Bitcoin Forum
December 07, 2016, 10:41:09 AM *
News: Latest stable version of Bitcoin Core: 0.13.1  [Torrent].
 
   Home   Help Search Donate Login Register  
Pages: « 1 [2]  All
  Print  
Author Topic: Bitcoin without mining  (Read 11664 times)
kjj
Legendary
*
Offline Offline

Activity: 1302



View Profile
May 27, 2011, 09:40:51 PM
 #21

Quote from: kjj
You would need not just 50% of the world's hashing power, but closer to 95%+ of it if you wanted to pull off any meaningful BTC scam.
I don't think so. You can steal the vast majority of blocks from then on by storing up blocks you generate and release them only when someone else also solves one. Not sure if you consider that meaningful or not. (There was some long ago thread about this that I can't find now) You could double spend by getting one block ahead of the good network and then just stay ahead until you are ready to drop your one block longer chain.

The time to find a block is not a linear function of your hashing speed, it is a probabilistic process.  Having 10% more power than the other guy doesn't mean you find blocks 10% faster, it means that you have a ~5% chance of finding it before him.

Say that you fraction of the global networking power is X, where 0 <= X <= 1;

The probability that you will be able to do this for one block is X
The probability that you will be able to do this for two blocks is X^2
The probability that you will be able to do this for three blocks is X^3
The probability that you will be able to do this for four blocks is X^4
Etc...

Actually, those are the high end estimates.  In reality, you will need another factor, Y, to correct for the portion of the network that believes in the attack chain.  Over time, Y will get smaller and smaller.

Since this topic keeps coming up over and over again, I'm going to propose a potential solution: every time a node reshuffles, they should make a note of which peer it came from.  More than three reshuffles from the same peer in like 24 hours, and that node is dropped.

p2pcoin: a USB/CD/PXE p2pool miner - 1N8ZXx2cuMzqBYSK72X4DAy1UdDbZQNPLf - todo
I routinely ignore posters with paid advertising in their sigs.  You should too.
1481107269
Hero Member
*
Offline Offline

Posts: 1481107269

View Profile Personal Message (Offline)

Ignore
1481107269
Reply with quote  #2

1481107269
Report to moderator
1481107269
Hero Member
*
Offline Offline

Posts: 1481107269

View Profile Personal Message (Offline)

Ignore
1481107269
Reply with quote  #2

1481107269
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1481107269
Hero Member
*
Offline Offline

Posts: 1481107269

View Profile Personal Message (Offline)

Ignore
1481107269
Reply with quote  #2

1481107269
Report to moderator
1481107269
Hero Member
*
Offline Offline

Posts: 1481107269

View Profile Personal Message (Offline)

Ignore
1481107269
Reply with quote  #2

1481107269
Report to moderator
1481107269
Hero Member
*
Offline Offline

Posts: 1481107269

View Profile Personal Message (Offline)

Ignore
1481107269
Reply with quote  #2

1481107269
Report to moderator
MoonShadow
Legendary
*
Offline Offline

Activity: 1666



View Profile
May 27, 2011, 10:26:16 PM
 #22


Since this topic keeps coming up over and over again, I'm going to propose a potential solution: every time a node reshuffles, they should make a note of which peer it came from.  More than three reshuffles from the same peer in like 24 hours, and that node is dropped.

Interesting proposal.  I think that this requires it's own thread, to discuss how to do this.

"The powers of financial capitalism had another far-reaching aim, nothing less than to create a world system of financial control in private hands able to dominate the political system of each country and the economy of the world as a whole. This system was to be controlled in a feudalist fashion by the central banks of the world acting in concert, by secret agreements arrived at in frequent meetings and conferences. The apex of the systems was to be the Bank for International Settlements in Basel, Switzerland, a private bank owned and controlled by the world's central banks which were themselves private corporations. Each central bank...sought to dominate its government by its ability to control Treasury loans, to manipulate foreign exchanges, to influence the level of economic activity in the country, and to influence cooperative politicians by subsequent economic rewards in the business world."

- Carroll Quigley, CFR member, mentor to Bill Clinton, from 'Tragedy And Hope'
kjj
Legendary
*
Offline Offline

Activity: 1302



View Profile
May 27, 2011, 10:29:56 PM
 #23

Agreed.

p2pcoin: a USB/CD/PXE p2pool miner - 1N8ZXx2cuMzqBYSK72X4DAy1UdDbZQNPLf - todo
I routinely ignore posters with paid advertising in their sigs.  You should too.
jed
Full Member
***
Offline Offline

Activity: 165

Jed McCaleb


View Profile WWW
May 27, 2011, 11:03:53 PM
 #24

kjj:
So let's assume an attacker controls 60% of the network.
He makes a big transaction that is sent to the whole network.
He stops generating blocks on the legit network.
He now starts generating a new chain without the large transaction but not sending it to the rest of the network.
His fake chain will eventually grow longer than the real chain.
At some point of his choosing he publishes his longer chain to the real network.
The fake chain is now accepted as real since it is longer.


Quote
Since this topic keeps coming up over and over again, I'm going to propose a potential solution: every time a node reshuffles, they should make a note of which peer it came from.  More than three reshuffles from the same peer in like 24 hours, and that node is dropped.
This doesn't help. It is trivial to just send from a new peer.

stellar.org   |    twitter
MoonShadow
Legendary
*
Offline Offline

Activity: 1666



View Profile
May 27, 2011, 11:11:25 PM
 #25

kjj:
So let's assume an attacker controls 60% of the network.
He makes a big transaction that is sent to the whole network.
He stops generating blocks on the legit network.
He now starts generating a new chain without the large transaction but not sending it to the rest of the network.
His fake chain will eventually grow longer than the real chain.
At some point of his choosing he publishes his longer chain to the real network.
The fake chain is now accepted as real since it is longer.


The (non-existant, we really need a programmer to develop this) 'blockchain watchdog' process would ringing alarm bells after the 60% miner had left the network.  Whether that mattered would depend upon what the rest of the network does once the watchdogs are barking.

"The powers of financial capitalism had another far-reaching aim, nothing less than to create a world system of financial control in private hands able to dominate the political system of each country and the economy of the world as a whole. This system was to be controlled in a feudalist fashion by the central banks of the world acting in concert, by secret agreements arrived at in frequent meetings and conferences. The apex of the systems was to be the Bank for International Settlements in Basel, Switzerland, a private bank owned and controlled by the world's central banks which were themselves private corporations. Each central bank...sought to dominate its government by its ability to control Treasury loans, to manipulate foreign exchanges, to influence the level of economic activity in the country, and to influence cooperative politicians by subsequent economic rewards in the business world."

- Carroll Quigley, CFR member, mentor to Bill Clinton, from 'Tragedy And Hope'
billyjoeallen
Legendary
*
Offline Offline

Activity: 966


Hide your women


View Profile WWW
May 29, 2011, 06:50:47 AM
 #26

So I've been thinking...
 bitcoin mining seems like such an unfortunate side effect of the system since it is so wasteful. )

I stopped reading right here.  Bitcoin is not wasteful, even now.  It's several orders of magnitude more energy efficient than the fiat currency systems in use around the world.

only if you count the number of guns necessary to force us to act as if fiat is a good store of value, and the salaries necessary to pay the thugs and pump out the propaganda, etc. 

insert coin here:
1Ctd7Na8qE7btyueEshAJF5C7ZqFWH11Wc

Open an exchange account at CampBX: options, lowest commissions, and best security
https://campbx.com/register.php?r=0Y7YxohTV0B
FreeMoney
Legendary
*
Offline Offline

Activity: 1246


Strength in numbers


View Profile WWW
May 29, 2011, 07:40:14 AM
 #27

I stopped reading right here.  Bitcoin is not wasteful, even now.  It's several orders of magnitude more energy efficient than the fiat currency systems in use around the world.

I would like to see numbers that prove it.  The current network consumes 2MW of power constantly assuming (on average) 2MH/s/W. It's about 2 million USD per year. Of course that's not much compared to the money used for fiat money flow but for a 45 million USD money supply it's a lot.  And then you have a few million of USD in equipment that based on Moore law will be worth a fraction of the current value in 12-18 months. When you add human work (building and maintaining miners), you have a lot of cost for the amount of money supply that is handled by a small bank.

At the very best, Bitcoin is as efficient as the fiat currency system dollar per dollar and likely less efficient.

P.S I know about the cost of bailouts but Bitcoin is yet to start handling loans. And it were loans not money transfers and money flow that needed a bailout.



Are you spying on me? (wait, I guess not since you don't know what I'm doing). I give loans. Loans don't cause bailouts anymore than shoes cause dancing.

Play Bitcoin Poker at sealswithclubs.eu. We're active and open to everyone.
Zibbo
Jr. Member
*
Offline Offline

Activity: 58


View Profile
May 29, 2011, 03:40:08 PM
 #28

kjj:
So let's assume an attacker controls 60% of the network.
He makes a big transaction that is sent to the whole network.
He stops generating blocks on the legit network.
He now starts generating a new chain without the large transaction but not sending it to the rest of the network.
His fake chain will eventually grow longer than the real chain.
At some point of his choosing he publishes his longer chain to the real network.
The fake chain is now accepted as real since it is longer.


The (non-existant, we really need a programmer to develop this) 'blockchain watchdog' process would ringing alarm bells after the 60% miner had left the network.  Whether that mattered would depend upon what the rest of the network does once the watchdogs are barking.

The attacker doesn't need to be part of the honest network before launching an attack at all, so you would not see a sudden drop in hashing power. A longer chain would just appear out of nowhere.

Once some group controls more hashing power that rest of the miners combined, bitcoin reality is exactly what they want and nothing else (can't do anything that would invalidate blocks in the eyes of honest nodes, like change block reward etc). If they are honest, then no problem, but if they want to attack the network, they can just grow their own chain, refuse the blocks generated by honest nodes, but force honest nodes to accept attackers block. Honest nodes can't differentiate between attackers blocks and honest blocks (because they are decentralized), while attacker knows which blocks are which. It doesn't matter if honest nodes get ahead for a while. Attacker will always catch up, and all the work honest nodes have done would be replaced with the attackers "reality".

This idea of a watchdog system is nice, but I'm not entirely sure how much it would help if someone truly has a majority of the hashing power. I mean, even if you knew with 100% certainty, that someone is attacking the network with a majority hashing power, and maybe even how and when it's going to happen, what is the mechanism that would be used to prevent the attack in a decentralized system like bitcoin? Like you said "Whether that mattered would depend upon what the rest of the network does once the watchdogs are barking". I'm not sure there is anything they can do, without giving up the decentralized nature of bitcoin.

Bitcoin is secure "As long as a majority of CPU power is controlled by nodes that are not cooperating to attack the network", but not a second longer.
MoonShadow
Legendary
*
Offline Offline

Activity: 1666



View Profile
May 30, 2011, 01:46:29 AM
 #29

kjj:
So let's assume an attacker controls 60% of the network.
He makes a big transaction that is sent to the whole network.
He stops generating blocks on the legit network.
He now starts generating a new chain without the large transaction but not sending it to the rest of the network.
His fake chain will eventually grow longer than the real chain.
At some point of his choosing he publishes his longer chain to the real network.
The fake chain is now accepted as real since it is longer.


The (non-existant, we really need a programmer to develop this) 'blockchain watchdog' process would ringing alarm bells after the 60% miner had left the network.  Whether that mattered would depend upon what the rest of the network does once the watchdogs are barking.

The attacker doesn't need to be part of the honest network before launching an attack at all, so you would not see a sudden drop in hashing power. A longer chain would just appear out of nowhere.

Once some group controls more hashing power that rest of the miners combined, bitcoin reality is exactly what they want and nothing else (can't do anything that would invalidate blocks in the eyes of honest nodes, like change block reward etc). If they are honest, then no problem, but if they want to attack the network, they can just grow their own chain, refuse the blocks generated by honest nodes, but force honest nodes to accept attackers block. Honest nodes can't differentiate between attackers blocks and honest blocks (because they are decentralized), while attacker knows which blocks are which. It doesn't matter if honest nodes get ahead for a while. Attacker will always catch up, and all the work honest nodes have done would be replaced with the attackers "reality".

This idea of a watchdog system is nice, but I'm not entirely sure how much it would help if someone truly has a majority of the hashing power. I mean, even if you knew with 100% certainty, that someone is attacking the network with a majority hashing power, and maybe even how and when it's going to happen, what is the mechanism that would be used to prevent the attack in a decentralized system like bitcoin? Like you said "Whether that mattered would depend upon what the rest of the network does once the watchdogs are barking". I'm not sure there is anything they can do, without giving up the decentralized nature of bitcoin.

Bitcoin is secure "As long as a majority of CPU power is controlled by nodes that are not cooperating to attack the network", but not a second longer.

There are a number of things that live operators can do to inhibit an attack under way, not the least of which is to bring more hashing power to bear.  An attacker coming in unannounced with blocks would cause a significant revision on the blockchain, not something that can be stopped, but it's a huge red flag.  A watchdog process could alert users to an attack underway, and any commerce site using bitcoin in any automatic fashion should immediately suspend trade to protect themselves.  Also, nodes are not anonymous to each other.  It's not trivial, but it is possible to determine from where the new blocks came from.  Also, and attacker coming in from outside the network needs at least as much hashing power as the whole honest network, not just 50%.  Just having a simple majority of the hashing power is only enough to make the attack possible, it doesn't make it easy.  To build a chain in the dark, the attacker must have significantly more than the whole of the honest network in order to build his dark chain fast enough to get back far enough to overwrite his intended target block.

"The powers of financial capitalism had another far-reaching aim, nothing less than to create a world system of financial control in private hands able to dominate the political system of each country and the economy of the world as a whole. This system was to be controlled in a feudalist fashion by the central banks of the world acting in concert, by secret agreements arrived at in frequent meetings and conferences. The apex of the systems was to be the Bank for International Settlements in Basel, Switzerland, a private bank owned and controlled by the world's central banks which were themselves private corporations. Each central bank...sought to dominate its government by its ability to control Treasury loans, to manipulate foreign exchanges, to influence the level of economic activity in the country, and to influence cooperative politicians by subsequent economic rewards in the business world."

- Carroll Quigley, CFR member, mentor to Bill Clinton, from 'Tragedy And Hope'
Zibbo
Jr. Member
*
Offline Offline

Activity: 58


View Profile
May 30, 2011, 06:08:35 AM
 #30

The attacker doesn't need to be part of the honest network before launching an attack at all, so you would not see a sudden drop in hashing power. A longer chain would just appear out of nowhere.

Once some group controls more hashing power that rest of the miners combined, bitcoin reality is exactly what they want and nothing else (can't do anything that would invalidate blocks in the eyes of honest nodes, like change block reward etc). If they are honest, then no problem, but if they want to attack the network, they can just grow their own chain, refuse the blocks generated by honest nodes, but force honest nodes to accept attackers block. Honest nodes can't differentiate between attackers blocks and honest blocks (because they are decentralized), while attacker knows which blocks are which. It doesn't matter if honest nodes get ahead for a while. Attacker will always catch up, and all the work honest nodes have done would be replaced with the attackers "reality".

This idea of a watchdog system is nice, but I'm not entirely sure how much it would help if someone truly has a majority of the hashing power. I mean, even if you knew with 100% certainty, that someone is attacking the network with a majority hashing power, and maybe even how and when it's going to happen, what is the mechanism that would be used to prevent the attack in a decentralized system like bitcoin? Like you said "Whether that mattered would depend upon what the rest of the network does once the watchdogs are barking". I'm not sure there is anything they can do, without giving up the decentralized nature of bitcoin.

Bitcoin is secure "As long as a majority of CPU power is controlled by nodes that are not cooperating to attack the network", but not a second longer.
There are a number of things that live operators can do to inhibit an attack under way, not the least of which is to bring more hashing power to bear.  An attacker coming in unannounced with blocks would cause a significant revision on the blockchain, not something that can be stopped, but it's a huge red flag.  A watchdog process could alert users to an attack underway, and any commerce site using bitcoin in any automatic fashion should immediately suspend trade to protect themselves. 

Who has that kind of hashing power just waiting to be used with a push of a button? Perhaps in future someone with vested interest in protecting bitcoin and hardware that is regularly used for something else? Ok, I can see that happening, but almost any other action you can take when the watchdogs are barking requires choosing the valid block chain with some other criteria than which one is the longest.

Quote
Also, nodes are not anonymous to each other.  It's not trivial, but it is possible to determine from where the new blocks came from. 

Really? How?

Quote
Also, and attacker coming in from outside the network needs at least as much hashing power as the whole honest network, not just 50%.  Just having a simple majority of the hashing power is only enough to make the attack possible, it doesn't make it easy.  To build a chain in the dark, the attacker must have significantly more than the whole of the honest network in order to build his dark chain fast enough to get back far enough to overwrite his intended target block.

That's true if the attacker retroactively decides to rewrite some past block. What I was talking about was, when double spend (or some other attack) is planned in advance, and the attacker starts hashing the dark chain from the same block as honest nodes.
MoonShadow
Legendary
*
Offline Offline

Activity: 1666



View Profile
May 30, 2011, 06:31:57 AM
 #31

Who has that kind of hashing power just waiting to be used with a push of a button?

I'm not at liberty...
Quote
Quote
Also, and attacker coming in from outside the network needs at least as much hashing power as the whole honest network, not just 50%.  Just having a simple majority of the hashing power is only enough to make the attack possible, it doesn't make it easy.  To build a chain in the dark, the attacker must have significantly more than the whole of the honest network in order to build his dark chain fast enough to get back far enough to overwrite his intended target block.

That's true if the attacker retroactively decides to rewrite some past block. What I was talking about was, when double spend (or some other attack) is planned in advance, and the attacker starts hashing the dark chain from the same block as honest nodes.

It's generally true.  It's not so straight forward.

"The powers of financial capitalism had another far-reaching aim, nothing less than to create a world system of financial control in private hands able to dominate the political system of each country and the economy of the world as a whole. This system was to be controlled in a feudalist fashion by the central banks of the world acting in concert, by secret agreements arrived at in frequent meetings and conferences. The apex of the systems was to be the Bank for International Settlements in Basel, Switzerland, a private bank owned and controlled by the world's central banks which were themselves private corporations. Each central bank...sought to dominate its government by its ability to control Treasury loans, to manipulate foreign exchanges, to influence the level of economic activity in the country, and to influence cooperative politicians by subsequent economic rewards in the business world."

- Carroll Quigley, CFR member, mentor to Bill Clinton, from 'Tragedy And Hope'
jed
Full Member
***
Offline Offline

Activity: 165

Jed McCaleb


View Profile WWW
May 30, 2011, 02:28:38 PM
 #32

creighto: Even if you are correct that there is some hidden pool of mining waiting to be put online it doesn't change my original point that bitcoin as it is now depends on everyone trusting a few random people. We are implicitly trusting a couple large miners and a couple pools and your secret hasher.
My argument is that we might as well make this trust explicit. It will be much more efficient, and way more secure.

stellar.org   |    twitter
ene
Jr. Member
*
Offline Offline

Activity: 42


View Profile
May 30, 2011, 06:39:58 PM
 #33

creighto: Even if you are correct that there is some hidden pool of mining waiting to be put online it doesn't change my original point that bitcoin as it is now depends on everyone trusting a few random people. We are implicitly trusting a couple large miners and a couple pools and your secret hasher.
My argument is that we might as well make this trust explicit. It will be much more efficient, and way more secure.

There's no way this would be more secure. Under your system, somebody needs to (1) somehow find out who your "friends" are (who you trust) and (2) make 50% of them dishonest. Under bitcoin, somebody needs to make 50% of everybody dishonest.
jed
Full Member
***
Offline Offline

Activity: 165

Jed McCaleb


View Profile WWW
May 30, 2011, 07:34:08 PM
 #34

trippy: If you follow the thread you see that in bitcoin you don't need to make 50% of the bitcoin users dishonest. There are maybe 3 people that need to colude to break bitcoin or more likely 1 government.
In this proposal you could pick 100 or 1000 random forum users and you would be *way* safer. If you bothered to be more discriminating and actually picked people you knew you would be even safer still.

Also there isn't a way for someone to figure out who you have chosen to trust. (Trust is the wrong word. These are people you don't think are working together. You can actually choose all people taht you know are corrupt as long as they aren't colluding)

stellar.org   |    twitter
ene
Jr. Member
*
Offline Offline

Activity: 42


View Profile
May 30, 2011, 07:48:41 PM
 #35

trippy: If you follow the thread you see that in bitcoin you don't need to make 50% of the bitcoin users dishonest. There are maybe 3 people that need to colude to break bitcoin or more likely 1 government.
In this proposal you could pick 100 or 1000 random forum users and you would be *way* safer. If you bothered to be more discriminating and actually picked people you knew you would be even safer still.

Also there isn't a way for someone to figure out who you have chosen to trust. (Trust is the wrong word. These are people you don't think are working together. You can actually choose all people taht you know are corrupt as long as they aren't colluding)


OK 50% of the computers. But the mining difficulty continues to go up all the time.

Nobody wants to go through the forum and select random users, and yet as soon as you program a computer to do it, people will figure out a way to game it and make it choose untrustworthy users. You seem to require ordinary users to use trust systems, but these have never yet caught on.

I largely agree with Mike Hearn here. Maybe you should have a look at Ripple.

PS Good luck figuring out how the money is initially distributed and later minted.
Meni Rosenfeld
Donator
Legendary
*
expert
Offline Offline

Activity: 1890



View Profile WWW
May 31, 2011, 08:24:23 AM
 #36

Quote from: kjj
You would need not just 50% of the world's hashing power, but closer to 95%+ of it if you wanted to pull off any meaningful BTC scam.
I don't think so. You can steal the vast majority of blocks from then on by storing up blocks you generate and release them only when someone else also solves one. Not sure if you consider that meaningful or not. (There was some long ago thread about this that I can't find now) You could double spend by getting one block ahead of the good network and then just stay ahead until you are ready to drop your one block longer chain.

The time to find a block is not a linear function of your hashing speed, it is a probabilistic process.  Having 10% more power than the other guy doesn't mean you find blocks 10% faster, it means that you have a ~5% chance of finding it before him.

Say that you fraction of the global networking power is X, where 0 <= X <= 1;

The probability that you will be able to do this for one block is X
The probability that you will be able to do this for two blocks is X^2
The probability that you will be able to do this for three blocks is X^3
The probability that you will be able to do this for four blocks is X^4
Etc...

Actually, those are the high end estimates.  In reality, you will need another factor, Y, to correct for the portion of the network that believes in the attack chain.  Over time, Y will get smaller and smaller.

Since this topic keeps coming up over and over again, I'm going to propose a potential solution: every time a node reshuffles, they should make a note of which peer it came from.  More than three reshuffles from the same peer in like 24 hours, and that node is dropped.
These probabilities mistakenly assume that the attacker always builds on the last block.

However, the attack is, as satoshi discusses in his paper, to pick some block to build on and stick to it. If X>0.5 you can cut a branch however long you want, given enough time.

For example, if X=0.6 and you want to cut 10 blocks, after some time period the attacker will find 33 new blocks while the honest network only finds 22, making the attacker's branch win.

1EofoZNBhWQ3kxfKnvWkhtMns4AivZArhr   |   Who am I?   |   bitcoin-otc WoT
Bitcoil - Exchange bitcoins for ILS (thread)   |   Israel Bitcoin community homepage (thread)
Analysis of Bitcoin Pooled Mining Reward Systems (thread, summary)  |   PureMining - Infinite-term, deterministic mining bond
vaisajne
Full Member
***
Offline Offline

Activity: 182

I mine with Genesis Mining - 3% Off with UMANO_17


View Profile WWW
August 22, 2014, 08:30:12 AM
 #37

Bumped in to this old thread. This was probably the starting point for Jed's projects Ripple and now Stellar.

Pages: « 1 [2]  All
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!