44:59 PM
#30

the majority overrule hashing power.

you know what i mean?
i'm wondering if you guys agree with this or not?
Whatever you seem to mean is not true. The hardcoded checkpoints decided by devs overrule overything.
legendary
Activity: 1904
Merit: 1037
Trusted Bitcoiner
July 31, 2014, 05:43:04 PM
#29

the majority overrule hashing power.

you know what i mean?
i'm wondering if you guys agree with this or not?
sr. member
Activity: 322
Merit: 250
July 31, 2014, 05:34:29 PM
#28
The 51% comment was more gear toward the majority of the network would have to agree on one chain. Not that this hypothetical "bug" would be synonymous to a 51% attack
Without checkpoints a competing blockchain starting of the genesis block with a simple 7% difficulty growth per switch would be at the same length as the current blockchain. And just be running at ~ 300GH/s.
Obviously its a lot harder thanks to checkpoints.
But this means the trust in the algorythm has been breached and instead the trust of "core developers" is required to include checkpoints.
This shouldnt be necesarry. The difficulty algorhythm is imho flawed. The simple average of the last 2016 blocks is just plain stupid.
legendary
Activity: 2408
Merit: 1009
Legen -wait for it- dary
July 31, 2014, 05:25:18 PM
#27
Hmm, so we have this ledger with every Bitcoin transaction going back to the beginning. Every 10 minutes a new block is added to show the latest transactions.

Then some "kill switch" does what exactly? Wipes out the ledger? On everyone's computer? Even those that are turned off? Even those not connected to the Internet?

It would be harder to do than wipe out all bank accounts of all banks, all stocks, bonds, etc in the whole world.

It would be difficult, yes! But not impossible.
It wouldn't matter about the disconnected clients. Once they sync to the network, if for instance something was added to that final block to make the client no longer start or recognize the chainstate, then every client would be broken.

Yes, the longer chain is technically recognized as the "correct" chain by the network, but this has been rolled back with a fork before, and as Adam said, an upgrade to the client would be necessary by the majority (>50%) of the network.

This is the same thing as 51% attacks
No, it is not.
In the real world the the block chain does not have a constant exponential factor. Any deviation results in a suboptimal difficulty for the real chain compared to a "perfect" chain with a constant exponential factor.
Thus an attacker would save time or difficulty by choosing a constant exponential factor for difficulty increasements.

The 51% comment was more gear toward the majority of the network would have to agree on one chain. Not that this hypothetical "bug" would be synonymous to a 51% attack
legendary
Activity: 3598
Merit: 2386
Viva Ut Vivas
July 31, 2014, 05:24:42 PM
#26
Would we have to forget some of those transactions? Like how some of the initial transactions done by Satoshi are so famous?

Memory wipe as well?
Pages:
Jump to: