|
|
|
|
|
"You Asked For Change, We Gave You Coins" -- casascius
|
|
|
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction.
|
|
|
|
pebwindkraft
|
 |
December 03, 2017, 10:02:34 PM |
|
most people read both forums   this one here is better to have discussions going back and forth. I'd add two things: bitcoin was structured in a way, that game theory-wise it is more beneficial to particpate in the game, than trying to play against it. Renlord has a similiar wording in his reply. I have an issue with your idea of majority attack: I supposed that such an attack is possible if profits are higher than costs. they would not be higher. Currently there is a hashing power of the equivalent to roughly 800.000 mining boxes type "AntMiner S9". This is making the network is stable, resistant and protected. For a 51% attack you'd need to buy 400.000, and bring them on the network (their power cosumption is 1200W, so you'd need a coal or gas power plant, industrial grade level). If you want to "buy" the miners (bribe), then it requires a lot of communication to them, and a financial incentive. Would the miners follow the fork (bribe), if they can see, that they will loose the value of the bitcoins to be mined? I mean, after such an attack would have worked out, the value of bitcoin would run against zero (quickly). What is the remaining incentive for a miner? Your one-time bribe would maybe need to be equivalent to a 1 year income of a miner, and this for 51%. So your invest would need to be in the billion range. Current 12,5BTC reward is ~10.000 EURO/CHF/USD, 6 per hour, 21 per day is 18mio a day. And you need 51% of miners. So who would "accept" your initial transaction, that you even could spend it later on? So from "my" logic, a 51% attack the way you described it, seems not feasable. But maybe there are some experts here, who have a sound knowledge and better understanding? |
|
|
|
|
sigmabe (OP)
Newbie
 Offline
Activity: 22
Merit: 0
|
|
December 03, 2017, 10:10:02 PM |
|
My attack scenario is kind of theoretical type. You can also realise bribing the miners by lending their mining power. I don't know any hardware things, aren't there other coins the miners could mine if PoW currencies go down? I've done this as an assumption in my post on stackexchange.
|
|
|
|
|
sigmabe (OP)
Newbie
Offline
Activity: 22
Merit: 0
|
|
December 03, 2017, 10:24:20 PM |
|
Everything I heard till now are technical arguments, but isn't that a little bit less for an important question. I ask the question if PoW currencies are efficient coins, and everyone who owns any PoW coin should say, this is obvious, because... Where are the PoW coin owners?
|
|
|
|
|
sigmabe (OP)
Newbie
Offline
Activity: 22
Merit: 0
|
|
December 04, 2017, 08:26:41 AM |
|
How can I reach the "forum gurus" to get an answer? Is there a better place on the internet to do discussions like this? Is there any interest in a more detailed explanation of my attack scenario?
|
|
|
|
|
|
pebwindkraft
|
|
December 04, 2017, 09:10:42 AM |
|
not sure how to get to the gurus - usually in such forums there are, or I heard, that there is a bitcoin IRC chat. But hey, gurus don't work on assumptions! I can see the theoretical approach, yes. What makes it a bit complicated, is that there are so many conditions around it, that the attack is not visible anymore. And if these surrounding conditions are true, then you can "bribe" any secure system, be it PoW or anything else... This goes into a trust discussion. In bitcoin/crypto currencies there is an underlying mathematical model on game theory and encryption. I think you need to start talking this language, to get a proper answer. So something like a mathematical calculation of the things happening in your approach. |
|
|
|
|
sigmabe (OP)
Newbie
Offline
Activity: 22
Merit: 0
|
|
December 04, 2017, 09:22:40 AM
Last edit: December 04, 2017, 06:26:36 PM by sigmabe |
|
If there is any interest I could do discussion in a formal way. To be honest, my background is pure maths and not programming or hardware and so I would prefer this way, too, but I thought there would be more interest when we start in a simple way. By the way, I think the problem isn't deeply connected with game theory and encryption, it's more fundamental. I don't see the "many conditions around", we can do the attack quite open.
|
|
|
|
|
sigmabe (OP)
Newbie
Offline
Activity: 22
Merit: 0
|
|
December 04, 2017, 10:07:42 AM
Last edit: December 04, 2017, 06:24:15 PM by sigmabe |
|
To do a realistic attack scenario, the big four mining pools can start today, if they have done their work before.
The big four hold a big short position on PoW currency, that's what I mean by the work before. What do you think will bring PoW currency down? Rewriting 10 blocks of blockchain history? 100? No problem for the big four. So they do this destroying attack and maybe all of their hardware is worthless afterwards, I think that's about one year mining income, say 10 billion $. A loss of 10 billion $!!! But market cap of bitcoin is much higher and maybe the short position is worth 50% of market cap!!! What tells this story to you? Mining costs are too high today, you throw away too much energy, but mining costs are too low to get real security, so you can't have cheaper transactions in future. But than the coin is inefficient. Market cap must be about one year mining income,what's about one year transaction fees in the future, but this makes the coin inefficient.
|
|
|
|
|
sigmabe (OP)
Newbie
Offline
Activity: 22
Merit: 0
|
|
December 04, 2017, 02:56:30 PM
Last edit: December 11, 2017, 10:06:55 PM by sigmabe |
|
For those who want to do some maths just start with doing some calcuations and estimations for costs and benefits in worst case scenario : Costs: Fees for the short position, energy during attack, worthless hardware after attack (this point is only relevant, if there aren't any alt-coins to mine with this hardware) Profits: Double spending benefit, benefit from the short position. How big can costs be? Fees for the short position. There are already short positions on the market, so you can look there. Also you can ask yourself, how many fees do I want if somebody wants to lend bitcoins from me for one day? I think 10 % of the short is realistic. Energy during attack, and worthless hardware In worst case scenario we have worthless hardware and this is the main point, so forget one day energy costs. To calculate costs of hardware you must ask, how long can I use the hardware for mining till I must buy better hardware? I think optimistic is one year. So costs of worthless hardware are less then one year mining profit, which is about 10 billion $ if we trust https://digiconomist.net/bitcoin-energy-consumptionHow big are profits? The only question is, how big can the short option be? This depends on how much does owners trust in the coins. If they think the coin will have nearly the same value one hour later they will give you a short option with the 10% fees. I think there are many owners with this trust, then if you haven't this trust, why do you own any coin? So I think short position with 10% of market cap is possible, that's about 19 billion $ today. So lets do the calculation: Profits - Costs = 19 billion $ - 1,9 billion $ -10 billion $ = 7,1 billion $ How do we prevent this type of attack? We can do mining profits higher, but then the coin gets even more inefficient than it is today. We can sell short positions only with a fee as big as the position? Then the short is unattractiv and currencies which don't allow to lend money are inefficient. So what should be done? |
|
|
|
|
sigmabe (OP)
Newbie
Offline
Activity: 22
Merit: 0
|
|
December 04, 2017, 05:45:25 PM
Last edit: December 04, 2017, 06:42:11 PM by sigmabe |
|
To make calculation even better. I've just seen that it seems to be very easy to go short on cryptos. You find 25x leverage short options on some coin, also on PoW coins minable with usual GPUS. Just do this facts in our calculation so you get with 0 hardware cost (you can use hardware later for everything you want) you can earn something like 20x market cap of of the currency, and by the way you destroy maybe destroy the financial institute who offers the leverage ... There must be a fault... Is there anyone from financial industry here? How can they offer a 25 leverage short on a PoW crypto?
|
|
|
|
|
DannyHamilton
Legendary
Offline
Activity: 3388
Merit: 4616
|
|
December 04, 2017, 06:23:46 PM |
|
If an attacker can complete a majority attack and rewrite historical blocks, then they have full control over which transactions make it into the blockchain and which don't. The fact that they have a short position doesn't matter. There are MANY ways they can profit with a majority attack.
Is POW vulnerable to a majority attack? Yes. It always has been. This is not new information. Fortunately, the incentive structures are set up in such a way that there are very few scenarios where it is more profitable to engage in a majority attack than it is to simply mine cooperatively. In the 9 years that bitcoin has existed, there has been no recorded instance of a successful majority attack.
|
|
|
|
|
sigmabe (OP)
Newbie
Offline
Activity: 22
Merit: 0
|
|
December 04, 2017, 06:32:35 PM
Last edit: December 04, 2017, 06:51:50 PM by sigmabe |
|
In the "MANY ways" to profit from majority attack, often the argument is, that miners wouldn't do this because they don't profit from the attack. But why wouldn't miners profit in my scenario? I think shorts on financial products can be very dangerous especially leveraged shorts. They aren't very easy to get till now, but with the current hype many financial institutes are going to offer such products, so situation has maybe changed.
But if there is no logical reason against majority attack, just empirical data from 9 years, why do the owners trust bitcoin?
|
|
|
|
|
DannyHamilton
Legendary
Offline
Activity: 3388
Merit: 4616
|
|
December 04, 2017, 06:59:46 PM |
|
In the "MANY ways" to profit from majority attack, often the argument is, that miners wouldn't do this because they don't profit from the attack. But why wouldn't miners profit in my scenario? I think shorts on financial products can be very dangerous especially leveraged shorts. They aren't very easy to get till now, but with the current hype many financial institutes are going to offer such products, so situation has maybe changed.
I'll have to take a closer look at your example, because at first glance it doesn't seem to overcome the financial incentives to work cooperatively. But if there is no logical reason against majority attack, just empirical data from 9 years, why do the owners trust bitcoin?
Fortunately, the incentive structures are set up in such a way that there are very few scenarios where it is more profitable to engage in a majority attack than it is to simply mine cooperatively It just isn't typically profitable. It is too difficult and expensive to gain control over enough hash power for a long enough amount of time to make the attack profitable. If you do have control over enough hash power to complete the attack, then in the majority of scenarios it is more profitable to engage cooperatively than maliciously. In those scenarios where there might be a risk that malicious mining could be profitable, the user can typically overcome that by waiting for a few extra confirmations. |
|
|
|
|
hatshepsut93
Legendary
Offline
Activity: 2968
Merit: 2145
|
|
December 05, 2017, 05:54:38 AM |
|
I believe that scenario of bribing enough miners to execute majority attack is extremely unlikely.
Because most of their equipment will be rendered useless after succesful attack, due to Bitcoin's price likely crashing to very low levels, the price of bribing should be worth more than the sum of their potential profits from honest mining for some next few years; also there's a problem that when you will approach miners with your propositions, the honest ones will warn community that someone is planning an attack.
Opening short positions would certainly increase revenue for this attack, but it probably won't be enough to make it profitable. With double-spending attack you want to send and sell as much coins as possible with as little confirmations as possible, but because of Bitcoin's public nature double spending attempts are very likely to be detected from the start, and your massive shorting will only reinforce suspicions, so countermeasures like raising confirmations or freezing your accounts are likely to be taken quickly. It's also hard and very risky to try getting profit from double spending for another reason - your goal is to sell Bitcoins and then roll them back, but any assets that you get from this attack can also be rolled back - banks will probably freeze your accounts, you are likely to be physically tracked if the deal was in cash, gold or other physical asset. So, if you will take everything into equation of profitability for double spending attack, including risks, it seems like even massive shorting is unlikely to make it profitable.
|
|
|
|
Colorblind
Member
Offline
Activity: 392
Merit: 41
This text is irrelevant
|
|
December 05, 2017, 06:35:00 AM |
|
most people read both forums this one here is better to have discussions going back and forth. I'd add two things: bitcoin was structured in a way, that game theory-wise it is more beneficial to particpate in the game, than trying to play against it. Renlord has a similiar wording in his reply. I have an issue with your idea of majority attack: I supposed that such an attack is possible if profits are higher than costs. they would not be higher. Currently there is a hashing power of the equivalent to roughly 800.000 mining boxes type "AntMiner S9". This is making the network is stable, resistant and protected. For a 51% attack you'd need to buy 400.000, and bring them on the network (their power cosumption is 1200W, so you'd need a coal or gas power plant, industrial grade level). If you want to "buy" the miners (bribe), then it requires a lot of communication to them, and a financial incentive. Would the miners follow the fork (bribe), if they can see, that they will loose the value of the bitcoins to be mined? I mean, after such an attack would have worked out, the value of bitcoin would run against zero (quickly). What is the remaining incentive for a miner? Your one-time bribe would maybe need to be equivalent to a 1 year income of a miner, and this for 51%. So your invest would need to be in the billion range. Current 12,5BTC reward is ~10.000 EURO/CHF/USD, 6 per hour, 21 per day is 18mio a day. And you need 51% of miners. So who would "accept" your initial transaction, that you even could spend it later on? So from "my" logic, a 51% attack the way you described it, seems not feasable. But maybe there are some experts here, who have a sound knowledge and better understanding? Yeah, attacking Bitcoin with this strategy is insane. Attacking some other coin with rapid hash-power injection to artificially fork coin after funds was accepted (on some altcoin exchange) could be possible. |
|
|
|
|
sigmabe (OP)
Newbie
Offline
Activity: 22
Merit: 0
|
|
December 06, 2017, 01:53:55 PM
Last edit: December 06, 2017, 03:45:38 PM by sigmabe |
|
There is still one essential point without an answer: Can high leverage short positions and security of a decentralized PoW-coin go together. In an majority-attack scenario, aimed to decrease value of a PoW-coin maybe -10% and get profit from a short position we hold during attack, we can leverage profits by leveraging the short. Of course there are risks and costs in an attack, but to hold security of a decentralized PoW-coin we must be able to leverage risks and costs when there's an attacker who can leverage his profits. So are there defending lines for such an attack, which can be leveraged? The usual defending lines I know and which where suggested years ago are mentioned in https://www.cryptocoinsnews.com/4-lines-defence-51-attack/But could they really prevent decreasing value -10%? If the defending lines are used they also decrease trust I currency, because they are like doing big things like "Distributed Denial of service attack" or "coding changes at the protocol level". And how can you leverage these defending lines? One defending line - maybe the strongest - is the "coding changes at the protocol level" you find in http://gavintech.blogspot.de/2012/05/neutralizing-51-attack.htmlis something like doing a PoW-PoS hybrid suddenly. Are these "code changes" already done? Is the moment when you can first time hold high leverage short position very simple (which is in a view weeks) not the time to do this coding change and so bitcoin goes from PoW to some kind of PoW-PoS hybrid? |
|
|
|
|
sigmabe (OP)
Newbie
Offline
Activity: 22
Merit: 0
|
|
December 07, 2017, 02:31:44 PM |
|
There is still much interest in reading this threat, but not in answering. Yes, there are some answers, but not to the main point, which asks about (leveraged) shorts used in PoW-currency attacks. Is it quite clear and discussed many times before, then please just give a small hint or a link and everything is done. I know only one threat where short are already discussed as a possible danger and this was years ago in https://bitcoin.stackexchange.com/questions/32432/profit-possibility-for-colluding-with-51-attacker?noredirect=1&lq=1and also there is no answer which keeps me calm. |
|
|
|
|
|
rexter
|
|
December 07, 2017, 10:07:45 PM |
|
We do our transactions with a higher value than mining benefits from N blocks,we do our transaction and waiting for confimation so if the transaction is accepted by assumption 1.Than we bribe the majority of miners to create a fork to make our transaction undone.The bribe are egoistic and not interested in keeping the currency alive by assumption 2.The bribe pay very low cost than the promised win!Then the PoW currency maybe goes down, but the bribed miners can go to mine the alt coin without any loss, what is possible by assumation 4.I think we can skip assumption 3 by doing the attack with a short position which means we do the high value transaction in the beginning with cryptos we have lended. I seems clear that the currency goes down after such a big attack and so we even profit from the short.
|
|
|
|
|
sigmabe (OP)
Newbie
Offline
Activity: 22
Merit: 0
|
|
December 09, 2017, 04:11:19 PM
Last edit: December 12, 2017, 12:58:29 PM by sigmabe |
|
@rexter: You have quoted parts of the question I asked on stack exchange. But why? Is this just spaming the thread?
|
|
|
|
|
|
|
|
