Topic: Mining, a flawed concept coming home to roost? (Read 2788 times)

Methinks you should learn how Bitcoin works.

Because they are generally a terrible thing. Terribleness of checkpoints is mitigated by the fact that we never place a checkpoint except in the far past where there is no chance of a legitimate competing fork existing (legitimate meaning the product of the honest community of bitcoin participants, rather than attackers trying to rewrite history in order to commit fraud). If any client developers try to push a recent checkpoint the community better insist on a double darn good reason; because when checkpoints are used to decide between competing legit chains they're a violation of the decentralized design.

Why have them at all?  They cheaply mitigate a number of stupid DOS attacks (including, probably, some yet undiscovered DOS attacks), and they reduce some new node bootstrapping isolation attacks to the problem of getting a good copy of the software.  These justify having them.  That they also add additional uncertainty/risk to someone trying to make a deep fork in secret is just a bonus.

Think about it.  If you have some large hash at your disposal you could generate a new chain with a fork further back in time and thus take other recent miner's income as you point out.  However in doing so you are applying your hash to making this new chain and could simply be raking in current blocks which would generate more profit for you.  As you have spent so much on your hash you will have incentive to make the network stronger and thus increase the value of your coins.  The only possible exception to this is right after a block reward drop, though I still imagine it would be more profitable to simply mine new blocks (anybody want to model this for me?).  I imagine Satoshi considered this possibility along with the resolution of a more gently falling reward rate, and realized it didn't matter much and thats why we have the 50% reward drops.     

You make an estimate of US$ 10 large to make a 51% double spend attack.  Do you think there are enough instant large-withdrawl-enabled services out there that anybody could recoup this kind of investment by doing some double spending?  I don't.  Careful planning and you could get the maximum withdraws from all the top exchanges, and some serious loot from gambling operators and a few online wallets.  I don't think this will approach $10 mil.  Coin service operators are (hopefully) aware that a double spend possibility exists and can simply put a hard cap on withdraws.

In my mind this vulnerability just means that BTC is not an appropriate vehicle for transactions, lets be conservative and take 10% of your figure, which are valued at US$ 1mil.  If you need to accept a million dollar payment from somebody you don't trust, you might want to start to worry about a double spend attack, especially if you think there are 10 other folks out there also accepting million dollar payments from this non-trusted entity.  A suitcase of swiss francs or gold bars is probably a better solution for you.   

As the network hash rate grows, the cost of a double spend 51% attack increases as well, and the maximum that people are willing to accept in coin payment from non-trusted entities will go up as well. 

In a related topic, can anybody tell me why this idea of "checkpointing" gives me a bad feeling?         

And during that time newer software _might_ be deployed that happens to move a checkpoint past the point where they decided to fork, even if we don't know about the impending attack.  When that happens the attack would be pointless and all those resources wasted— a very risky gamble.   And even if it didn't happen, a 6-month dee out-of-the-blue reorg would be obviously rejected by the Bitcoin using community; even after the fact people would gladly accept a checkpoint that killed it. This would reduce the damage from the reorganization to a dramafest, some moderate denial of service, and some small window of theft for transactions which get double spent on the tip of the reorged chain and accepted by people who haven't heard the news.

Personally I don't lose even a moment of sleep worrying about deep reorganizations, and I don't think you should either.

Why are we still responding to this explicitly trolling thread?

Sure but that substantially increases the cost.  True cost is much higher than $1M per TH/s when you consider infrastructure, labor, security, insurance, electricity, etc.  Lets say $2M per TH/s. A 90% attack today would cost ~$200M take almost 20 days to hash a re-org that deep (plus setup time) and the attacker risks ASIC being released skyrocketing the "good difficulty" in the meantime.  A massive amount of money to risk for the tiny economy that is Bitcoin.  

In the future when attacking Bitcoin may be worth $100M it couldn't be done with $100M it would require billions. It creates an interesting risk vs reward dynamic.   The cost rises as Bitcoin gets larger but it may not get larger so spending a huge sum now to avoid an even larger sum in the future may be a poor bet.  A bet that costs millions.  

Maybe not with 51%

But what if they do have more, like 80 or 90% or more? After all it only take like 10 millions $ to do a 51%, an entity wich has billions can surely spend a bit more and do that.

Well they certainly couldn't start today and cause a re-org that deep with only 51% control.  Sure they could have started 6 months ago but that means the 51% attack occurred 6 months ago not today.  Still that wasn't Blinken's understanding or post.  He seemed to indicate miners "vote" on tx and can choose to alter them.  Taking a tx from A->B and making it A->C where the attacker does not control the private key for A. 

TL/DR:
"If you can verify, you can do whatever you want. " is a 100% false statement.

Still if are really worried about a 25,000 block re-org then don't accept coins unless the unspent output is prior to the last checkpoint.  Speaking of that what is the last checkpoint.

Are you sure?
The 51% attacker could make a blockchain wich start like from 6 months ago block and build on it, so all transactions happened from like 6 months ago to today would not exist. Ppl who mined that 6 months would see their btc disappear cause someone else (the attacker) actually mined them.

P2Pool

The 'distributed inflation mechanism' known as proof-of-stake has now been built. We have been working on this for almost a year and just now we are releasing a new block chain this coming weekend.

https://bitcointalksearch.org/topic/ann-ppc-ppcoin-beta-release-soon-99735

...said the biggest thread shitter on the forum.

That would simply fork the chain. Miners will reject those bogus blocks.

More people using p2pool is what we need
It's safe, it's easy to setup and give you moar btc (0 fees and you also get the transaction fees for each block)

Ooooo, you figured out who I am.

Yeah, except that bitcoin totally doesn't work that way.

Verification doesn't mean what you think it means.  Miners don't approve transactions, they check to make sure that they are valid, cryptographically.  If a miner creates a block with an invalid transaction, the rest of the network will reject that block.  Even if the attacker has 51% or 100% of the hashing power in the network.

A slightly less simple version is that you spend a transaction by proving that you possess the private key that corresponds to the public key embedded in that transaction's output.  You don't prove it to your local miner, you prove it to everyone in the entire universe at the same time.

I didn't assume troll, Bitcoin admittedly has a steep learning curve.  It's perfectly normal the way I see it for someone not to realize that 51% attacks don't mean you can make fake coins.

doesn't work that way. 51% doesn't allow you to transfer other people's coins; you still need their signatures. and your avatar tells us what you really are: a troll.

If you can verify, you can do whatever you want. If you want a million coins just transfer other coins to your own addresses. When the transactions come up for vote, all your machines approve the transactions. If you want to delete coins, transfer them to an invalid address and approve the transactions.

Step 1.  Actually learn how Bitcoin works.
Step 2. Start trying to "fix" it.

It would appear you jumped right to step 2.

"what could go wrong with a stuck gas pedal?   Well if the gas pedal remained stuck the car could jump backwards in time or might achieve escape velocity.  Obviously gas pedals are fatally flawed.  Lets scrap cars and start over".

Yeah, except that bitcoin totally doesn't work that way.  Getting 51% of the network lets you prevent or reorder spends.  Not make fake coins.