Bitcoin Forum
November 12, 2024, 12:15:24 PM *
News: Check out the artwork 1Dq created to commemorate this forum's 15th anniversary
 
   Home   Help Search Login Register More  
Pages: [1] 2 3 »  All
  Print  
Author Topic: How are large mining pools not a threat?  (Read 4576 times)
dperfect (OP)
Newbie
*
Offline Offline

Activity: 28
Merit: 0


View Profile
December 31, 2013, 10:50:26 PM
 #1

There have been a few discussions lately about large mining pools (including GHash and others) and the possible threat of 51% (and other similar) attacks.

In some of these threads, I see people dismissing the threat by saying things along the lines of "why would a pool of significant size do something so stupid so as to destroy the value of their own profits?" Others defend the pools by saying "these are honest, legit people - we can trust them."

At first these arguments seemed to put me at ease, but as I've given it more thought, they're not really sitting right with me.

Consider this analogy:

If we all share the same planet, and any amount of harmful pollution (however insignificant) released into the environment ultimately threatens our own well-being as inhabitants of the planet, then why would any individual or organization chose to continue any operation that releases pollution?
(I'm not trying to start any political debate about the environment here, but I think most would agree that many forms of pollution have at least some kind of detrimental impact on the environment).

The fact of the matter is, it's not a simple winner-takes-all and loser-gets-nothing scenario. We can live with a degree of pollution in the environment if it means we can enjoy the benefits of large-scale manufacturing, transportation, etc.

Self interest (as a whole) is very much tuned to the short term. While the long-term effects of our actions do have a varying degree of weight on our decisions, I think it's safe to say that short-term benefits - in general - take priority over long-term considerations. In a perfect world, perhaps the negative effects of pollution would be felt and shared immediately by all, and the free market alone could adapt and find an appropriate balance. In the real world, however, we rely on regulation to help minimize poor decisions (intended to maximize short-term profits) of self-interested organizations that would negatively impact us all.


Now, going back to Bitcoin....

I've been watching the growth of Bitcoin since around 2010. I strongly believe that Bitcoin (or at least the concept of a decentralized cryptocurrency) is "an idea whose time has come." It provides a solution that (in theory) needs no regulation - except by democratic vote - in order to protect everyone's interests (unlike the example of pollution above). In my mind, Bitcoin's greatest achievement isn't so much technical, but rather social. The brilliance is not in the algorithms used or even in the decentralized network. The real achievement is in engineering incentives that keep the system in check.

The U.S. Constitution was (at least at one time) hailed as a remarkable system that ensured a balance of powers. The United States government has been called "the grand experiment", much in the same way Bitcoin is a great, borderless experiment of a similar nature. Whether it's Bitcoin or a successor to Bitcoin, I think this experiment is here to stay.


So what does this have to do with mining pools? As others have said, I really doubt that any mining pool would be foolish enough to do something completely crazy and destroy all of our trust in Bitcoin overnight - at least not intentionally. But think about it this way: if every bank vault in the world had a vulnerability that you (and only you) could exploit, possibly without detection (or at least with a degree of deniability)... what would you do? I doubt any sane person with that ability would immediately go drain every account they could get their hands on. It would cause global economic collapse - a world where even obscene amounts of money really wouldn't be worth much. You'd probably even tell yourself "I'm an honest person - I'm not touching that money"... until that nagging starts getting stronger and stronger.

Sooner or later, if given the opportunity to take unfair advantage of the system day after day, month after month, I think a lot of otherwise "trustworthy" people/organizations will end up giving in, albeit in subtle ways at first. Most people left to their own devices wouldn't flip a switch (for a reward) to immediately contaminate all of the world's fresh water at once, but if given a million switches each of which contaminates just 1 millionth of the world's fresh water for a substantial reward... I think there'd be some serious switch-flipping going on.


So what am I saying? Basically, I'm more worried now than I've ever been about the future of Bitcoin for one reason: the very real possibility for mining pools to be dishonest and carry out attacks. It's something that we really shouldn't wait to see before trying to address it. I don't care how "trustworthy" this or that pool is. I also don't care if a pool is normally incentivized (by block rewards) to stay honest and play by the rules. Bitcoin was built on the assumption of mistrust by all parties - whether or not their actions are in their own best interest. It needs to be immune to the very real possibility of mining pools abusing power for whatever reason.

No, I don't think any large pool is going to team up with another pool tomorrow and go on a "rampage" destroying all of Bitcoin's value by double-spending, reversing transactions, etc. But I don't KNOW that's not going to happen. It's certainly within the grasp of a couple of the pools at the moment. More likely, such abuse would happen slowly at first (as the pool or pools try not to draw attention). There would be speculation of wrong-doing, but no definite answers at first. The value would fluctuate as some people begin to lose trust in the system, while others would believe the system should self-correct with time. So the pools would continue to take advantage of their power, testing our trust in the system even more. At some point, a cascade of fear and mistrust would trigger panic in the markets, but this time, there would be no recovery...

Am I alone in this fear? I've heard/read that some Bitcoin alternatives are built on proof-of-work systems that are supposedly immune to this sort of thing... How practical are these solutions really, and is there any chance the core Bitcoin devs will modify Bitcoin's algorithms (assuming miners will adopt the change) to incorporate a solution like that? Is there a plan?
jongameson
Member
**
Offline Offline

Activity: 84
Merit: 10


View Profile
January 01, 2014, 02:37:00 AM
 #2

they aren't a threat because they are not nefarious.  
empoweoqwj
Hero Member
*****
Offline Offline

Activity: 518
Merit: 500


View Profile
January 01, 2014, 02:49:07 AM
 #3

You answered your own question ... because destroying the network benefits nobody.
dperfect (OP)
Newbie
*
Offline Offline

Activity: 28
Merit: 0


View Profile
January 01, 2014, 02:58:08 AM
 #4

they aren't a threat because they are not nefarious.  

I hope you're being sarcastic. "Not nefarious" - just like the banks, NSA, government, and pretty much any other organization with power is decidedly not nefarious.
dperfect (OP)
Newbie
*
Offline Offline

Activity: 28
Merit: 0


View Profile
January 01, 2014, 03:13:58 AM
 #5

You answered your own question ... because destroying the network benefits nobody.

Maybe I didn't explain this point clearly enough. Of course no one is going to destroy the network intentionally, especially if they are benefitting from its function.

But if you think someone with (the potential for) a majority of the network's hashing power wouldn't consider a double-spend here and there (possibly getting away with it), you're fooling yourself. No one sets out trying to destroy the environment, but after getting away with a few seemingly insignificant misdeeds, people can and will push the envelope will a false sense of safety and a little greed. In this case, it starts small and snowballs into the network's destruction before anyone realizes what has happened. Even factoring in the possible destruction of the network, such an abuse could actually be quite profitable for a pool if the rewards are quickly converted to other forms of value before Bitcoin's value crashes.

People get greedy - even when it's ultimately self-destructive. History gives us plenty of examples illustrating this.
jongameson
Member
**
Offline Offline

Activity: 84
Merit: 10


View Profile
January 01, 2014, 03:15:05 AM
 #6

unless they can manipulate the price upward, there's no reason to do.  what are they planning to do?  double spend on weed transactions on Silk Road??  happy new year!!
dperfect (OP)
Newbie
*
Offline Offline

Activity: 28
Merit: 0


View Profile
January 01, 2014, 03:24:20 AM
 #7

unless they can manipulate the price upward, there's no reason to do.  what are they planning to do?  double spend on weed transactions on Silk Road??  happy new year!!

Alright, let's try a little thought experiment: suppose for a moment that you (yes, just you) control a majority of the Bitcoin network's hashing power. Is buying weed really the only thing you can think to do? If so, then more power to you - enjoy!

Give it some thought, and I'm sure you can come up with a number of ways to extract value (where that value no longer depends on the price of Bitcoin) in a series of seemingly small abuses that wouldn't draw much attention or cause immediate widespread panic of the network (according to some, this has already happened). At least, not at first.

You may not have any INTENTION to destroy the network, but if you have that kind of power, I'm sorry... it's just a matter of time.
empoweoqwj
Hero Member
*****
Offline Offline

Activity: 518
Merit: 500


View Profile
January 01, 2014, 03:31:57 AM
 #8

unless they can manipulate the price upward, there's no reason to do.  what are they planning to do?  double spend on weed transactions on Silk Road??  happy new year!!

Alright, let's try a little thought experiment: suppose for a moment that you (yes, just you) control a majority of the Bitcoin network's hashing power. Is buying weed really the only thing you can think to do? If so, then more power to you - enjoy!

Give it some thought, and I'm sure you can come up with a number of ways to extract value (where that value no longer depends on the price of Bitcoin) in a series of seemingly small abuses that wouldn't draw much attention or cause immediate widespread panic of the network (according to some, this has already happened). At least, not at first.

You may not have any INTENTION to destroy the network, but if you have that kind of power, I'm sorry... it's just a matter of time.

You realize how big the hashing power of the  network already is right? And getting bigger by the day

All I can suggest is if you believe the 51% attack is bound to happen one day, don't invest anything in bitcoins.

And by the way, this topic has been discussed to death over the last couple of years.
dperfect (OP)
Newbie
*
Offline Offline

Activity: 28
Merit: 0


View Profile
January 01, 2014, 03:33:08 AM
 #9

Here's another point to consider:

If we catch a traditional criminal secretly syphoning money from a bank, we call in the authorities, shut down the operation, and (in many cases) recover the funds.

Now consider what happens on the Bitcoin network: we find evidence of pools abusing their power and... wait, there's not a whole lot we can do other than try and buy/build enough competing mining power. Otherwise, the pool just continues on with criminal behavior day after day while we watch Bitcoin's value suffer. It's either that, or be proactive and stop this kind of attack before it happens and destroys the network.

Food for thought.
empoweoqwj
Hero Member
*****
Offline Offline

Activity: 518
Merit: 500


View Profile
January 01, 2014, 03:37:00 AM
 #10

Here's another point to consider:

If we catch a traditional criminal secretly syphoning money from a bank, we call in the authorities, shut down the operation, and (in many cases) recover the funds.

Now consider what happens on the Bitcoin network: we find evidence of pools abusing their power and... wait, there's not a whole lot we can do other than try and buy/build enough competing mining power. Otherwise, the pool just continues on with criminal behavior day after day while we watch Bitcoin's value suffer. It's either that, or be proactive and stop this kind of attack before it happens and destroys the network.

Food for thought.

How exactly does this criminal pool pull this heist off?
dperfect (OP)
Newbie
*
Offline Offline

Activity: 28
Merit: 0


View Profile
January 01, 2014, 03:39:51 AM
 #11

You realize how big the hashing power of the  network already is right? And getting bigger by the day

All I can suggest is if you believe the 51% attack is bound to happen one day, don't invest anything in bitcoins.

And by the way, this topic has been discussed to death over the last couple of years.

I realize this topic has been beat to death previously, but apparently it hasn't been discussed enough. Otherwise, I believe it would have already been addressed by a change in the protocol and/or algorithms (which hasn't happened).

I do understand the level of hashing power on the network. I also recognize that if just two or three of the large mining pools were to collude, then 51% would easily be within reach. 51% isn't even necessary to attempt and succeed in many cases in such attempts. Is that really so remote a chance?
dperfect (OP)
Newbie
*
Offline Offline

Activity: 28
Merit: 0


View Profile
January 01, 2014, 03:48:33 AM
Last edit: January 01, 2014, 04:04:10 AM by dperfect
 #12

How exactly does this criminal pool pull this heist off?

Well for one, the increasing adoption of Bitcoin by major businesses/retailers is perhaps a double-edged sword in this case.

Every day, more and more people are willing to accept Bitcoin as a form of payment, which means that every day, more and more people are open to loss via double-spend attacks.

In essence, it's basically a form of money laundering where the game is all about converting value from a high-risk store of value to another store of value with lower risk.

EDIT: The difficulty in profiting from an attack vector really shouldn't even have any bearing on the discussion here. The truth is, it's a known vulnerability with possible/proposed solutions that exist, so why is there so much pushback? I really want Bitcoin to succeed in the long run (hence why I'm even posting). I just think this issue deserves more serious attention.
dperfect (OP)
Newbie
*
Offline Offline

Activity: 28
Merit: 0


View Profile
January 03, 2014, 06:47:07 AM
 #13

So... since this topic has apparently been discussed already at length, would someone kindly summarize the current plan for dealing with this type of attack?

Let's put motives aside. As the wiki explains, "if this attack is successfully executed, it will be difficult or impossible to 'untangle' the mess created." Something which, as we know, is easily within reach even now.

Please don't tell me "it's unlikely to happen because mining pools have no reason to do so." That's not an answer to the question.

I'm not trying to make a point here that Bitcoin is flawed; I'm genuinely curious about the current best proposed solution to what I believe is a very real threat.
Peter R
Legendary
*
Offline Offline

Activity: 1162
Merit: 1007



View Profile
January 03, 2014, 08:24:07 AM
Last edit: January 03, 2014, 08:43:36 AM by Peter R
 #14

Even miners controlling large amounts of hash power are significantly limited in their ability to unfairly benefit from their hash power:

Miners can't:

- spend other people's coins
- issue themselves 'extra' bitcoins (beyond the block reward)
- spend coins twice (in a permanent way such that extra coins come into circulation)

Sure they can attempt to "double spend" and be guaranteed to succeed with a certain probability, but this just means they tricked someone into thinking--for only a very short amount of time--that they were paid when in fact they weren't.  When the double spend is complete, everyone will see that the coins were only ever "really spent" once.  This is why you can't withdraw your 1000 BTC jackpot from just-dice.com until your original deposit reaches 7 confirmations.
 

 

Run Bitcoin Unlimited (www.bitcoinunlimited.info)
dperfect (OP)
Newbie
*
Offline Offline

Activity: 28
Merit: 0


View Profile
January 03, 2014, 10:35:55 AM
 #15

Sure they can attempt to "double spend" and be guaranteed to succeed with a certain probability, but this just means they tricked someone into thinking--for only a very short amount of time--that they were paid when in fact they weren't.  When the double spend is complete, everyone will see that the coins were only ever "really spent" once.

So, it's my understanding that GHash recently mined 6 blocks in a row, with 25% of the network hashing power according to blockchain.info. Let's assume they collude with another similarly-sized pool and mine 12 blocks in a row (not unreasonable or particularly unlikely).

With an average time of 10 mins per block, that's 2 hours. I agree - not a LONG time in day-to-day life, but certainly a long time in the digital world. How much time (or how many confirmations) are most reasonable people waiting for these days? A few? Maybe 8 or 10 confirmations for something of high value?

Now, think of all the coins an attacker may have in reserve, and realize that they could easily all be double-spent in that somewhat short time period in transactions where people are being reasonably careful (waiting for several confirmations)... And unlike many other types of fraud, no one can simply reach in the attacker's bank account and seize/recover those funds. Bitcoin merchants & service providers will lose money, and they'll have little recourse.


Let's try some cost/benefit analysis: assuming 12 blocks of double-spend time... (we'll ignore the costs associated with operating the pool's mining resources as the cost will be the same in either scenario)

Opportunity cost to the pool: none if only the double-spend transactions are somehow reversed because you'll still get the block reward for those blocks. Otherwise, if those blocks are completely discarded by the network, then your opportunity cost is 12 * 50 BTC = 600 BTC (plus transaction fees).

Benefit to the pool operator(s) in attack scenario: The value of all coins in possession of the pool operator. Even after the attack is discovered and the double-spends are corrected on the network, you have whatever you spent your coins on + your original coins.

Risk: possible devaluation of Bitcoin if enough people become concerned with what you just did. But let's be honest - no one's going to care about a few double-spends, right?


I'm not talking about going out and "buying some weed" or having a crazy night on the town. There are plenty of businesses now (brick-and-mortar as well as online services and marketplaces) where people are willing to sell high-value items (e.g., exotic cars) for Bitcoin. Heck, many online exchanges only require 8 or 10 confirmations before funds can be traded. In that time, you could literally crash the market with your double-spent funds. Then just as people figure out what you've done, you buy back in as the market is recovering. Your double-spends are corrected by the network, but guess what - you still have all of your original coins + whatever you made while manipulating the market. As long as that's greater than the opportunity cost (accounting for the level of risk you feel it poses to Bitcoin's long-term value), then it makes economic sense to perform the attack.


Or maybe I'm missing something that prevents all of this... if so, please tell me.

But again, the debate really shouldn't even be about the profitability of the attack. It's about looking for real solutions to real problems (which can and will affect the future of Bitcoin), instead of dismissing them as being "unlikely" because "no one would ever want to."
BitThink
Legendary
*
Offline Offline

Activity: 882
Merit: 1000



View Profile
January 03, 2014, 11:07:15 AM
 #16

It does not matter who mined the 12 blocks. If you want to double spend a coin in 12 blocks before (say current block height is 10012, and you want to double spend a coin at 10001), you have to reverse back 12 blocks and begin mining a new block (10001). In the same time, other miners are mining 10013. Your hash rate needs to be faster than all other miners so you can catch up with the main chain before next difficulty adjustment. Don't expect you will finish all blocks 10001 - 10013 before other miners find their block 10013. You have to catch up with them slowly, maybe at block 10033 or even 10133. Before that, all the blocks you mined are treated as orphan blocks.

If you are still mining the shorter chain after next difficulty adjustment, you will never catch up because the other miners mining speed will be doubled due to difficulty decrease.

Moreover, it is very easy for the public to find you are trying to do this malicious thing.
1) The confirmation time of following blocks are doubled, because your hash rate has left to mine a 10001.
2) You've mined many orphaned blocks in a row (10001, 10002, ...) until your chain catches up with the main chain and replace it.
3) All the clients will suffer from a deep reorganization after your chain finally catches up and replace the old block chain.

In short, even if you have 51% hash rate, you will not double spend some coins 12 or even 6 blocks away. Otherwise, it takes a lot of time for you to catch up with the main chain, and people will notice this very easily.
dperfect (OP)
Newbie
*
Offline Offline

Activity: 28
Merit: 0


View Profile
January 03, 2014, 04:48:29 PM
 #17

It does not matter who mined the 12 blocks. If you want to double spend a coin in 12 blocks before (say current block height is 10012, and you want to double spend a coin at 10001), you have to reverse back 12 blocks and begin mining a new block (10001). In the same time, other miners are mining 10013. Your hash rate needs to be faster than all other miners so you can catch up with the main chain before next difficulty adjustment. Don't expect you will finish all blocks 10001 - 10013 before other miners find their block 10013. You have to catch up with them slowly, maybe at block 10033 or even 10133. Before that, all the blocks you mined are treated as orphan blocks.

If you are still mining the shorter chain after next difficulty adjustment, you will never catch up because the other miners mining speed will be doubled due to difficulty decrease.

Moreover, it is very easy for the public to find you are trying to do this malicious thing.
1) The confirmation time of following blocks are doubled, because your hash rate has left to mine a 10001.
2) You've mined many orphaned blocks in a row (10001, 10002, ...) until your chain catches up with the main chain and replace it.
3) All the clients will suffer from a deep reorganization after your chain finally catches up and replace the old block chain.

In short, even if you have 51% hash rate, you will not double spend some coins 12 or even 6 blocks away. Otherwise, it takes a lot of time for you to catch up with the main chain, and people will notice this very easily.

I never said you have to wait for the 12th block to begin spending on transactions that will ultimately be nullified by the pool's private fork of the chain. You begin spending at 10001 (from your example), and you broadcast the private fork at 10012, recovering your spent coins. According to the wiki, with > 50% hashrate, the attack "has a probability of 100% to succeed. Since the attacker can generate blocks faster than the rest of the network, he can simply persevere with his private fork until it becomes longer than the branch built by the honest network"

Again, you don't have to wait - you spend, spend, spend, then magically reveal your fork that nullifies the transactions of the past 2 hours (or however long). Except, whoever sold you good/services in that time (or a middleman like BitPay) doesn't get to magically take back all that you stole.

And no, difficulty adjustments should have nothing to do with the scenario as they happen so infrequently, they really don't affect the outcome.


But still, why are we even talking about how easy it is "for the public to find you are trying to do this malicious thing", or the profitability of such a thing? It doesn't matter!

Let me put it this way:

If tomorrow morning you wake up and find out that some colluding mining pools have (surprise surprise) gone on a large-scale double-spending spree, stealing an enormous amount of value from merchants and service providers, which of the following questions are you going to be asking:

"How did this happen?" - No, because we already know how it will happen.

"Why did they do it?" - No, because who cares? I guarantee you won't be thinking "I sure hope the attackers were profitable in this."

"What can we do to prevent this from continuing to happen?" and "Why the heck didn't we take this threat more seriously?" - Yes, because even discovering who did it and what happened, you'll have little recourse. Sorry, can't whine about it to some central authority that makes everything right. You just have to suck it up (while the attack will likely keep happening, over and over) and try to actually do something about it.


But why wait? Why is this not discussed more seriously? Why isn't this a top priority issue?
Peter R
Legendary
*
Offline Offline

Activity: 1162
Merit: 1007



View Profile
January 03, 2014, 10:47:29 PM
 #18

Sure they can attempt to "double spend" and be guaranteed to succeed with a certain probability, but this just means they tricked someone into thinking--for only a very short amount of time--that they were paid when in fact they weren't.  When the double spend is complete, everyone will see that the coins were only ever "really spent" once.

...many online exchanges only require 8 or 10 confirmations before funds can be traded. In that time, you could literally crash the market with your double-spent funds. Then just as people figure out what you've done, you buy back in as the market is recovering.

Or maybe I'm missing something that prevents all of this... if so, please tell me.

I think one thing you're missing is the fact that the nefarious miner can only succeed with a certain probability.  Consider a nefarious miner with 25% of the global hash power:


The probability that he mines the next block = 25%
The probability that he mines the next two blocks is 0.25 x 0.25 = 6.25%
...
The probability that he mines the next six blocks is 0.25^6 = 0.024%
The probability that he mines the next seven block is 0.25^7 = 0.0061%


Consider your example of double-spending to crash the market: the nefarious miner transfers 10,000 BTC to MtGox to dump, and then starts trying to mine a new chain fast enough that he can "undo" this 10,000 BTC transaction.  While feverishly mining, he waits till his MtGox deposit has confirmed, and then market sells his 10,000 BTC.  Due to slippage he gets significantly below market price.  Then it dawns on him that since he only has 25% of the global hash power, the chances that he will actually succeed in this double-spend attempt is remarkably small.  He literally must perform this fraud attempt hundreds of times before he is likely to succeed.  Each time he fails, he looses a significant amount of his capital (because he just did something stupid like market selling 10,000 coins).  In the extremely unlikely event that he succeeds before he runs out of bitcoins, what he did will be pretty obvious since he would orphan a long valid chain, that, hmm, just happens to correspond with the big dump at MtGox.  
  

Run Bitcoin Unlimited (www.bitcoinunlimited.info)
toast
Sr. Member
****
Offline Offline

Activity: 1582
Merit: 253



View Profile
January 03, 2014, 10:58:36 PM
 #19

I've started a thread about the possibility of subsidizing mining pools that keep themselves under 25% of the total hash power. I think it may be completely feasible to fund this entirely from community donations, assuming funds are spent intelligently. Let me know what you think.

https://bitcointalk.org/index.php?topic=397708.0

.
1xBit.com TICKET RUSH
                                       ▄██▄▄
    ▄▄▄▀▀█████▀▀▄▄▄            ▄▄    ▄███████▄
  ▄▀      ▀█▀      ▀▄        ▄█████████████████▄
 ██▌       █       ▐██      ▄████████████████▀▀██
████▄▄   ▄▄█▄▄   ▄▄████   ▄████████████████▀████
██▀   ▀▀███████▀▀   ▀██▄▄██████████████▀▀███▄▄██
█        █████        ██████████████▀██████▀▀ ▄▀
█       █     █       ███████████▀▀███▀▀▀▀▄▀▀
 █▄▄▄▄▄▀       ▀▄▄▄▄█████████████▀▀
  ▀████▄       ▄███████████████▀▀
    ▀▀▀██▄▄▄▄▄███████████████
               ████████▀▀
               ▀█▄▄▀ ▀
██████████
██
██
██
██
██
██
██
██
██
██
██
██████████
.
BET ON
WORLD CUP &
COLLECT TICKETS!
|.
██████████
██
██
██
██
██
██
██
██
██
██
██
██████████
██████████
██
██
██
██
██
██
██
██
██
██
██
██████████
.
TAKE PART
██████████
██
██
██
██
██
██
██
██
██
██
██
██████████
eleuthria
Legendary
*
Offline Offline

Activity: 1750
Merit: 1007



View Profile
January 03, 2014, 11:00:20 PM
 #20

I think one thing you're missing is the fact that the nefarious miner can only succeed with a certain probability.  Consider a nefarious miner with 25% of the global hash power:


The probability that he mines the next block = 25%
The probability that he mines the next two blocks is 0.25 x 0.25 = 6.25%
...
The probability that he mines the next six blocks is 0.25^6 = 0.024%
The probability that he mines the next seven block is 0.25^7 = 0.0061%


Consider your example of double-spending to crash the market: the nefarious miner transfers 10,000 BTC to MtGox to dump, and then starts trying to mine a new chain fast enough that he can "undo" this 10,000 BTC transaction.  While feverishly mining, he waits till his MtGox deposit has confirmed, and then market sells his 10,000 BTC.  Due to slippage he gets significantly below market price.  Then it dawns on him that since he only has 25% of the global hash power, the chances that he will actually succeed in this double-spend attempt is remarkably small.  He literally must perform this fraud attempt hundreds of times before he is likely to succeed.  Each time he fails, he looses a significant amount of his capital (because he just did something stupid like market selling 10,000 coins).  In the extremely unlikely event that he succeeds before he runs out of bitcoins, what he did will be pretty obvious since he would orphan a long valid chain, that, hmm, just happens to correspond with the big dump at MtGox.  
  


Don't forget that no exchange will actually send your funds instantly, they all wait days/hours, and large transactions are manually processed.  Additionally, a double spend is not only publicly viewable but OBVIOUS once it has successfully happened.  You'd never get any money from the exchange.

RIP BTC Guild, April 2011 - June 2015
Pages: [1] 2 3 »  All
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!