Hi Freemoney,
thanks for answering me with such detail.
I don't think it is positive.
The rest of my post gave a bunch of reasons why the return is lower than at first glance.
I think you're referring to this:
I have a few thoughts. An attacker isn't likely to want a bunch of services, those can't usually be resold easily. Goods will usually not ship until the next day so the attacker has to overcome the whole network for ~12 or more. Even if he pulls this off people will notice and many will be warned not to ship goods ordered after X time.
I disagree. A slow attack can target slow-shipping goods/services coming from isolated community-unaware sellers. A fast attack can target immediate-delivery goods/services making sure the interval of being alerted is smaller than the duration of the attack.
In addition to all the power that the attacker will have to buy or rent there will be a lot of planning involved. They need to search out what goods will ship fast enough to go out during their attack, if they can't hold on to the network for over a day this will only be certain parts of the world. They need to set up a place or places for delivery, and a way to resell the goods unless they are doing this for their own consumption. They need to find all the little exchanges and make accounts and set up bank accounts to send the money to, under different names I guess.
Yes. That's exactly the business of a malicious attacker. The whole point of Bitcoin should be being resilient to malicious attacks.
You also add:
Many types of merchants would be immune, many would be warned, etc.
I disagree. The first scenario I outlined involves attacking just 80 providers accepting BTC, in 60 minutes.
Shops are not going to mindlessly ship their entire stock without making sure nothing weird is going on.
The transactions involved in such attack would be worth around FRN ("USD") 160 each, which is surely not the entire stock of a shop owner, nor all the goods/services providable by a generic seller.
Even if they aren't savvy they are likely to know other bitcoin merchants. "Huh, all of your stuff was just bought too? Cool, I guess we're rich now."
See the two points above.
Bitcoin price is up about 6x since I got here and difficulty is up over 90x.
The attack scenario is based on the current Bitcoin network status.
The value of attack calculation is hard, but you aren't even looking at the right numbers. The attacker doesn't just get to turn bitcoins into cash via magic. He's going to flood exchanges and tip people off by buying to many sneakers. A lot of what you can do with bitcoin doesn't help him at all, so he can get a lot of credits at A Tale in the Desert, so what, doesn't help him at all. He can bet at bitcoinsportsbook, so what? The only thing valuable to him is the exchanges and they are likely to be the most alert to weird stuff.
I disagree. As I said, it takes only 80 relatively small transactions to complete the attack, and it doesn't have to by central banks' currencies. If I were a merchant I would like to be 100% sure that I can't be ripped off if I accept BTC, regardless of what I'm selling. Am I wrong, or do merchants lack this insurance if they use BTC ?
In your last post you add:
Your calculations are garbage. You cannot spend coins 80 times in an hour. The attacker has the power to rewrite a history that doesn't include him spending the coins, that is all. He can't simultaneously convince 80 people that they have the same coins.
I understand your argument. Why shouldn't the attacker be able to releases a new block and as many blocks after it as needed to make its malicious chain the longest chain after the merchant has delivered the good/service to him ?
In the slow shipping example you need to let the shipper think he has coins until after he ships, then you can pull them back. You can't do this 80 times in 2days. You would need about 40 days if people are shipping same day.
Makes a lot of sense. The attacker should buy immediate-delivery or fast-delivery goods services, such as: face-to-face material goods (in real shops), virtual goods, music, movies, ebooks, etc. The more the Bitcoin network grows, the more stuff available to be stolen will be available. Also, please consider that the job of an attacker is to figure out these details, while a merchant should be insured that hacking the system is not an option on Bitcoin.
If you try to spend them twice in an hour at, say, MtGox you won't ever get credit and can't get dollars because he waits for 6 confirmations. If you go for 2 hours you can spend them there twice this will not get you double your money because you will be bidding the price down by buying quickly which you will have to do since your cover is blown when you stop paying $8560/hr. Not to mention that Mtgox (the only site with anywhere near enough bids to get your 'investment' back) has some max withdrawal per day.
You're right, but you'll agree with me that the attack should consist of 80 small transactions, involving sellers who are not superalert as moneychangers or bankers are.
Once again, the reason this is not profitable is that you have to match the entire network, but you only get a little tiny slice of the flow, not "everything conceivably for sale for bitcoins"
I agree. The goal of the attacker should not be to steal everything available in Bitcoin, but just enough to reap a positive ROI.
And this attack does not get more profitable as USD/BTC increases. Difficulty has been increasing faster than price for a long time. It is getting more costly at a faster rate than the payout is growing.
A technical question: isn't owning the majority of the CPU power enough to impose a malicious chain, regardless of the size and age of the network, and the consequent difficulty ?
