Qoheleth
Legendary
 Offline
Activity: 960
Merit: 1028
Spurn wild goose chases. Seek that which endures.
|
 |
February 06, 2013, 12:26:47 AM |
|
Could you just run 2 clients using different chains and live in both worlds?
I believe the chain with the smallest user base will die... What's a user base? How can you tell whether people trust A-Bitcoins or B-Bitcoins or R-Bitcoins or... et cetera et cetera? Today, we trust a hashrate-weighted poll of miners; whichever branch has the most hashing power determines the "true" blockchain. If you have a better proposal for choosing which ledger is communally accepted, let's hear it, because if it's good enough to solve this problem it's good enough to use instead of mining. How easy is there for an attacker to keep the forks separated from each other for days so they get past the "rollback limit"? That would be hard to manage.
They have more hashing power than the rest of the network put together, or they couldn't execute a 51% attack to begin with. Thus, by definition, they can mine in parallel with the rest of the network and keep up. So however many branches exist with someone else mining on them, this adversary is able to equally mine a branch of it. |
If there is something that will make Bitcoin succeed, it is growth of utility - greater quantity and variety of goods and services offered for BTC. If there is something that will make Bitcoin fail, it is the prevalence of users convinced that BTC is a magic box that will turn them into millionaires, and of the con-artists who have followed them here to devour them.
|
|
|
|
|
|
|
|
Once a transaction has 6 confirmations, it is extremely unlikely that an attacker without at least 50% of the network's computation power would be able to reverse it.
|
|
|
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction.
|
|
|
|
|
|
|
DannyHamilton
Legendary
Offline
Activity: 3388
Merit: 4616
|
|
February 06, 2013, 12:36:28 AM |
|
I suspect that there is a reason that none of the many attempts to create a crypto-currency succeeded until Satoshi put together the idea of a proof-of-work transaction ledger. Attempting to short-circuit this solution simply results in a currency that becomes more and more like the many that failed in the past, and more and more likely to fail for the same reasons. There is enough risk with the checkpoints that are already coded into the clients. Trying to create a moving checkpoint that tries to actively keep up with the blockchain as it grows sounds like a disaster to me. If it was implemented, I'd probably abandon bitcoin and look for something else.
|
|
|
|
|
Matthew N. Wright
Untrustworthy
Hero Member
Offline
Activity: 588
Merit: 500
Hero VIP ultra official trusted super staff puppet
|
|
February 06, 2013, 12:37:22 AM |
|
I'd probably abandon bitcoin and look for something else.
(Start by getting into Ripple just in case!) |
|
|
|
Kupsi (OP)
Legendary
Offline
Activity: 1193
Merit: 1003
9.9.2012: I predict that single digits... <- FAIL
|
|
February 06, 2013, 12:37:39 AM |
|
Could you just run 2 clients using different chains and live in both worlds?
I believe the chain with the smallest user base will die... What's a user base? How can you tell whether people trust A-Bitcoins or B-Bitcoins or R-Bitcoins or... et cetera et cetera? Today, we trust a hashrate-weighted poll of miners; whichever branch has the most hashing power determines the "true" blockchain. If you have a better proposal for choosing which ledger is communally accepted, let's hear it, because if it's good enough to solve this problem it's good enough to use instead of mining. User base... fewest users. Sorry for my bad English. What I'm suggesting isn't perfect. But if you set the rollback limit big enough, it can't be worse than how it is today. How easy is there for an attacker to keep the forks separated from each other for days so they get past the "rollback limit"? That would be hard to manage.
They have more hashing power than the rest of the network put together, or they couldn't execute a 51% attack to begin with. Thus, by definition, they can mine in parallel with the rest of the network and keep up. So however many branches exist with someone else mining on them, this adversary is able to equally mine a branch of it. They need a decent percent of the users on each fork if they shall succeed. |
|
|
|
|
Qoheleth
Legendary
Offline
Activity: 960
Merit: 1028
Spurn wild goose chases. Seek that which endures.
|
|
February 06, 2013, 12:44:15 AM |
|
User base... fewest users. Sorry for my bad English.
What I'm suggesting isn't perfect. But if you set the rollback limit big enough, it can't be worse than how it is today. How do you tell how many users are using a particular fork? |
If there is something that will make Bitcoin succeed, it is growth of utility - greater quantity and variety of goods and services offered for BTC. If there is something that will make Bitcoin fail, it is the prevalence of users convinced that BTC is a magic box that will turn them into millionaires, and of the con-artists who have followed them here to devour them.
|
|
|
Kupsi (OP)
Legendary
Offline
Activity: 1193
Merit: 1003
9.9.2012: I predict that single digits... <- FAIL
|
|
February 06, 2013, 12:46:25 AM |
|
I suspect that there is a reason that none of the many attempts to create a crypto-currency succeeded until Satoshi put together the idea of a proof-of-work transaction ledger. Attempting to short-circuit this solution simply results in a currency that becomes more and more like the many that failed in the past, and more and more likely to fail for the same reasons. There is enough risk with the checkpoints that are already coded into the clients. Trying to create a moving checkpoint that tries to actively keep up with the blockchain as it grows sounds like a disaster to me. If it was implemented, I'd probably abandon bitcoin and look for something else.
So, if I change my client so it does this, would you abandon bitcoin? No one can stop me  |
|
|
|
|
DannyHamilton
Legendary
Offline
Activity: 3388
Merit: 4616
|
|
February 06, 2013, 12:49:17 AM |
|
I suspect that there is a reason that none of the many attempts to create a crypto-currency succeeded until Satoshi put together the idea of a proof-of-work transaction ledger. Attempting to short-circuit this solution simply results in a currency that becomes more and more like the many that failed in the past, and more and more likely to fail for the same reasons. There is enough risk with the checkpoints that are already coded into the clients. Trying to create a moving checkpoint that tries to actively keep up with the blockchain as it grows sounds like a disaster to me. If it was implemented, I'd probably abandon bitcoin and look for something else.
So, if I change my client so it does this, would you abandon bitcoin? No one can stop me Nope, but I and all the other bitcoin users won't be using your client. So if a reorganization occurs that puts the rest of the bitcoin world on a different blockchain than you, then you'll just have to accept the world's blockchain anyhow, defeating the purpose of your client. |
|
|
|
|
Kupsi (OP)
Legendary
Offline
Activity: 1193
Merit: 1003
9.9.2012: I predict that single digits... <- FAIL
|
|
February 06, 2013, 12:50:42 AM |
|
I suspect that there is a reason that none of the many attempts to create a crypto-currency succeeded until Satoshi put together the idea of a proof-of-work transaction ledger. Attempting to short-circuit this solution simply results in a currency that becomes more and more like the many that failed in the past, and more and more likely to fail for the same reasons. There is enough risk with the checkpoints that are already coded into the clients. Trying to create a moving checkpoint that tries to actively keep up with the blockchain as it grows sounds like a disaster to me. If it was implemented, I'd probably abandon bitcoin and look for something else.
So, if I change my client so it does this, would you abandon bitcoin? No one can stop me Nope, but I and all the other bitcoin users won't be using your client. So if a reorganization occurs that puts the rest of the bitcoin world on a different blockchain than you, then you'll just have to accept the world's blockchain anyhow, defeating the purpose of your client. When the original blockchain is rolled back 12 months, people will jump over to my blockchain  |
|
|
|
|
Kupsi (OP)
Legendary
Offline
Activity: 1193
Merit: 1003
9.9.2012: I predict that single digits... <- FAIL
|
|
February 06, 2013, 12:52:22 AM |
|
User base... fewest users. Sorry for my bad English.
What I'm suggesting isn't perfect. But if you set the rollback limit big enough, it can't be worse than how it is today. How do you tell how many users are using a particular fork? Time will tell... (Time to go to bed.) |
|
|
|
|
pointbiz
Sr. Member
Offline
Activity: 437
Merit: 415
1ninja
|
|
February 06, 2013, 01:08:08 PM |
|
You have not properly stated what would happen during the rollback. Let me explain.
Your scenario involves the good chain and a bad chain. The good chain is the one that manually gets checkpoints in the Satoshi client. Checkpointing is not part of the Satoshi white paper. It is just a way for the devs to tell us what chain they use and to put a limit (like u r demanding) on a rollback. It goes against the theory and is only not controversial because Satoshi went along with it.
During a rollback that goes back to the last Gavin checkpoint the attacker with the bad chain can only double spend coins that he owned before Gavin's checkpoint. He can also exclude everyone's transactions from the block chain that happened since the chechpoint. Or maybe he won't exclude people's transactions therefore most won't care which chain is good or bad. Let's assume this is a none monetary attacker where the goal is to discredit Bitcoin. So we will assume he has excluded ever transaction he doesn't own. Every node on the network will still know about these transactions they will just become unconfirmed... that is the WORST case scenario. Once the attack is over those transactions can be reconfirmed. Also everyone will still have the shorter good chain on disk it is not like it would be deleted.
|
|
|
|
JoelKatz
Legendary
Offline
Activity: 1596
Merit: 1012
Democracy is vulnerable to a 51% attack.
|
|
February 06, 2013, 01:23:08 PM |
|
During a rollback that goes back to the last Gavin checkpoint the attacker with the bad chain can only double spend coins that he owned before Gavin's checkpoint. He can also exclude everyone's transactions from the block chain that happened since the chechpoint. Or maybe he won't exclude people's transactions therefore most won't care which chain is good or bad. Let's assume this is a none monetary attacker where the goal is to discredit Bitcoin. So we will assume he has excluded ever transaction he doesn't own. Every node on the network will still know about these transactions they will just become unconfirmed... that is the WORST case scenario. Once the attack is over those transactions can be reconfirmed. Also everyone will still have the shorter good chain on disk it is not like it would be deleted.
You're assuming an attacker trying to discredit Bitcoin who doesn't actually do anything to discredit Bitcoin! A realistic attacker would deposit a large number of Bitcoins to Mt. Gox and then wait. When he introduces his own rollback chain, it will include a double spend of that deposit to Mt. Gox. This will invalidate all transactions that re-spend those coins, all transactions that re-spend outputs of transactions that spend those coins, and so on. With just a bit of effort, he can invalidate a significant fraction of the transactions that occurred in that time period. He could probably invalidate more than half of them with moderate effort. He doesn't even need a lot of money to do this. He can deposit, withdraw different coins, and deposit again. He can then double spend both of those deposits, doing double damage with the same coins. (Assuming that double-spending his first deposit doesn't contaminate his own withdrawal. But if it does, then he's already doing major damage.) |
I am an employee of Ripple. Follow me on Twitter @JoelKatz
1Joe1Katzci1rFcsr9HH7SLuHVnDy2aihZ BM-NBM3FRExVJSJJamV9ccgyWvQfratUHgN
|
|
|
Kupsi (OP)
Legendary
Offline
Activity: 1193
Merit: 1003
9.9.2012: I predict that single digits... <- FAIL
|
|
February 06, 2013, 08:16:04 PM |
|
During a rollback that goes back to the last Gavin checkpoint the attacker with the bad chain can only double spend coins that he owned before Gavin's checkpoint. He can also exclude everyone's transactions from the block chain that happened since the chechpoint. Or maybe he won't exclude people's transactions therefore most won't care which chain is good or bad. Let's assume this is a none monetary attacker where the goal is to discredit Bitcoin. So we will assume he has excluded ever transaction he doesn't own. Every node on the network will still know about these transactions they will just become unconfirmed... that is the WORST case scenario. Once the attack is over those transactions can be reconfirmed. Also everyone will still have the shorter good chain on disk it is not like it would be deleted.
You're assuming an attacker trying to discredit Bitcoin who doesn't actually do anything to discredit Bitcoin! A realistic attacker would deposit a large number of Bitcoins to Mt. Gox and then wait. When he introduces his own rollback chain, it will include a double spend of that deposit to Mt. Gox. This will invalidate all transactions that re-spend those coins, all transactions that re-spend outputs of transactions that spend those coins, and so on. With just a bit of effort, he can invalidate a significant fraction of the transactions that occurred in that time period. He could probably invalidate more than half of them with moderate effort. He doesn't even need a lot of money to do this. He can deposit, withdraw different coins, and deposit again. He can then double spend both of those deposits, doing double damage with the same coins. (Assuming that double-spending his first deposit doesn't contaminate his own withdrawal. But if it does, then he's already doing major damage.) An attacker don't need to do a double spend with his own coins. All mined coins from the rolled back blocks will disappear, making all transaction that can be traced back to these coins invalid. |
|
|
|
|
|
