Bitcoin Forum
November 16, 2024, 08:42:17 AM *
News: Latest Bitcoin Core release: 28.0 [Torrent]
 
   Home   Help Search Login Register More  
Bitcoin Forum > Bitcoin > Development & Technical Discussion > Self contained proof / PoW
Pages: [1]
« previous topic next topic »
  Print  
Author Topic: Self contained proof / PoW  (Read 1674 times)
phelix (OP)
Legendary
*
Offline Offline

Activity: 1708
Merit: 1020



View Profile
June 20, 2014, 05:09:37 PM
Last edit: June 20, 2014, 09:36:23 PM by phelix
 #1
Say Alice wanted to prove to Bob that a particular Bitcoin TX has taken place but Bob does not have access to the network and has no information about the blockchain for the last year.

Assumptions:
* price to increase by a factor of 10 per year (should only be relevant to give a reason for the hashrate increase)
* network hashrate to increase by a factor of 10 per year
* the transaction occurred on the network 1 year ago
* Bob knows the current date
* Bob knows the blockchain up to a couple of blocks before the block with the TX (last network access 1 year ago)
* The particular block only contains this one TX besides the coinbase TX.
* Block reward: 25BTC
* Cost of mining a block today: 25BTC

Alice shows Bob the particular block and the block headers of the following nine blocks. Bob decodes the TX and verifies everything is ok.

How much would it cost Alice to fake the data?


Practical application: proof for TX in a very lite client.
TimS
Sr. Member
****
Offline Offline

Activity: 250
Merit: 253


View Profile WWW
June 20, 2014, 06:42:42 PM
Last edit: June 20, 2014, 07:10:47 PM by TimS
 #2
If the cost of mining a block today is 25 BTC, and 1 year ago the difficulty was 10 times lower (as implied by the hashrate being 10 times lower), then the cost to mine the fake year-old blocks would be 2.5 BTC per block. Since this involves forging at least 10 blocks (you were a little fuzzy on the "a couple of blocks before" part, so let's take the worst-case scenario: the TX happened in the very next block), the cost is 10*2.5=25 BTC. As long as Alice's lie isn't worth over 25 BTC (~$15,000 today), Bob should be safe.

Unless a difficulty change happens to be within those 10 blocks, Alice can't modify the difficulty to reduce this cost, and Bob could see that such a change is suspicious. Instead, to minimize the chance of detection, Alice should try to make everything else about the blocks realistic - the block timestamps should be the same as the real chain (if you were including more than the block header, I'd say to include real transactions, too).

Note that Bob could guard against this risk by connecting to the network, even only as a lite client for a short time.

Also note that Bob has no proof that this TX is unspent, only that it occurred at some point.
phelix (OP)
Legendary
*
Offline Offline

Activity: 1708
Merit: 1020



View Profile
June 20, 2014, 07:13:30 PM
 #3
Thank you very much for your analysis and important additional hints.

What I am actually pondering is if it would make sense to include this in an API server for Namecoin / .bit  -  it's not secure but better than nothing.
Pages: [1]
  Print  
Bitcoin Forum > Bitcoin > Development & Technical Discussion > Self contained proof / PoW
 « previous topic next topic »
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!