Topic: Bitcoin without mining (Read 13632 times)

If Democracy is subject to a 51% attack  how did Donald Trump win with 62.7m  vs 65.3m for Clinton?
The answer is:       hint I know the answer


All POS coins are simply unlicensed banks issuing coins backed by nothing.
At least POW coins are back by hard 'iron'  machines that serve a useful purpose  they convert electrical power to coins.
The world wide grid needs the ability  to shunt excess power. Rainy season  next to a hydropower plant is one example.
ie you do not shut the river off  so what do you do with  1000MegaWatts of excess power.  The answer is sell it cheap to a bigass mining farm so the power is not wasted.


Due to Pow coins ability to stablize the power grid world wide they will continue to exist for years to come.

Agreed. Now stop scamming people with that Ripple and XRP nonsense.

Yes. This is a valuable piece of history now!

Bumped in to this old thread. This was probably the starting point for Jed's projects Ripple and now Stellar.

These probabilities mistakenly assume that the attacker always builds on the last block.

However, the attack is, as satoshi discusses in his paper, to pick some block to build on and stick to it. If X>0.5 you can cut a branch however long you want, given enough time.

For example, if X=0.6 and you want to cut 10 blocks, after some time period the attacker will find 33 new blocks while the honest network only finds 22, making the attacker's branch win.

OK 50% of the computers. But the mining difficulty continues to go up all the time.

Nobody wants to go through the forum and select random users, and yet as soon as you program a computer to do it, people will figure out a way to game it and make it choose untrustworthy users. You seem to require ordinary users to use trust systems, but these have never yet caught on.

I largely agree with Mike Hearn here. Maybe you should have a look at Ripple.

PS Good luck figuring out how the money is initially distributed and later minted.

trippy: If you follow the thread you see that in bitcoin you don't need to make 50% of the bitcoin users dishonest. There are maybe 3 people that need to colude to break bitcoin or more likely 1 government.
In this proposal you could pick 100 or 1000 random forum users and you would be *way* safer. If you bothered to be more discriminating and actually picked people you knew you would be even safer still.

Also there isn't a way for someone to figure out who you have chosen to trust. (Trust is the wrong word. These are people you don't think are working together. You can actually choose all people taht you know are corrupt as long as they aren't colluding)

There's no way this would be more secure. Under your system, somebody needs to (1) somehow find out who your "friends" are (who you trust) and (2) make 50% of them dishonest. Under bitcoin, somebody needs to make 50% of everybody dishonest.

creighto: Even if you are correct that there is some hidden pool of mining waiting to be put online it doesn't change my original point that bitcoin as it is now depends on everyone trusting a few random people. We are implicitly trusting a couple large miners and a couple pools and your secret hasher.
My argument is that we might as well make this trust explicit. It will be much more efficient, and way more secure.

I'm not at liberty...

It's generally true.  It's not so straight forward.

Who has that kind of hashing power just waiting to be used with a push of a button? Perhaps in future someone with vested interest in protecting bitcoin and hardware that is regularly used for something else? Ok, I can see that happening, but almost any other action you can take when the watchdogs are barking requires choosing the valid block chain with some other criteria than which one is the longest.


Really? How?


That's true if the attacker retroactively decides to rewrite some past block. What I was talking about was, when double spend (or some other attack) is planned in advance, and the attacker starts hashing the dark chain from the same block as honest nodes.

There are a number of things that live operators can do to inhibit an attack under way, not the least of which is to bring more hashing power to bear.  An attacker coming in unannounced with blocks would cause a significant revision on the blockchain, not something that can be stopped, but it's a huge red flag.  A watchdog process could alert users to an attack underway, and any commerce site using bitcoin in any automatic fashion should immediately suspend trade to protect themselves.  Also, nodes are not anonymous to each other.  It's not trivial, but it is possible to determine from where the new blocks came from.  Also, and attacker coming in from outside the network needs at least as much hashing power as the whole honest network, not just 50%.  Just having a simple majority of the hashing power is only enough to make the attack possible, it doesn't make it easy.  To build a chain in the dark, the attacker must have significantly more than the whole of the honest network in order to build his dark chain fast enough to get back far enough to overwrite his intended target block.

The attacker doesn't need to be part of the honest network before launching an attack at all, so you would not see a sudden drop in hashing power. A longer chain would just appear out of nowhere.

Once some group controls more hashing power that rest of the miners combined, bitcoin reality is exactly what they want and nothing else (can't do anything that would invalidate blocks in the eyes of honest nodes, like change block reward etc). If they are honest, then no problem, but if they want to attack the network, they can just grow their own chain, refuse the blocks generated by honest nodes, but force honest nodes to accept attackers block. Honest nodes can't differentiate between attackers blocks and honest blocks (because they are decentralized), while attacker knows which blocks are which. It doesn't matter if honest nodes get ahead for a while. Attacker will always catch up, and all the work honest nodes have done would be replaced with the attackers "reality".

This idea of a watchdog system is nice, but I'm not entirely sure how much it would help if someone truly has a majority of the hashing power. I mean, even if you knew with 100% certainty, that someone is attacking the network with a majority hashing power, and maybe even how and when it's going to happen, what is the mechanism that would be used to prevent the attack in a decentralized system like bitcoin? Like you said "Whether that mattered would depend upon what the rest of the network does once the watchdogs are barking". I'm not sure there is anything they can do, without giving up the decentralized nature of bitcoin.

Bitcoin is secure "As long as a majority of CPU power is controlled by nodes that are not cooperating to attack the network", but not a second longer.

Are you spying on me? (wait, I guess not since you don't know what I'm doing). I give loans. Loans don't cause bailouts anymore than shoes cause dancing.

only if you count the number of guns necessary to force us to act as if fiat is a good store of value, and the salaries necessary to pay the thugs and pump out the propaganda, etc. 

The (non-existant, we really need a programmer to develop this) 'blockchain watchdog' process would ringing alarm bells after the 60% miner had left the network.  Whether that mattered would depend upon what the rest of the network does once the watchdogs are barking.

kjj:
So let's assume an attacker controls 60% of the network.
He makes a big transaction that is sent to the whole network.
He stops generating blocks on the legit network.
He now starts generating a new chain without the large transaction but not sending it to the rest of the network.
His fake chain will eventually grow longer than the real chain.
At some point of his choosing he publishes his longer chain to the real network.
The fake chain is now accepted as real since it is longer.


This doesn't help. It is trivial to just send from a new peer.

Agreed.

Interesting proposal.  I think that this requires it's own thread, to discuss how to do this.

The time to find a block is not a linear function of your hashing speed, it is a probabilistic process.  Having 10% more power than the other guy doesn't mean you find blocks 10% faster, it means that you have a ~5% chance of finding it before him.

Say that you fraction of the global networking power is X, where 0 <= X <= 1;

The probability that you will be able to do this for one block is X
The probability that you will be able to do this for two blocks is X^2
The probability that you will be able to do this for three blocks is X^3
The probability that you will be able to do this for four blocks is X^4
Etc...

Actually, those are the high end estimates.  In reality, you will need another factor, Y, to correct for the portion of the network that believes in the attack chain.  Over time, Y will get smaller and smaller.

Since this topic keeps coming up over and over again, I'm going to propose a potential solution: every time a node reshuffles, they should make a note of which peer it came from.  More than three reshuffles from the same peer in like 24 hours, and that node is dropped.