Topic: Gold collapsing. Bitcoin UP. - page 567. (Read 2032291 times)

So Bitcoin is money? 

OK lets all jump on Jorge, 

Jorge you're not expressing a sound understanding of Bitcoin.
Miners, in order to have a block accepted must follow the rules of the protocol.
The protocol rules are maintained by the p2p network of nodes.
Nodes are maintained by those who have an invested interest in the blockchain's integrity.

We hardly need to trust miners given the incentives, or the economic cost to participate but not cooperate. From my understand even if there were very few centralized miners the incentives would still provoke cooperation.

To your credit that balance is not well understood by the community or some of the core developers, mainly those accredited to authoring the SideChains white paper.

When If miners are enabled (entrusted) by the Bitcoin protocol to interoperate with other blockchains (SideChains) to process Bitcoin equipment transactions that do not registered the full transaction ledger in the Bitcoin blockchain, or conform with the Bitcoin protocol, (ie some SC with a feature not supported by the native Bitcoin protocol) then we can assume the quoted passage above to be correct.

While it's the nodes and not the miners that maintain the features in the Bitcoin protocol, the p2p payment network and the incentives that motivate miners and keep them cooperative is successful by your definition.

IIRC that actually did happen at the 50BTC->25BTC juncture.  What you 'predict' is about exactly what happened I think but I was not paying that close of attention.  Whatever happened it was a blip and over within hours or days.

Back then though more Joe Sixpacks were running transfer nodes...I was at the time but I've since stopped (in part because I'm behind a satellite connection and the blockchain represents several months of my data allowance.)  edit - Nowadays with most people running Multibit, most people may not know (or much care) what chain they might be following in a stolfi-type attack scenario.  But then again they may...I don't know the precise details and capabilities of Multibit.

It will fail because the community will press what Adam calls the Big Red Button and hard fork.

Your cartel will lose the transaction fees they didn't earn when rejecting transactions on the original chain. They will also lose the value of the mining gear (and other brand value associated with their mining businesses). I doubt the community would go so far as to hard fork retroactively (eliminating the mining rewards from the empty attack blocks), but that is also possible, so its a risk the cartel would face.

You don't have to believe that individual end users would be behind this (I argue they will simple update their software from whatever its original source, which in no case of which I'm aware includes miners), but that the rest of bitcoin industry -- coinbase, bitpay, venture capital firms, hedge funds, etc. -- certainly would support it. They have nothing to gain and everything to lose from ceding power over the network to miners.

It is exactly this Big Red Button that will keep the future you describe from ever happening. Since your model fails to contain a mechanism that would prevent the outcome you predict, and that outcome will not occur, your model must be missing something. If it is not the Big Red Button that is missing from your model, what is it?

This is quite simply an insane position to take. You've created an imaginary world that does not exist in the real world and used that to extrapolate and predict behaviors that are completely opposite to how people and the ecosystem have behaved in the past, which is the predictor on how they will behave in the future.

What you describe is not even a +51% attack, it is a demand for a forced hard fork from one miner telling millions of other people what software to upgrade to. That is simply the most absurd thing I've ever heard. And the reason you think this will happen is because if that one miner claims "this change is actually necessary and good for bitcoin because the network is in grave danger", that would be accepted by the general public?

What would happen in your example is the millions of bitcoin participants would tell that one miner to take a hike and continue with the existing P2P core protocol. Then when that miner started to produce nonconforming 25BTC blocks, they would simply be rejected out of the P2P network as invalid, and the honest network would carry on. The attacking miner could have 95% of hash power and it wouldn't matter, his blocks would be rejected as nonconforming and the network would simply re-adjust to the 5% remaining. You do not even understand the basics of how a potential 51% attack is limited in it's range of attack vectors in the real world and how those limited attack vectors are harmless/manageable.

You then claim miners and users who do not upgrade would have their transactions blocked. Again this is insane. What would happen is those miners and users would confirm transactions on their own honest chain (the original chain) and not care whether their transactions confirm on the attacker's invalid chain.

I don't understand why, but presumably you are saying that blocks with more transitions should have (or have now) greater weight when choosing between two branches of the orthodox chain.

 If that were (or is) the case, then wouldn't miners pad their blocks with transactions that move a few bits between their pockets, in order to win the block race by weight rather than by work? 

If that were (or is) the case, the cratel could fill the blocks of chain (2) with such transactions, instead of leaving them empty. 

Does this make sense?


Please check again the script that I outlined above.  The miners that will form the cartel have 54% (say) of the hashpower, so they consume about half of the total electricity; and that consumption will not change, whether they attempt the protocol change or not. 

Their expected payoff, if they succeed, is 54% of 3600 BTC/day, instead of 54% of 1800 BTC/day, for the next two years.  Even if they had to forfeit their revenue during the transition period, that would still be a huge gain.  (And all miners, cartel or not, will enjoy the same benefit.)

However, I believe that the cartel would not lose any revenue during the transition period.  Through that time, they will collect more than half of 3600 BTC/day from the reformed chain (1), and, if they succced, they will keep those BTC.  (They will also collect all the 1800 BTC/day from the empty orthodox chain (2); but those coins will not be usable outside of chains (2)+(3), so they will be discarded at the end of the transition.)

Even if they were to fail in the attempt (how, I cannot see), they would lose the coins from chain (1), but would retain those of chain (2); which are twice as much as they would have earned if they mined fairly.

(In fact, a cartel with 51% of the hashpower can just starve the other miners and collect 100% of the block rewards, without doing any other evil.  But that is a well-known evil.  What I am trying to show is that a 51% cartel can force a change in the protocol.)

Talk is cheap.

Keep on trollin.

I don't bet money if I can avoid it.  (That is one of the reasons why I do not own bitcoins.)

No, the question is not whether we need a P2P payment system that is not centralized.   

The question is whether bitcoin is such a system.

To me, it is already clear that it isn't, because it requires us to trust the 4-5 largest miners; in the same way that the banking system requires us to trust the few large banks that dominate it.  I bet that you will see that too, eventually.


It is you who keeps ignoring what I pointed out several times already: that a cartel of miners can take permanent control of the network in the open, with advance warning, and with the cooperation, approval, or indifference of most of the community.  Just as a few large banks took permanent control of the banking system.  If such a thing is possible, it will almost certainly happen, because of common human greed.

(By the way, have you checked the business career of Brock Pierce?  I would not have imagined that "mining" and selling video game points could be a profitable business, much less that a single bilion-dollar company could monopolize that business all over the world.  Some similarities to bitcoin are intriguing, e.g. the "game point mining farms" that were set up in China by Pierce's associates.  I cannot stop wondering why he decided to buy his way into the Bitcoin Foundation's board...)

Jorge, easy money if you're right, no?

I would agree.

Comments from Oleg Andreev to this previously tweeted picture also relevant to the discussion :

i think the picture is likely somewhat misleading on the left side. Centralization has been declining overall for some time, going back to Satoshi's farm. At each technological shift there is a period of increased centralization as some subset of miners has a technology lead, but that is temporary.

Here, some drawing for you :

This statement is logically false.

Are you sure you are really a computer science professor, because most of the ones I've actually known are really quite good with logic? I guess it goes to show the range of caliber is quite wide. Sorry to be blunt but your posts are full of logical fallacy after logical fallacy.

Provided SideChain are not introduced the cost to mine empty blocks becomes prohibitive, and can approach infinity, the incentive system as is rewards corporation.

At the moment you would need to spend around 150MWh to block transactions every 10 minutes.

I skim your stuff sometimes.  Didn't run across the initial reddit.  I will say that I considered scoring a few retired FPGA's one time for a variety of reasons one of them being an attack of they type you suggest.  In the end I didn't bother since it didn't seem that likely.

One nicety of having everything go ASIC is that it would make the 'nuclear option' be that much more devastating.  That action would also be a golden opportunity to fix some things that Satoshi got wrong.  In the early days I did not pay much attention to mining and I believe I stated (incorrectly) that it was a boring side-show that didn't really matter much and wondered if Satoshi also saw things in the same way.  In hindsight I'm realizing how wrong I was about this.

I don't doubt that there are a variety of tactics considered to deal with Bitcoin if need be by those who are threatened, but the only ones which pose a true threat will be those sneaky ones where the seeds of destruction are planted long before anyone is aware of them and thus takes some sort of action.  It's still the case that most head-on attacks stand a decent chance of failure I think.

I understand "success" as "the bitcoin protocol provides a P2P payment system that does not require trust in a third-party authority".

We now know that the bitcon protocol does not provide that.  The protocol requires users to trust the miners; which is OK, as long as mining power is sufficiently well distributed over thousands of independent entities, benign or short-term greedy.   However, the protocol cannot prevent concentration of mining, and in fact forsters it.  Once mining is concentrated in a small number of companies, having to trust them is no longer OK.

It does not matter whether those companies ever did something bad, the problem is that users must trust that they will not do it.  That is supposed to be the bad feature of banks and credit cards that bitcoin was designed to avoid.  (Personally, I would more easily trust my money to a a bank cartel than to those 4 top mining companies.)

You seem to be saying that FooBank's saferoom is secure because in the past 2 years no one has tried to force it open; and gets more secure at each month that passes without anyone trying to force it.  Sorry...

You seem to define "success" as "the current bitcoin network will keep working and people will keep using it".

Bitcoin may still be successful in that sense; but what would be the point, if it is no longer "trustless"?



The distribution of power does not have to be stable for Satoshi's goal to be frustrated.

The protocol asks us to trust that, at any time during the life of the network, no subset of miners that comprises 51% of the total power will agree to do something that violates the protocol, and will maintain that agreement long enough to make the damage permanent.

Again, one can take for granted that the members of that susbet will not agree to do that, if the subset has thousands of independent miners.  But if the subset has only a few members, one cannot make that assumption.  There is significant probability that they will agree and maintain their agreement for the time needed, especially if the violation of the protocol is profitable for that subset.  The smaller that subset, the more liikely it is that they will cooperate in such "attack".  But the, it is highly probable that such thing will happen at some point during the life of the network.

We had already a situation when GHash.io controlled by itself more than 51% of the network's total hashpower, IIRC for several days.  During that time, everybody had to trust that they would not use their power to violate the protocol; in particular, that they would not decide to change the protocol by threatening users with DoS.   

Right now, users have to trust that Discus, GHash, AntPool and BTCChina will not join forces to violate the protocol.  They have to trust that Discus, GHash, AntPool and KnCMiner will not do it either.  And that Slush, pool34, BTCMiner, KnCMiner, BTCChina, GHash, and Discus will not do it either.  And ...

You see, if power was distributed over many thousands of independent miners, all such lists would have thousads names, and users would not have to worry about the chance of all the members in one list agreing to play foul.  But right now there are two sets of 4 companies that would have the power to do that, and several sets of 8 companies or less.  The chances that all members of one of these list will form a cartel and violate the protocol is not longer negligible.   Users will have to trust that none of those potential cartels will exploit that opportunity.

The risk of protocol violation by a 51% cartel is even greater if two or more of those big companies are owned by the same people.  It is quite possible that GHash still controls more than 51%, but made an arrangement with other pools for them to nominally "host" part of GHash's power.

Even if the pie chart changes completely by next month, it is a safe bet that power will remain quite concentrated (as it has been for many months).  Again, the economics and nature of PoW mining fosters concentration, overt or disguised.

Agree. That's why I point out the incentives that usually statists don't see.

Statists tend to (or want to) see people as robots that will react in a predictable way to the mandates of the bureaucrats.

+1

Also, as far as I can tell he basically has one technical argument which is the alleged riskless strategy that miners can use to increase the block rewards. He apparently thinks that users are dumb enough not only to allow their own bitcoins to be diluted, but to not understand the repeated game implications of allowing the miners to succeed in diluting them once.

It is actually very similar to the other academic attacks on bitcoin (selfish mining, programmed self destruction, etc.), which construct a model of the world, reach a conclusion, and then argue there the conclusion applies to the actual world. In fact either the conclusion applies, or the model is incomplete, or both. If these academics were actually sincere, they would recognize that the latter is as interesting a result as the former, and indeed a more valuable one, since it helps in understanding the world. But in reality they want to grab headlines, press mentions, interview and panel opportunities and generally self promote, not pursue intellectual inquiry.

I'm still waiting for an answer on my bet.

You still have not read my reddit posts, did you?

Summarizing them:  Say the cartel has hashpower 0.54 * Z where Z is the total.  The cartel first warns users that starting from block N, there will be a change in the protocol.   The only substantive change will be the block reward, that will continue to be 25 BTC, for another 2 years, instead of dropping to 12.5 as originally planed. This change is actually necessary and good for bitcoin because the network is in grave danger bla bla bla.  The cartel warns that users and miners who upgrade to the new version of the software, anytime before block N, will see no change at all.  Users who do not upgrade will see no change until block N, but after that their transactions will not go through, or will be confirmed an then unconfirmed -- until they upgrade too.  Starting from block N, miners who have not upgraded will not earn any rewards, until they upgrade too.

Starting with block N, the cartel redirects 0.52*Z hashpower to mine the original chain, and 0.02*Z to mine the new reformed chain, that forks from it after block N-1.

The miners working on the reformed chain (those 0.02*Z from the cartel, plus any other miners who have upgraded) use the new protocol, earn 25 BTC rewards, and accept all transactions from all clients that have upgraded.  The difficulty is lowered temporarily in that fork so that those miners can sustain a reasonable block rate.

The other cartel miners, with power 0.52*Z, keeps mining according to the original protocol; except that, starting with block N, they ignore any blocks generated by miners with the old protocol, and mine only empty blocks, always using their last (empty) block as parent. 

Thus, during that transition phase, there will be usually three chains: (1) the new main chain, gnerated according to the modified protocol; (2) the empty orthodox chain generated by the cartel; and, occasionally, (3) a short orthodox chain hanging from chain (2), generated by the orthodox miners.  Note that the original protocol says that the orthodox clients and the orthodox miners must view (2) and (3) as equally valid, and always select the longest of the two.  Since chain (2) has more hashpower working on it,  chain (3) will eventually be discarded by those clients and miners, and even orhodox miners will use the last block of chain (2) as the parent of the new chain (3).

As the non-cartel miners upgrade to the cartel version, the cartel would repartition dynamically its power so that it always retains majority power in fork (1) (to foil any counter-attacks by rebels)  and in the two forks (2)+(3), i.e. more power on (2) than the rebels have on (3).  Eventually, most of the users and miners will be happily using fork (1).  Then forks (2) and (3) can be abandoned by the cartel, since the rest of the ecosystem will not accept their bitcoins or recognize their transitions.  The cartel will forfeit all the 12.5 BTC rewards that it collected in chain (2), but it would still have half of the 25 BTC rewards from chain (1) generated in that interval.  Anyway, from then on the network and ecosystem would be just as before; but every miner would still be collecting the same revenue as before, instead having his revenue cut in half.

Since clients and miners will know this plan in advance, most of them should want to upgrade, out of self interest.  There is a bit of prisoner's dilemma there; but for greedy users and miners, who will assume that most of the other players are greedy too, the decision to upgrade is almost a no-brainer.   Only users and miners with an overpowering ideological motivation may try to stick to the original protocol, but they will only succeed if the cartel plus the defecting miners loses its majority position during the battle. 


Yes, and that shows that the protocol can be changed -- even retroactively! -- if the miners agree to do that.  Note that if only the users or only the miners had agreed to the rollback, the transactions would no longer go through; but while that would be disastrous for the users, it would make almost no difference for the miners, since they would still collect rewards from their empty blocks.  And, in either case, the blockchain would use the version of the protocol that was chosen by the miners, not by the users.


You (and most "51% deniers") are still fixated on one particular type of attack, and are arguing that it would not work because users and miners would disapprove of it and would even violate completely the protocol (by manually bypassing the longest-chain rule) in order to "save" bitcoin.  Again, please read my scenario above.  An "attack" that changes the protocol so as to benefit miners and is not too harmful to users will probably succeed because it will be in the self-interest all parties.  Who knows, by then Gavin may be working for the cartel and urging everybody to upgrade.


Well, we obvioulsy disagree about who is detached from reality here.