Topic: Cracking the Code - page 3. (Read 7661 times)

This requires a huge suspension of disbelief, something I am not fond of doing unless I am watching a movie or reading a book. Bitcoin and its ilk, quite unlike EFT, are push transactions, not pull. I'm sure somewhere in the decapages of rants you have on this subject you've touched on this, but I and everyone else following this argument should find it excessively unlikely that the masses will be so willing to give up the newfound power of being their own bank to Amazon or whomever for the sake of "1-click purchases", when the reality is URIs can make it pretty darn close to that as it is.

If this is the basis for your argument, it's pathetic.


I proposed a potential solution over a year and a half ago. Bells, whistles, and/or stagnation of the bitcoin protocol tend to be of higher priority than protecting the block chain.


Again, it's an altcoin. Even SPV nodes would reject this as the difficulty between blocks would drop accordingly and would no longer even be valid for those receiving only the headers. Trying to hamfist a change like this on the bitcoin population should be no less difficult than changing the bitcoin protocol itself, therefore there is little advantage to one major cartel over everyone not part of the cartel.


Yes, bitcoin is easy to attack, that is nothing new. The cartel attack is unnecessary bloviation.

AnonyMint doesn't understand how blockchain forking works, and that it creates two distinct currencies instead of one you can double spend. He doesn't understand that invalid blockchains can't include blocks from valid ones, or the other way around, because they are chains with each block needing to reference the prior block. He doesn't understand that clients and nodes enforce Bitcoin rules, not miners, and clients don't care which chain is the longest if the longest is invalid. He also doesn't understand the difference between offchain and onchain transactions, or any of the economics around transaction fees, believing that once block rewards go away, transaction fees will go to zero. He's a newbie, still not understanding a lot about Bitcoin, but he is a loud and obnoxious newbie who, while is impossible to argue with, nevertheless is spreading a lot of useless and incorrect FUD around the forums, which may scare away other newbies. He also loves to hear himself talk, posting all over the forum, linking to his posts in other threads every chance he gets, and even quoting his own posts to reply to himself.

I suggest instead of continuing to allow him to fill thread after thread with his nonsense and continuously burry rebuttals to his idiocy under more FUD, that people simply reply that AnonyMint doesn't understand the system, is wrong, and that others should just ignore him.

Because the customers of Amazon.com click an order button on Amazon.com, they don't download a client. The non-mining node (for all customers) will be on Amazon.com's server.

More importantly because the shorter chain will also contain a protocol error. Clients will have to decide which protocol change is the greater evil. Their perspective will not necessarily be that the longer chain is more evil, as I have explained in the prior post in reply to DeathAndTaxes. In fact, the longer chain is likely to be perceived as superior.


Gavin claims to know an unimplemented solution for that attack, which I linked upthread (page 2 I think) where I mentioned that claim of yours.

The best the attacker can do to avoid Gavin's solution is to include his customers' transactions in the valid blocks to avoid detection by Gavin's solution.


Incorrect because the longer chain has control it can change the protocol for block period of the longer chain to whatever it wants. The shorter chain is stuck at the awful 10 minutes of Bitcoin per confirmation. Plus by making valid blocks with dropped transactions in the shorter chain, the effective delay will be longer than 10 minutes per confirmation. For the Satoshi whitepaper recommended 6-confirmations that is 60 minutes plus the extra delays inserted, so figure upwards of 2 hours or so depending how much hash power the attacker has.


The difference is how I explained it to BurtW in the prior post (reread my prior post, I was adding to it as you were replying). There is a protocol error in both the longer and shorter chain. This is much worse for Bitcoin than a better altcoin, it wrecks havoc in Bitcoin's chain.

Why would non-mining nodes not honor the real chain? For them not to, they would have to download and accept Amazon.com's version of bitcoin. Highly improbable. While SPV nodes could be fooled, I believe there are people working on allowing full nodes to provide proof to SPV nodes of invalid blocks.


If they have >50%, they can delay transactions indefinitely. Create a competitor and attack bitcoin. Why create this gigantic fabrication to make some ridiculous attack sound viable?


This is quite wrong. The difficulty will adjust on both networks as appropriate.


This is called a competitor. Yes, it is possible that competitors will exist in the future--they do now. Hardly a flaw.

Sorry guys you are still incorrect.


Incorrect. You are just slow minded or not paying attention. See below.

---

Narrowly speaking true. However if you consider all the exogenous factors, it is not true.

Unless the shorter chain will be honored by every non-mining node in the universe (yeah right  ), then the longer chain will fork the ledger, thus double-spends will be possible one on each chain (longer chain would not include blocks from shorter chain that contained coin spends that were already spent on the longer chain). This will cause the shorter and longer chain to become dubious. Thus either there must be convergence on one of the chains else chaos and messy confusion erupts.

Also in my immediately prior post, I explained that if the attacker has more than 50% of the hash rate (i.e. more than 1X the shorter chain's hash rate), it can apply the excess to creating valid blocks in the shorter chain which drop some strategic transactions, thus causing transactions to be delayed in the shorter chain. Apparently that didn't sink in yet for DeathAndTaxes. He is still stuck on the upthread posts, and hasn't caught up to my latest point.


The longer chain is always much faster than the shorter chain. I call that a delay. Plus it can delay using excess hash rate to add valid blocks to the shorter chain which drop (some) transactions. By including some (perhaps only its own customers) transactions, Gavin's proposed solution doesn't work.


Incorrect. It is creating havok in the shorter chain while offering faster transactions in the longer chain.

Also it might even offer feature improvements in the longer chain that the foundation has been unwilling to offer.

Also it might be combined with a cartel, so the cartel's customers (and all their non-mining nodes) are on the longer chain.

Sorry guys. You all lost the argument (not you Etlase2 more to the other antagonists).

I have basically written a user manual teaching Amazon.com how to take over Bitcoin, if this is combined with my Transactions Withholding Attack.

---

Stop right there. You can't guarantee that all non-mining nodes in the universe will adopt the shorter chain, when presented with two or more competing protocol errors to choose between:

a. Bitcoin protocol is to follow the longest chain

b. Bitcoin protocol is not to change the coin supply schedule

Also, the attacker might sweet the incentive to choose #a, by offering more desirable feature improvements to the protocol in the longer chain.

Also the attacker might be aligned with a cartel which has control of significant portion of the customers and the non-mining nodes.

Why are you guys so slow in realizing this?


Incorrect because of what I have written above.


Incorrect. I have already explained upthread that the funding for mining in Bitcoin dies, because coin rewards diminish and then the transaction fees must increase as the price of Bitcoin rises, because security of the proof-of-work needs to rise with the value of the Bitcoin economy, which will kill off transactions. And when transaction fees are significant relative to coin rewards the Transactions Withholding Attack is available.

Bitcoin is doomed, and there are even more reasons it is.


Not a correct analogy to an altcoin, because there is a protocol error in either choice, longer or shorter chain.

And thus Bitcoin is forked with double-spends one in each chain.


It is irrelevant whether anyone notices there are clients with different choices about which protocol error to choose.

There is nothing that can be done to change the outcome at the point.

The only solution is to not kill the funding for mining so the 50+% attack becomes more difficult to do.

---

You assume Bitcoin is better, yet I have explained above it is not better for numerous reasons. One big flaw is it doesn't fund mining enough in the future to protect the security. The occurrence of this attack will reveal this to be true, which lowers confidence in the shorter Bitcoin chain forever. The masses don't care about the increase of M in the Quantity Theory of Money they can not even detect it. That is why fiat works so well for the central banks. In fact, you are entirely incorrect (mathematically incongruent) to assume that increases in M are inflationary! That assumption puts your credibility in the toilet.

The masses will be more pissed off about the chaos and double-spends and the fact that Bitcoin is so weak on security.

They are much more likely to accept Amazon.com's choice of the longer chain which works and is secure (from the perspective of the dumb masses who click a 1-click-checkout button).

Exactly but the AnnoyCoin created has such a flawed understanding of Bitcoin he seems to think the creation of this altcoin will somehow stop the existing Bitcoin.


And lets take this a step further.  AnnoyCoin has no advantages over Bitcoin, it also has a massive inflation rate which benefits the dishonest miners at the core of it.  The additional monetary inflation is a wealth transfer from anyone using it to the miners.  Add to that it is centrally controlled by a cartel which has shown itself to be williing to destroy the benefits of Bitcoin for selfish greed.

So it is a free market and people can choose the vastly superior Bitcoin or the AnnoyCoin.   It pretty much is a no brainer.  People would sell off the AnnoyCoin in masses to transfer their wealth to the superior system.  In reality the default choice is Bitcoin as anyone who doesn't download and install the AnnoyCoin client would remain on the real Bitcoin network.  Users on the Bitcoin client would never even SEE the AnnoyCoin blocks, other than a temporary increase in block time there would be no effect on them at all.  So AnnoyCoin will never exist outside of the annoying brain of its creator.

When presented with two chains, one short which contains all valid blocks and a second which is longer but contains invalid blocks, the system will accept the short chain with the valid blocks and drop the longer chain with the invalid blocks.

No problem so far.  Making a chain with one or more invalid blocks, even if it is longer, is not even an attack per se it is just a huge waste of hashing power.

So, the entire totally theoretical attack hinges on two things being true:

1) The attacker must have a huge amount of hashing in order to create the chain with the invalid block or blocks

2) The attacker must have distributed enough of "their" clients which have been programmed to accept the invalid blocks.

But this is not really an attack, it is just the definition of an alt:  hashing power with a different set of rules + clients that support the different set of rules.

So the "attack" is simply describing the creation of an alt coin - let's call it the AnnoyCoin.  So yes, anyone that wants to can/has/will create an alt coin.  This is nothing new at all.  It is then up to the market to decide which coin to use.  Upon the creation of this new alt coin some may follow it others will not.

I do see the concern that if this AnnoyCoin is created by instantly taking a large chunk of the Bitcoin hashing power then confirmation times will increase until the next adjustment.  So, here is the story as I understand it:

The Annoy Foundation releases a new client.
They get 50% market penetration with their new client (no one notices the changes - unlikely)
They also gain 50% of the hashing power
They switch on the "back door" in all of their clients and also switch their hashing power over to the AnnoyCoin rules
This causes confirmations on the remaining Bitcoin network to double to 20 minutes
People are upset, some sell, prices drop, etc.
Those that wait out the four weeks of long confirmation times are rewarded with cheap coins and normal confirmation times once the difficulty gets adjusted
There are now two coins:  Bitcoin and AnnoyCoin

AnonyMint, a chain which is changing the rules as you say will not affect the chain that is not changing the rules. Neither can or will build off of each other, thus the "longer" chain cannot delay transactions on the shorter chain. If the longer chain diverts hash power to the shorter chain, then it is the same old boring attack as the 51%.

Upthread those who debated against me stopped after making the point that shorter chain transactions would not be delayed because 100% of the non-mining nodes would ignore the longer chain. I refuted with the argument that they couldn't insure 100% compliance and I listed some motivations which make it difficult to make that assumption in my opinion. They can not argue that the longer chain is not faster, thus relatively speaking I was correct in stating the shorter chain would be significantly slower.

However apparently some weren't convinced that argument of mine is a slam dunk.

So here is the (mini) Spud Webb (not quite a Shaq glass shattered) slam dunk.

The attacker can also apply some his hash rate advantage to sending blocks that have no transactions or which drop certain transactions (such as the non-cartel customers in my Transactions Withholding Attack).

Thus the transactions can also be delayed in the shorter chain too.

Okay I realize the caveats so it isn't quite a Big Shamrock.

Edit: s/minority chain/shorter chain/ above. The shorter chain has a minority of the mining hash rate, yet we arguing whether it will have a minority, majority, or 100% of the non-mining nodes.

If I understand correctly, this is important for example because your public address is not revealed until you spend from it. I believe this is a reason why it is suggested not to recycle addresses.

And if elliptical cryptography is ever broken (Schneier and others already don't trust it too much, Lamport signatures is solution to quantum computers), having the public key shielded inside of a SHA-256 hash adds another layer of security. There is some discussion between gmaxell and myself (and others) on that subject a couple/few of months ago in the forum.

But once you've spent an address that risk is gone on the spent address.

So I guess there is some notion that we could quickly update all the hashes on unspent addresses to a new hashes. In the interim, the hacker would only get to know our public keys not our privates ones.

Or am I missing the point?

If Sha-256 is broken i think the coin is screwed anyway. I mean even private addresses will be a lot less secure.

The tl;dr version is that the algorithms require so much processing that it is impossible to crack them due to the limits of thermodynamics (since energy cannot travel faster than light) so it is currently impossible to crack, and never will be impossible to crack, even when quantum computer emerge it would still remain on the realm of fantasy, even if someone would build a computer the size of earth it would take them millions of years to come close.

I am slightly mistaken. Without checkpoints that prevent a longer chain from going too far backwards in time, a broken SHA-256 could be a serious threat. However the community has many copies of the history, I think there have been some checkpoints, and I don't think many clients have an incentive to erase that history from the ledger.

anonymint (or others)

this thread is immensely helpful, appreciate the hostilities as it appeases my bipolar learning style.

My major concern with life on earth is total resource depletion and receding population, with a global economy built on infinite growth.

Things like "grow the money supply at 5% a year" are subtly predicated on that paradigm.

It's not an absolute position on my part, I have a lot of faith in technology, but also I see bifurcation of the species ongoing...in the boat is becoming an ever smaller proportion relative to not in the boat.

I'm sure there's some discussion of this elsewhere already so a link would be fine. Simple question is can we design a system that works in a global economy of diminishing resources and energy and shrinking population, that is actually favorable? Does any alt currency support this...


(also how can I check to see how many people are ignoring me? 

Make the 50%+ attack much more unlikely. Allow that the non-mining clients will do what ever they can, but they can't control the mining with < 50% of the hash rate (at least not since I apparently found the solution to the recently published 33% selfish-mining attack, which I added in the comments section at hackingdistributed.com).

It is when there is an inconsistency in the mining, that the non-mining clients are potentially in disarray and have to make a choice. If it happened today, maybe the foundation could reign it in. Years from now, I don't know if they will retain the necessary level of iron-fisted control. And depending on such centralization is not resilient design.

I wouldn't do an altcoin that is closed-source. If you see that, it isn't me. No promises on the premine, except I wouldn't do a 10% premine or anything ridiculous. You have to fund things somehow.

I'd really prefer not to comment too much on vaporware. I hope to also encourage others to launch altcoins.

I would be interested to learn how your alt-coin solves this problem? Tell us more...

The only way I can think of, is that your coin is closed source and you distribute the binaries.

Add one more reason for the faster chain to win.

* because everyone will realize that the weaker chain has insufficient hash rate and could be gamed by the mining power that is behind the faster chain. That hash rate could also do things which are not protocol violations thus more difficult to detect in some cases. Thus fear will contribute to drive the convergence to the faster and stronger mining chain.

Edit:

Also if the attacker forks the coin supply curve (or other unwanted protocol change), he could also potentially add features that people want as another way to entice them to the faster (longer) chain. (note I am not thinking of launching an altcoin in this manner, so if ever it happens it isn't me)

I don't see how that would enable you to calculate the chain of hashes faster than your percentage of the network hashrate.

It could be possible if you knew the future of transactions, which is not probable. The problem is in the way the blocks stack up over time. If you knew the future you'd know the future.