Pages:
Author

Topic: The BTC price is too high for it's current security model (Read 4588 times)

legendary
Activity: 1260
Merit: 1000
Look, that is just externalizing the problem.

The system I described earlier limits the government's ability to become involved in such a role by removing their obvious entryway into the system, the small number of centralized mining pools.  If you think you can fix that giant, central authority attack vector while still using PoW, then by all means, go for it, but I don't think you can personally.  A system based on DPOS is the only way forward that I see currently.

How do I know DPOS is the future?  Because even the government itself could easily use it.  They could do something like make each member of the UN a DPOS delegate, and suddenly you have a distributed world currency.

You can either wait for this to happen, or create a private, non-government run model before they do.
sr. member
Activity: 269
Merit: 250
In a blockchain type of consensus sytem:

1) you cannot guarantee that a single entity won't somehow obtain more than 50% of the active resources used to create blocks, whatever they are.

Technically, you can with ease in the short term by boot strapping a DPOS system with 101 pseudo-random, pre-selected candidates from various countries, then treating their role as a supreme court judge type position where it's difficult to remove them.  The challenge in that scenario is selecting what method for allowing their replacement:  voting with money from coin holders (plutocracy), other delegates (democracy), or thousands of other combinations of variables.

The method BitsharesX used for their system was executed extremely poorly, and I've already come out against their system, so don't even think I'm shilling for that.  Some people will say 101 delegates isn't decentralized, but when only 1-4 mining pools really matter in Bitcoin, it beats the hell out of that decentralization, or lack thereof.

There are many other technicalities to hammer out as well, such as should delegates be allowed to run anonymously, or force it so the original 101 delegate names are handed down over time for people to better keep track of.  Then you have things like TOR/I2P integration and timing attacks and all that.


Look, that is just externalizing the problem.
I'm all with you on better types and methods of democracy and I feel that the current political system is rotten to the core.
I would also warmly welcome any incentives that foster stronger decentralization of bitcoin mining.

Nevertheless I stand by my argument that from a technical standpoint PoW and even the current hashrate distribution is not as problematic for bitcoin as suggested.

Like you hinted governments can and probably will try to manipulate cryptocurrencies until they are a shadowy joke of what they were and are intended to be.
But it will happen in the public space and not through a brute force attack on hashing power.
Through lobbying, through enforcing stupid regulations and maybe even through making the software illegal or otherwise manipulating it.


hero member
Activity: 518
Merit: 500
Trust me!
Yeah, it's true. It is simply too easy for regular people to get scammed by someone. There need to be simpler solutions for people to securely sign their transactions. This needs to be solved before Bitcoin can enter the mass market. I'm curious to see, though how all the wallets in Apple's restricted ecosystem are doing, and whether such a restrictive marketplace suffices in protecting peoples' bitcoins!
legendary
Activity: 1260
Merit: 1000
In a blockchain type of consensus sytem:

1) you cannot guarantee that a single entity won't somehow obtain more than 50% of the active resources used to create blocks, whatever they are.

Technically, you can with ease in the short term by boot strapping a DPOS system with 101 pseudo-random, pre-selected candidates from various countries, then treating their role as a supreme court judge type position where it's difficult to remove them.  The challenge in that scenario is selecting what method for allowing their replacement:  voting with money from coin holders (plutocracy), other delegates (democracy), or thousands of other combinations of variables.

The method BitsharesX used for their system was executed extremely poorly, and I've already come out against their system, so don't even think I'm shilling for that.  Some people will say 101 delegates isn't decentralized, but when only 1-4 mining pools really matter in Bitcoin, it beats the hell out of that decentralization, or lack thereof.

There are many other technicalities to hammer out as well, such as should delegates be allowed to run anonymously, or force it so the original 101 delegate names are handed down over time for people to better keep track of.  Then you have things like TOR/I2P integration and timing attacks and all that.
sr. member
Activity: 269
Merit: 250
Again you post arguments based on your premises but not on hard facts.

Your premises seem to rely on the assumption that Bitcoin will live forever, and that any disruption to the block chain is only temporary and greedy miners will sort things out from there.  My premise is that the centralization of mining pools will be an ongoing issue that provides so large of an attack vector, that it's inevitable central governments will impose their will over how the protocol functions, either getting rid of it outright, or turning it into governmentcoin.

For example, let's say all western governments suddenly said, "sorry, you can't mine anymore because you could be processing financial transactions for terrorists".  Various third world Asian governments would probably follow suit as well.  Mining would suddenly be a crime in most places.  You might end up with only small amounts of hash rate in obscure places like Bulgaria.  There would be no real security for the network since overpowering it's hash rate would be trivial.  Price would go down to nothing, market cap would be nothing, nobody would use it.

You seem to ignore the obvious fact that if governments have any opportunity whatsoever to regulate, manipulate, or screw something up, they will.  The giant mining pools have to go or Bitcoin has no future.  As for your claim of me "shilling" for a specific altcoin, my point has nothing to do with altcoins.  My point is that you either have to remove the giant pool mining from PoW, or use PoS and utilize reputation as a finite resource to fix most of proof of stake's current issues.


The problem is that you want a solution to a formally impossible problem.
In the type of system we have you need at least a majority to reach consensus and you can't circumvent this.

What you are proposing when you say there will be government intervention etc. is that there is an external entity that enforces rules.
For absolutely any protocol the government can come in and pull out the "its illegal" card.

Actually here is something for you to think about:
All it takes to break any of these models (PoS,PoW whatever you want) is to control the exchange of information.
If I can assert control over the underlying network used to exchange information (i.e the internet) I can isolate groups and participants so they cannot post new blocks to participate.
Because these systems are decentralized they have to be able to deal with failures of participants.
Satoshi was clever to assume that messages are disseminated quickly enough because it simplifies the problem.
It is in part a dangerous assumption but given the long block intervals he chose reasonable enough to withstand most issues.

Say you use a PoS model with reputation or whatever. For the network to function it has to be able to generate blocks with fluctuating amounts of participants.
How do you want to enforce distribution of the active resources used in creating blocks is fair (no one has a majority)? You can't unless you block during times where this is not the case.

The issue of some entity being able to control >50% of the active resources required to generate new blocks will always be there.
It is impossible to remove because it is impossible to reach consensus in the proposed model without a majority.
Probabilistic consensus allows smaller disruptions to be rectified later on because eventually the majority overrules any decisions taken contrary to the majority.
If you do not allow this the system has to block as soon as a majority cannot be reached.


[edit]

Reading through my own text it is a bit unclear what I want to say.

In a blockchain type of consensus sytem:

1) you cannot guarantee that a single entity won't somehow obtain more than 50% of the active resources used to create blocks, whatever they are.
You can try to encourage stronger distribution but there is no way to enforce it at all times.
2) Indecision will always exist in a probabilistic consensus model. You cannot fully prevent double spending because no block is 100% agreed on.




legendary
Activity: 1260
Merit: 1000
Again you post arguments based on your premises but not on hard facts.

Your premises seem to rely on the assumption that Bitcoin will live forever, and that any disruption to the block chain is only temporary and greedy miners will sort things out from there.  My premise is that the centralization of mining pools will be an ongoing issue that provides so large of an attack vector, that it's inevitable central governments will impose their will over how the protocol functions, either getting rid of it outright, or turning it into governmentcoin.

For example, let's say all western governments suddenly said, "sorry, you can't mine anymore because you could be processing financial transactions for terrorists".  Various third world Asian governments would probably follow suit as well.  Mining would suddenly be a crime in most places.  You might end up with only small amounts of hash rate in obscure places like Bulgaria.  There would be no real security for the network since overpowering it's hash rate would be trivial.  Price would go down to nothing, market cap would be nothing, nobody would use it.

You seem to ignore the obvious fact that if governments have any opportunity whatsoever to regulate, manipulate, or screw something up, they will.  The giant mining pools have to go or Bitcoin has no future.  As for your claim of me "shilling" for a specific altcoin, my point has nothing to do with altcoins.  My point is that you either have to remove the giant pool mining from PoW, or use PoS and utilize reputation as a finite resource to fix most of proof of stake's current issues.
sr. member
Activity: 269
Merit: 250

False.

Add, at least:

3. The attacker can refuse to mine on top of certain blocks

(Which prevents such blocks from ever being accepted into the longest chain.) The protocol allows that as well. I'm still not quite sure if this is a complete list.

But your 2. would only be correct if you did not include the phrase "to cause economic harm." The protocol is agnostic about why something is being done.


You are right it would probably make sense to differentiate between the rewards of a miner and a regular transaction.

What is a block? Effectively it is a set of transactions including the one where the miner pays himself. The block is linked to previous blocks and has a PoW (in the case of bitcoin)
Double spends can only happen if you "erase" a block by presenting a longer chain in which it is not present.
In a sense robbing a different miner of their rewards by intentionally making a new chain is very similar to a double spend.

[edit] I'm unsure if the selfish mining approach is as viable as it is claimed to be
You would obviously find a pattern if a pool consistently tries to maliciously remove blocks.
Of course it can't be prevented but at the same time you have a similar effect to that of double spending.
Everyone will know you are behaving badly and will shun you. Furthermore you are negatively affecting your profits (loss in confidence of the system).



legendary
Activity: 2968
Merit: 1198
1) The attacker can attempt a double spend
2) The attacker withholds a transaction to cause economic harm

Incomplete list, and you are ignoring some very important implications.


No that list is complete. Even your link just points out different nuances of using these two actions.
It is complete because these are the only valid actions that the protocol allows a miner to take. (we will disregard a >50% attack on running the protocol code because that effectively just forks bitcoin)

False.

Add, at least:

3. The attacker can refuse to mine on top of certain blocks

(Which prevents such blocks from ever being accepted into the longest chain.) The protocol allows that as well. I'm still not quite sure if this is a complete list.

But your 2. would only be correct if you did not include the phrase "to cause economic harm." The protocol is agnostic about why something is being done.
sr. member
Activity: 269
Merit: 250
1) The attacker can attempt a double spend
2) The attacker withholds a transaction to cause economic harm

Incomplete list, and you are ignoring some very important implications.


No that list is complete. Even your link just points out different nuances of using these two actions.
It is complete because these are the only valid actions that the protocol allows a miner to take. (we will disregard a >50% attack on running the protocol code because that effectively just forks bitcoin)


Please don't give me some primitive list off an FAQ.

I'm not talking about some one time double spend, I'm talking about how the pools are so large of an attack vector, that it's trivial for governments to take over or impose their will on the network.  Also how it's supposed to be a decentralized network without trusted 3rd parties, yet the tiny amount of mining pools are the trusted third parties.  The protocol never actually succeeded in it's stated goals, and is currently just a giant fugazi.

Do you remember the initial Bitcoin premise and intro to the world?  When Satoshi types he claims to have figured out a way to create decentralized consensus without trusted third parties?  Everyone gives him credit like he actually succeeded. 

He never did succeed.


Again you post arguments based on your premises but not on hard facts.
It is trivial to see if the network behaves. All you need to do is have enough participants log broadcast transactions and from this you can derive if those transactions were put through.

Bitcoin has probabilistic consensus on the blockchain. Do you even know what this means? It means that the probability of a block not changing converges towards 1.
So unless you use checkpointing (which is basically consensus enforced through the protocol) you never have a 100% certainty that your transaction is stable.
That does not matter however as a very large probability is good enough for most use cases.

You do not have to trust third parties because you can observe their behaviour and decide for yourself if a transaction has reached a level of trust you desire.


Statments like saying bitcoin is just a "giant fugazi" just strengthens my assumption on your motives.
It is not so much about the security of bitcoin but more about you wanting another coin you deem more secure to succeed.

I think it is great that altcoins are exploring new routes and methods which can flow back into all other cryptos if they are valid and useful.
But lets face it. Altcoins need to inflate issues with bitcoin to give people an incentive to switch to them.

"Oh look, bitcoin is so horribly broken but coin xyz fixes all that and has free candy on top! who would not want free candy right*?"


* Disclaimer, I have large holdings in xyz coin.
full member
Activity: 195
Merit: 100
If governments cracked down on one or more pools, the pool participants would simply repoint their hardware to another pool or p2pool. Not a big deal.

How would you know that they've been subverted by a government?  What about the event where large pools that control their own hashpower are subverted and there aren't any "pool participants" to speak of?

Either the pool is processing transactions/blocks normally or it isn't. As soon as the pool owner or participants notice something wonky, they can split and go somewhere else. Even the largest pool owners like ghash.io AFAIK only own roughly 25% of the pool hashrate themselves. At least that's the estimate I've seen of what chunk of ghash.io is CEX. And even that AFAIK is split up geographically in different jurisdictions and datacenters. Probably the largest chunk of hashpower you might be able to find in one pool+jurisdiction is under 10% of the total bitcoin hashrate.
legendary
Activity: 2968
Merit: 1198
If governments cracked down on one or more pools, the pool participants would simply repoint their hardware to another pool or p2pool. Not a big deal.

How would they know? And aside from that, a lot of the hash rate is internal (big farms). Supposedly ghash moved some of their own hash rate off their pool to alleviate concerns over their market share. If external miners leave they just put it back (or expand).

The OP is right. There is really very little decentralized going on here. If decentralization is the goal, it is rotten to the core.
legendary
Activity: 1512
Merit: 1000
If governments cracked down on one or more pools, the pool participants would simply repoint their hardware to another pool or p2pool. Not a big deal.

How would you know that they've been subverted by a government?  What about the event where large pools that control their own hashpower are subverted and there aren't any "pool participants" to speak of?
full member
Activity: 195
Merit: 100
If governments cracked down on one or more pools, the pool participants would simply repoint their hardware to another pool or p2pool. Not a big deal.
legendary
Activity: 1260
Merit: 1000
Here is what happens when you have a real attack:
1) The attacker can attempt a double spend
2) The attacker withholds a transaction to cause economic harm

Please don't give me some primitive list off an FAQ.

I'm not talking about some one time double spend, I'm talking about how the pools are so large of an attack vector, that it's trivial for governments to take over or impose their will on the network.  Also how it's supposed to be a decentralized network without trusted 3rd parties, yet the tiny amount of mining pools are the trusted third parties.  The protocol never actually succeeded in it's stated goals, and is currently just a giant fugazi.

Do you remember the initial Bitcoin premise and intro to the world?  When Satoshi types he claims to have figured out a way to create decentralized consensus without trusted third parties?  Everyone gives him credit like he actually succeeded.  

He never did succeed.
legendary
Activity: 2968
Merit: 1198
1) The attacker can attempt a double spend
2) The attacker withholds a transaction to cause economic harm

Incomplete list, and you are ignoring some very important implications.

For example, withholding transactions isn't just a question of economic harm, it can also be used to whitelist/blacklist.

Better analysis here: http://hackingdistributed.com/2014/06/16/how-a-mining-monopoly-can-attack-bitcoin/

sr. member
Activity: 269
Merit: 250
There is very little real incentive to perform a > 50% attack because you'd shake confidence, no matter what method is used for block creation.

People keep using the phrase 51% attack to try and downplay the issue, like it's just some theoretical thing that won't happen because self motivated greed will prevent it, aka the rational miner factor.  Since when are rational miners considered even the top 10 security risks?  Did you also forget Bitcoin is advertised as having "no trusted third parties"?  Those pools that you can count with less than 5 fingers are your trusted third parties, which is why the system as is, has failed completely.

[snip]

Unless all current Bitcoin development is redirected towards getting rid of the mining pools, there's really no reason to support it.


Here is what happens when you have a real attack:
1) The attacker can attempt a double spend
2) The attacker withholds a transaction to cause economic harm

Double spending is something that is quite time critical for the attacker. The further down a block is in the chain the more unlikely it becomes that the attacker can successfully replace the above chain with a new one.
Large double spends will be noticed and as an effect people will lose trust and move to something else. So realistically the attacker would try to pull off a one shot double spend for a very large amount of coins.
I do not know what policies are in place for big exchanges but you would expect them to wait quite a few blocks for very large sums.
The attacker would have to put in immense financial efforts to reach the >50% hash power and would probably gain little from the attack.
It only really makes sense if you are out to destroy bitcoin as a whole.

Equal argumentations can be made for Transaction withholding.

"Those pools that you can count with less than 5 fingers are your trusted third parties, which is why the system as is, has failed completely"

Those pools can't sign transactions for your coins. They can't double spend your transactions unless you WANT them to by broadcasting two different transactions for the same input.
If you send me coins I can require you to wait 1000 blocks before I send you goods or no blocks. This gives me the freedom to choose.
I can happily trust that in the current system it is very very very unlikely that a new chain with 1000 blocks will appear out of thin air to double spend that transaction.






legendary
Activity: 1260
Merit: 1000
There is very little real incentive to perform a > 50% attack because you'd shake confidence, no matter what method is used for block creation.

People keep using the phrase 51% attack to try and downplay the issue, like it's just some theoretical thing that won't happen because self motivated greed will prevent it, aka the rational miner factor.  Since when are rational miners considered even the top 10 security risks?  Did you also forget Bitcoin is advertised as having "no trusted third parties"?  Those pools that you can count with less than 5 fingers are your trusted third parties, which is why the system as is, has failed completely.

Giant pools are also way too large of an attack surface to be nationalized by governments, regulated to oblivion, demolished with TNT by order of environmental protection agency, etc.  There's a billion things that can and will go wrong with them.  Most likely Bitcoin will fail if it follows it's current path since it's not even close to what it's described as on the box.  If it doesn't fail, the best case scenario you will get out of the mining pool centralization is "governmentcoin".

Unless all current Bitcoin development is redirected towards getting rid of the mining pools, there's really no reason to support it.

There is some higher level thinking at work here though.  Most people are unable to put 1+1 together and figure out that if a global, anonymous currency was to become huge, it would most likely mean the end of central governments.  Even if you're some kind of super anarchist, is that something you really want to see during your lifetime?  The odds of being murdered by Obama zombies for a nickel is probably pretty high.  The same central governments probably have contingency plans to to prevent this from happening, either by never allowing the centralized pools to be removed from the protocol, or just waiting and nationalizing them.
sr. member
Activity: 269
Merit: 250
What are you trying to say here? Coin weight in a Proof of Stake type model only deterministically gives you control if you own more than 50% of the coins.

I don't have time to reply to all this right now, but it's pretty common knowledge that you only need 51% of coins currently staking to control the network and not 51% of total coins.  Using coin age as a finite resource in this system just makes it easier to attack, which is why NXT never used it, and why Blackcoin is removing it.  Reputation makes a much better finite resource than coin age and makes it so large holders can't perform effortless attacks, just like how PoW works.


For simplicities sake it makes sense to assume most people have an interest to stake their coins or participate with their resources but yes, you are right that you only need > 50% of coins staked to deterministically form the longest chain.
It makes no real difference because whatever model you choose always reduces down to how likely it is for a single active entity to produce > 50% of the blocks.

There is very little real incentive to perform a > 50% attack because you'd shake confidence, no matter what method is used for block creation.
I think the issue is greatly exaggerated because then it is much easier to promote an altcoin with a new mining/minting scheme.

To me the real problem lies in ensuring privacy. And I do not mean through a new altcoin but rather implementing stronger privacy in bitcoin itself.




 

legendary
Activity: 1260
Merit: 1000
What are you trying to say here? Coin weight in a Proof of Stake type model only deterministically gives you control if you own more than 50% of the coins.

I don't have time to reply to all this right now, but it's pretty common knowledge that you only need 51% of coins currently staking to control the network and not 51% of total coins.  Using coin age as a finite resource in this system just makes it easier to attack, which is why NXT never used it, and why Blackcoin is removing it.  Reputation makes a much better finite resource than coin age and makes it so large holders can't perform effortless attacks, just like how PoW works.
sr. member
Activity: 269
Merit: 250
PoS depends greatly on how random the minting process is (PoW has an element of randomness to it and this is crucial) or else you have a problem.
If I can split my stakes in a way that guarantees me to be chosen for block minting for x blocks in a row I can attempt attacks.

Stake models are not required for coin weight to equal network control.  A finite variable is needed in the system for it to function, but it doesn't have to be coin age, coin weight, or any of the variables that have already been attempted.  Models already exist like this, such as BitsharesX, that use other variables (reputation), although I consider their system completely broken for numerous reasons, a few listed below.  

The current Bitcoin model is already an obvious failure while people walk around in a delusional state pretending it isn't.  It's advertised as requiring "no trusted 3rd parties", yet the entire thing relies on them in the form of a small number of mining pools for block verification.  Since Bitcoin never solved the "no trusted 3rd parties" dilemma, it's time to admit that and come up with a solution, most likely assign a performance metric to regulate those parties (i.e. PoS with reputation variable).

Unless every single iota of Bitcoin dev manpower is redirected towards the solitary goal of getting rid of mining pools, they're operating under the textbook definition of insanity.


I don't want to be rude here but it appears to me that you have very little knowledge and understanding of how probabilistic distributed consensus through the blockchain works.

"Stake models are not required for coin weight to equal network control"

What are you trying to say here? Coin weight in a Proof of Stake type model only deterministically gives you control if you own more than 50% of the coins.
From an economic perspective yes, if you own a lot of something you might be able to assert more control over it. But please enlighten me where coin weight equals network control in a model
where those coins do not directly influence the creation of new blocks or somehow restrict transactions.

"A finite variable is needed in the system for it to function, but it doesn't have to be coin age, coin weight, or any of the variables that have already been attempted."

Yes a finite resource is desirable for a blockchain type method of consensus. In the original whitepaper satoshi points out why using network addresses is not a great idea and that using processing power
as a finite resource makes sense. If you do not require this finite resource the entire mechanism boils down to who is the quickest at producing the most blocks and disseminating them (actually such a system would still be valid but for obvious reasons it makes little sense to want it).

"The current Bitcoin model is already an obvious failure while people walk around in a delusional state pretending it isn't"

No it isn't. I do not understand why you think that the network needs maximum distribution of mining/minting to be secure.
Block height on top of the one with your transaction is a measure of confidence. Unless the attacker disrupts the entire process of transactions as long as your transaction is sufficiently low down in the chain it becomes extremely impracticable to be removed. Double spending is an issue that will always exist if you have randomness with the block creation method. That is why you should wait for a few blocks if you want stronger confidence in a transaction. It becomes extremely improbable that low down blocks in the chain will change.

Neverheless with a blochchain there is no 100% guarantee that a block does not change. The probability just converges to 1 that it won't. (I'm intentionally discarding checkpointing here as for this consensus is reached through a majority using the same software)



Pages:
Jump to: