There could be a better thread for my question, yet I would like to raise a question that came into my head while I was reading OP, which I understood attempted to suggest both an ideological underpinning to bitcoin that was achieved through technological progressions and/or improvements to what ended up being bitcoin.
So, when you described b-money in OP, you suggested that it seemed to have a lot of bitcoin's attributes but it was both subject to sybil attacks, but also suffered from the problem of NOT being coded or implemented. Bit Gold was also subject to sybil attacks, and I am suspecting that the network of proof of work was not decentralized enough in bitgold so it ended up having potential hashpower manipulation vulnerabilities?
A question came in my thinking regarding what aspects of bitcoin exactly helped bitcoin to overcome the deficiencies of b money and Bit Gold? [...]
Sorry for the delay in answering this... The answer to this question is not an easy one and I had to think a lot on how to put things in a proper manner here, in order to be easily understood by any reader.
In order to understand how Bitcoin overcame the problems presented by Bit Gold and b-money, let's first analyze these problems.
Regarding Bit Gold, let's use as reference its
white paper and Nick Szabo's blog
entry related to his invention. Some of the problems are emphasized by the author. I highlighted below just two of his observations.
(3) Representations of ownership of these solution bits are stored in a public manner, e.g. in a distributed property title registry I also originally suggested (both off the list and in an impractical but privacy-protecting form I described on the list) that publically known levels of wealth can be represented by a system of publicly shared books. However, I think using this approach and discarding the solution bits raises several unnecessary problems. [...]
A potential big problem remains: the possibility of a trade secret algorithmic or hardware breakthrough. The world lacks a cryptanalytically stable problem. Almost every year there are cryptanalytic breakthroughs speeding up cryptanalysis of particular block ciphers or hash functions by \( 2^{10} \) or more, and there are no proven lower bounds precluding such a breakthrough for any cryptographic algorithm.
However, Bit Gold's biggest issue is best explained on
Bitcoin Wiki:
Transfer with prevention of double-spending, via a Byzantine-resilient peer-to-peer method, is described in another linked article which calls the method secure property titles and proposes also applying it to other kinds of digital property, such as domain names. However, this Byzantine method relies on a quorum of network addresses rather than a quorum of (hash) computing power, so unlike bitcoin it is vulnerable to Sybil attacks.
On the other hand, b-money had its own flaws, part of them being also admitted by Wei Dai. Let's use the
description from weidai.com. You can see there that Wei Dai actually made two proposals (both related to b-money), not just one.
I will actually describe two protocols. The first one is impractical, because it makes heavy use of a synchronous and unjammable anonymous broadcast channel. However it will motivate the second, more practical protocol.
The first solution was based on the possibility that all the network participants held a copy of a same ledger,
similar to Bitcoin protocol. Also similar to Bitcoin, there was no central authority needed for b-money, the protocol was decentralized and the network users would update their own version of the ledger after each transaction. But this first proposal of b-money did not solve the double-spending problem, as the transactions could not be broadcasted through the entire network.
The second solution for b-money was a client-server approach, where the servers would be the ones holding the ledger. The servers were entitled to publish the transactions while the clients were responsible for verifying the correctness of the information provided by the server.
Bitcoin took the best from all the previous proposals. With other words, we can say that Satoshi
learned from the mistakes made by his predecessors and made sure that he won't repeat them. He used HashCash, proof-of-work, 0 central authority, public/private keys and a distributed ledger - which came to be known as the Blockchain (although this term was never used in the Bitcoin white paper). But his innovation was that he used the chain of signatures which link with hash functions every coin (transaction) to its previous owner (author) in an unbroken chain which ends at the generation of the respective coin. Practically, nobody can falsely allege that he owns a coin, as the real owner can sign a message from the transaction which attributed the coin to him, proving that the other one is an imposter. And the importance of this invention can be seen now, many years after Bitcoin was launched, as you know: CSW is trying in vain to
steal Satoshi's identity and also to
convince people that he owns several of Bitcoin's first addresses -- addresses which are supposed to belong to Satoshi; actually no matter to whom they belong, it is certain they don't belong to CSW
as he is unable to sign a message from them. Furthermore, he was ridiculed by the real owner of such address, which signed a message from his address, saying "Craig Steven Wright is a liar and a fraud. He doesn't have the keys used to sign this message.". Furthermore, the recently moved 50 BTC from the address created in 2009 (
movement observed also by many forum users) were contained in an address previously mentioned by CSW as belonging to him. The movement of these coins by their real owner proved that he didn't control that address.
This concept, which proves 100% the real owner of a coin, was not present in the previous electronic money proposals.
Excepting all these, Bitcoin also managed to avoid the 51% attacks. As Satoshi had forseen the need for proving the ownership (described above) and many other technological (but also political and ideological issues) which could appear after offering his brilliant invention to the world. He also anticipated that Bitcoin could become the subject of various types of attacks, one of them being the so-called
51% attack.
For those which don't know, a 51% attack represents an attack to the network, the attack being performed by a miner (or a group) having more than 50% of the total hash power of the entire network. In such cases (which in Bitcoin network's case the chances are astronomically low of occurring), the respective miner would have absolute power over the protocol, including but not limited to: stopping other miners from finding new blocks, find all the blocks by himself and obtain all the mining rewards, rewriting the blockchain history, double-spending etc. (more details can be found on
Bitcoin Wiki).
Satoshi knew that such attack could occur and implemented two methods for mitigating the risk, as it follows:
1 He detailed an incentive in the
white paper meant to keep honesty among the network participants: "The incentive may help encourage nodes to stay honest. If a greedy attacker is able to assemble more CPU power than all the honest nodes, he would have to choose between using it to defraud people by stealing back his payments, or using it to generate new coins. He ought to find it more profitable to play by the rules, such rules that favour him with more new coins than everyone else combined, than to undermine the system and the validity of his own wealth.".
Besides, regarding double spending and attacks, the white paper also details the following: "We propose a solution to the double-spending problem using a peer-to-peer network. The network timestamps transactions by hashing them into an ongoing chain of hash-based proof-of-work, forming a record that cannot be changed without redoing the proof-of-work. The longest chain not only serves as proof of the sequence of events witnessed, but proof that it came from the largest pool of CPU proof-of-worker. As long as a majority of CPU proof-of-worker is controlled by nodes that are not cooperating to attack the network, they'll generate the longest chain and outpace attackers. The network itself requires minimal structure."
2. The second measure was not based anymore on users' honesty, but rather on code: Bitcoin is programmed to make it more difficult the process of finding new blocks as more hash power is brought inside the network. Practically, the more the nodes are, the more difficult the mining process gets. And, as a consequence, as the network expands more and more, it would be way more difficult for an attacker to control more than 50% of the network's hash power
*.
Regarding this second solution,
laszlo (
the pizza guy) alleged in recent CoinTelegraph
article that Satoshi told him at some point that he has coded a mining software for GPUs and he was prepared to switch the actual (at that moment, of course) CPU miner to the GPU software, if he really had to defend the network. Of course, the defense would mean to raise exponentially the difficulty, as the GPUs have much more computing power than the CPUs. Laszlo, which according to his
topic from May 2010 might have been the first developer (excepting Satoshi) of such mining software for GPUs, could have said the truth or could have lied in the interview. But what's certain is that Satoshi had two ways for avoiding these attacks in Bitcoin network,
this being an aspect where Bit Gold and b-money were vulnerable.
I hope the above mentioned explanation answers your question.
* It happened in Bitcoin history for an entity to have more than 50% of the total hash power, but fortunately no attack occurred. In 2014, Ghash.io
had 55% of Bitcoin's hash power, for almost 24 hours. Fortunately, Ghash.io
agreed to reduce its hash power in order to ensure the community that it has no intention of a 51% attack.
Excepting Ghash, I also remember that at one time an individual miner had on his own more than 50% of Bitcoin's hash rate. If I remember well, it was the GPU mining era. But I really can't remember his name, in order to mention it here. If any other forum member remembers this incident, please share this miner's name and I'll update my post. However, I am certain that I read that a while ago, but no matter how hard I search now on Google, I don't find anything anymore. I also remember that in the respective article which I read years ago, the miner was mentioned by his nickname, if that helps.
ConclusionA 51% attack could have been performed in the past at least one time (two times, I my memory is correct), but fortunately it didn't happen. Ghash and that individual miner were not interested in such attacks. But at that time the network was way smaller than it is now. In the present is almost impossible to assist at such attack on Bitcoin.
Feel free to share more information on the subject, if you have more. Your suggestions are very interesting as well.
