Bitcoin Forum
November 24, 2017, 06:06:53 AM *
News: Latest stable version of Bitcoin Core: 0.15.1  [Torrent].
 
   Home   Help Search Donate Login Register  
Pages: « 1 2 3 4 5 6 7 8 9 [10] 11 »  All
  Print  
Author Topic: Majority is not Enough: Bitcoin Mining is Vulnerable  (Read 50420 times)
MicroGuy
Legendary
*
Online Online

Activity: 1652


www.MicroGuy.com


View Profile WWW
November 07, 2013, 05:22:50 PM
 #181

This is nonsense. Bitcoin still has numerous developers working on it.

Let's just hope it's not the same developers responsible for keeping this forum running. J/K Tongue

"The Internet unshackled information, Satoshi Nakamoto unshackled money. And money makes the world go round."
1511503613
Hero Member
*
Offline Offline

Posts: 1511503613

View Profile Personal Message (Offline)

Ignore
1511503613
Reply with quote  #2

1511503613
Report to moderator
1511503613
Hero Member
*
Offline Offline

Posts: 1511503613

View Profile Personal Message (Offline)

Ignore
1511503613
Reply with quote  #2

1511503613
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
gyverlb
Hero Member
*****
Offline Offline

Activity: 896



View Profile
November 07, 2013, 06:57:14 PM
 #182

This is nonsense. Bitcoin still has numerous developers working on it.

Let's just hope it's not the same developers responsible for keeping this forum running. J/K Tongue

So you admit not knowing who the Bitcoin developers and the forum admin are and state that Bitcoin is "abandoned" a few posts apart?

Obvious troll is obvious. Its ignore link color may change.

P2pool tuning guide
Trade BTC for €/$ at bitcoin.de (referral), it's cheaper and faster (acts as escrow and lets the buyers do bank transfers).
Tip: 17bdPfKXXvr7zETKRkPG14dEjfgBt5k2dd
cunicula
Hero Member
*****
Offline Offline

Activity: 784


Stack-overflow Guru


View Profile WWW
November 07, 2013, 07:28:26 PM
 #183

I wasted enough insomnia time on this that I thought it deserved its own thread.

https://bitcointalk.org/index.php?topic=327292.0

This is a mathematical explanation of why the article uses incorrect methodology.
I use the appropriate methodology (where a miner cares about the future value of his mining hardware) and show that their conclusion no longer holds.

Note: You may want to refer to the following wikipedia articles to help with understanding my argument.

http://en.wikipedia.org/wiki/Dynamic_programming
http://en.wikipedia.org/wiki/Subgame_perfect_equilibrium
http://en.wikipedia.org/wiki/Dynamic_game
http://en.wikipedia.org/wiki/Folk_theorem_(game_theory)

Well, to give you a flavor. Here is the single most relevant slice of the wikipedia articles.
Quote
For example, in the Prisoner's Dilemma, both players cooperating is not a Nash equilibrium. The only Nash equilibrium is given by both players defecting, which is also a mutual minmax profile. The folk theorem says that, in the infinitely repeated version of the game, provided players are sufficiently patient, there is a Nash equilibrium such that both players cooperate on the equilibrium path.

What does this mean? It means that as long as bitcoin mining is a continuous process rather than a one time thing, then cooperating is the rational thing for miners to do (regardless of selfish mining and other such nonsense).

Why is bitcoin mining a continuous process? Because miners own hardware and will be stuck with paperweights if bitcoin collapses. This ownership of hardware underpins the bitcoin incentive system. The hardware is essentially a proxy for proof-of-stake. I don't think people adequately understand this.  '

Note: An important takeaway message here is the deficiency of standard computer science approaches in analysis of bitcoin incentives. Typically, computer scientists will ignore things like incentives to maintain the value of hardware. This just doesn't seem like part of the problem to them. For economists (e.g. me), effects of behavior on asset prices is a standard part of the problem. You cannot analyze one part of the system in isolation from the other and expect to obtain a reasonable model of human behavior. It is quite shocking to me how much credibility this theory has obtained despite its obvious deficiency.

 

▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁
        AltCoinInternalExperts                Get Your Altcoin Promoted On Social Media       
▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔
cunicula
Hero Member
*****
Offline Offline

Activity: 784


Stack-overflow Guru


View Profile WWW
November 07, 2013, 10:27:59 PM
 #184

What does this mean? It means that as long as bitcoin mining is a continuous process rather than a one time thing, then cooperating is the rational thing for miners to do (regardless of selfish mining and other such nonsense).

Thank you for your analysis. That's what I felt from the beginning about that "strategy". Miners do not care (so much) about the number of coins they get than about the number of stuff they can buy with them.

However, does it apply to someone who wants to destroy Bitcoin ?
Is it easier with this strategy than with a traditional "51% attack" ?
Probably. But it was never very difficult to begin with. Moreover there are other ways of destroying bitcoin that make much more sense.

Say I'm the US gov't out to destroy bitcoin.

Step 1) Make it illegal and start rounding people up. Watch price plummet.
Step 2) Buy up hardware and conduct 51% attack on the cheap to neutralize remaining participants. [Once price plummets the used ASIC devices will be very, very cheap.]

In my opinion, bitcoin cannot survive if the US gov't decides to take the ax to it. I don't think this is going to happen. I also don't think that it will make sense for a private actor to do this. (many different guys will benefit from burying bitcoin, but they are not going to be able to coordinate an attack aside from lobbying gov't. Going it alone and destroying bitcoin is not going to be sufficiently profitable to any one company to make it worthwhile.)

The bigger danger is the falling block reward. If this is not addressed, it will cause problems in the long term (i.e. say starting 10 or 20 years from now).


▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁
        AltCoinInternalExperts                Get Your Altcoin Promoted On Social Media       
▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔
mmeijeri
Hero Member
*****
Offline Offline

Activity: 714

Martijn Meijering


View Profile
November 07, 2013, 11:03:16 PM
 #185

In my opinion, bitcoin cannot survive if the US gov't decides to take the ax to it.

Don't you think that also depends on what the EU, Russia and China do?

ROI is not a verb, the term you're looking for is 'to break even'.
cunicula
Hero Member
*****
Offline Offline

Activity: 784


Stack-overflow Guru


View Profile WWW
November 08, 2013, 03:08:05 AM
 #186

In my opinion, bitcoin cannot survive if the US gov't decides to take the ax to it.

Don't you think that also depends on what the EU, Russia and China do?
I dunno. I guess I expect the EU to go along with whatever the US says.
I expect China to ban bitcoin if/once it gets really big regardless of what happens elsewhere.
I don't fell informed enough to speculate about the rest of the world.

Just to be clear i don't think the us will ban bitcoin. Say what you like i still believe that the us provides the world's leading environment for innovation. They are not so stupid as to fuck this up.

▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁
        AltCoinInternalExperts                Get Your Altcoin Promoted On Social Media       
▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔
MicroGuy
Legendary
*
Online Online

Activity: 1652


www.MicroGuy.com


View Profile WWW
November 08, 2013, 03:37:21 AM
 #187

So you admit not knowing who the Bitcoin developers and the forum admin are and state that Bitcoin is "abandoned" a few posts apart?

What I said was, "Bitcoin's developer abandoned the project years ago and disappeared into thin air". I think this is a well-established fact.

"The Internet unshackled information, Satoshi Nakamoto unshackled money. And money makes the world go round."
revans
Sr. Member
****
Offline Offline

Activity: 336


View Profile
November 08, 2013, 03:40:58 AM
 #188

So you admit not knowing who the Bitcoin developers and the forum admin are and state that Bitcoin is "abandoned" a few posts apart?

What I said was, "Bitcoin's developer abandoned the project years ago and disappeared into thin air". I think this is a well-established fact.
[/quote

And his replacement went running straight to the CIA
mmeijeri
Hero Member
*****
Offline Offline

Activity: 714

Martijn Meijering


View Profile
November 09, 2013, 02:19:15 PM
 #189

I dunno. I guess I expect the EU to go along with whatever the US says.
I expect China to ban bitcoin if/once it gets really big regardless of what happens elsewhere.
I don't fell informed enough to speculate about the rest of the world.

I would expect any government to be uncomfortable with a currency they can't control, but then again this is happening in the eurozone, where national governments only control their joint currency collectively. And a small country like Montenegro has unilaterally adopted the euro as its official currency. China really wants to break the dollar's hegemony. They might prefer a currency no one can control to one controlled by the US government. Especially if that currency isn't going away anyway.

Quote
Just to be clear i don't think the us will ban bitcoin. Say what you like i still believe that the us provides the world's leading environment for innovation. They are not so stupid as to fuck this up.

Understood. I'm not saying it either, just speculating about what might happen even if the USG did try to ban bitcoin.

ROI is not a verb, the term you're looking for is 'to break even'.
dwdoc
Legendary
*
Offline Offline

Activity: 966


- - -Caveat Aleo- - -


View Profile
November 09, 2013, 02:46:27 PM
 #190

What does this mean? It means that as long as bitcoin mining is a continuous process rather than a one time thing, then cooperating is the rational thing for miners to do (regardless of selfish mining and other such nonsense).

Thank you for your analysis. That's what I felt from the beginning about that "strategy". Miners do not care (so much) about the number of coins they get than about the number of stuff they can buy with them.

However, does it apply to someone who wants to destroy Bitcoin ?
Is it easier with this strategy than with a traditional "51% attack" ?
Probably. But it was never very difficult to begin with. Moreover there are other ways of destroying bitcoin that make much more sense.

Say I'm the US gov't out to destroy bitcoin.

Step 1) Make it illegal and start rounding people up. Watch price plummet.
Step 2) Buy up hardware and conduct 51% attack on the cheap to neutralize remaining participants. [Once price plummets the used ASIC devices will be very, very cheap.]

In my opinion, bitcoin cannot survive if the US gov't decides to take the ax to it. I don't think this is going to happen. I also don't think that it will make sense for a private actor to do this. (many different guys will benefit from burying bitcoin, but they are not going to be able to coordinate an attack aside from lobbying gov't. Going it alone and destroying bitcoin is not going to be sufficiently profitable to any one company to make it worthwhile.)

The bigger danger is the falling block reward. If this is not addressed, it will cause problems in the long term (i.e. say starting 10 or 20 years from now).



Ironically in the future when the diminished block reward and transaction fees no longer provide enough incentive to ensure the integrity and security of the blockchain it may need to be the government that assumes the responsibility.
cunicula
Hero Member
*****
Offline Offline

Activity: 784


Stack-overflow Guru


View Profile WWW
November 09, 2013, 03:18:47 PM
 #191

I'd like to think that people will agree to proof of stake before surrendering bitcoin to government or corporate management, but you may be right. People are extremely stubborn and consensus is a damned hard thing to obtain.

▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁
        AltCoinInternalExperts                Get Your Altcoin Promoted On Social Media       
▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔
gmaxwell
Moderator
Legendary
*
qt
Offline Offline

Activity: 2338



View Profile
November 09, 2013, 04:35:41 PM
 #192

I'd like to think that people will agree to proof of stake before surrendering bitcoin to government or corporate management, but you may be right. People are extremely stubborn and consensus is a damned hard thing to obtain.
Proof of stake has thus far proven unworkable.

The main problem with Proof of Stake appears to be that is that there is nothing at stake:  In PoW systems you burn energy to mine, and that mining is only worth while if the chain your mining on survives long term, so you are generally incentive mine the chain most likely to survive. In PoS the rational strategy is to mine all possible forks constantly, because doing so costs you nothing.

Last I checked the, headline, best known PoS altcoin has controlled centralized signatures being announced to lock in every block.  I think it would be awesome if PoS could be shown workable, and there was a time when I was very excited and hopeful about it... but its beginning to seem unsalvageable. You can keep pumping the idea until your ignore throbby burns the color of the sun, but that doesn't solve things.

Bitcoin will not be compromised
cunicula
Hero Member
*****
Offline Offline

Activity: 784


Stack-overflow Guru


View Profile WWW
November 09, 2013, 04:44:06 PM
 #193

I'd like to think that people will agree to proof of stake before surrendering bitcoin to government or corporate management, but you may be right. People are extremely stubborn and consensus is a damned hard thing to obtain.
Proof of stake has thus far proven unworkable.

The main problem with Proof of Stake appears to be that is that there is nothing at stake:  In PoW systems you burn energy to mine, and that mining is only worth while if the chain your mining on survives long term, so you are generally incentive mine the chain most likely to survive. In PoS the rational strategy is to mine all possible forks constantly, because doing so costs you nothing.

Oh, this again. Don't you have any integrity at all? [As in you know the above to be false, yet that does not prevent you from repeating it time and time again.]

I suggest you add some color to my ignore button because I fail to see value in discussion with you. This is not because you are stupid, but because interactions with clever and dishonest people are rarely rewarding. You lie when it suits you, see below. You also don't understand incentives, see below. If you were right here, then my analysis in the pdf would be wrong...



Could you comment on the incentives to maintain full nodes described here: https://en.bitcoin.it/wiki/Proof_of_Stake

That page is pretty embarrassing.   There is absolutely no mention of the fundamental flaw in PoS consensus which none of your proposals have addressed:  As of yet none of the proof of stake proposals are workable because there is nothing at stake!   If someone is PoS mining it is in their best interest to attempt to concurrently build an honest chain as well as all possible attack forks just in case one of them happens to win.  Under most schemes this is the profit maximizing move, in all I've seen so far its at least neutral.  Mining an attack under PoW actually involves _spending_ something and taking the risk other miners will extend it. PoW works because your work is at stake so even a very small amount of honest miners make mercenary rational miners behave honestly too.

Moreover, I don't see why you argue here that it better aligns incentives. Parties can't mine PoW without having a validating node (or face the extreme risk other miners will toss them off on forks).  All it does is redistribute control, which might be useful— if not for the fact that it makes attacking more attractive for selfish participants.   I was hopeful of these techniques but as of yet I don't see how any can be workable.


▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁
        AltCoinInternalExperts                Get Your Altcoin Promoted On Social Media       
▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔
User705
Hero Member
*****
Offline Offline

Activity: 742



View Profile
November 09, 2013, 09:52:29 PM
 #194

What does this mean? It means that as long as bitcoin mining is a continuous process rather than a one time thing, then cooperating is the rational thing for miners to do (regardless of selfish mining and other such nonsense).

Thank you for your analysis. That's what I felt from the beginning about that "strategy". Miners do not care (so much) about the number of coins they get than about the number of stuff they can buy with them.

However, does it apply to someone who wants to destroy Bitcoin ?
Is it easier with this strategy than with a traditional "51% attack" ?
Probably. But it was never very difficult to begin with. Moreover there are other ways of destroying bitcoin that make much more sense.

Say I'm the US gov't out to destroy bitcoin.

Step 1) Make it illegal and start rounding people up. Watch price plummet.
Step 2) Buy up hardware and conduct 51% attack on the cheap to neutralize remaining participants. [Once price plummets the used ASIC devices will be very, very cheap.]

In my opinion, bitcoin cannot survive if the US gov't decides to take the ax to it. I don't think this is going to happen. I also don't think that it will make sense for a private actor to do this. (many different guys will benefit from burying bitcoin, but they are not going to be able to coordinate an attack aside from lobbying gov't. Going it alone and destroying bitcoin is not going to be sufficiently profitable to any one company to make it worthwhile.)

The bigger danger is the falling block reward. If this is not addressed, it will cause problems in the long term (i.e. say starting 10 or 20 years from now).


I think this would only work as a coordinated multi government attack.  The higher the exchange rate the more mining devices are out there the harder and more expensive it is to accumulate 51%.  Also at these price levels bitcoin is a rounding error on a government expense report.  When it is big enough to challenge government it is will be so distributed that if one country tries to ban it alone it wouldn't do anything but make bitcoin smuggling into it profitable.  Examples are gold smuggling in india and switzerland, and black market dollar exchanges in argentina, venezuela and other similar countries.
Meni Rosenfeld
Donator
Legendary
*
expert
Offline Offline

Activity: 2016



View Profile WWW
November 10, 2013, 07:42:48 AM
 #195

I'd like to think that people will agree to proof of stake before surrendering bitcoin to government or corporate management, but you may be right. People are extremely stubborn and consensus is a damned hard thing to obtain.
Proof of stake has thus far proven unworkable.

The main problem with Proof of Stake appears to be that is that there is nothing at stake:  In PoW systems you burn energy to mine, and that mining is only worth while if the chain your mining on survives long term, so you are generally incentive mine the chain most likely to survive. In PoS the rational strategy is to mine all possible forks constantly, because doing so costs you nothing.
My proposal very clearly and explicitly penalizes stakeholders who try to sign conflicting blocks. This line has been there for 1.5 years - "If an address signs two conflicting blocks, its weight is reset to 0. This is to limit the power of malicious stakeholders. "

I'm not saying this will work perfectly, but to claim that no consideration has been made to this issue is, as cunicula says, dishonest.

Research into PoS methods is still ongoing.

1EofoZNBhWQ3kxfKnvWkhtMns4AivZArhr   |   Who am I?   |   bitcoin-otc WoT
Bitcoil - Exchange bitcoins for ILS (thread)   |   Israel Bitcoin community homepage (thread)
Analysis of Bitcoin Pooled Mining Reward Systems (thread, summary)  |   PureMining - Infinite-term, deterministic mining bond
RoadTrain
Legendary
*
Offline Offline

Activity: 1344


View Profile
November 10, 2013, 08:28:32 AM
 #196

I'd like to think that people will agree to proof of stake before surrendering bitcoin to government or corporate management, but you may be right. People are extremely stubborn and consensus is a damned hard thing to obtain.
Proof of stake has thus far proven unworkable.

The main problem with Proof of Stake appears to be that is that there is nothing at stake:  In PoW systems you burn energy to mine, and that mining is only worth while if the chain your mining on survives long term, so you are generally incentive mine the chain most likely to survive. In PoS the rational strategy is to mine all possible forks constantly, because doing so costs you nothing.
My proposal very clearly and explicitly penalizes stakeholders who try to sign conflicting blocks. This line has been there for 1.5 years - "If an address signs two conflicting blocks, its weight is reset to 0. This is to limit the power of malicious stakeholders. "

I'm not saying this will work perfectly, but to claim that no consideration has been made to this issue is, as cunicula says, dishonest.

Research into PoS methods is still ongoing.
I understand how the weight is reset to 0. But I can't understand how signature fees will be distributed.
If there's a thread discussing it, please point it to me. Thanks.
cunicula
Hero Member
*****
Offline Offline

Activity: 784


Stack-overflow Guru


View Profile WWW
November 10, 2013, 09:27:33 AM
 #197

http://www.reddit.com/r/Bitcoin/comments/1qarhr/how_i_learned_to_stop_worrying_and_love_the/

Posted this on reddit. I tried to give a simple explanation of why the research gets it all wrong.

Any help with editing is appreciated. Here is the reddit post:
Quote
Recently, a dire prediction came out from a couple of computer science researchers about bitcoin's security. Game theory says  'We're all Doomed' or so they claim.

This is eerily similar to what happened when game theory was first applied to the study of nuclear war. Early researchers modeled nuclear war as a winner take all game. In this story, once a nuke drops, one of players is erased from the map. Game over for them. If you face certain and immediate obliteration, the only workable strategy turns out to be a pre-emptive strike. The CIA found this quite alarming!

Later, as the study of games became more advanced, the model was tweaked to add a bit of realism. Instead of obliterating the enemy, the nuke just harms them and they have an opportunity to strike back in the next round. With this simple twist, the game becomes like "Groundhog Day"; there is never any end to it.

When we play a game over and over again new kinds of strategies emerge. The most familiar one is tit for tat retaliation. "If I got nuked last year, I'll nuke back this year. If I didn't get nuked, then I won't nuke back this year."
This strategy is both familiar in everyday life and famous in theory. That's because it works. Under tit for tat, you can avoid getting nuked by maintaining an arsenal, but never using it.

Okay, so what about bitcoin. The authors of "Majority is not enough..." analyze bitcoin as a static one-off game just like early researchers considering nuclear war. Unsurprisingly, they issue dire predictions. In their one-off world, there is never any way of retaliating against bad actors. Players just pick between "attack" and "honest." It should be no surprise that the unconditional pacifist strategy is never successful. Indeed, always attack is the only possible equilibrium in a one-off setting.
Most people can see this intuitively, even if they have never studied game theory.

Let's add in some realism. In particular, let's think about mining every day instead of just as a one-off event. This allows for retaliation. Suppose instead we play, "if some anonymous guy fucked us by playing selfish yesterday, then we will also play selfish because it makes no sense to keep getting fucked." and "if no one played selfish yesterday, then we will play honest."

This strategy (where we condition actions on previous play) is an incentive compatible subgame perfect nash equilibrium. Yes, you heard it, the authors' claimed key contribution is erroneous and stems from a fundamental and elementary misunderstanding of game theory. Cooperation is sustainable as long as we retaliate against the bad guys.

Now, wait you say, we don't know who the bad guys are. How can we retaliate? This is the magic point. We don't need to know who the bad guys are to hurt them. If 25% of hashing power is doing selfish mining, we may not know who the bad guys are, but we do know that they own an ASIC (unless you think 25% of ASICs can be simultaneously liquidated within a single day at fair market value). The ASIC they own is valuable. When we play selfish, we turn into a paperweight. And that is how retaliation works. Players respond to selfish play by turning selfish and this causes all ASIC owners to take capital losses. The market value of their equipment depreciates with bitcoin prices. Ownership of ASICs means that miners cannot help but have a permanent stake in the system. 

Now, wait you say, this will also hurt innocent players who were not involved in the attack. Even though retaliation harms innocent people, it is still the best option for people who have been attacked. War hurts innocent people. But fighting back is the only possible equilibrium response after an attack occurs (one can set a threshold for a response, but there's always a tipping point where rational people have had enough and choose to fight back.)

Okay, so let's review and make things more concrete. Let's see. Say there is some consensus threshold for a 'successful attack.' You can ask Gavin exactly what the threshold is. Maybe we'd allow him to determine this. I would guess it is around the level that makes a short-term attack earn positive profit.

Consider a miner's options:

If I join an attack and the attack succeeds, tomorrow and the day after that and possibly for all days following we will have selfish mining. Should I care? Yes, today, my ASIC is expensive. Not worth a day of profits, if tomorrow all I have left are a day's worth of selfish mining income in USD and a brand new paperweight.

If I join an attack and the attack fails, then tomorrow we will still have happy days, but I will not have gained any short-term profit from participation. In fact I will have lost revenue. So clearly this is also a no go.

That leaves us with the last option: honest mining. Assume that everyone else approached the problem like me. You can see by reading most comments that they do (even if they don't formally understand why).

If I do not join an attack, then I will earn a fair profit and, as long as everyone else has approached the problem rationally, then tomorrow we will have more happy days of honest mining. And the next day too and the day after...

So what's my dominant strategy? Be honest until someone attacks me and then retaliate as necessary. There are many different sustainable ways of organizing retaliation besides tit for tat. Norms on how to retaliate vary across societies. I trust that the community, and Gavin in particular, could make reasonable judgements on this front. And that is all we need to succeed.

tl;dr bitcoin only has to worry about terrorists; rational miners will never attack, ever*. *(as long as there is modest mining reward)

If you'd like to see some math on this topic, then check out:

http://www.scribd.com/doc/182399858/Cunicula-s-game-theory-primer-pdf

PS. I could use help on the authors' site, 
hackingdistributed.com

The author is aware of my critique, but is refusing to respond. In fact, he deleted the link to my pdf the first time I posted it. As a community, I'd appreciate help in demanding a response from him. Go to the blog and ask questions about how repeated play and retaliation affect his results. When you see these questions, upvote them.

If the community will not help, then I will have to go the long route of posting a formal academic comment on arxiv. This is time consuming. Because I am an economist, arxiv has no positive benefits for my reputation or career. I'm asking for some help so that we can get this addressed in the media and blogosphere without a prolonged academic back and forth.

▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁
        AltCoinInternalExperts                Get Your Altcoin Promoted On Social Media       
▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔
Meni Rosenfeld
Donator
Legendary
*
expert
Offline Offline

Activity: 2016



View Profile WWW
November 10, 2013, 09:33:01 AM
 #198

I'd like to think that people will agree to proof of stake before surrendering bitcoin to government or corporate management, but you may be right. People are extremely stubborn and consensus is a damned hard thing to obtain.
Proof of stake has thus far proven unworkable.

The main problem with Proof of Stake appears to be that is that there is nothing at stake:  In PoW systems you burn energy to mine, and that mining is only worth while if the chain your mining on survives long term, so you are generally incentive mine the chain most likely to survive. In PoS the rational strategy is to mine all possible forks constantly, because doing so costs you nothing.
My proposal very clearly and explicitly penalizes stakeholders who try to sign conflicting blocks. This line has been there for 1.5 years - "If an address signs two conflicting blocks, its weight is reset to 0. This is to limit the power of malicious stakeholders. "

I'm not saying this will work perfectly, but to claim that no consideration has been made to this issue is, as cunicula says, dishonest.

Research into PoS methods is still ongoing.
I understand how the weight is reset to 0. But I can't understand how signature fees will be distributed.
If there's a thread discussing it, please point it to me. Thanks.
One possibility is to have a special sig fee transaction in every signature block, paying out based on a determinstic calculation of signers of the previous signature block, with evidence of double-signing included.

1EofoZNBhWQ3kxfKnvWkhtMns4AivZArhr   |   Who am I?   |   bitcoin-otc WoT
Bitcoil - Exchange bitcoins for ILS (thread)   |   Israel Bitcoin community homepage (thread)
Analysis of Bitcoin Pooled Mining Reward Systems (thread, summary)  |   PureMining - Infinite-term, deterministic mining bond
onedeveloper
Full Member
***
Offline Offline

Activity: 145


View Profile
November 10, 2013, 07:45:51 PM
 #199

After reading almost all of the posts (well, 75% and the last ones, to be honest), I think I've got the gist of this. I will make this short analogy:

- Imagine that the WWII ended with the German coalition (the Axis) winning it over the Allies. What will have happened?

...

Easy! We all be German speakers and we will be trying to discuss "what happens if Allies win the war?".

Even if Bitcoin suffers a 51% attack, there will STILL be Bitcoins. Maybe not so attractive to newcomers in the initial stages, but ... What's the incentive for the winners of the 51% attack now that they dictate the laws and that they have all the BTC? Use a "cart full of BTC" to buy just a bread bar?

After the attack (any attack) is successful, Bitcoin will prevail because they will need to profit from their attack. Take into account someone has paid for the equipment and the electricity, network, and other mining-related costs...

The main problem is the BTC loosers, the people that had a sizeable amount of BTC stored and that now have nothing. It will then be time to steal it or to sell them anything for BTC or to retaliate somehow. So no, Bitcoin mining is not vulnerable. Bitcoins are a risky investment.

What Bitcoin needs is to be a de-facto currency in the real world. This way nobody will attack it more than they try to steal a bank in the real world.

This is my humble opinion, of course, and I can be flat-out wrong so criticism is welcome Smiley

Meni Rosenfeld
Donator
Legendary
*
expert
Offline Offline

Activity: 2016



View Profile WWW
November 10, 2013, 08:11:14 PM
 #200

The main problem is the BTC loosers, the people that had a sizeable amount of BTC stored and that now have nothing. It will then be time to steal it or to sell them anything for BTC or to retaliate somehow. So no, Bitcoin mining is not vulnerable. Bitcoins are a risky investment.
I don't think even the authors claim this attack can be used to take bitcoins away from those who already have them.

1EofoZNBhWQ3kxfKnvWkhtMns4AivZArhr   |   Who am I?   |   bitcoin-otc WoT
Bitcoil - Exchange bitcoins for ILS (thread)   |   Israel Bitcoin community homepage (thread)
Analysis of Bitcoin Pooled Mining Reward Systems (thread, summary)  |   PureMining - Infinite-term, deterministic mining bond
Pages: « 1 2 3 4 5 6 7 8 9 [10] 11 »  All
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!