Topic: Forking Blockchain for lost keys (Read 1962 times)

eh,so funny...fail again,again,again...

Okay, here we go. Imagine this is our current blockchain, awarding people 25 bitcoins per block find (Obviously not included crypto/signatures/etc...), hashes are direct SHA256, we're also assuming that we don't need any proof of work, for simplicity:-

Block one:-

Block two:-

Now, block three (two, counting from zero), we're going to spend the funds we got in block one:-


Grand. Now, finally, block four, based on block three, we also make a payment using the funds we mined in block 2, and, the funds we just transferred in block three:-

Grand, now what we have is a four-block long chain where:-
Block:-
#1 Generates 25 bitcoins to address "AddressOne"
#2 Generates 25 bitcoins to address "AddressTwo"
#3 Generates 25 bitcoins to address "AddressThree", and, spends the 25 bitcoins from "AddressOne" (Generated in Block #1)
#4 Generates 25 bitcoins to address "AdddressFour", spends the 25 bitcoins from "AddressTwo" (Generated in Block #2), and, spends the 25 bitcoins in address "OurFirstTransactionAddress" moved there by the first transaction in block #3.

Do we agree? If not, stop reading, as, everything from here on out depends on the above being true.

Now, imagine I'm 51% of the network (or, any part of the network that can generate blocks as such a speed that SOMETIME in the future, my blockchain will be longer than your block chain (You being 'legitimate' miners)), and, I dislike the fact that you spend block one's money in block three, and, I want to move it back. What do I do? I just start off back there and imagine it never happened.
So, let's ignore block three (onwards) ever happened, and, start back at block three.

There we go, valid block, it generates 25 bitcoins and puts them in address "AddressThree", however, nobody will jump to me yet as I'm still not the longest chain. Let's continue, block four:-

There we go, still a valid block, as, all we've done is remove any transaction that happened to now be void due to our previous changes, and, (If it were bitcoin), brute forced a nonce that hashed the block into the correct amount of leading zeros. However, still nobody will jump to us. Why? Although we're an equal length valid chain, peers are configured to stick to the first chain they see unless there's a larger one (Equal length doesn't count). So, finally, if we can beat the current chain in a race, we win, people accept us, so, block five:-

There we go, our chain is now the longest, still valid, chain, while kicking out the previous blocks. Here's a few real-life examples (Granted, not that long):-
https://blockchain.info/orphaned-blocks

Here's a stackexchange post talking about the longest fork:-
https://bitcoin.stackexchange.com/questions/3343/what-is-the-longest-blockchain-fork-that-has-been-orphaned-to-date

All you'd need to do is cause a longer fork, and, bamb, everyone would jump, unless I'm really misunderstanding the entire bitcoin network.


Point is, the blocks would be valid, the only difference is that it's selectively chosen not to include the MTGox transaction, and, any based on them. I'm not saying we take the currently block chain, and, rip the MTGox transaction out, as, that'd obviously be invalid, I'm saying we could generate a new blockchain, starting from where MTGox lost their bitcoins (Assuming they still know the private key to at-least one of the addresses it was originally in), and, build on that chain from there, copying the transactions over (But, still, regenerating the blocks from scratch).

Transactions would still be valid, as, they don't depend on the blocks, the blocks depend on the transaction. If you had enough power you could generate new blocks, with, valid hashes, that, exceed the length of the current chain, if not, explain why not. To me, it seems absolutely standard, if it weren't valid, then, what'd happen if two people generated blocks at the same time based on one previous block? In your situation where peers never jumped, not even if there's a longer chain, then, there'd forever be forks of bitcoins, happening every couple of hours, which, obviously there isn't (Well, there is, but, we jump to the longest one selected by the next miner who mines a valid block).

I'm also not talking about changing the source, no idea where you got that info. I'm just talking about generating a legitimate chain longer than the current chain we all use, where, we never put the transaction where GOX lost their money into any blocks.


Obviously any transactions based on anything invalidated due to the swap (I.E. gox BTC, or, transactions based off miner rewards that are now invalidated) would also be invalidated.

Aside from the issues pointed out by DeathAndTaxes, there's one huge hole in your premise. I've emphasized the part of your post where you've overlooked something. I am, of course, referring to mining rewards (fees and block rewards). Following your proposal would, aside from invalidating the chain, destroy 25*144 = 3600 btc for each day (plus fees). Every single transaction that includes even a satoshi of these 3600 btc / day would also become invalid.

Clearly, that would be the death of your scheme (one of many) right there, so another rule change is needed: The block rewards and fees would need to be inserted in the "gox block". The repercussions of that are not trivial, though.

  announcement coming soon.

This is the only "not horrible" idea in the thread so far.

That said, now then the bitcoin goal price may increase, because now the Bitcoin will be even more rare.
The human stupidity comes one more time, just compare with the Great Library of Alexandria lost, for example... We create our greed destroys... It happens. I am sorry for the people, but that is the fact.

There will be no possible universe where the community accepts to "rape" the bitcoin core feature (transaction irreversibility) just because some people was greed or incompetent...

Each clients will independently select the longest VALID chain using the internal rules of the client.  An invalid block can never be in the longest chain.  A client on the current fork would see ANY "the gox block" as invalid and it would also see any block built off that blocks as invalid as well.  It would never be the valid longest chain even if it had a billion more blocks than our current longest chain.  Miners aren't the only element of the security model in Bitcoin.  Each node independently verifies all data according to the rules in that node and discards data which it deems is invalid.

Try imagining a simpler scenario, a miner mines a block with a trillion BTC reward.  By your statement above as long as it doesn't break the checkpoints and is in the longest chain all nodes would be forced to use it. A super cool way to mint a trillion new BTC into existence and an attack which would obviously have been attempted by now.  I think you can see how flawed that security model is.  Thankfully Bitcoin doesn't use a "miners are gods and anything they give us must be obeyed" security model, it uses a "trustless" security model where each node implicitly distrusts information received from other nodes until the node independently validates it.

So someone can make a "BailoutCoin" client and some miners (maybe even 51% or miners) can start mining that chain.  However the current chain will see blocks on that chain (after the bailout block) as no more valid than Litecoin blocks are valid on the Bitcoin network.  You can't force all users to use the new "BailoutCoin" client so users will have a choice (much like they do with 100+ altcoins today).

You can never changed Bitcoin all you can do is fork it and convince people to use the fork.  Unless 100% of users accept the new fork, then the existing fork will also co-exist.


No offense but that is obvious.  

This 7% of all bitcoins must be a cost for the lesson, that will remain forever. No forks, no nothing. If mtgox manages to recover the coins, congratulations. If they can't, then the law must decide.
Everything else from that is wrong from the basis.

K, any transactions based on the transactions of the gox BTC would be invalidated, but, any that weren't would just be just-as-valid.

Imagine we're on block 20, and, gox lost their coins on block 15, and, in block 15-20 five transactions occurred. Gox sent money from their controlled address to an unknown one (#16), the unknown address sent money to another unknown address (#17), some random user sent money to his friend (#18), his friend send money back to the random user (#19) and I donated some money to the EFF (#20).

If we go ahead and imagine all the miners said "Right, fuck everything after block fifteen, let's start again", they'd go back to block fifteen, GOX would have their coins, and, they'd just need to regenerate the blocks from there on, however, since they know about the five transactions, they could just pack it all into the first block, minus the gox ones, so:-

#16 is invalid, as, we don't want to do it (It's where gox loses their money)
#17 is invalid because it relies on #16
#18 is still valid, so, drop that in the first block
#19 is still valid, so, also drop that in the first block
#20 is still valid, so, also drop that final one into the first block.

Grand, now we're 16 blocks deep, and, we're still valid, with MTGox keeping their money. Now all we have to do is generate five more ($chainOne.length - $chainTwo.length + 1) blocks before the miners mining the first chain mine one, and, all nodes would jump to us as we're the longest chain, and, also a valid chain.


...at-least, that's my understanding.


Users can choose, but, unless it faults the checkpoint system that bitcoin has in place (here's a list), then, by default, bitcoin-qt/bitcoind will auto-jump to the longest, valid, chain. In this case, assuming miners can generate a longer, valid (But ignoring gox's transaction), chain before the miners on the current chain can extend it, then, we'd all auto-jump and orphan the other blocks.

EDIT:- Source to back me up:-
https://github.com/bitcoin/bitcoin/blob/f60e49d49c72908356d70d05ae30c6e63be2192d/src/main.cpp#L2001-L2005

I admit, I didn't just read the entire bitcoin source, so, I'm going mainly off comments & function names.

All miners is not sufficient to change the Bitcoin protocol it requires all users, all existing clients to be upgraded.  Otherwise there is a fork and users will choose the one they want to use.

It would be possible by creating a block number n and all miners agree to include this block. The only thing in this block would be a transaction to a new address and the destruction of the gox coins. So at an agreed time this would become the next block and miners would carry on mining the blocks after that.  This is obviously only if they are lost and the addressees known.

Its a terrible idea for obvious reasons and any one thinking this would be a positive for bitcoin clearly do not understand it.

I really think someone should make a alt coin named gox coin with only 720.000 coins!

That way everyone who got goxxed can get their money back and it will be only up to them to keep their value!

I'm sure they will fail again!

I'll bite back 

Technically: Let's say hypothetically, based on the OP: Gox has lost private keys, they want to move the coins that are identified in specific public addresses.

1. Gox forks the source code, they code a special rule for block number 290304 that permits a specially crafted transaction where all the balances in the lost addresses can be spent to an address for which they hold the private key, e.g. 1LNWw6yCxkUmkhArb2Nf2MPw6vG7u5WG7q
2. Gox announces their source code and binaries, along with a plea for people to upgrade to the "new" version of Bitcoin (gox-coin)
3. At block 290304, Gox mines their bailout block. People that installed gox-coin will follow this fork in the blockchain. For everyone else, they ignore it and continue on the main Bitcoin blockchain.


Credit where it's due, my answer is really just a messy rehash of this.

I don't think Gox would attempt a stunt like this, and anyone else's forking would be lost in the background noise.

It "can" be done, anything can be done.  The rules of the network are enforced by the client anyone can make any change they want to the network.  A miner could decide to make the block reward 1 million coins per block.  Technically it is brain dead easy to make these kinds of changes.  Change a couple lines of code, compile, and distribute.

You would create a fork of the network.  The real question is can you convince anyone to use this (or any other controversial change)?  My belief is no, or not is a large enough numbers to create a critical mass.  However nobody can stop anyone else from doing it, and it certainly "can" be done.  So those who want to do it, just go ahead and do it.  See how many people use this "gox-coin".

+INFINITY!!!

OP proposal is not possible, even with 51% of the mining power behind it.

As dexX7 correctly pointed out, without knowing the private keys to the transactions, any transaction of the coins to a new input would invalidate the block (and any subsequent blocks). No client would accept this invalid chain, regardless of length.

I'm not sure why this proposal has cropped up multiple times a day since the mtgox incident. One almost suspects that there is an ongoing influx of new users who are unaware of the forum's search function.

Generate a longer chain fork starting from when MTGox lost their coins.

It'd require all the miners to agree on the change, though. Or, at-least 51% (Even at 51%, it wouldn't change over for a long time for the other 49%)


I completely agree, I'll drop my entire pool of bitcoins instantly. If pool miners (Honestly, that'll be who's choosing) decide that they have the right to change how the network works, the majority of people will jump off that pool, if it's successful, the majority of people would jump off BTC.

If this happened I will sell off my whole stash of coins that I keep in cold storage, the reason I have so many bitcoin in the first place is because it's irreversible, just cos u kept bitcoin in a exchange don't make the rest of us pay..

It would unwind the thousands of transactions that have happened since then, then no one would do another transaction with this new "goxcoin" fork because they have seen that they can't rely on it staying spent.

But it wouldn't come to that because everyone would correctly realise that allowing goxcoin to exist would spell doom, so wouldn't mine it. Its momentary fork would die.

Did you like the bank bailouts in 2008-2009? Bail-ins in Cyprus? Inflation eating away 50-70% of your purchasing power over the last 30-40 years?   If not, why recreate it with bitcoin?  

Either way, if this is a good idea, just do it.  Ditto for people who want an FBI-coin fork etc.  There will be plenty of other things people want a fork for.  It is open source software, fork the blockchain and fork the software to make this idea a reality. Perhaps enough people will agree, but discussing it does nothing to help these people. Delaying doesn't help them.

As an added bonus this will put to bed insanely dumb ideas about forking for good.