Most coins have already been mined, current and future mining operations will never be able to amass (crypto)capital in the self-devouring vision of capitalism that Marx brought into the world. And due to the ever shrinking size of the block reward the capital of these "oligarchs" will always be dwarved by the coins mined by hobbyists using their GPUs or even CPUs. Mining may become ever more industrialized, but the initial coin distribution worked surprisingly well, despite or rather because Bitcoin flew under the radar for so long. As far as 51% attacks are concerned -- Bitcoin is lucky to be the largest coin using SHA256 and in a weird turn of events, ASICs may actually be what keeps Bitcoin relatively safe from miner associations as described by OP. Given the amount of GPU based hashpower that is currently distributed amongst various alts, things would indeed look grim if Bitcoin were still a viable target for GPU miners. That being said, I'm actually surprised how few attacks actually take place. Many alts could be pretty much eradicated if a large enough miner would decide to do so. Heck, even Bitcoin Cash, despite being one of the top 5 coins in terms of market cap, could be wiped out at will, just because it shares its PoW scheme with a much larger counterpart (ie. Bitcoin). PoS does have the advantage of not being vulnerable to what I would call drive-by 51% attacks. The question of fair distribution is unlikely to be solved by PoS though. Matter of fact it's pretty much built upon the principle of gaining capital merely by owning capital. [...]
deepbit was big
cex was big
bfl was the first asic manufacturer
cointerra was big
knc was big
bitfury was big
[...]
BFL was the first to announce; Avalon was first to deliver[1]. They beat BFL by what turned out to be the longest 14 days ever. Also you forgot to mention ASICMiner. RIP friedcat  (technically friedcat is probably still alive, but he pretty much disappeared into thin air) [1] https://bitcoinmagazine.com/articles/avalon-ships-bitcoins-first-consumer-asics-1358905223/ |
|
|
|
Transaction throughput scalability has nothing to do with PoW. How many transactions a blockchain is able to process depends on 1) the (file)size of each transaction and 2) the amount of decentralization you want to achieve. As Bitcoin is trying to keep the network as decentralized as possible, the blocksize is kept rather limited as to keep the entry level for running a full node (ie. a node keeping a full copy of the blockchain) as low as possible. As an alternative to on-chain scaling, ie. increasing the blocksize limit, Bitcoin is currently heading towards adding additional protocol levels on top. This allows for scaling beyond the linear limitations of simply increasing the blocksize while keeping a high degree of decentralization. The solution that currently seems to be most viable is Lightning Network, which strives to move the bulk of smaller transactions off-chain using a network of payment channels managed by Bitcoin's smart contract capabilities. While not widely used yet, you can see it in action here: https://lnmainnet.gaben.win/That being said, when Satoshi created Bitcoin there was nothing else to choose but PoW. PoW was what enabled cryptocurrencies in the first place, solving a problem that was previously believed to be unsolveable. |
|
|
|
Not sure if that someone was referring to a special kind of RPC attack, but in general it is wise to set up a strong rpcpassword (think 40 characters and beyond) as mentioned by btj. Also make sure that rpcallowip is either set to localhost only or not set at all (making it default to localhost). If you need to access the RPC interface from a different server, but within the same local network (ie. 192.168.x.x) set it to the respective IP. Accessing the RPC interface from a different server over the internet is a very bad idea and should be avoided at all cost. Finally keep in mind that all of this is worth nothing if the server itself is not secured enough. [...]
But in the latest versions of bitcoin withdraw funds is removed using JSON RPC remotely, but an attacker can check for your coin balances etc.
[...]
Got any source on that? This doesn't seem to be mentioned in the recent release notes: https://github.com/bitcoin/bitcoin/blob/master/doc/release-notes/release-notes-0.16.0.mdhttps://github.com/bitcoin/bitcoin/blob/master/doc/release-notes/release-notes-0.15.1.md |
|
|
|
[...]
The "profit and greed" issue has a slightly different aspect. Attacking a PoW coin with 51% would make you lose no money other than what you have spend on energy cost. The mining rig you used for that attack (if it's yours at all) could be sold after the work is done and compensate a part of the energy cost. With PoW you don't need to have any value in the Blockchain, you can point your miners at any Blockchain you desire and the coins you earn will be spend for your profits. In other protocols you risk your own investment in the Blockchain when you attempt to attack it, or as Vitali put it: "Attacking proof of stake is like buying the biggest mining rig and set it on fire".
Running a full-on 51% attack would likely severly devaluate the PoW coin in question though, which leads to the following: 1) Opportunity cost (ie. by destroying the value of the coin, you also destroy the value of the received block reward) 2) If the PoW coin runs on ASICs, finding a buyer for the mining hardware of the coin you just destroyed won't be easy. Especially at the scale required for a 51% attack. |
|
|
|
This is why empty blocks tend to appear when a blocks are found in short succession. Note that this behaviour is dependent on the implementation of the mining software and is not specified by the Bitcoin protocol itself.
Excellent!! Thanks for explaning. I'm very much interested in this part of the protocol. Does anyone know where in the bitcoin core project source code ( https://github.com/bitcoin/bitcoin) is this part implemented? Bitcoin Core's mining loop can be found here: https://github.com/bitcoin/bitcoin/blob/master/src/rpc/mining.cpp#L106-L152However it's pretty much a leftover from the CPU mining days so I don't think it's still being used on mainnet. Also I'm rather unfamiliar with Bitcoin's codebase, so someone else may correct me. The most commonly used mining and mining pool software can be found here: https://github.com/ckolivas/cgminerhttps://bitbucket.org/ckolivas/ckpoolA codebase with which I'm even less familiar, but it may point you in the right direction. perchè è stato eliminato il mio post? geni se non date una motivazione non potete farlo
I guess because you posted in Italian. Please keep your posts in English on the general boards and leave non-English post in the respective local boards only; such as the one for Italian: https://bitcointalk.org/index.php?board=28.0 |
|
|
|
There's too much unnecessary forks included ( mostly those joke, cashgrabs or both like Bitcoin God & Pizza shouldn't be here), while the old forks like Litecoin aren't. Can you add the forks from the older blocks prior to Bitcoin Cash? There are a lot of forks behind that. I think the main intention of this thread is to keep track of hardforked coins, ie. alts that share a blockchain history with Bitcoin. Litecoin doesn't quite fit that bill, I'm afraid. I personally find it delightful to see the absurdity of all these shitforks gathered in one place. This looks like a " Phylogenetic tree", the Evolution of Cryptocurrency  In this case, Bitcoin is an Aligator, still surviving without any major changes to its design. I hope someone can make a " graphical version" of this. You're going to love this page then: http://mapofcoins.com/bitcoinIt's not really up to date though, I'm afraid. |
|
|
|
It is also worth noting that the forks are maintained by different dev teams than what I would call the canonical Bitcoin. Despite the occasional drama the Bitcoin Core devs have built up a lot of trust over the years. Like other alt projects entering the market, fork teams still need to prove themselves. About the forks you explicitely mentioned: Bitcoin Cash has relatively large community support and marketing behind it, which is also why it's currently the Bitcoin hardfork with the largest market cap. Bitcoin Cash is the result of a long debate between scaling Bitcoin on-chain by using bigger blocks and scaling Bitcoin off-chain by introducing additional protocol layers. In the end most people opted for the latter, which is why Bitcoin Cash ended up as the minority fork. Bitcoin Gold came pretty much out of nowhere, botched their release by getting people infected with malware resulting in stolen coins, and overall seemed more like a cash grab than anything. Hence there's little love for this fork right now. SegWit2x was a fork that many companies wanted to see succeed, but ultimately failed to gain traction within the wider community. In part likely due to Bitcoin Cash already serving big-block-proponents. In the end SegWit2x failed to convince people, but also failed to fork, due to a bug in their codebase, which effectively caused SegWit2x to lock up. SegWit2x is for all intents and purposes, dead. After that it became pretty much a fad to hardfork Bitcoin. And with literally dozens of Bitcoin hardforks flooding the market [1], it's honestly hard to give a shit anymore. [1] https://bitcointalk.org/index.php?topic=2597083.0 |
|
|
|
Last question, (hope so)..
So.. how does Miner1 know that Tx1 was included in the last valid block submited by Miner2. Is there any stage in the protocol where Miner1 will separate transactions that were included in the last valid block and those that did not, so they get relayed and included in the new processing?
As soon as Miner1 gets the blockchain update from Miner2 (directly or via their peers) it starts validating the new block and clears out any transactions in its mempool that are now deemed invalid (eg. Tx1). However validating the new block takes time and the miner keeps on hashing in the background, so there's a short timeframe where Miner2 will assume that every transaction in its mempool is potentially invalidated (ie. confirmed) and thus work on an empty block until the previous block has been fully validated. That is due to the fact that accidentally adding an already confirmed transaction in a block would make the whole block invalid and thus the miner would lose its block reward while empty blocks are not associated with any such risks. This is why empty blocks tend to appear when a blocks are found in short succession. Note that this behaviour is dependent on the implementation of the mining software and is not specified by the Bitcoin protocol itself. |
|
|
|
People 'send' transactions to banks and it eventually changes the bank databases' states and thus banking systems are permissionless?!
Ha, nice counterpoint  But no, a bank can deny your transaction, ie. prevent you from changing the bank's database. They can even reverse a transaction if they feel like it. They can even prevent you from accessing your own money for an indetermined amount of time. A miner can do none of these things. That's the difference, and it's a crucial one. In a permissionless cash transfer system it is not enough for people to be free to produce transactions they need to be free to oversee and participate in committing the transactions. Is that so hard to understand?
Mining is free though. Not free as in beer, but free as in freedom. It may not be profitable, but in theory there's plenty of old miners around that you could point at the Bitcoin network. Given enough capital and expertise, you could even develop your own ASIC hardware. There's no central entity or regulation holding you back. No one you need to ask for permission for. Yes it does! Bitmain IS in charge of Bitcoin blockchain whether you admit it or not.
Bitcoin Cash story was written by Bitmain and it happened the way Bitmain wanted it to happen. We are not talking about what his majesty wants to do, it is about what he can do! So what can he do? So, Bitmain has set free Bitcoin and the whole civilization and specially gaming community with an ASIC crack against SHA256. What a fortunate incident! Bitmain was by far not the first company to enter the mining market with a SHA256 ASIC. And they likely won't be the last. It's a free market after all. GMO will soon show whether they can deliver: https://news.bitcoin.com/japans-internet-giant-gmo-launch-7nm-bitcoin-miner-june/Samsung is also entering the mining market: https://www.extremetech.com/computing/263254-samsung-begins-manufacturing-asic-chips-mining-cryptocurrency[...] Am I missing something or it is exactly how you and guys like you, re-invented bitcoin? Please elaborate on what you mean by "reinventing Bitcoin" My perception of a permissionless blockchain requires people to be able in both generating addresses and transactions and committing (participating to commit) transactions into the network, without buying/renting a device/license from Bitmain or anywho to do so, is there any other definition publicly available? That one for example: https://en.wikipedia.org/wiki/BlockchainPermissioned blockchains use an access control layer to govern who has access to the network. In contrast to public blockchain networks, validators on private blockchain networks are vetted by the network owner. They do not rely on anonymous nodes to validate transactions nor do they benefit from the network effect. Bitmain does neither control Bitcoin nor do they prevent other people from entering the network as miners. Merely having to buy dedicated hardware to profitably mine does not constitute access denial. Even as far back as 2012/2013 one could only profitably mine with a dedicated miner, except in that case you had to buy from AMD. And no one would have ever claimed that AMD is charging a "license fee" for mining BTC despite being the only company to offer a family of GPUs that could profitably mine. Ripple for instance is known to be a permissioned system because critical roles exist there that people can not simply take without undergoing a process and get/buy a license. People can check the state, can generate transactions but can not participate in changing the state further without permission, it is a permissioned system and bitcoin, practically is not in a better situation with ASICs and Bitmain.
Any company can produce ASICs. As mentioned above, many did before Bitmain. And likely even more will after. Permissioned blockchains require legitimization by a central entity. Bitcoin mining does not. Creating Bitcoin mining hardware does not. |
|
|
|
I think now I have a better understanding about this issue. The opposing parties of non-mining nodes have the underlying assumption (hypothetical) that miners will never cheat. Miners will never destroy their own investment, therefore users can trust mining nodes. That being said, efforts to validate transactions and detect invalid transactions in the blocks are just a waste of time since users can trust mining nodes.
[...]
It is worth noting that there's a difference between trusting mining nodes in general (ie. the network as a whole) and specific, individual nodes (ie. a directly connected trusted mining node). Being able to trust the network as a whole while not having to trust individual miners is why decentralization is so fundamental. If you have to rely on trusted individual miners you might as well stop using cryptocurrencies altogether. |
|
|
|
[...]
And here's another editorial that further explains Brennen's work (which I shared above) and stresses what I believe: that the threat is real, but has been far overplayed, and that current blockchain tech and iterations have a ten-year head start to improve. And improve they will.
[...]
I completely missed the link to the "Quantum Attacks on Bitcoin" whitepaper, thanks for sharing. The 10-year-estimate provided by Brennen et al pretty much coincides with Intel's own estimate "five to seven years before the industry gets to tackling engineering-scale problems" [1], assuming that it will take another couple years to reach commercial viability after that. [1] https://newsroom.intel.com/news/intel-advances-quantum-neuromorphic-computing-research/ |
|
|
|
You need to look up sybil attack. What constitutes a node? A port? So all the mining farms do is to split their existing hash rate over whatever you're defining as the limit so they're achieving the same goal.
Proof of Stake solves the sybil by just making it irrelevant on how many nodes your coins are sitting on... Likewise PoW solves sybil attacks by making it irrelevant from how many nodes your hashrate is coming from. Also keep in mind that PoS based schemes are arguably more prone to centralization than PoW. Their initial monetary base needs to be centrally issued as otherwise there'd be nothing to stake with, the rich get richer by definition and unlike PoW coins where you usually have a "division of power" into devs, miners and holders with PoS coins all three usually fall into the same, exclusive circle. monsterer2 is correct. It is worth noting that exactly this inability to ensure that every node / user / market participant has only "one vote" (ie. the max hashrate permitted) is why PoW is applied to cryptocurrencies in the first place.
But that brings the known issues like that the BTC network is much less decentralized than intended by Satoshi. Originally it was meant to be mined on *every single user of the network*, with their mere CPU or lets say GPU. But the ASICs and mining farms totally wrecked this concept. Getblocktemplate lowers the dangers of (pool) centralisation a little but not the issue of huge farms like Bitmain providing alot of hashrate alone already. ASIC-resistant algorithms are not a solution too to save PoW, as every ASIC "resistantce" has been broken sooner or later. Actually Satoshi did foresee mining farms: https://bitcointalk.org/index.php?topic=532.msg6306#msg6306In a way, at least. I concur that centralization and the current dominance of Bitmain is problematic. I also fully agree that any attempts at creating ASIC resistant algorithms is likely to fail. This doesn't change anything about the inability to limit the hashrate of individual nodes though. I'm afraid that's an inherent property of PoW. And I'm afraid that for all its flaws PoW is currently the most decentralized, secure consensus algorithm cryptocurrencies have to offer. |
|
|
|
|
monsterer2 is correct. It is worth noting that exactly this inability to ensure that every node / user / market participant has only "one vote" (ie. the max hashrate permitted) is why PoW is applied to cryptocurrencies in the first place.
To add to that, the network doesn't know anything about a hashrate per node. It only knows about block intervals and periodically adjusts the network difficulty (ie. the average amount of work / hashes required per block) to keep this block interval the same. The network "knows" that the hashrate of the network as a whole has increased or declined. But it has no means to reliably derive the hashrate share a single node (eg. mining pool) holds.
|
|
|
|
Also quantum teleportation would... you know... kill you. Unless you're a die-hard philosophical materialist that assumes that quantum teleportation transmits information perfectly and assume that the positions of your molecules in spacetime have nothing to do with your being and are pretty sure that a clone of yourself with a perfect copy of your mind would be you as well. That is unless you alternatively assume that the I, ie. the self, is merely a mental construct anyway in which case knock yourself out! (whatever "you" and "yourself" would mean in that case) But yes, it'd totally kill you. (sorry for off-topic) That being said, remember that the future applications of quantum computing is still for the most part speculative; let alone practical applications of quantum physics beyond that. |
|
|
|
Thanks for the thought experiment.
I had the feeling that something was off about your approach, but wasn't quite able to put my finger on it until I put a bit more thought into it.
This idea might still have some legs because arguably it would still work if weak subjectivity was an acceptable compromise since no online node would accept a historical double spend as being valid given the latest UTXO DAG. I don't think weak subjectivity should ever be acceptable, however, so I'm going to keep thinking Look into DAG based cryptocurrencies such as IOTA and ByteBall, if you haven't already. Unfortunately they are both centrally issued and rely on centralized trusted entities (IOTA's coordinator and ByteBall's witnesses, respectively) but there might be something worth learning from them nonetheless. |
|
|
|
To be permissionless means no need to get permission from a central authority for participating in the protocol to change the state of the machine, the blockchain , not just for claiming but for committing the transactions.
[...]
And there is huge difference between buying stuff from Intel, Nvidia, AMD, ... with buying a miner from Bitmain, don't you see it? In the latter case you buy a special purpose device for a special application: participating in bitcoin blockchain protocol but as for cpu/gpu the manufacturer/distributor has no clue about what you are going to do with the device. Are you pretending or you are simply ignorant?
Apart from coinbase transactions there's no state to be changed without people sending transactions. Which transactions gets added to the blockchain and which not is not dependent on a singly entity, not even Bitmain. Merely producing mining hardware does not put Bitmain in control of the network, regardless of the devices being specialized hardware. If that were the case Bitcoin Cash would have ended up being the canonical Bitcoin blockchain. Whether you buy mining hardware from Bitmain, NVIDIA or AMD makes no difference, apart from Bitmain actively mining themselves. Looking at mining rigs and large scale alt coin mining operations (ie. the ones buying GPUs wholesale), GPUs stop being consumer devices once they are put to work on whatever alt is most profitable to mine. Hell, crypto mining had such an impact on the hardware market that GPU prices have risen substantially, leading to crypto enthusiasts being cursed by gamers all over the world. The impact of people mining as a hobby, on the other hand, using devices they use primarily as consumers (ie. gaming in the case of GPU) is negligible nowadays. So yes, due to the industrialization of mining economics of scale has become more important than ever, making it hard for hobbyists to enter the mining market. But no, this does not make a blockchain permissioned or censorship-prone, as transactions are unaffected and for every miner that would wish to reject your transaction, another one will happily add it to the blockchain. Either way, you obviously simply have a different definition of what the term "permissionless" is supposed to mean. Unfortunately it's neither useful nor being used. |
|
|
|
From what I read arguments against non-mining full node, as follows:
It doesn't make the network stronger. It's actually the opposite. A non-mining full node only acts as a "witness." It doesn't have the ability to put/discard transactions in the blockchain. Thus, it only delays sending transactions to the node that really matters.
[...]
I doubt that having a multitude of non-mining full nodes makes the network slower. If anything it makes the network more resilient and possibly less prone to orphaned blocks due to enabling multiple network paths to and between mining nodes. Either way, I've looked through the medium post you are referring too, and I don't think their arguments hold quite up: It prevents Bitcoin from scaling Running full nodes (or the discussion about the need for full nodes) does not prevent Bitcoin from scaling. Keeping blocks small is what enables people to run full nodes, which is necessary to keep the network censorship-resistant. (Cue the whole small blocks vs big blocks discussion all over again) Other scaling solutions exist (eg. Lightning) that do not require pruning the network down to a handful of datacenters. It is also worth noting that the network congestion didn't last, showing that increasing the block size now would have been too early. Also the drop of Bitcoin's dominance below 50% is more likely due to the growth of the cryptocurrency market in general, rather than people fleing from Bitcoin in earnest. They make the network insecure Being forced to connect "directly to a trusted mining full node" is exactly where Bitcoin would become permissioned. You now have a single node that you put your trust into and if they deny your transaction your shit out of luck. Going through "a maze of 'non-mining full nodes'" that you don't need to trust is the only way to make sure your transaction actually gets propagated across the network and thus relayed to all -- or at least most -- miners. Not just that the ones that you "trust". I also don't see how having the sender connect directly to mining nodes would make accepting 0-conf transactions safer for the recipient, as even within a network of mining nodes only, the recipient has no guarantee that all miners have received the same transaction. Worse, still, the recipient's "trusted mining node" may not even be aware of an ongoing double spend attack. It makes upgrades harder It does indeed make network upgrades harder. However I'd still argue that in the case of decentralized, immutable blockchains network upgrades shouldn't come too easy -- otherwise we'd just have auto-updating nodes, which is something that Core has explicitely decided against for fear of centralization. The question of node updates aside, the drama of recent times was more a question of politics and self-governance, rather than technology. |
|
|
|
One important note:
Right now, Bitcoin IS NOT a public permissionless blockchain. You should buy hardware (get permission) from Bitmain to mine blocks on this chain. Face it!
That's not what permissionless means in the context of blockchains though. Permissionless means that anyone can receive a transaction from anyone without any central entity being able to refuse or block that transaction. That Bitmain is the currently dominating mining hardware provider has nothing to do with it. Or would you also argue that you need to "get permission" from NVIDIA / AMD to mine alt coins? |
|
|
|
Say someone makes a double spend using an address from 2-3 years ago. Those coins have been in circulation for quite a while now and fractions of this transaction have found their way into many people's wallets. Now suddenly these coins are burned and all these uninvolved parties lose their coins. Effectively the whole transaction history needs to be rewritten at the snap of a finger. And you'll never know when it hits you.
That's what I was missing. As you pointed out, there's no objective way to solve this with just the transaction DAG. Thanks for the feedback. Thanks for the thought experiment. I had the feeling that something was off about your approach, but wasn't quite able to put my finger on it until I put a bit more thought into it. |
|
|
|
Tough luck for someone double spending by accident; a field day for an adversary that attempts a double spend on purpose and has a botnet at their disposal. And that's ignoring the question of resolving conflicting transactions as mentioned above.
I'm not quite sure what you mean by the botnet comment? In bitcoin, the winner of the race to claim the funds would be the person who paid the highest fee; on average this means the funds will get burnt as transaction fees I mean that in the scenario as described above -- no miners, the only collateral being the amount that is being spent -- an adversary would use botnets, virtual machines or whatever other resources they have at their disposal to get the transaction they are trying to force to get seen by as many nodes as possible. A user creating a double spend by accident, would likely take no such measures. Note that with Bitcoin in its current state a high transaction fee does not guarantee precedence over other transactions. If both transactions that are part of a double spend attack have a reasonable high fee attached it doesn't make much of a difference whether you paid 100 sats per byte or 1000 sats. Ignoring how Bitcoin works today, let's assume we have a system where highest fee always takes precedence. How does a node know that it sees the transaction with the highest fee? Different nodes see a different subset of transactions. In Bitcoin that's their respective mempools. The blockchain exists to normalize these transactions across all nodes. In the system as described above each node would have their own version of history. But let's go further. Let's say a node knows that the transaction it sees has to be the one with the highest fees because it burns all its outputs. What happens to the transactions that spend those inputs? Say someone makes a double spend using an address from 2-3 years ago. Those coins have been in circulation for quite a while now and fractions of this transaction have found their way into many people's wallets. Now suddenly these coins are burned and all these uninvolved parties lose their coins. Effectively the whole transaction history needs to be rewritten at the snap of a finger. And you'll never know when it hits you. Immutability is one of the core value propositions of blockchains. A system as described above, would completely rid a cryptocurrency of this property. As for resolving conflicting transactions, I can't think of an example of a conflicting transaction that isn't a double spend?
I was indeed referring to double spends as conflicting transactions. What I was missing was the strategy how they are handled besides exposing the private key -- exposing the private key being only the first step. Now I see that the implicit assumption was that exposing the private key would automatically burn the coins in question by means of transaction fees. For a more detailed comment on this approach, see above. That being said, keep in mind that miners fulfill another function besides securing the network against double spend attacks -- currency issuance. If you reduce the transaction history to a DAG without PoW, all you're left with is a central entity issuing all currency. |
|
|
|
|
Show Posts
