Topic: Majority is not Enough: Bitcoin Mining is Vulnerable - page 9. (Read 51020 times)

This is a definitional fallacy.



What you mean is the most difficulty, which is not the same as the numerical block hash.  The natural numbers less than 2^256 are a total order, but difficulty is a partial order on block hashes.

For any target, blocks with these two hashes both meet that target.  Therefore two blocks with these two hashes are of equal difficulty even though the first one has the numerically least block hash:

That is true.

However, since virtually everyone says "difficulty" when they really mean "target", and since the wiki uses "work" to refer to difficulty, using the most common convention will prevent a lot of confusion.

You're wrong: nobody does that and doing so puts the miner at a disadvantage because the block you hear about first is the one most likely to have propagated to a majority of the network. It is however a possible way to mitigate this attack and in an email to bitcoin-development one of the authors specifically stated they thought of that idea and left it out of their paper due to space constraints:


I'm working on analyzing a stronger version of this solution that would make the choice to mine the smaller block hash be short-term economically rational for miners.

Umm, well apart from the fact that the cost for any rogue government or bank to bring down Bitcoin has now decreased dramatically, I think you are naive to think that selfish mining won't become the norm. For all the phoney idealism, allI see and hear from Bitcoin cultists is a desire to get rich quick, for easy money made riding a speculative bubble. All profess their sincere belief in Bitcoin as a currency, and yet strangely that nasty old state fiat they claim to hate is what they can;t wait to get their hands on.

In other words, your community is comprised of speculators and get rick quick wannabes, it is laughably naive to believe they won' game the system, if only because so many others will to refraim would be hugely disadvantageous.

Google news is showing a number of articles which amount to FUD, and are multiplying like gremlins.
Perhaps the Bitcoin Foundation should put up a short rebuttal / press release encapsulating some of the information in this thread. While the Eyal paper has some merit - it is certainly not a situation of "'Bitcoin Is Broken' And Could Collapse"

Bitcoin flaw could let group take control of currency
CNNMoney - ‎3 hours ago‎
The flaw is due to the nature of how bitcoins are created -- people "mine" them by solving a complex puzzle with their computers. If used correctly, the system is set up so that someone guesses correctly every 10 minutes, and the winner gets 25 bitcoins.
http://money.cnn.com/2013/11/04/technology/bitcoin-flaw/

Bitcoin Researchers: You Can Game the System
Mashable - ‎10 hours ago‎
Computer science researchers at Cornell University claim to have found a way to subvert the system driving production of the digital currency Bitcoin. The researchers call their technique “selfish mining,” through which individuals or groups of Bitcoin miners ...
http://mashable.com/2013/11/04/bitcoin-cornell-researchers/

Researchers Say 'Bitcoin Is Broken' And Could Collapse
Yahoo!7 News - ‎1 hour ago‎
The problem is with how people "mine" bitcoins. Mining is how bitcoins are created. Most people don't mine bitcoins anymore. They buy them or take them as payment. But some people are in the business of mining coins with special bitcoin-mining computers ...
http://au.finance.yahoo.com/news/researchers-bitcoin-broken-could-collapse-014448102.html

Cornell Researchers Found a Way to Game Bitcoin
RYOT - ‎2 hours ago‎
It's entirely likely and understandable, despite our better efforts to bombard you with Bitcoin stories recently, that you still don't know what Bitcoin is. (To be honest, 92 articles about it later we still don't fully grasp it.) But all you need to know is that it's digital ...
Bitcoin open to takeover, researchers discover with new algorithm
http://www.ryot.org/cornell-researchers-claim-able-game-bitcoin/456361

Science Daily (press release) - ‎58 minutes ago‎
Nov. 4, 2013 — A major flaw that has gone unrealized until now leaves the $1.5 billion Bitcoin market open to manipulation and a potential takeover, according to a new study by two Cornell University computer scientists.
http://www.sciencedaily.com/releases/2013/11/131104112234.htm

This is a statistical fallacy. Two blocks will always be equally difficult when they were mined with the same target.

What you mean to say is that clients prefer to choose the block with the least block hash. This is effectively a deterministic pseudo-random algorithm for choosing which block to build on. I do not remember this being the case, but it is possible this has changed recently.

It isn't even that; arxiv is not peer reviewed.

Do you have a specific criticism?

You are welcome to set up a selfish mining rig and prove me wrong.  Unless you have sufficient hash power to be mining blocks very frequently, no one is even going to notice you exist.

This is an academic exercise with very tiny practical implications, and in any case, a very small threat on the long list of threats.

Well, we're splitting hairs here, but technically I might have gotten lucky and not worked very hard to find a block whose hash, in binary, ends with 250 zeroes in a row (outrageously high difficulty).  "Difficulty" and "target" are actual technical terms with precise definitions in the block protocol.

But yeah we're talking about the same thing.

It would be less ambiguous if you said, "Successful pools do not build on the first block they hear; they build on the block with the highest work they hear."

No, the difficulty of a block is binomially distributed.

The minimum difficulty required for a block to be valid is the thing that stays the same.  Within that 2016-block window the actual difficulty of various blocks varies above that threshold.

Blocks that are not near a difficulty change will always have the same difficulty.

I think this assumption of theirs is the flaw.

Successful pools do not build on the first block they hear; they build on the most difficult block they hear.

If you rerun their calculations under that assumption, the cost of losing the work done on their second block in the private two-block chain swamps out any possible benefit.

If the end-user bitcoin-qt client is using the "first block heard" rather than "most difficult block heard", then it's a bug, and one that is already fixed on the network nodes that matter most for security (the mining pools and large solo miners).

Here is where they acknowledge introducing this bug in their simulation:

My ELI5 explanation that I posed to bitcoin-development might help people understand the attack:

Alice is a miner with some amount of hashing power. She has the ability to detect new blocks on the network extremely effectively because she has controls a lot of nodes with low-latency, high-bandwidth connections; in short she has unusually good knowledge of the state of the network. She is also very good at publishing her blocks and getting them to the majority of hashing power in very little time; she has unusually good connectivity to all miners. (again low-latency and high bandwidth)

She's so good at this that when she finds a new block, she keeps it a secret! She can get away with this because she knows that the moment any other miner, like Bob, finds a block, she can immediately broadcast it to the rest of the network before the other block propagates. Instead of building on Bob's blocks, almost everyone builds on Alice's block, having seen it first, depriving Bob of the revenue. Gradually Alice gets more and more miners because all the other pools don't pay out as much as Alice's pool does. This eventually leads to Alice having a majority of hashing power, or if not that due to social pressure, a majority of the mining revenue.

Umm WTF are you talking about? Try reading it again, only this time whilst not high on Bitcrack. Maths + human nature= a selfish mining future and the end of Cultcoin. In a sense the popularity you so longed Bitcoin to have has destroyed it as peer review is demonstrating just how architecturally boken Bitcoin is.

And if you'd read and understood the paper you would know it is the latter; maths and human nature= bye bye Bitcoin. But fear not cryptocurrency cultists there are already a few hundred alternative ponzi scheme for you to get involved in.

Yeah, well there's a huge amount of room for optimization there that currently isn't being done.

Either the transaction rate goes up high enough to pay for all this mining infrastructure or else Bitcoin dies.

a) mining is a zero-sum game

b) increased transaction rates mean more money spent on overhead, rather than the hashing power that keeps bitcoin secure

Profit margins will go up when the transaction rate gets high enough to generate significant transaction fees compared to the block subsidy.