A solution to every 51% attack

[Wind_FURY]

The troll tries to protect his debate for a rolling check-point, because he knows that it's the only way to secure/protect his POS shitcoin.

It's dangerous to trust your stakers with nothing on the line?

[o_e_l_e_o]

Actually a rolling checkpoint would prevent exactly that, if say the checkpoint was every 130 blocks.

Then it is pointless. A 51% attack which can reverse 129 blocks is more than enough for an attacker to double spend huge amounts multiple times, as well as causing 29 block rewards and their subsequent transactions to become invalidated. Such an attack would be catastrophic for bitcoin regardless of checkpoints. The security comes from the hashrate making such an attack near impossible, not from unnecessary checkpoints.

If your coin is so insecure it has to rely on hardcoded checkpoints to prevent an attacker reversing a full day of blocks, then it has failed in being decentralized.

[d5000]

As I already wrote, "rolling checkpoints" (or reorg limits) only make sense for a very limited use case: "long range attacks", which are almost impossible in larger PoW cryptocurrencies like Bitcoin.

For PoS coins, they do have utility, because they are vulnerable to a type of long range attack where old keys which had coins on it in a certain point in time, could be bought by an attacker, and the chain reorganized from this point on without any risk. This attack is easier the older these keys are, and thus the rolling checkpoint strategy makes sense for PoS coins. It is also not necessarily a centralized solution, as any node basically can decide if he wants to permit a re-org (if someone doesn't like the restriction, he can code an alternative client with the restriction turned off, but he must achieve enough hashpower).

But if the coin has a PoW component which determinates the "longest chain", first this "buy old keys"-attack isn't possible, because for obvious reasons you don't get any advantage from them. Then the risk of the miner grows anyway the longer the chain he has to reorganize is, because he has to "mine" the blocks correctly and invest power and hardware. So if he wants to 51% attack a chain to perform a double spend, he will always try to do the shortest reorganization possible. (Even if the coin has a PoS component, you would have to mine also, so basically the same applies).

Conclusion: For Bitcoin such a rolling checkpoint is not necessary at all, neither for other large PoW coins.

[Wind_FURY]

Actually a rolling checkpoint would prevent exactly that, if say the checkpoint was every 130 blocks.

Then it is pointless. A 51% attack which can reverse 129 blocks is more than enough for an attacker to double spend huge amounts multiple times, as well as causing 29 block rewards and their subsequent transactions to become invalidated. Such an attack would be catastrophic for bitcoin regardless of checkpoints. The security comes from the hashrate making such an attack near impossible, not from unnecessary checkpoints.

The community/army of full nodes WILL also reject any invalid transactions in the network. It would be useless for any attacker to risk the large cost of the attack, unless you do not lose anything from being a bad-actor in the network. Nothing at Stake?

If your coin is so insecure it has to rely on hardcoded checkpoints to prevent an attacker reversing a full day of blocks, then it has failed in being decentralized.

[o_e_l_e_o]

A rolling checkpoint is nothing more than a node refusing a reorg past a specific # of blocks.

So what number do you pick then? Either you pick a large number, in which case your checkpoints are pointless, or you choose a small number, in which case the chain with the most PoW may not always win if there is a chain split or reorganization.

Satoshi believed in checkpoints, but I guess you think you and blockstream are superior to Satoshi.

Satoshi also used P2PK and allowed anyone to spend anyone else's coins using OP_TRUE OP_RETURN. He was not infallible.

Checkpoints are like seatbelts , when you need them you really need them , but it is too late when the wreck occurs.

And just like if you have to rely on a seatbelt to save your life, if you have to rely on a checkpoint to prevent a massive chain reorganization, then your car/coin is ruined and you need to find a new one.

[o_e_l_e_o]

You choose ½ day or 1 day of blocks.
This blocks all long range history attacks, and all coins should be strong enough to defend against a ½ day short range attack.

If a coin is not vulnerable to a 51% attack lasting 12 hours, then how can it be vulnerable to a 51% attack lasting months?

If they can't , then they are seriously compromised.

So you agree that coins which have to rely on checkpoints are seriously compromised. So why do we need them?

[Wind_FURY]

The troll now talking FUD about a make-believe scheme, that ASIC manufacturers are running more powerful machines, and would actually attack the network that enriches them?

Plus Quantum Computers? The troll should be worried more of what it would do to his favorite financial, and government institutions.

[Xembin]

Many bitcoin private details must be kept safe, so that there would not be any attack from the hacker.
I think some country are generating new technology to end attack challeng in their business. Many coins will be more secure for futur use by the investors.
More investors are pround of the solution attack and right now they have solution to every attack in their exchange in the market.

[NotATether]

4 pool operators can fuck up bitcoin within 12 hours
~snip

The thing is, those 4 pool operators have a huge investment of bitcoin, and the reason why you haven't see them coordinating a 51% attack all of these years is that they know this will tumble the market price of bitcoin and make their savings worthless, not being able to afford future electricity expenses and going out of business.

[verita1]

Guys, here I have several articles that talk about how Avalanche will reduce the transaction time for example of BCH and possibly Bitcoin. As also the speed at which BCH transactions are processed shows the transaction’s finality is typically 2-3 seconds or less. As well as reducing the financial incentive to 51% attack.
 
https://news.bitcoin.com/bch-avalanche-transactions-show-finality-speeds-10x-faster-than-ethereum/

https://coinmarketcap.com/alexandria/article/a-dive-into-avalanche

We will see a lot of improvements in blockchain and crypto very soon because Avalanche has just launched its mainnet.

51% attack will be history.

[Wind_FURY]

The troll posting disinformation, FUD that no one agrees with, and believes I am the one confused? Hahaha.

Troll, the forked shitcoins will NEVER have the same network effect as Bitcoin because besides being shitcoins,
they are socio-political attacks against Bitcoin. Do you actually believe the community will leave Bitcoin and follow Rogercoin and Craigcoin?

[witcher_sense]

If it were possible to create a decentralized network with a system of  "autosaves" built-in, it would be done from the very beginning. In my opinion, there is no way to combine contradictory features: decentralization and locked blocks. Here is why. With my full node, I don't need to trust others. I simply download the whole history of transactions and then start to verify them by myself. With the current system, it is very easy to become a historian (you are aware of former events) and a historical figure (you are making history every time you verify). You are independent, sovereign, powerful. If we make some blocks locked and unchangeable, we are no longer need to know history. I can just check that transactions are valid to a certain point, but I have to trust someone that history before that wasn't rewritten. With a system of autosaves, I can't verify, I need to trust. It is a completely contradictory idea to what we have today. Don't verify, believe. It is similar to centralized system, we have no vote, we have no choice. Just believe what you are told. If a solution to every 51% attack means we have to make bitcoin more centralized, I would prefer being attacked. At least, in such case I know that there is something worth to defend.

[BlackHatCoiner]

If we make some blocks locked and unchangeable, we are no longer need to know history. I can just check that transactions are valid to a certain point, but I have to trust someone that history before that wasn't rewritten. With a system of autosaves, I can't verify, I need to trust. It is a completely contradictory idea to what we have today. Don't verify, believe.

Can you change something now that it is a decentralised system? You still can verify, but if you find something that "you don't like", you can't do anything. With the locked blocks though, you ensure that for the next years of bitcoin, no one will be ever able to reverse a transaction x blocks deep. A quantum computer, according to what i've read, may be able to break an address, imagine what they can do to the blockchain.

And as for "forking bitcoin", Satoshi gave us a gift, but bitcoin developers are responsible for what we have right now. They should make any changes in the future if they believe it is needed. If satoshi maniacs want to follow what satoshi did a decade ago, they can go and buy Satoshi's vision.

(For example, in the forum's quotes it says cryptography that is used for bitcoin will be strong enough by ~2030)

[witcher_sense]

Can you change something now that it is a decentralised system? You still can verify, but if you find something that "you don't like", you can't do anything. With the locked blocks though, you ensure that for the next years of bitcoin, no one will be ever able to reverse a transaction x blocks deep. A quantum computer, according to what i've read, may be able to break an address, imagine what they can do to the blockchain.

And as for "forking bitcoin", Satoshi gave us a gift, but bitcoin developers are responsible for what we have right now. They should make any changes in the future if they believe it is needed. If satoshi maniacs want to follow what satoshi did a decade ago, they can go and buy Satoshi's vision.

(For example, in the forum's quotes it says cryptography that is used for bitcoin will be strong enough by ~2030)

As far as I know, it is not possible to reverse a bitcoin address even with potentially powerful quantum computer. Bitcoin address is a double hash of a public key, it is an infeasible task to reverse a hash function. However, if you reused your address and revealed your public key, you are probably vulnerable to quantum computer attack.

Of course, you cannot change the past "buried" deep enough into blockchain, that is the main point of immutable system based on proof of work. Whosoever willing to change the recent history needs to pay a high amount of money in order to try his luck. He needs to prove that work was actually done. What about locked blocks? Are they just hard coded or what? Proof of work is no longer needed to change them. System now relies on robustness of code, not on economic incentives. How much does it cost to change a hard coded block? Will the price be higher than that one needed in case of proof of work?

[BlackHatCoiner]

As far as I know, it is not possible to reverse a bitcoin address even with potentially powerful quantum computer. Bitcoin address is a double hash of a public key, it is an infeasible task to reverse a hash function. However, if you reused your address and revealed your public key, you are probably vulnerable to quantum computer attack.

It is infeasible with the current technology. With quantum computers, SHA256 won't be strong enough. We don't care if an key has been hashed 2 or 200 times to create an address. With a brute force, you just take the address and try all the possible combinations until you find the proper private key. Quantum computers are heard to make an almost infinite number hashes per second, at least this is what I've read. We shouldn't discuss what will happen if a quantum computer comes on this crypto technology. It would brake every address.

Of course, you cannot change the past "buried" deep enough into blockchain, that is the main point of immutable system based on proof of work. Whosoever willing to change the recent history needs to pay a high amount of money in order to try his luck. He needs to prove that work was actually done. What about locked blocks? Are they just hard coded or what? Proof of work is no longer needed to change them. System now relies on robustness of code, not on economic incentives. How much does it cost to change a hard coded block? Will the price be higher than that one needed in case of proof of work?

Yes, this is the main point of immutable system based on proof of work. But again, with the current technology. As I mentioned before of what can a quantum computer do to addresses, imagine how many blocks it can generate per second.

Also query: Is the difficulty a 32-bit integer? It may need to get bigger in the future, not just 2^32.

[Wind_FURY]

As far as I know, it is not possible to reverse a bitcoin address even with potentially powerful quantum computer. Bitcoin address is a double hash of a public key, it is an infeasible task to reverse a hash function. However, if you reused your address and revealed your public key, you are probably vulnerable to quantum computer attack.

It is infeasible with the current technology. With quantum computers, SHA256 won't be strong enough. We don't care if an key has been hashed 2 or 200 times to create an address. With a brute force, you just take the address and try all the possible combinations until you find the proper private key. Quantum computers are heard to make an almost infinite number hashes per second, at least this is what I've read. We shouldn't discuss what will happen if a quantum computer comes on this crypto technology. It would brake every address.

Although, with Quantum Computers, Bitcoin's "failure" would be the most miniscule of our problems. The attackers would cause the failure of every institution around the globe, and tear the internet apart.

[BlackHatCoiner]

Although, with Quantum Computers, Bitcoin's "failure" would be the most miniscule of our problems. The attackers would cause the failure of every institution around the globe, and tear the internet apart.

I don't understand how exactly they could do this, but if we're talking about encrypted messages/passwords, then yes, most likely.

[witcher_sense]

It is infeasible with the current technology. With quantum computers, SHA256 won't be strong enough. We don't care if an key has been hashed 2 or 200 times to create an address. With a brute force, you just take the address and try all the possible combinations until you find the proper private key. Quantum computers are heard to make an almost infinite number hashes per second, at least this is what I've read. We shouldn't discuss what will happen if a quantum computer comes on this crypto technology. It would brake every address.

I am not an expert at quantum computing systems, but I consider safe to assume that we are far from the time when powerful quantum computers is reality. It is not a simple obstacle to overcome, it requires a lot of research and time to build a quantum computer capable of breaking hashing algorithm. Do you know what requires less time to implement? Quantum resistant cryptography and quantum resistant hashing algorithm are easy to implement. You just move your bitcoin to a quantum resistant address and hodl further.

[o_e_l_e_o]

It would brake every address.

No, it wouldn't

Turning a private key in to a public key uses elliptic curve multiplication.
Turning a public key in to an address uses hash functions (SHA256 and RIPEMD160).

A quantum computer running Shor's Algorithm can reduce the number of operations to obtain a private key from a public key from 2¹²⁸ to only 128³, which is easily doable with a large enough quantum computer.
The same quantum computer running Grover's Algorithm can only reduce the number of operations to obtain a public key from an address from 2²⁵⁶ to 2¹²⁸, which is still far too large to be possible.