Yes once a node learns of a tx it will drop any double spends of that tx and not relay (forward) or include it in the memory pool.  Since new blocks are created from the memory pool the double spend will not be included in future blocks made by that node either.  This isn't some new development.  The network has always worked this way (for obvious reasons).

They have always dropped double spends. 

Currently the protocol limits block size to 1MB.  This doesn't correspond to any specific transaction volume the 7 tps is an estimate based on average transaction size.   The block size can be increased and I don't see any scenario where it remains 1MB forever.  The debate is more on how should the limit be determined, how much should it be increase, when would it be appropriate.

That is a good question and one that can potentially simplify the system.  We can look all all non-P2SH outputs and categorized them by standard templates ranked by how commonly they occur.  My guess is with only a half dozen templates you probably cover 99.5%+ of the spendable UXTO (some outputs are unspendable either through design or error).  So it probably does make some sense to limit it to more common output types.

P2SH introduces a wrinkle in that until spent we don't know what script the hash represents.  So if there are 1M BTC in outputs encumbered by script hashes, unlike "native" or direct output scripts there is no way to know how definitively how those coins are distributed.   You however get a proxy by looking at all spent P2SH outputs (the redeemScript will be in the input) and stratifying them into known templates.  By analyzing and categorizing the UXTO (and P2SH spent output proxy) you can get a good idea how much of the long tail do you want to include.  As an example if you have a high confidence that supporting 5 known templates covers 99% of all outputs is it worth it to support 35 known templates to cover 99.5% and the entire scripting language in all its permutations to support 100%.

Only in Bitcoinland does the exchange rate increasing >28% in 30 days = "doesn't budge".

A visual to illustrate the point (for those who don't know the term "real" means adjusted for inflation i.e. 3% savings bond when inflation is 3% is a 0% real return)

The IMF wouldn't control or replace the dollar.  Under that plan (which I think is unlikely to happen) the SDR would replace the dollar as the reserve currency of the world.  For most of the history of this country the US dollar wasn't the world's reserve currency.

All reserve currencies eventually are replaced and it always because the entity printing the reserve currency abuses that special status.  The dollar being the reserve currency means that other countries are defacto obligated to continually hold large sums of dollars.  To partially hedge those holdings they usually buy US debt (interest offsets inflation losses).  As long as the nations of the planet trust the reserve minter to not excessively devalue those holdings then the system "works".    Generally it works fine for 50 to 150 years depending on the restraint of the minter.  It does however distort the free market pricing of debt.  Since foreign nations collectively need to hold trillions of dollars in US debt it drives interest rates on that debt down and subsidizes the US government to spend spend spend.  I mean it is almost free money so what is a hundred billion here and a trillion there.  The US govt "wins" and everyone else "loses" and the more debt the US govt racks up the more likely a default is too occur (of the treasury just hyperinflation that debt away to avoid an official debt).  That leads to resentment and eventually a new currency is used but the process will repeat itself.  The US wasn't the first and it won't be the last.  It works as long as you trust governments to spend within their means and not abuse that special status.

No that isn't the penalty.  The "penalty" is if a miner doesn't mint a block when he can then he is prevented from minting future blocks for a period of 2 days ON THAT CHAIN.

"supporting the main chain" = minting blocks on that chain = no penalty = doesn't prevent the attacker from simultaneously working to extend one ore more candidate attack chains at the same time.

Well it depends on the history and policy of each central bank.  In the case of the FED the US Congress could abolish it instantly by passing legislature and the federal reserve board members are appointed by the President.  The idea that the government can't do anything about it is just a farce.  However it goes back to why would the government want to abolish the Fed?  The debasement of money is in the best interest of debtors and the US government is the single largest debtor in the US, the world, and the history of mankind.  Why exactly would they want to eliminate a system which allows them to borrow a nearly unlimited amount of money at subsidized interest rates.  It is a symbiotic relationship.

I revised the post to be more clear.  It is important to consider the optimal behavior for both an attacker with a minority and majority of the stake.   In neither case will there be an effective penalty although how the attacker proceeds will vary (it does in Bitcoin as well for different reasons).

There would be no penalty.  Lets look at the case of a majority and minority attacker separately.  

An attacker with a minority of the stake will optimally support ALL chains including the main chain.  He will suffer no penalty.  Yes this will (marginally) reduce his chance because it improves the effective stake of the main chain relative to his chain but the chance was already low.  In PoW the real security comes not from the fact that a double spend with a minority of the hashrate is possible.  It is very possible but it will happen infrequently and the COST for all the times it fails offsets any gain from the double spend.    For example an attacker with 10% of the Bitcoin hashrate would be able to successfully double spend a tx with 6 confirmations 1 out of 1694 attempts.   It is impossible to guarantee that an attacker (even one with a minority of the hashrate) can NEVER perform a double spend on a tx 6 confirmations deep however the cost means that if the amount being double spent is <168,000 BTC the attacker ends up losing money.  He will eventually be successful however the gain from the success will be less than the loss of coins not mined.  

With PoS, a minority attacker WILL support the main chain when required and thus he will never suffer a penalty.  His chance of success will be low (and will be lower the more confirmations that are required) but with no (real) cost and a chance >0% he will eventually pull off a double spend at no cost.  There is nothing at risk precisely because he can support all chains in parallel simultaneously.  Note: a PoS system w/ a penalty marginally reduces the profitability of the attacker when the attacker has a minority of the hashrate but it doesn't remove the nothing at stake risk because the attacker can still support all chains (he probably would anyways even w/ no penalty to collect the block rewards on the main chain).

An attacker with a majority of the stake will optimally only extend the attack chain(s) and not the main chain because he doesn't need to.  You can penalize him all you want on the main chain but once one of the attack chains are longer then it will be published, the network will reorg to use that chain as the "best chain" and all the "penalties" will be limited to an orphaned fork.  Is there an effective penalty if all the penalties are limited to a chain which has been orphaned?  The irony is that after the attack chain is published all the honest miners who did not complete blocks when required will be subject to a penalty and unable to mine for 2 days.

Inflation isn't inherently bad for everyone.  If you are debtor and have fixed interest debt inflation is very good.  Imagine you have a house valued at $200,000, a $200,000 interest only mortgage and $50,000 salary with no other debt or assets.  You have a debt to income ratio of 400% and a net worth of $0.  Now imagine the fed inflates the dollar 10x in 2015 (or over some extended period of time).  In time the price of your wages will rise to $500,000 and the price of your house to $2M.  You now have a net worth of $1.8M and your debt to income ratio is now only 40%.

Now obviously the price of everything else would also rise so in real (inflation adjusted) terms you house is still only worth $200K (circa 2014 dollars) but your debt is only $20K (in 2014 dollars).  Your net worth is $180,000 in real terms and that is better than $0.  So inflation made you "rich" = improved your net worth.

Anytime the FED does anything there is a winner and a loser.  Debtors benefit from the debasement of money and the larger the debtor the more they benefit.  Who appoints the members of the Federal Reserve?  Hint it is the largest debtor in the US (and world).  What do you think would happen to a federal reserve board member if he advocated very high interest rates (which would hurt the ability of this world's largest debtor to continue to borrow insane amount of subsidized money)?

Banks benefit from the actions of central banks through a different process and that is the delayed effect of changes in the money supply on prices. 

It is but then the attacker would operate differently.  Since there is no cost he would simply support both chains.  Yes he is working against himself but with a minority of the hashrate the probability of producing a longer chain of x blocks was already <50%.  Still the odds are 0% and he isn't penalized because he is supporting the "main" chain (chain most likely to remain the longest).  So he loses nothing, gets no penalty and some % of the time will be able to out mine/mint the main chain and perform a double spend at no cost.  Granted the odds may be low (they are low for Bitcoin as well) if his share of the stake is low but say you got away with a double spend once a year with no cost or risk.  Other than ethics why wouldn't you try?  Attempt 10,000 double spends and if 9,999 are unsucessful and 1 is the fact that there was no cost means you are ahead.


I have no idea what you mean by "any block".  An attack can come from any block.  An attacker can continue to extend multiple chains extending from multiple blocks all in parallel and if any of them by "luck" end up longer than the main chain they will be published.  If the attacker has a minority of the effective stake (even when boosted by computing power), the chance of success if low.  That means the chance of penalty is high and it would be optimal to build on the main chain as well.

The same concept applies to selfish mining.  A minter produces a valid block and he will be penalized if he doesn't publish it on the main chain however the block doesn't allow him the chance of forging the next block so he hangs on to it for a while.   If prior to him finding a better block another miner publishes a block at the same height that is inferior then he publishes his block as well and suffers no penalty.  If prior to another miner finding a better block he finds a block which allows him to forge the next block he publishes that instead and then immediately attempts to solve the next block to double his reward.

A digital currency known as the dollar already is the norm.  Physical currency makes up only a small portion of the US money supply.

Why would he do that?  If the attacker has a majority of the stake he will eventually have the longest chain.  There is no reason to "give up".  All that matters is variance and time (well # of blocks) but the longer the chain the higher the probability the attacker will be head and that rapidly approaches 100%.  The exact same principle in in play when we assume the "good guys" have the majority.  In Bitcoin why do you trust a tx with 20 confirmations more than one with 1 confirmation?  It is because the probability that someone with a minority of the hashrate (even 49%) could build a longer chain to perform a reorg and "reverse" that tx decreases as the chain length increases.   In a 51% attack the attacker is the one with the majority so the roles are reverse.  The attack has a >50% chance of being ahead after 1 block but that rapidly rises to ~100% as the chain becomes longer.  The more of a majority the attacker has the quicker the confidence rises (both 51% and 70% will eventually produce the longest chain but we can say at a given chain length the later will have a higher computed probability of being ahead).

So why would the attacker just give up and try later?

Over time but not instantly and thus the chain with the majority of the stake will be the longest.  If it wasn't true then someone with 1% of the stake could form a chain as long as the network with 99% of the stake (99% of the stake is penalized for not mining on the attack chain and eventually the 1% has 100% of the active stake).


This is where you get into trusted node voodoo.  The attacker can include tx from the "honest" chain.  He doesn't need to (nor can he) double spend all transactions.  The attacker can broadcast double spends which are picked up by the main chain and then include the legit tx in the attack chain. 

The idea that 100% of the nodes will always be online, and always know which chain is the best is dubious.   If that were possible then you wouldn't even need PoS or minting at all.  Nodes would simply agree which tx are valid and confirmations would be nearly instantaneous.  So what happens when there are two chains A & B.  In A BTC-E is double spent a small fortune and in B BitStamp is double spent a small fortune?  One of them is just going to take a massive loss for the team?  No in a scenario where longest chain is ignored and the EC doesn't reach 100% consensus either you have a network split or the attacker is able to double spend anyways.  Sorry BTC-E your tx was in the longest chain but the board of trusted elders has decided that the inferior chain is the "best" and you lose to the double spend. 

I don't know if there is a backdoor but if there is it would not become public knowledge unless fished out by third party experts.  Secret warrant signed by a secret judge in a secret court would authorize the tap.  Hack into computer, obtain encrypted data, use backdoor to decrypt.  Now the entity has the data.  Prove that it was obtained from a backdoor and not some other failure of security on your part.  You may swear up and down that you were super secure and the NSA had to use a backdoor in bitlocker to obtain the data but how many people would believe you?

I am not even sure what you mean.  Attacks aren't "made" on the main chain.  A 51% attack involves the attacker building AN ALTERNATE chain.

In the main chain = attacker mines no block.  
In the attack chain = attacker mines all block = no penalty

When the attack chain is longer the attacker broadcasts it at which point the "attack chain" becomes the main chain and the "honest" chain just becomes an orphaned minority fork.

At no point is the attacker subject to any penalty.

Everyone isn't poor. The net worth of the world is estimated at $223 trillion.