Cracking the Code

[AnonyMint]

I am slightly mistaken. Without checkpoints that prevent a longer chain from going too far backwards in time, a broken SHA-256 could be a serious threat.

If Sha-256 is broken i think the coin is screwed anyway. I mean even private addresses will be a lot less secure.

If I understand correctly, this is important for example because your public address is not revealed until you spend from it. I believe this is a reason why it is suggested not to recycle addresses.

And if elliptical cryptography is ever broken (Schneier and others already don't trust it too much, Lamport signatures is solution to quantum computers), having the public key shielded inside of a SHA-256 hash adds another layer of security. There is some discussion between gmaxell and myself (and others) on that subject a couple/few of months ago in the forum.

But once you've spent an address that risk is gone on the spent address.

So I guess there is some notion that we could quickly update all the hashes on unspent addresses to a new hashes. In the interim, the hacker would only get to know our public keys not our privates ones.

Or am I missing the point?

[1715224054]

1715224054

[1715224054]

1715224054

[1715224054]

1715224054

[AnonyMint]

Upthread those who debated against me stopped after making the point that shorter chain transactions would not be delayed because 100% of the non-mining nodes would ignore the longer chain. I refuted with the argument that they couldn't insure 100% compliance and I listed some motivations which make it difficult to make that assumption in my opinion. They can not argue that the longer chain is not faster, thus relatively speaking I was correct in stating the shorter chain would be significantly slower.

However apparently some weren't convinced that argument of mine is a slam dunk.

So here is the (mini) Spud Webb (not quite a Shaq glass shattered) slam dunk.

The attacker can also apply some his hash rate advantage to sending blocks that have no transactions or which drop certain transactions (such as the non-cartel customers in my Transactions Withholding Attack).

Thus the transactions can also be delayed in the shorter chain too.

Okay I realize the caveats so it isn't quite a Big Shamrock.

Edit: s/minority chain/shorter chain/ above. The shorter chain has a minority of the mining hash rate, yet we arguing whether it will have a minority, majority, or 100% of the non-mining nodes.

[Etlase2]

AnonyMint, a chain which is changing the rules as you say will not affect the chain that is not changing the rules. Neither can or will build off of each other, thus the "longer" chain cannot delay transactions on the shorter chain. If the longer chain diverts hash power to the shorter chain, then it is the same old boring attack as the 51%.

[BurtW]

When presented with two chains, one short which contains all valid blocks and a second which is longer but contains invalid blocks, the system will accept the short chain with the valid blocks and drop the longer chain with the invalid blocks.

No problem so far.  Making a chain with one or more invalid blocks, even if it is longer, is not even an attack per se it is just a huge waste of hashing power.

So, the entire totally theoretical attack hinges on two things being true:

1) The attacker must have a huge amount of hashing in order to create the chain with the invalid block or blocks

2) The attacker must have distributed enough of "their" clients which have been programmed to accept the invalid blocks.

But this is not really an attack, it is just the definition of an alt:  hashing power with a different set of rules + clients that support the different set of rules.

So the "attack" is simply describing the creation of an alt coin - let's call it the AnnoyCoin.  So yes, anyone that wants to can/has/will create an alt coin.  This is nothing new at all.  It is then up to the market to decide which coin to use.  Upon the creation of this new alt coin some may follow it others will not.

I do see the concern that if this AnnoyCoin is created by instantly taking a large chunk of the Bitcoin hashing power then confirmation times will increase until the next adjustment.  So, here is the story as I understand it:

The Annoy Foundation releases a new client.
They get 50% market penetration with their new client (no one notices the changes - unlikely)
They also gain 50% of the hashing power
They switch on the "back door" in all of their clients and also switch their hashing power over to the AnnoyCoin rules
This causes confirmations on the remaining Bitcoin network to double to 20 minutes
People are upset, some sell, prices drop, etc.
Those that wait out the four weeks of long confirmation times are rewarded with cheap coins and normal confirmation times once the difficulty gets adjusted
There are now two coins:  Bitcoin and AnnoyCoin

[sidhujag]

When presented with two chains, one short which contains all valid blocks and a second which is longer but contains invalid blocks, the system will accept the short chain with the valid blocks and drop the longer chain with the invalid blocks.

No problem so far.  Making a chain with one or more invalid blocks, even if it is longer, is not even an attack per se it is just a huge waste of hashing power.

So, the entire totally theoretical attack hinges on two things being true:

1) The attacker must have a huge amount of hashing in order to create the chain with the invalid block or blocks

2) The attacker must have distributed enough of "their" clients which have been programmed to accept the invalid blocks.

But this is not really an attack, it is just the definition of an alt:  hashing power with a different set of rules + clients that support the different set of rules.

So the "attack" is simply describing the creation of an alt coin - let's call it the AnnoyCoin.  So yes, anyone that wants to can/has/will create an alt coin.  This is nothing new at all.  It is then up to the market to decide which coin to use.  Upon the creation of this new alt coin some may follow it others will not.

I do see the concern that if this AnnoyCoin is created by instantly taking a large chunk of the Bitcoin hashing power then confirmation times will increase until the next adjustment.  So, here is the story as I understand it:

The Annoy Foundation releases a new client.
They get 50% market penetration with their new client (no one notices the changes - unlikely)
They also gain 50% of the hashing power
They switch on the "back door" in all of their clients and also switch their hashing power over to the AnnoyCoin rules
This causes confirmations on the remaining Bitcoin network to double to 20 minutes
People are upset, some sell, prices drop, etc.
Those that wait out the four weeks of long confirmation times are rewarded with cheap coins and normal confirmation times once the difficulty gets adjusted
There are now two coins:  Bitcoin and AnnoyCoin

I think we already have merged mine coins that will do what Anonymint wants that is have some kinda inflation aspect to create money velocity.. DeVcoin freicoin ppc xpm on top of my head will do what he wants.. Dvc is the only static supply growth I know of the rest are dynamic and this is a different issue altogether.

[DeathAndTaxes]

So the "attack" is simply describing the creation of an alt coin - let's call it the AnnoyCoin.  So yes, anyone that wants to can/has/will create an alt coin.  This is nothing new at all.  It is then up to the market to decide which coin to use.  Upon the creation of this new alt coin some may follow it others will not.

Exactly but the AnnoyCoin created has such a flawed understanding of Bitcoin he seems to think the creation of this altcoin will somehow stop the existing Bitcoin.

There are now two coins:  Bitcoin and AnnoyCoin

And lets take this a step further.  AnnoyCoin has no advantages over Bitcoin, it also has a massive inflation rate which benefits the dishonest miners at the core of it.  The additional monetary inflation is a wealth transfer from anyone using it to the miners.  Add to that it is centrally controlled by a cartel which has shown itself to be williing to destroy the benefits of Bitcoin for selfish greed.

So it is a free market and people can choose the vastly superior Bitcoin or the AnnoyCoin.   It pretty much is a no brainer.  People would sell off the AnnoyCoin in masses to transfer their wealth to the superior system.  In reality the default choice is Bitcoin as anyone who doesn't download and install the AnnoyCoin client would remain on the real Bitcoin network.  Users on the Bitcoin client would never even SEE the AnnoyCoin blocks, other than a temporary increase in block time there would be no effect on them at all.  So AnnoyCoin will never exist outside of the annoying brain of its creator.

[AnonyMint]

Sorry guys you are still incorrect.

So the "attack" is simply describing the creation of an alt coin - let's call it the AnnoyCoin.  So yes, anyone that wants to can/has/will create an alt coin.  This is nothing new at all.  It is then up to the market to decide which coin to use.  Upon the creation of this new alt coin some may follow it others will not.

Exactly but the AnnoyCoin created has such a flawed understanding of Bitcoin he seems to think the creation of this altcoin will somehow stop the existing Bitcoin.

Incorrect. You are just slow minded or not paying attention. See below.

AnonyMint, a chain which is changing the rules as you say will not affect the chain that is not changing the rules.

Narrowly speaking true. However if you consider all the exogenous factors, it is not true.

Unless the shorter chain will be honored by every non-mining node in the universe (yeah right  ), then the longer chain will fork the ledger, thus double-spends will be possible one on each chain (longer chain would not include blocks from shorter chain that contained coin spends that were already spent on the longer chain). This will cause the shorter and longer chain to become dubious. Thus either there must be convergence on one of the chains else chaos and messy confusion erupts.

Also in my immediately prior post, I explained that if the attacker has more than 50% of the hash rate (i.e. more than 1X the shorter chain's hash rate), it can apply the excess to creating valid blocks in the shorter chain which drop some strategic transactions, thus causing transactions to be delayed in the shorter chain. Apparently that didn't sink in yet for DeathAndTaxes. He is still stuck on the upthread posts, and hasn't caught up to my latest point.

Neither can or will build off of each other, thus the "longer" chain cannot delay transactions on the shorter chain.

The longer chain is always much faster than the shorter chain. I call that a delay. Plus it can delay using excess hash rate to add valid blocks to the shorter chain which drop (some) transactions. By including some (perhaps only its own customers) transactions, Gavin's proposed solution doesn't work.

If the longer chain diverts hash power to the shorter chain, then it is the same old boring attack as the 51%.

Incorrect. It is creating havok in the shorter chain while offering faster transactions in the longer chain.

Also it might even offer feature improvements in the longer chain that the foundation has been unwilling to offer.

Also it might be combined with a cartel, so the cartel's customers (and all their non-mining nodes) are on the longer chain.

Sorry guys. You all lost the argument (not you Etlase2 more to the other antagonists).

I have basically written a user manual teaching Amazon.com how to take over Bitcoin, if this is combined with my Transactions Withholding Attack.

When presented with two chains, one short which contains all valid blocks and a second which is longer but contains invalid blocks, the system will accept the short chain with the valid blocks and drop the longer chain with the invalid blocks.

No problem so far.

Stop right there. You can't guarantee that all non-mining nodes in the universe will adopt the shorter chain, when presented with two or more competing protocol errors to choose between:

a. Bitcoin protocol is to follow the longest chain

b. Bitcoin protocol is not to change the coin supply schedule

Also, the attacker might sweet the incentive to choose #a, by offering more desirable feature improvements to the protocol in the longer chain.

Also the attacker might be aligned with a cartel which has control of significant portion of the customers and the non-mining nodes.

Why are you guys so slow in realizing this?

Making a chain with one or more invalid blocks, even if it is longer, is not even an attack per se it is just a huge waste of hashing power.

Incorrect because of what I have written above.

So, the entire totally theoretical attack hinges on two things being true:

1) The attacker must have a huge amount of hashing in order to create the chain with the invalid block or blocks

Incorrect. I have already explained upthread that the funding for mining in Bitcoin dies, because coin rewards diminish and then the transaction fees must increase as the price of Bitcoin rises, because security of the proof-of-work needs to rise with the value of the Bitcoin economy, which will kill off transactions. And when transaction fees are significant relative to coin rewards the Transactions Withholding Attack is available.

Bitcoin is doomed, and there are even more reasons it is.

2) The attacker must have distributed enough of "their" clients which have been programmed to accept the invalid blocks.

But this is not really an attack, it is just the definition of an alt:  hashing power with a different set of rules + clients that support the different set of rules.


So the "attack" is simply describing the creation of an alt coin - let's call it the AnnoyCoin.

Not a correct analogy to an altcoin, because there is a protocol error in either choice, longer or shorter chain.

And thus Bitcoin is forked with double-spends one in each chain.

penetration with their new client (no one notices the changes - unlikely)

It is irrelevant whether anyone notices there are clients with different choices about which protocol error to choose.

There is nothing that can be done to change the outcome at the point.

The only solution is to not kill the funding for mining so the 50+% attack becomes more difficult to do.

There are now two coins:  Bitcoin and AnnoyCoin

And lets take this a step further.  AnnoyCoin has no advantages over Bitcoin, it also has a massive inflation rate which benefits the dishonest miners at the core of it.  The additional monetary inflation is a wealth transfer from anyone using it to the miners.  Add to that it is centrally controlled by a cartel which has shown itself to be williing to destroy the benefits of Bitcoin for selfish greed.

So it is a free market and people can choose the vastly superior Bitcoin or the AnnoyCoin.   It pretty much is a no brainer.  People would sell off the AnnoyCoin in masses to transfer their wealth to the superior system.  In reality the default choice is Bitcoin as anyone who doesn't download and install the AnnoyCoin client would remain on the real Bitcoin network.  Users on the Bitcoin client would never even SEE the AnnoyCoin blocks, other than a temporary increase in block time there would be no effect on them at all.  So AnnoyCoin will never exist outside of the annoying brain of its creator.

You assume Bitcoin is better, yet I have explained above it is not better for numerous reasons. One big flaw is it doesn't fund mining enough in the future to protect the security. The occurrence of this attack will reveal this to be true, which lowers confidence in the shorter Bitcoin chain forever. The masses don't care about the increase of M in the Quantity Theory of Money they can not even detect it. That is why fiat works so well for the central banks. In fact, you are entirely incorrect (mathematically incongruent) to assume that increases in M are inflationary! That assumption puts your credibility in the toilet.

The masses will be more pissed off about the chaos and double-spends and the fact that Bitcoin is so weak on security.

They are much more likely to accept Amazon.com's choice of the longer chain which works and is secure (from the perspective of the dumb masses who click a 1-click-checkout button).

[Etlase2]

Unless the shorter chain will be honored by every non-mining node in the universe (yeah right  ),

Why would non-mining nodes not honor the real chain? For them not to, they would have to download and accept Amazon.com's version of bitcoin. Highly improbable. While SPV nodes could be fooled, I believe there are people working on allowing full nodes to provide proof to SPV nodes of invalid blocks.

Also in my immediately prior post, I explained that if the attacker has more than 50% of the hash rate (i.e. more than 1X the shorter chain's hash rate), it can apply the excess to creating valid blocks in the shorter chain which drop some strategic transactions, thus causing transactions to be delayed in the shorter chain.

If they have >50%, they can delay transactions indefinitely. Create a competitor and attack bitcoin. Why create this gigantic fabrication to make some ridiculous attack sound viable?

The longer chain is always much faster than the shorter chain. I call that a delay.

This is quite wrong. The difficulty will adjust on both networks as appropriate.

Incorrect. It is creating havok in the shorter chain while offering faster transactions in the longer chain.

Also it might even offer feature improvements in the longer chain that the foundation has been unwilling to offer.

This is called a competitor. Yes, it is possible that competitors will exist in the future--they do now. Hardly a flaw.

[AnonyMint]

Unless the shorter chain will be honored by every non-mining node in the universe (yeah right  ),

Why would non-mining nodes not honor the real chain? For them not to, they would have to download and accept Amazon.com's version of bitcoin. Highly improbable. While SPV nodes could be fooled, I believe there are people working on allowing full nodes to provide proof to SPV nodes of invalid blocks.

Because the customers of Amazon.com click an order button on Amazon.com, they don't download a client. The non-mining node (for all customers) will be on Amazon.com's server.

More importantly because the shorter chain will also contain a protocol error. Clients will have to decide which protocol change is the greater evil. Their perspective will not necessarily be that the longer chain is more evil, as I have explained in the prior post in reply to DeathAndTaxes. In fact, the longer chain is likely to be perceived as superior.

Also in my immediately prior post, I explained that if the attacker has more than 50% of the hash rate (i.e. more than 1X the shorter chain's hash rate), it can apply the excess to creating valid blocks in the shorter chain which drop some strategic transactions, thus causing transactions to be delayed in the shorter chain.

If they have >50%, they can delay transactions indefinitely. Create a competitor and attack bitcoin. Why create this gigantic fabrication to make some ridiculous attack sound viable?

Gavin claims to know an unimplemented solution for that attack, which I linked upthread (page 2 I think) where I mentioned that claim of yours.

The best the attacker can do to avoid Gavin's solution is to include his customers' transactions in the valid blocks to avoid detection by Gavin's solution.

The longer chain is always much faster than the shorter chain. I call that a delay.

This is quite wrong. The difficulty will adjust on both networks as appropriate.

Incorrect because the longer chain has control it can change the protocol for block period of the longer chain to whatever it wants. The shorter chain is stuck at the awful 10 minutes of Bitcoin per confirmation. Plus by making valid blocks with dropped transactions in the shorter chain, the effective delay will be longer than 10 minutes per confirmation. For the Satoshi whitepaper recommended 6-confirmations that is 60 minutes plus the extra delays inserted, so figure upwards of 2 hours or so depending how much hash power the attacker has.

Incorrect. It is creating havok in the shorter chain while offering faster transactions in the longer chain.

Also it might even offer feature improvements in the longer chain that the foundation has been unwilling to offer.

This is called a competitor. Yes, it is possible that competitors will exist in the future--they do now. Hardly a flaw.

The difference is how I explained it to BurtW in the prior post (reread my prior post, I was adding to it as you were replying). There is a protocol error in both the longer and shorter chain. This is much worse for Bitcoin than a better altcoin, it wrecks havoc in Bitcoin's chain.

[Rassah]

AnonyMint doesn't understand how blockchain forking works, and that it creates two distinct currencies instead of one you can double spend. He doesn't understand that invalid blockchains can't include blocks from valid ones, or the other way around, because they are chains with each block needing to reference the prior block. He doesn't understand that clients and nodes enforce Bitcoin rules, not miners, and clients don't care which chain is the longest if the longest is invalid. He also doesn't understand the difference between offchain and onchain transactions, or any of the economics around transaction fees, believing that once block rewards go away, transaction fees will go to zero. He's a newbie, still not understanding a lot about Bitcoin, but he is a loud and obnoxious newbie who, while is impossible to argue with, nevertheless is spreading a lot of useless and incorrect FUD around the forums, which may scare away other newbies. He also loves to hear himself talk, posting all over the forum, linking to his posts in other threads every chance he gets, and even quoting his own posts to reply to himself.

I suggest instead of continuing to allow him to fill thread after thread with his nonsense and continuously burry rebuttals to his idiocy under more FUD, that people simply reply that AnonyMint doesn't understand the system, is wrong, and that others should just ignore him.

[Etlase2]

Because the customers of Amazon.com click an order button on Amazon.com, they don't download a client. The non-mining node (for all customers) will be on Amazon.com's server.

This requires a huge suspension of disbelief, something I am not fond of doing unless I am watching a movie or reading a book. Bitcoin and its ilk, quite unlike EFT, are push transactions, not pull. I'm sure somewhere in the decapages of rants you have on this subject you've touched on this, but I and everyone else following this argument should find it excessively unlikely that the masses will be so willing to give up the newfound power of being their own bank to Amazon or whomever for the sake of "1-click purchases", when the reality is URIs can make it pretty darn close to that as it is.

If this is the basis for your argument, it's pathetic.

Gavin claims to know an unimplemented solution for that attack, which I linked upthread (page 2 I think) where I mentioned that claim of yours.

The best the attacker can do to avoid Gavin's solution is to include his customers' transactions in the valid blocks to avoid detection by Gavin's solution.

I proposed a potential solution over a year and a half ago. Bells, whistles, and/or stagnation of the bitcoin protocol tend to be of higher priority than protecting the block chain.

Incorrect because the longer chain has control it can change the protocol for block period of the longer chain to whatever it wants.

Again, it's an altcoin. Even SPV nodes would reject this as the difficulty between blocks would drop accordingly and would no longer even be valid for those receiving only the headers. Trying to hamfist a change like this on the bitcoin population should be no less difficult than changing the bitcoin protocol itself, therefore there is little advantage to one major cartel over everyone not part of the cartel.

The difference is how I explained it to BurtW in the prior post (reread my prior post, I was adding to it as you were replying). There is a protocol error in both the longer and shorter chain. This is much worse for Bitcoin than a better altcoin, it wrecks havoc in Bitcoin's chain.

Yes, bitcoin is easy to attack, that is nothing new. The cartel attack is unnecessary bloviation.

[AnonyMint]

AnonyMint doesn't understand how blockchain forking works, and that it creates two distinct currencies instead of one you can double spend.

A spend from the blocks prior to the creation of the longer chain, can appear on both the longer chain and to a different recipient on the shorter chain. Forking means all the value from before the fork can be double-spent, one in each chain.

He doesn't understand that invalid blockchains can't include blocks from valid ones, or the other way around, because they are chains with each block needing to reference the prior block.

Correct, but this doesn't stop the attacker from putting valid blocks on the shorter chain which drop transactions.

And it doesn't stop the longer chain from including all the transactions (which are not double-spends) from the shorter chain.

So I don't know why you claim I don't understand that. Nothing I wrote above conflicts with this.

He doesn't understand that clients and nodes enforce Bitcoin rules, not miners, and clients don't care which chain is the longest if the longest is invalid.

Clients and nodes have a rule and that is to choose the longest chain. They need to follow this rule, otherwise proof-of-work isn't secure.

When faced with a block chain which is longest, yet has a protocol variation, the clients and nodes must make a choice of which protocol rule violation they wish to make.

You can not be sure that 100% of clients and nodes will choose the insecure shorter chain. It is provably insecure because the attacker can use the excess hash rate (needs only 50% to create the longer chain, rest is excess) to attack the shorter chain with valid blocks which drop transactions.

If you brain is too slow to get that overall analysis, then it isn't my problem.

He also doesn't understand the difference between offchain and onchain transactions, or any of the economics around transaction fees, believing that once block rewards go away, transaction fees will go to zero.

I did not write transaction fees will go to zero. I wrote the opposite, which is they will either increase too much or they will be insufficient relative to the value that you want the network to have. There is no middle ground between the two bad outcomes with transaction fees. Yes I would prefer to make them zero and perpetual coin rewards in an altcoin, because this would entirely solve the problem of this entire thread.

You proven to me many times in the past in other threads that you are dolt. So please stop wasting my time.

At least try to read more carefully before you embarrass yourself over and over every time you debate me.

I suggest instead of continuing to allow him to fill thread after thread with his nonsense and continuously burry rebuttals to his idiocy under more FUD, that people simply reply that AnonyMint doesn't understand the system, is wrong, and that others should just ignore him.

Well folks that demonstrates that why he is not even reading carefully and making so many embarrassing errors. He is just trying to spread FUD.

[Etlase2]

Clients and nodes have a rule and that is to choose the longest chain. They need to follow this rule, otherwise proof-of-work isn't secure.

When faced with a block chain which is longest, yet has a protocol variation, the clients and nodes must make a choice of which protocol rule violation they wish to make.

There is no choice to be made. The chain is either valid or it is not. A longer chain with invalid blocks (extra coins or modified difficulty or whatever else) does not enter into consideration.

[AnonyMint]

Folks please realize that Etlase2 feels he is a competitor to me because he is working on Decrits (not proof-of-work) and I am possibly working on a proof-of-work altcoin.

So he has a vested interest to discredit any attack I have described which my potential altcoin would fix. This is pure selfishness at the cost of bettering our crypto-currency future. I am very disappointed to see him stoop this low in his ethics. I had higher hopes on him and his altcoin.

Because the customers of Amazon.com click an order button on Amazon.com, they don't download a client. The non-mining node (for all customers) will be on Amazon.com's server.

This requires a huge suspension of disbelief, something I am not fond of doing unless I am watching a movie or reading a book. Bitcoin and its ilk, quite unlike EFT, are push transactions, not pull. I'm sure somewhere in the decapages of rants you have on this subject you've touched on this, but I and everyone else following this argument should find it excessively unlikely that the masses will be so willing to give up the newfound power of being their own bank to Amazon or whomever for the sake of "1-click purchases", when the reality is URIs can make it pretty darn close to that as it is.

If this is the basis for your argument, it's pathetic.

Complete nonsense and FUD.

Spending "one-click" on Amazon would not require that balances be kept offchain in an Amazon wallet. Why do you guys keep repeating this offchain nonsense. I never claimed that!

Amazon's customers will still keep their balances onchain, and the Amazon "1-click" will simply deduct from the block chain with a normal block chain transaction.

The point is Amazon controls the non-mining node which is interfacing with the Bitcoin network.

This is much more convenient for customers and the masses hate difficult things. They will obviously prefer to go click a button at Amazon.com than to download a client and fiddle. Besides Amazon.com may not allow them to use an external client. Most masses go with the flow. They don't give a sh8t about your idealistic view. They just want to complete their order as easily as possible (no downloads, no technical hoops to jump through).

As for the private keys, yes the customer will let Amazon store them, but the balances will still be onchain.

Masses don't want to lose their private keys. They don't want to worry about where they will safe keep them. They don't give a sh8t about your idealistic view of every man is an island hunkered down in their bunker clutching their memory card of private keys in one hand and a shotgun in the other.

Your fanaticism is either feigned or you are in the tinfoil hat category.

Gavin claims to know an unimplemented solution for that attack, which I linked upthread (page 2 I think) where I mentioned that claim of yours.

The best the attacker can do to avoid Gavin's solution is to include his customers' transactions in the valid blocks to avoid detection by Gavin's solution.

I proposed a potential solution over a year and a half ago. Bells, whistles, and/or stagnation of the bitcoin protocol tend to be of higher priority than protecting the block chain.

No disagreement from me.

Incorrect because the longer chain has control it can change the protocol for block period of the longer chain to whatever it wants.

Again, it's an altcoin. Even SPV nodes would reject this as the difficulty between blocks would drop accordingly and would no longer even be valid for those receiving only the headers. Trying to hamfist a change like this on the bitcoin population should be no less difficult than changing the bitcoin protocol itself, therefore there is little advantage to one major cartel over everyone not part of the cartel.

That is an irrelevant point. It adds no strength to your argument that nodes which prefer the shorter chain prefer the shorter chain.

There are many people who want Bitcoin to adopt a shorter block period. Many people know how to alter a few lines in an open source code and offer a binary download. This is only useful if the longer chain exists. A shorter chain fork with a different protocol would not have the same force, because the main chain would be longer and double-spends would not be contentious nor could the attacker significantly disrupt transactions. Not contentious because the masses are not going to approve of a chain that isn't secure because it is shorter and thus weaker security.

And isn't just an altcoin, because of the havok wrecked by double-spends one into each chain and also the attacker's excess hash rate applied to dropping transactions from the shorter chain. No solution can stop the attacker from putting his customers' transactions in those valid blocks on the shorter chain and delaying everyone else in the shorter chain.

The difference is how I explained it to BurtW in the prior post (reread my prior post, I was adding to it as you were replying). There is a protocol error in both the longer and shorter chain. This is much worse for Bitcoin than a better altcoin, it wrecks havoc in Bitcoin's chain.

Yes, bitcoin is easy to attack, that is nothing new. The cartel attack is unnecessary bloviation.

Your (feigned?) tinfoil fanaticism is the only bloviation I see proven.

Clients and nodes have a rule and that is to choose the longest chain. They need to follow this rule, otherwise proof-of-work isn't secure.

When faced with a block chain which is longest, yet has a protocol variation, the clients and nodes must make a choice of which protocol rule violation they wish to make.

There is no choice to be made. The chain is either valid or it is not. A longer chain with invalid blocks (extra coins or modified difficulty or whatever else) does not enter into consideration.

By which Gavin-God do you guarantee that all nodes will choose that choice?

Does your God hold a shotgun to the head of every person and every large Amazon running a node (on behalf of the dumb customers)?

Your definition of "valid" is not enforceable.

[Rassah]

Forking means all the value from before the fork can be double-spent, one in each chain.

No, it can't be. It creates two different coins. You can't double-spend your fake coins on the bitcoin network that rejected your fake blocks. You have coins that can only be spent on the valid chain, and different coins that can be spent on the new invalid chain. It's no more a threat than Litecoin, since people using Bitcoins will simply not accept your invalid coins.

And it doesn't stop the longer chain from including all the transactions (which are not double-spends) from the shorter chain.

This just makes the invalid chain less trustworthy, because while Bitcoin continues to track every coin's history, this invalid chain will keep bringing in outside coins that may or may not even exist any more. It would be as if Bitcoin randomly brought in Litecoin transactions into its blocks. Chaos.

Clients and nodes have a rule and that is to choose the longest chain. They need to follow this rule, otherwise proof-of-work isn't secure.

When faced with a block chain which is longest, yet has a protocol variation, the clients and nodes must make a choice of which protocol rule violation they wish to make.

This is what I mean when I say you don't know how Bitcoin works. Rule #1, always, is to check that each transaction and each block is valid. No rules go before this, and if it is invalid, it is dropped and not even rebroadcast to the other nodes, so invalid transactions and blocks don't even get a chance to propagate through the network. After that the rule about longer chains comes in. Yes, I am 100% sure of this.

I did not write transaction fees will go to zero. I wrote the opposite, which is they will either increase too much or they will be insufficient relative to the value that you want the network to have.

If they are too much, competition in the form of new miners will come in and drive them down. If they are insufficient, private interests will come in to try to secure the network. As I said, this has all been discussed heavily years before you even found out about Bitcoin.

So, let me reiterate:

AnonyMint doesn't understand the system, is wrong, and others should just ignore him.

[BurtW]

Only one question.  You claim that there is a situation with protocol violations "in the chain", in fact the client has to choose between two chains - both with protocol violations.

How did the protocol violations get into the chain?  Invalid blocks are not put in the chain.  Invalid blocks are not forwarded.  The rest of the system does not see invalid blocks and if it does it drops them.

Sure, any miner can spit out an invalid block.  But all the Bitcoin nodes that see it as invalid will drop it.  They will wait for the next valid block to come along and accept that one.

In your scenario this may take a while.  In your scenario there may be several invalid blocks received during that time but the Bitcoin nodes will reject them all and continue to wait for the valid block.

As I said before if you have been able to get an alternate client out there that does accept these invalid blocks then you have simply branched off an alt coin.  Bitcoin remains.  All the Bitcoin clients will continue to ignore all your invalid blocks and wait for valid ones.

Now you say they can take some of their excess hash power and produce valid blocks with only their customers in them - sure that is their right and those blocks will be accepted.  The non-customer transactions will have to wait for a different miner to pick them up and get them into a block.

Every miner is free to pick and choose which transactions they include and which ones they don't.  Nothing new there.

My point is that your scenario where there are protocol violations in the Bitcoin branch makes no sense by definition.  The Bitcoin branch is the one that contains only valid blocks per the Bitcoin protocol.

[Rassah]

Another good example of what I mean is this

As for the private keys, yes the customer will let Amazon store them, but the balances will still be onchain.

If Amazon is holding customers private keys, then Amazon is already holding all of customers money. Completely. There is no need for Amazon to do on-chain transactions, since all that would do is add complexity and expense to their system. But, as I said, AnonyMint doesn't understand the difference or the concepts of on and off chain transactions.

[Phinnaeus Gage]

If I understand correctly, this is important for example because your public address is not revealed until you spend from it.

How many freshly created public addresses that have yet to be funded and linked to is needed to negate the above?

[AnonyMint]

How did the protocol violations get into the chain?  Invalid blocks are not put in the chain.  Invalid blocks are not forwarded.

The shorter chain will indeed ignore the longer chain.

The longer chain can still attack (with excess hash rate) with valid blocks which drop transactions of others in the shorter chain.

The rest of the system does not see invalid blocks and if it does it drops them.

Which system? By which God that holds a gun to the head of every node can you guarantee the voting of nodes for what they prefer?

As I said before if you have been able to get an alternate client out there that does accept these invalid blocks then you have simply branched off an alt coin.  Bitcoin remains.  All the Bitcoin clients will continue to ignore all your invalid blocks and wait for valid ones.

How do define what is "Bitcoin" at that point?

You have the value from the original Bitcoin being double-spent into two competing chains.

Which chain is the correct one?

As a merchant which chain should I accept as valid and why?

And remember the shorter chain will have delayed transactions and be under continual attack. I am pretty sure most people are going to give up on that insecure shorter chain which you call "Bitcoin" and "valid". For the masses it will feel like "invalid". Your technical arguments won't matter at all to them.

[AnonyMint]

Another good example of what I mean is this

As for the private keys, yes the customer will let Amazon store them, but the balances will still be onchain.

If Amazon is holding customers private keys, then Amazon is already holding all of customers money. Completely. There is no need for Amazon to do on-chain transactions, since all that would do is add complexity and expense to their system. But, as I said, AnonyMint doesn't understand the difference or the concepts of on and off chain transactions.

Would you please stop your intentional (as you admitted upthread) FUD. You have made no point at all (including the post before the above quoted one).

Amazon can't go spending the customer's balances. The balances are still onchain and the customer can spend them else where too, not just on Amazon.