amincd (OP)
|
|
July 05, 2011, 12:10:59 AM |
|
This article, thinly masquerading as a scholarly work, is full of crap. It is a clear example of what happens when a non-programmer, non-technical person combines a word processor with a PDF creation tool.
The author, Ben Laurie, is actually a software engineer and cryptographer. With 'truly valuable' I mean value that can be depended on, no matter what that value is. I certainly don't want to speculate about whether that value be higher or lower, but if it were higher, transaction fees would be worth more than now. But if I do a rough guess of the transaction fees (by inspecting a few blocks on the blockexplorer), they're now about 0.05 - 0.20 bitcoins per block.
That means, if exchange rates wouldn't change, a ROI of 0.2% of what it is now and with that an expected difficulty of 0.2% of what it is now. A not so huge investment is necessary for that.
I know, fees could rise, the exchange rates could rise, the number of transactions per block could rise. If bitcoin is to be a successful currency, exchange rates and number of transactions will rise by orders of magnitude by the time coin generation per block has become negligible. However, it's always safe to assume fees will be much less than total transaction value in a block, and therefore it's lucrative to calculate hashes of an forked block-chain with double-spent transactions. Once again: The cost of producing hashs is not a short term cost. It requires a long term investment in the hardware that produces them, so unless there's a way to double spend for hundreds of blocks without crashing the value of bitcoins, it would not be worth it. It would be more lucrative to just be honest.
|
|
|
|
Etlase2
|
|
July 05, 2011, 12:49:53 AM |
|
Once again:
The cost of producing hashs is not a short term cost. It requires a long term investment in the hardware that produces them, so unless there's a way to double spend for hundreds of blocks without crashing the value of bitcoins, it would not be worth it. It would be more lucrative to just be honest.
Proponents of bitcoin have trouble grasping the fact that "evil empire" won't care about the lucrativity. Bitcoin is powered by fiat and probably always will be, there is almost no way to separate the two unless electric companies start taking bitcoins as payment. If someone wants to mess with bitcoin purely to mess with it, the resources required are far from insurmountable. Crashing bitcoin would be the endgame, not a side effect.
|
|
|
|
amincd (OP)
|
|
July 05, 2011, 02:31:23 AM |
|
Proponents of bitcoin have trouble grasping the fact that "evil empire" won't care about the lucrativity. I was addressing a claim that it would be lucrative to gain 50%+ of the network power and double spend. I wasn't claiming that people would only want to fraud bitcoin for personal profit.
|
|
|
|
Stevie1024
Member
Offline
Activity: 70
Merit: 10
|
|
July 05, 2011, 05:28:10 AM |
|
With 'truly valuable' I mean value that can be depended on, no matter what that value is. I certainly don't want to speculate about whether that value be higher or lower, but if it were higher, transaction fees would be worth more than now. But if I do a rough guess of the transaction fees (by inspecting a few blocks on the blockexplorer), they're now about 0.05 - 0.20 bitcoins per block.
That means, if exchange rates wouldn't change, a ROI of 0.2% of what it is now and with that an expected difficulty of 0.2% of what it is now. A not so huge investment is necessary for that.
I know, fees could rise, the exchange rates could rise, the number of transactions per block could rise. If bitcoin is to be a successful currency, exchange rates and number of transactions will rise by orders of magnitude by the time coin generation per block has become negligible. With that premise, that could very well be. However, it's always safe to assume fees will be much less than total transaction value in a block, and therefore it's lucrative to calculate hashes of an forked block-chain with double-spent transactions. Once again:
The cost of producing hashs is not a short term cost. It requires a long term investment in the hardware that produces them, so unless there's a way to double spend for hundreds of blocks without crashing the value of bitcoins, it would not be worth it. It would be more lucrative to just be honest. The whole double-spending scenario is proportional to bitcoin value. If value were to go up orders of magnitude, the number of blocks needed to get your investment back goes down the same order of magnitude.
|
I'm out of here!
|
|
|
amincd (OP)
|
|
July 05, 2011, 06:27:12 AM |
|
With that premise, that could very well be.
Thanks for conceding that. The whole double-spending scenario is proportional to bitcoin value. If value were to go up orders of magnitude, the number of blocks needed to get your investment back goes down the same order of magnitude. But difficulty, and therefore cost of a double spend attack, is also proportional to bitcoin value, so the rise in the potential reward of a double spend attack, is canceled out by the rise in cost in pulling it off, as bitcoin value increases.
|
|
|
|
Stevie1024
Member
Offline
Activity: 70
Merit: 10
|
|
July 05, 2011, 06:52:28 AM |
|
With that premise, that could very well be.
Thanks for conceding that. You're welcome |-) The whole double-spending scenario is proportional to bitcoin value. If value were to go up orders of magnitude, the number of blocks needed to get your investment back goes down the same order of magnitude. But difficulty, and therefore cost of a double spend attack, is also proportional to bitcoin value, so the rise in the potential reward of a double spend attack, is canceled out by the rise in cost in pulling it off, as bitcoin value increases. I don't agree, as the cost of pulling it of is proportional to transaction fee cost, which is much lower than transaction value. Let's look at the current state of bitcoin: Rewards are 50 (temporally minted) + 0.10 (fees) bitcoins per block. Resulting hashrate is 11326 (payed by temporally minted) + 23.6 (payed by fees) Ghash / second. If nothing were to change in the value of bitcoins or transaction fees, I'd eventually have to produce 23.6 Ghash / second for a succesful attack. Which would cost me roughly 15 kW electricity (ca. 3$ per hour) and (very) roughly 1$ depreciation per hour of my hardware. Let's say it costs 5$ per hour all together. I can then sustain an attack where I forge (double spend) say 100$ (which will not be conspicuous) for 20 hours (which should be more than enough to collect).
|
I'm out of here!
|
|
|
amincd (OP)
|
|
July 05, 2011, 08:20:16 AM Last edit: July 05, 2011, 08:32:06 AM by amincd |
|
Quote from: amincd on Today at 06:27:12 am Quote The whole double-spending scenario is proportional to bitcoin value. If value were to go up orders of magnitude, the number of blocks needed to get your investment back goes down the same order of magnitude.
But difficulty, and therefore cost of a double spend attack, is also proportional to bitcoin value, so the rise in the potential reward of a double spend attack, is canceled out by the rise in cost in pulling it off, as bitcoin value increases. I don't agree, as the cost of pulling it of is proportional to transaction fee cost, which is much lower than transaction value. But the ratio of cost to transaction value stays the same regardless of what the value of bitcoin is, since the cost of pulling it off increases at the same rate as the transaction value does, as the value of bitcoin increases. If nothing were to change in the value of bitcoins or transaction fees, I'd eventually have to produce 23.6 Ghash / second for a succesful attack. Which would cost me roughly 15 kW electricity (ca. 3$ per hour) and (very) roughly 1$ depreciation per hour of my hardware. Let's say it costs 5$ per hour all together. It would definitely be much easier to attack bitcoin if transaction volume doesn't increase by the time coin generation becomes negligible, but your calculation of cost doesn't take into account the large initial investment required to acquire a large amount of hashing power, which is not just purchasing the hardware, but getting the facility, putting in the man-hours to set it up, etc all of which have a huge fixed cost, and therefore the need to double spend for many blocks, to make back the cost of the investment. I can then sustain an attack where I forge (double spend) say 100$ (which will not be conspicuous) for 20 hours (which should be more than enough to collect).
So after all that effort in getting 23 GH/s, you only make $2,000?
|
|
|
|
Stevie1024
Member
Offline
Activity: 70
Merit: 10
|
|
July 05, 2011, 08:37:47 AM |
|
But the ratio of cost to transaction value stays the same regardless of what the value of bitcoin is, since the cost of pulling it off increases at the same rate as the transaction value does, as the value of bitcoin increases.
Don't know exactly what you mean here, maybe you are agreeing that all values are proportional to bitcoin value? Also, your claim seems to assume that all the transaction value in a block can be confiscated by the person doing the double spend attack, when in reality, the only thing they can steal is the money they transferred to others, by reversing those transactions, and NOT the entire transaction value.
No, in my example I used only one transaction of 100$, which would not be conspicuous. And it would probably not attract any attention if a few more of those transactions were slipped in. It would definitely be much easier to attack bitcoin if transaction volume doesn't increase by the time coin generation becomes negligible, but your calculation of cost doesn't take into account the long term investment required to acquire a large amount of hashing power, not just purchasing the hardware, but getting the facility, setting it up, etc all of which have a huge fixed cost, and therefore the need to double spend for many blocks, to make back the cost of the investment.
True, I did not take into account the initial acquisition value (which I would estimate at 10.000$ in the example above). I only took into account the depreciation of that hardware (and then added another $ per hour). I think that's not unreasonable and standard procedure in profit/loss calculations. The same trick could be pulled of multiple times with that very same hardware, or the hardware can be used for different purposes (e.g. video rendering) afterwards.
|
I'm out of here!
|
|
|
Stevie1024
Member
Offline
Activity: 70
Merit: 10
|
|
July 05, 2011, 08:46:07 AM |
|
So after all that effort in getting 23 GH/s, you only make $2,000?
In the example I overestimated the cost, so there's a break-even when hashing for 20 hours at 5$ / hour and a 100$ scam. My point would be that it can be profitable to gain 51% of hashing power, and the problem of creating consensus as stated in Ben Laurie's paper is far from hypothetical.
|
I'm out of here!
|
|
|
amincd (OP)
|
|
July 05, 2011, 08:47:04 AM |
|
Don't know exactly what you mean here, maybe you are agreeing that all values are proportional to bitcoin value? I'm disputing your claim that an attack becomes more attractive as the value of bitcoin increases. I'm pointing out the extra cost of the attack would cancel out the extra reward. You did clarify later on that by 'valuable', you meant a more a steady/dependable price, and not necessarily a higher market price, so I guess in light of this my response is not that applicable to your point, and we can move on.. True, I did not take into account the initial acquisition value (which I would estimate at 10.000$ in the example above). I only took into account the depreciation of that hardware (and then added another $ per hour). I think that's not unreasonable and standard procedure in profit/loss calculations. The same trick could be pulled of multiple times with that very same hardware, or the hardware can be used for different purposes (e.g. video rendering) afterwards. I don't think the attack could be pulled off multiple times. Either the value of bitcoin would plummet, or the network hashrate would increase significantly prevent future such attacks. The attack can't be a recurring source of income.
|
|
|
|
Stevie1024
Member
Offline
Activity: 70
Merit: 10
|
|
July 05, 2011, 08:57:43 AM |
|
True, I did not take into account the initial acquisition value (which I would estimate at 10.000$ in the example above). I only took into account the depreciation of that hardware (and then added another $ per hour). I think that's not unreasonable and standard procedure in profit/loss calculations. The same trick could be pulled of multiple times with that very same hardware, or the hardware can be used for different purposes (e.g. video rendering) afterwards. I don't think the attack could be pulled off multiple times. Either the value of bitcoin would plummet, or the network hashrate would increase significantly prevent future such attacks. The attack can't be a recurring source of income. Then who would be paying for that significantly increased network hashrate? I do agree there's a risk that bitcoin value would plummet, therefore my premise 'a truly valuable bitcoin, with a value that can be depended on'. So either the example shows such a scheme would be profitable, or that bitcoin value can never be depended on.
|
I'm out of here!
|
|
|
amincd (OP)
|
|
July 05, 2011, 09:20:05 AM |
|
Then who would be paying for that significantly increased network hashrate?
Volunteers perhaps. In any case, this is all such an extreme hypothetical, that it's not really worth exploring more IMO. We're debating how secure bitcoin will be in 20+ years IF the transaction volume is comparable to today's. I think if we want to discuss it further, it would be best to do it by pm as this is somewhat off-topic.
|
|
|
|
eugene2k
Newbie
Offline
Activity: 37
Merit: 0
|
|
July 05, 2011, 01:32:30 PM |
|
which explains his view on why bitcoin is either not a decentralized system, or that if it is, how it could be a more efficient one.
Not being able to make up one's mind on what a certain subject is or isn't kinda hints at how much of an expert one is in that subject.
|
|
|
|
BubbleBoy
|
|
July 06, 2011, 02:50:46 PM |
|
The Bitcoin eligible voters are not "the majority of computing power in existence" because computing power is not a fungible, homogeneous substance. You can easily see a 10^4 performance ratio on specialized versus commodity hardware (ASIC vs CPU), so that the Bitcoin network becomes impervious to attack if it makes up only 0.01% of the "computing power of the world" as expressed in transistors*Hz. Rather, Bitcoin, like most other currencies in the world, is up against any adversary more financially powerful than it's backers (the miners). So if you are willing to invest more than the compounded mining profit, you can take the majority vote and influence consensus, by expanding the computing power of the world in the form of efficient mining machines.
It's pretty clear that rewriting the history is not equivalent with stealing everybody's money, rather it means destroying the system and making the coins worthless, so the likely attackers will not be profit-motivated by any definition of profit expressed in bitcoins. We could talk about governments, banks, competing currencies, lulz etc. It's only a matter of speculation if an attacker likely to act in such a manner exists. Furthermore, as the network expands the window of opportunity closes to exclude small scale lulz-motivated attackers, and allow only governments or large corporations. The hashing power of the network already surpasses what could be accomplished by ~10 million commodity PCs, excluding even the largest botnets as worthy attackers.
|
|
|
|
Stevie1024
Member
Offline
Activity: 70
Merit: 10
|
|
July 06, 2011, 04:59:22 PM |
|
It's pretty clear that rewriting the history is not equivalent with stealing everybody's money, rather it means destroying the system and making the coins worthless, so the likely attackers will not be profit-motivated by any definition of profit expressed in bitcoins.
There would be an incentive, by double-spending coins and making a profit that way, see example above. The hashing power of the network already surpasses what could be accomplished by ~10 million commodity PCs, excluding even the largest botnets as worthy attackers.
About 99.8% of the hashing power of the network is currently paid for by temporal rewards of 50 bitcoins per block.
|
I'm out of here!
|
|
|
BubbleBoy
|
|
July 06, 2011, 06:34:05 PM |
|
I was referring to the specific attack described in the paper, rewriting history from block one and assigning to yourself all bitcoins, which is clearly a stupid way to steal bitcoins - they instantly become worthless. Regarding merely double spending your bitcoins that's even less of a concern: you still need to amass millions of dollars worth of hardware and millions dollars worth of bitcoins - so that you can double spend them a few times and recover your hardware costs. It also means you need to find a trading partner willing to sell you millions of dollars worth of merchandise for bitcoins, and do so in an anonymous fashion preferably over the internet so as to not get caught. Good luck with that plan.
The temporary mining revenue of 50 BTC/block and later 25 or 12.5 BTC will be worth much more if the bitcoin network is regularly used for multi-million dollar transactions as opposed to buying a few grams of hash or an alpaca sock.
This is all reason why profit-oriented attackers are implausible, or at least their profit will be derived from the failure of bitcoins: speculators, governments, banks etc.
|
|
|
|
Stevie1024
Member
Offline
Activity: 70
Merit: 10
|
|
July 06, 2011, 07:31:34 PM |
|
I was referring to the specific attack described in the paper, rewriting history from block one and assigning to yourself all bitcoins, which is clearly a stupid way to steal bitcoins - they instantly become worthless.
I agree, that would be a stupid 'attack', at least not a very profitable one. In the paper it serves the purpose of proving that, even though not profitable, it is possible, and therefore undermining the principle of Bitcoin's block-chain as consensus. At least, as long as not 50% of total existing computer power is used 'in an honest way'. Regarding merely double spending your bitcoins that's even less of a concern: you still need to amass millions of dollars worth of hardware and millions dollars worth of bitcoins - so that you can double spend them a few times and recover your hardware costs. It also means you need to find a trading partner willing to sell you millions of dollars worth of merchandise for bitcoins, and do so in an anonymous fashion preferably over the internet so as to not get caught. Good luck with that plan.
The temporary mining revenue of 50 BTC/block and later 25 or 12.5 BTC will be worth much more if the bitcoin network is regularly used for multi-million dollar transactions as opposed to buying a few grams of hash or an alpaca sock.
This is all reason why profit-oriented attackers are implausible, or at least their profit will be derived from the failure of bitcoins: speculators, governments, banks etc.
Have a look at the example above, I projected current bitcoin statistics to the moment there's no coin generation anymore. I dare you (or anyone) to alter some input values, like bitcoin value, transaction value, whatever, and I'll try to show such a scheme is still lucrative. One more question, what do you mean by: "as to not get caught"?
|
I'm out of here!
|
|
|
fm1234
Member
Offline
Activity: 68
Merit: 10
|
|
July 06, 2011, 07:52:41 PM |
|
posted by misterbigg:This article, thinly masquerading as a scholarly work, is full of crap. It is a clear example of what happens when a non-programmer, non-technical person combines a word processor with a PDF creation tool.
LOLMuch of what gets posted on this forum is a clear example of what happens when people assume they are right, and that anyone who contradicts them must be an ignorant savage. Frank
|
|
|
|
BubbleBoy
|
|
July 06, 2011, 10:15:48 PM |
|
Have a look at the example above, I projected current bitcoin statistics to the moment there's no coin generation anymore. I dare you (or anyone) to alter some input values, like bitcoin value, transaction value, whatever, and I'll try to show such a scheme is still lucrative.
Firstly I don't find any relevance in speculating what will happen in a few decades from now. The block bonus will stay above 12.5 BTC for the next decade, and it's entirely possible that bitcoin will run it's course during this decade and fail for unrelated reasons. This is the internet after all. I've expressed my doubts that the "mine for fee" model is sound from a game-theoretical perspective: it seems the users are incentivized to pay a fee as small as possible (maybe 1 satoshi) since there's no way miners can differentiate on the market. For the purpose of our discussion, in the foreseeable future and without massive growth of the number of transactions, the main motivation of the miners is the block bonus. At current prices the block bonus is over 500$/block and all other things equal it should maintain that $ value even if it drops to 12.5BTC: the miners that don't hoard are the main source of liquidity and if they inject less BTC the price will rise proportionally. So in order to rent 50% of the network you need to pay at least 1500$/h Secondly, you assume you will be able to amass this hashing power surreptitiously and use it repeatedly without being detected. That's not realistic. Honest miners are unlikely to rent you the hashpower since it's obvious why you needed it. Furthermore, if the average player is small, you will incur a high price in contacting many of them, and you will need to pay way above market rates to attract them. You will need to advertise and attract further suspicion upon yourself. It seems highly unlikely that your criminal endeavor reach the same economy of scale and efficiency the open network has. You will either build your own hardware, a capital intensive task, or buy it off the black market at very high prices in order to maintain discretion, from a handful of players (Large conspiracies inevitably fail). An hour of 50% hashpower will then cost maybe 150.000$, not 1500$ Assuming you finally get to 50%, using it for a whole day will quickly attract the suspicion of the community. It's not reasonable to expect to use it more than a few times without crashing the bitcoin price and halting most bitcoin trades. You can't double spend a few bitcoins many times, you need to double spend many bitcoins a few times in order to recover your fixed costs, and before your attack tanks the exchange rate due to panic. One more question, what do you mean by: "as to not get caught"?
Assuming you manage to do all of the above and successfully double spend 1 million $ in BTC, the fraud becomes apparent quickly. If you buy a large house you will get caught and be indicted, I have no doubt about that. You need to launder the money quickly and maintain anonymity to pull a double spend. I believe it's much more effective to simply short the market and attack the network directly, assuming you have 50% hash rate (borrow BTC and sell out, then buy back in at pennies, no need be anonymous, just make sure the attack can't be traced back to you).
|
|
|
|
Stevie1024
Member
Offline
Activity: 70
Merit: 10
|
|
July 07, 2011, 09:16:10 AM |
|
Firstly I don't find any relevance in speculating what will happen in a few decades from now. The block bonus will stay above 12.5 BTC for the next decade, and it's entirely possible that bitcoin will run it's course during this decade and fail for unrelated reasons. This is the internet after all. I've expressed my doubts that the "mine for fee" model is sound from a game-theoretical perspective: it seems the users are incentivized to pay a fee as small as possible (maybe 1 satoshi) since there's no way miners can differentiate on the market.
Then we have a Bitcoin that will work (or not due to other reasons) for the next decade. I wouldn't be satisfied with that and I think as soon as people realize that Bitcoin is not 'for ever', they will not accept it for one decade either. For the purpose of our discussion, in the foreseeable future and without massive growth of the number of transactions, the main motivation of the miners is the block bonus. At current prices the block bonus is over 500$/block and all other things equal it should maintain that $ value even if it drops to 12.5BTC: the miners that don't hoard are the main source of liquidity and if they inject less BTC the price will rise proportionally. So in order to rent 50% of the network you need to pay at least 1500$/h
If all other things equal, block bonus will be about 12.6 (0.1 fees) * 15$ (current rate) = 189$ per block after the next decade. And if all things equal, it will be 0.1 (fees) * 15$ = 1.5$ per block in normal Bitcoin operation, after the coin generation phase. Secondly, you assume you will be able to amass this hashing power surreptitiously and use it repeatedly without being detected. That's not realistic. Honest miners are unlikely to rent you the hashpower since it's obvious why you needed it. Furthermore, if the average player is small, you will incur a high price in contacting many of them, and you will need to pay way above market rates to attract them. You will need to advertise and attract further suspicion upon yourself. It seems highly unlikely that your criminal endeavor reach the same economy of scale and efficiency the open network has. You will either build your own hardware, a capital intensive task, or buy it off the black market at very high prices in order to maintain discretion, from a handful of players (Large conspiracies inevitably fail). An hour of 50% hashpower will then cost maybe 150.000$, not 1500$
Assuming you finally get to 50%, using it for a whole day will quickly attract the suspicion of the community. It's not reasonable to expect to use it more than a few times without crashing the bitcoin price and halting most bitcoin trades. You can't double spend a few bitcoins many times, you need to double spend many bitcoins a few times in order to recover your fixed costs, and before your attack tanks the exchange rate due to panic.
If Bitcoin would be well accepted and a solid economy would depend on it, frauding a few Bitcoins wouldn't stop that. Either there's not going to be a solid Bitcoin economy or it will be feasible to double-spend some coins often enough to get one's investment back (and more). One more question, what do you mean by: "as to not get caught"?
Assuming you manage to do all of the above and successfully double spend 1 million $ in BTC, the fraud becomes apparent quickly. If you buy a large house you will get caught and be indicted, I have no doubt about that. You need to launder the money quickly and maintain anonymity to pull a double spend. I believe it's much more effective to simply short the market and attack the network directly, assuming you have 50% hash rate (borrow BTC and sell out, then buy back in at pennies, no need be anonymous, just make sure the attack can't be traced back to you). I don't see the need to do so secretly, isn't Bitcoin supposed to be 'not backed by law or goverment'? I'd not be committing fraud, I'd just be playing by the rules of the game!
|
I'm out of here!
|
|
|
|