ASICMiner chips out of fab next week

[Meni Rosenfeld]

As long as they remain below the 'magic' 50% threshold and perhaps spread out their hashing power over all the pools so everyone can see they are not out to take over the blockchain.... then what is wrong with that ?

There is nothing magic about 50%, see the bitcoin paper for  the odds for successful reversals for various wait times and attacker powers... Though my understanding is that the asicminer first run was going to be 12TH/s, not 6TH/s.

There is certainly something magic about 50%. With more than 50%, the success probability is always 100%. With less than 50%, success is not guaranteed and the probability depends on the number of confirmations. The magic is clearly visible in the graphs in AoHBDS.

The practical effects of this magic is a subject for more nuanced discussion.

[1715609728]

1715609728

[1715609728]

1715609728

[1715609728]

1715609728

[memvola]

great, how many times have you visited their facilities?

As I already explained in this thread, anyone, including them, can be malicious. What I'm saying in the comment you've responded to is, they don't need PR, hence we didn't end up with endless conflicting claims and excuses. I don't think the argument is too complicated.

[makomk]

There is nothing magic about 50%, see the bitcoin paper for  the odds for successful reversals for various wait times and attacker powers... Though my understanding is that the asicminer first run was going to be 12TH/s, not 6TH/s.

There's actually a very sharp threshold at 50% where an attack goes from being almost certain to fail to being certain to succeed. In practice it's a bit fuzzier than that because there's no way of knowing exactly how close you are to having 50%, but in theory there's no middle ground at all.

[Meni Rosenfeld]

There is nothing magic about 50%, see the bitcoin paper for  the odds for successful reversals for various wait times and attacker powers... Though my understanding is that the asicminer first run was going to be 12TH/s, not 6TH/s.

There's actually a very sharp threshold at 50% where an attack goes from being almost certain to fail to being certain to succeed. In practice it's a bit fuzzier than that because there's no way of knowing exactly how close you are to having 50%, but in theory there's no middle ground at all.

Not quite. The chance of success is continuous, if your hashrate is slightly below 50% your chance is only slightly below 100%. That chance can be lowered by waiting for more confirmations, but that can be countered by making the hashrate even closer to 50%. With 50% and up it's always 100%. Really, graphs explain this better than words.

[crazyates]

Here's what I don't get: You need about 30% of the network hashrate to have a 20% chance to maliciously attack the network and then get 6 confirmations. Am I reading that doublespend.pdf right? If you had access to that much hashpower, why would you not just mine for like a week, get thousands of coins, and buy and island somewhere in the Pacific?

[Meni Rosenfeld]

Here's what I don't get: You need about 30% of the network hashrate to have a 20% chance to maliciously attack the network and then get 6 confirmations. Am I reading that doublespend.pdf right? If you had access to that much hashpower, why would you not just mine for like a week, get thousands of coins, and buy and island somewhere in the Pacific?

That's the point - we need to choose the number of confirmations so that it will not be economical for an attacker to attack. Analysis of the probabilities helps with that.

How many confirmations is that depends on the availability of spending options and many other factors, and is touched on the economic analysis section. For example, if Mtgox accepts deposits of 100K BTC after 6 confirmations and then allows withdrawing this in other coins, trying to double-spend suddenly starts to look lucrative. Which is a reason for Mtgox to have other security measures to prevent that (delay withdrawals of large amounts, withdraw with the customer's deposited coins...).

[crazyates]

Here's what I don't get: You need about 30% of the network hashrate to have a 20% chance to maliciously attack the network and then get 6 confirmations. Am I reading that doublespend.pdf right? If you had access to that much hashpower, why would you not just mine for like a week, get thousands of coins, and buy and island somewhere in the Pacific?

That's the point - we need to choose the number of confirmations so that it will not be economical for an attacker to attack. Analysis of the probabilities helps with that.

How many confirmations is that depends on the availability of spending options and many other factors, and is touched on the economic analysis section. For example, if Mtgox accepts deposits of 100K BTC after 6 confirmations and then allows withdrawing this in other coins, trying to double-spend suddenly starts to look lucrative. Which is a reason for Mtgox to have other security measures to prevent that (delay withdrawals of large amounts, withdraw with the customer's deposited coins...).

You mean kinda like how the bank only lets me spend $500 of a check (when I deposit it thru an ATM) until the check fully clears, just in that off case it bounces and the bank is stuck with the bill? What a novel idea!

[Meni Rosenfeld]

Here's what I don't get: You need about 30% of the network hashrate to have a 20% chance to maliciously attack the network and then get 6 confirmations. Am I reading that doublespend.pdf right? If you had access to that much hashpower, why would you not just mine for like a week, get thousands of coins, and buy and island somewhere in the Pacific?

That's the point - we need to choose the number of confirmations so that it will not be economical for an attacker to attack. Analysis of the probabilities helps with that.

How many confirmations is that depends on the availability of spending options and many other factors, and is touched on the economic analysis section. For example, if Mtgox accepts deposits of 100K BTC after 6 confirmations and then allows withdrawing this in other coins, trying to double-spend suddenly starts to look lucrative. Which is a reason for Mtgox to have other security measures to prevent that (delay withdrawals of large amounts, withdraw with the customer's deposited coins...).

You mean kinda like how the bank only lets me spend $500 of a check (when I deposit it thru an ATM) until the check fully clears, just in that off case it bounces and the bank is stuck with the bill? What a novel idea!

I didn't say it's a novel idea. I said it's something Mtgox would need to do; and to spare customers from inconvenience they will need to find out an optimal solution which is secure but with as little hassle as possible. To do that they need to know what "secure" is. Not sure if sarcastic and if so, what your hostility is about.

[crazyates]

Here's what I don't get: You need about 30% of the network hashrate to have a 20% chance to maliciously attack the network and then get 6 confirmations. Am I reading that doublespend.pdf right? If you had access to that much hashpower, why would you not just mine for like a week, get thousands of coins, and buy and island somewhere in the Pacific?

That's the point - we need to choose the number of confirmations so that it will not be economical for an attacker to attack. Analysis of the probabilities helps with that.

How many confirmations is that depends on the availability of spending options and many other factors, and is touched on the economic analysis section. For example, if Mtgox accepts deposits of 100K BTC after 6 confirmations and then allows withdrawing this in other coins, trying to double-spend suddenly starts to look lucrative. Which is a reason for Mtgox to have other security measures to prevent that (delay withdrawals of large amounts, withdraw with the customer's deposited coins...).

You mean kinda like how the bank only lets me spend $500 of a check (when I deposit it thru an ATM) until the check fully clears, just in that off case it bounces and the bank is stuck with the bill? What a novel idea!

I didn't say it's a novel idea. I said it's something Mtgox would need to do; and to spare customers from inconvenience they will need to find out an optimal solution which is secure but with as little hassle as possible. To do that they need to know what "secure" is. Not sure if sarcastic and if so, what your hostility is about.

Ya I was a little sarcastic, but only in that I meant it's a good idea for MtGox to do, esp for large transactions.

[420]

so ASICMiner's goal is to break 50% of hashing power?

[punin]

so ASICMiner's goal is to break 50% of hashing power?

[420]

Troll Completed

[nathanrees19]

so ASICMiner's goal is to break 50% of hashing power?

0/10

[DutchBrat]

Update

This is a quick update. Please expect more details soon.

1. Our wafers are already in the slicing and packaging service. Whether we could beat everyone else in early delivering, or we have to revise and redo the wafers, will be known within the next two weeks.

2. All shareholders who have ambiguous Bitcoin addresses will receive the confirmation mails within this week.

3. We will make ASICMINER re-hosted after the confirmations, as well as the platform decided. It will not be later
than our first deploying and the first payment to shareholders.

[niko]

Didn't BFL already have their chips "out of fab" - only to find out they didn't work as intended?  And what about bASIC, it also got delayed close to the final stages?  Six confirmations, or it didn't happen.

[Jutarul]

Didn't BFL already have their chips "out of fab" - only to find out they didn't work as intended?  And what about bASIC, it also got delayed close to the final stages?  Six confirmations, or it didn't happen.

There exist different quality requirements for BFL/bASIC and ASICMINER, because the former want to sell customer ready equipment while ASICMINER may be able to cope with some deficiencies.. (e.g. limited lifetimes, strong clock variability, no enclosure, ... ). Thus ASICMINER has a higher tolerance from the get go. When they enter the business phase of selling hardware they could also categorize the chips by quality measures and only sell grade A chips to customers, while lower grades are used for direct mining.

[meowmeowbrowncow]

Didn't BFL already have their chips "out of fab" - only to find out they didn't work as intended?  And what about bASIC, it also got delayed close to the final stages?  Six confirmations, or it didn't happen.

There exist different quality requirements for BFL/bASIC and ASICMINER, because the former want to sell customer ready equipment while ASICMINER may be able to cope with some deficiencies.. (e.g. limited lifetimes, strong clock variability, no enclosure, ... ). Thus ASICMINER has a higher tolerance from the get go. When they enter the business phase of selling hardware they could also categorize the chips by quality measures and only sell grade A chips to customers, while lower grades are used for direct mining.

Gah, you are taunting me with your asicminer ownership.  Get these shares on an exchange already.

[Bogart]

1. Our wafers are already in the slicing and packaging service. Whether we could beat everyone else in early delivering, or we have to revise and redo the wafers, will be known within the next two weeks.

It's nice to see the possibility of needing a respin being mentioned up front, as well as a timeline given for when this will be known.  That's in contrast to a couple other vendors I can think of.

[gmaxwell]

There is certainly something magic about 50%. With more than 50%, the success probability is always 100%. With less than 50%, success is not guaranteed and the probability depends on the number of confirmations. The magic is clearly visible in the graphs in AoHBDS.

The practical effects of this magic is a subject for more nuanced discussion.

At just >50% you probability of success is only "always 100%" after infinite time (for an arbitrarily large reorg). With <50% you can attack multiple times and be successful at least once after enough tries.  There is a tradeoff that makes different values of attacks against different amount of confirmations economically viable for different levels of hashpower, but it's easy to overstate a the significance of having a simple majority.

Someone with— say— 40% hashpower can happily create six block reorgs with enough success that they can be profitable for transaction values which are not unusually high. The practical position for someone with 50.1% is hardly any different, especially considering that additional hashpower coming on line or users adopting a checkpoint before their fork gets ahead creates considerable chance of failure even if their current rate would be a majority— so the long attacks that a majority makes _theoretical_ possible are probably much riskier than the short attacks that available to someone with a large but not majority hashpower. A seven block reorg is all you need to rob mtgox.  And why would you attack if you had all that hash power?  If you've compromised the systems controlling a significant consolation you may well decide to both attack and take all the coins you can... Doing so has a good short term payoff so long as your attack isn't great enough to instantly undermine confidence in Bitcoin with certainty.

[bitboyben]

These things out yet? any updates?