Satoshi’s actual vision:We consider the scenario of an attacker trying to generate an alternate chain faster than the honest chain. Even if this is accomplished, it does not throw the system open to arbitrary changes, such as creating value out of thin air or taking money that never belonged to the attacker. Nodes are not going to accept an invalid transaction as payment, and honest nodes will never accept a block containing them. An attacker can only try to change one of his own transactions to take back money he recently spent.
I dislike quoting Satoshi in this context, as if for argument from authority. The explanation below was drafted in my own words, off the top of my head, before I went back to refresh my memory on what the Bitcoin whitepaper says. It is a document now primarily of historical interest, although some of its astonishing technical insights are still quite relevant.
Whereas
that is the sacred design of Bitcoin v0.1. Just sayin’.
You asswipe.
nullius (you fucking liar)
My, my, Mr Bear. Something must have rankled.
So, anyway, you may be an audio engineer
(hereby stated upon information and belief). In that case, you should easily understand this analogy: Your knowledge of Bitcoin security and of Segwit is on the same level as the audio knowledge of people who believe that in PCM digital audio, the number of samples per second determines the sizes of the tiny little stair-steps in the output waveform.
You may not need a lecture about Nyquist, but you certainly have much to learn about Bitcoin.
For others reading this thread, PSA: There are no tiny little stair-steps. In accord with the Nyquist Theorem, the discrete samples mathematically reproduce a perfectly smooth waveform. And no, a miner “ANYONECANSPEND” attack on Segwit could not steal coins. This is basic stuff...
I must misunderstand you somehow. You seem to be saying that: should a majority of SAH256 mining power choose to revert to pre-segwit protocol, and to defend that decision by attacking any competing chain, they would be literally unable to do so. Is that your claim?
Yes, indeed. To help you understand why, let me fix this for you:
I must misunderstand you somehow. You seem to be saying that: should a majority of SHA256 mining power choose to revert to pre-segwit protocol violate consensus rules by arbitrarily spending coins without the needed signatures, inflating the money supply, or whatever else may suit their whims, and to defend that decision by attacking any competing chain, they would be literally unable to do so. Is that your claim?
My claim is only and exactly that in accord with Bitcoin’s security model, the violation of Segwit rules is
the same as the violation of any other consensus rules.
For miners to “revert” Segwit would be no different in practice than for malicious miners to activate new rules implementing demurrage that eats up your coins in cold storage, or creating 21 trillion new bitcoins, or letting them spend any coin they want without checking signatures.
Which they are “literally unable to do”.
Because the code for nodes to accept such things does not exist. Code to “revert to a pre-Segwit protocol” literally does not exist in Core. If it did, that would be a hell of a CVE.
Why is this so hard for some people to understand? Is it a matter of confusion over “ANYONECANSPEND”? That is only a cute trick to add new rules without confusing non-upgraded nodes. It is otherwise irrelevant. Segwit nodes do not have a codepath that lets miners make them switch off Segwit validation logic and treat Segwit transactions as spendable by anyone. Segwit nodes will neither accept nor propagate blocks that violate the totality of their hardcoded consensus rules—a set of rules which, following the August 2017 activation, includes all Segwit rules (thus both permitting and enforcing Segwit transactions). So, good luck carrying off an “attack” with blocks that will be
ignored as if completely nonexistent by every node that has upgraded since
October 2016,
i.e. pretty much everybody. It’s the dumbest attack idea that I have ever heard of.
A colluding malicious
majority of hashpower could indeed wreck Bitcoin. Or BCH. Or BSV. Or any other coin based on any similar design.
To do so, violating consensus rules is neither necessary, nor sufficient, nor profitable: They could instead just rewrite blockchain history with a plain-old 51% attack that will fool validating nodes (but can only achieve double-spends).
N.b. that a 51% attack is by its nature an attack on “any competing chain” (
i.e., the other 49%’s chain). Again: This does not even require violating consensus rules; and non-mining nodes are totally powerless against it!
For that reason, a malicious majority of hashpower is a threat explicitly beyond the scope of Bitcoin’s security model. That is n00b-level knowledge. Is it news to you?
But even a malicious majority of miners cannot steal coins that they never owned—Segwit or otherwise.
You can’t have your cake and eat it, too. The rules for spending coins sent to an address starting with a “1” are enforced by exactly the same security model as protects coins sent to addresses starting with “bc1”. Whereas you are trying artifically to construct some notion of a hashpower majority attack which can violate some consensus rules, whilst remaining bound by others. You don’t know how to ask the right question,
viz.: What stops miners from just spending any coins they want? Answer: Consensus rules. Enforced by validating nodes. Just as Satoshi said in the Bitcoin whitepaper. That was his vision.
I have said before, and I will say again:
Full nodes do not blindly “follow the longest chain”. They follow the chain independently validated by them which has the highest total POW. A miner (or 51+% of miners) who produced invalid blocks would only be wasting hashrate, and likely risking widespread blacklisting of IP addresses. It doesn’t matter if the invalid blocks steal money from Segwit transactions, steal money from old-style transactions, create 21 billion new coins, or are filled with gibberish from /dev/random. An invalid block is an invalid block, and shall be promptly discarded by all full nodes—period.
More than half of this post was cut on preview, to avoid waste. The rest can be summed up as (a) jbreher continues to do his usual Faketoshi apologia whilst denying it, (b) he lacks reading comprehension skills, and (c) he is correct on one point: I have no experience whatsoever with popular music. I do not produce it. I do not even listen to it! Not all music is pop.
Poll
