Topic: Satoshi didn't solve the Byzantine generals problem - page 10. (Read 13683 times)

MintPal was Vericoin rather than Viacoin(PoW), just fyi. That was a legit attack that resulted in an attacker having control of a large enough amount of VRC to cause VRC users to choose to roll back as the lesser of two evils(debatable of course, but I remember the dev making a decent argument that it was pretty much the only option aside from complete death).

BTER's NXT being hacked is a completely different an unrelated situation though. It was simply a hacker stealing around 50m NXT. There was no resulting security issue with this theft in regards to the NXT network. Mounting a successful attack on NXT appears to be extremely difficult from what I can tell.

No there is a social engineering attack at work. r0ach wants to rename it as a sybil attack, which isn't entirely wrong since the social engineering attack does use a sybil technique.

By making pools appear smaller they encourage independent miners to (continue to) send hash rate there. Thus the evil pool operator doesn't need buy the hash rate himself, he's tricking miners into letting him use it.

Without the social engineering component the pool sybil attack doesn't really do anything. Split a 50% pool into five 10% pools and you still only have 50%.

The only thing he needs to do is to buy all that mining hardware.... Oh, and to produce some blocks... the cost of which is superlinear in the number of blocks...  Mmmm....

In my original post I give an example of why that's not true.  The same guy can own all the big PoW hashing pools in secrecy, which is a sybil attack, not collusion.  He can operate profitably the entire time and initiate the long con or other strategy whenever he wants.

Some of it does involve Social engineering, yes. The distinction between PoW and PoS/PoI/DPoS is that several of these attack vectors cannot be accomplished with PoW. With PoW all you can do is steal the account holders coins with a mtgox, ponzi scheme, or when a large bagholder is compromised. With PoS you can also attack the network and steal other peoples coins as well. Additionally, a compromised wallet cannot attack the network with a 51% attack with PoW as in PoS.

I suppose one could social engineer their way into Ant-pools mine and covertly reflash the firmware on all the miners. This attack would be much more difficult to do because large farms have multiple engineers who look over things and they have to constantly check their equipment and have large incentives to keep ontop of everything because of razor thin profit margins.  

It is no surprise that many PoS coins use checkpoints to add another security layer which is essentially centralization by a few developers approval. Checkpoints don't prevent these attacks just narrow the window of attack which is absolutely no problem. Developers Like Vitalik have studied these security weaknesses long and hard and despite desperately wanting to use some form of TaPoS for security still have not found an acceptable solution to mitigate these threats.  

Perhaps one day someone will develop a solution for PoS, until than both bitcoin and all other coins need a lot of work to improve security.

These are social engineering attacks, of course.  I guess the equivalent in POW would be to 'borrow' someone's server farm.

I'm not sure what gap you are referring to?

A double spend in POS has a constant cost proportional to the amount of stake you own. In POW, the cost is superlinear in the number of blocks you produce.

Except that major exchanges tend to hold vastly more coins than individuals, so they replace mining pools in being the 51% risk, and (much) worse, their mining security can be anonymously and easily moved if it's accessed by a hacker. See for example MintPal (Viacoin) and Bter (NXT)

Yes, for PoS the security is exponential to amount of users

The gap is pretty large and "therefore" is not enough here. The fact that we don't observe such attacks hints that you are plain wrong.

Your idea of a proof is something that I don't recognise. I'm not entirely sure what kind of government you have where you live, but where I live, you have to trust politicians, and that trust is abused on a regular basis.

POW is nothing like DPOS. DPOS is just plain POS turned on its head with a deterministic block production order. It is a reactive design subject to all kinds of social engineering attacks on top of the regular nothing at stake attacks. Producing a block costs nothing, therefore neither does attacking the chain.

Bitcoin is resistant to 33% only, 51% number was mistakenly calculated without taking Selfish Mining into account.

This is one reason why cloudmining must be avoided like the plague(or possibly exposing you to a ponzi) , and another incentive structure must be developed to encourage decentralized p2p mining.

Switching to an ASIC resistant PoW coin doesn't solve this problem but merely delays the inevitable. As interest and hash power grows ASICS will be developed within time regardless.

This is why their is such a contentious debate between raising the blocksize limit. The people in favor of smaller blocks know the mining is already heavily centralized and that fight may be lost (without a novel solution) and want to at minimum keep node count high and decentralized to balance the centralization of mining.

Yes that's exactly right and I explained this on another of one of r0ach's thread spam Sybils.

There is a globally unique longest chain, although your confidence that you know what it is depends on the distribution of hash rate in the network.

The issue of resistance to attack is one of a tradeoff between concentration of hash rate and the rate with which confidence in an apparently-longest chain being the correct chain increasing over time. This is seen in Satoshi's paper where he analyzes the case of a single 45% attacker and concludes that you would need to wait 340 confirmations for 1/1000 confidence (which isn't even that strong if the exposure is high).

He doesn't generally discuss the question of concentration though, outside of an explicit "attack". In fact the issue has broader implications.

There is an enormous amount of concentration now that does't come from pools. This has the same effect of weakening the security model that pools do, or possibly worse (since you can't pull hash rate from KnC if they decide to misbehave).

In the future this will likely evolve in one of three ways: 1) increased concentration, decreased value and increased irrelevance; 2) continued equilibrium between some degree of "acceptable concentration" and limited value and relevance; or 3) a break from the status quo where concentration decreases due to limits to economy of scale and commoditization of ASICs along with increased value and relevance (perhaps enormously so).

I don't agree with Gavin/Hearn and believe they made some mistakes with consensus and XT, but they aren't the enemy or boogeymen and have made great contributions to the bitcoin ecosystem. In fact their insistence and persistence is forcing other hands to really tackle this issue with some creative solutions and great research.

Gavin would be the confederacy in that case.

This is over simplified. Double spends/DOS attacks can occur at much lower thresholds of hashing power than 51%. The bitcoin blockchain isn't exclusively controlled by miners either but split between miners and nodes with separate voting and separate powers granted to each. Indirectly developers, exchanges, wallets, and merchants have a large role as well.

Politically, bitcoin doesn't represent republics/democracy either because all users have ultimate veto power and can break consensus at any moment by forking or just choosing not to upgrade to new changes they disagree with(thus causing a fork). It is more similar to certain forms of anarchy in nature because of this quality.

Would you call I completely voluntary and open governance model that allows for any user(citizen) to instantly veto any change they disprove of a republic/democracy? The smaller fork has every right to call their currency bitcoin regardless of the majorities objections.

Not odd at all.  I guess I should refine my statement with the words "direct democracy" or something.

PoW may be less efficient than DPoS(some would argue this would eventually change as evidenced by expensive elections), but certainly not more effective. There has already been plenty of examples where miners have left pools in anticipation of a potential attack. Additionally, many miners are setup with fallback pools or to switch between pools in event problems arise.

This is not to say that pools create no security weaknesses or concerns , merely you are overstating your case. Additionally, it is possible for these trends to reverse themselves with proper incentives set in place to cover the cost or reward p2p pools.


What an odd statement to make. How is trust in anyway related to democracies? Pure Democracies are far from trustless and consist of two wolves and a sheep deciding whats for dinner. No cryptocurrency is trustless... people really need to stop using that term inappropriately.