Bitcoin Forum
December 08, 2016, 06:25:04 PM *
News: To be able to use the next phase of the beta forum software, please ensure that your email address is correct/functional.
 
   Home   Help Search Donate Login Register  
Pages: « 1 [2] 3 4 5 6 »  All
  Print  
Author Topic: Difficulty adjustment needs modifying  (Read 9318 times)
kano
Legendary
*
Offline Offline

Activity: 1932


Linux since 1997 RedHat 4


View Profile
October 03, 2011, 12:47:34 AM
 #21

Allowing asymmetric adjustments can lead to security problems.  Artforz described a few when this came up on alternate chains.
Yep that's what the first post directly implies Smiley
Asymmetric

However, making the vague 'can lead to security problems' comment is rather pointless.

The obvious security problem would be a sudden drop in difficulty well below the network hash rate.
That's the point of having a delay after a difficulty change and also have the % high

Feel free to suggest values based on some reasonably complex but viable calculation
(mine are just based on a feel of the actual network, watching the difficulty prediction after a change and seeing what happened with the hacks in the scam coins - but 'feeling' are often wrong and that's also why I've wanted to put the idea up for discussion)

I'm sure there are other 'security problems', but at least mention them ...
Even the current bitcoin has a WELL known one - 51% ... that seems to have the only well known reasonable fix of checkpoints that are implemented.

Edit: though I can't find any code to stop a fork from below the checkpoint ... hmm

Pool: https://kano.is BTC: 1KanoiBupPiZfkwqB7rfLXAzPnoTshAVmb
CKPool and CGMiner developer, IRC FreeNode #ckpool and #cgminer kanoi
Help keep Bitcoin secure by mining on pools with Stratum, the best protocol to mine Bitcoins with ASIC hardware
1481221504
Hero Member
*
Offline Offline

Posts: 1481221504

View Profile Personal Message (Offline)

Ignore
1481221504
Reply with quote  #2

1481221504
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1481221504
Hero Member
*
Offline Offline

Posts: 1481221504

View Profile Personal Message (Offline)

Ignore
1481221504
Reply with quote  #2

1481221504
Report to moderator
Gavin Andresen
Legendary
*
qt
Offline Offline

Activity: 1652


Chief Scientist


View Profile WWW
October 03, 2011, 12:59:45 AM
 #22

I'm sure there are other 'security problems', but at least mention them ...

He did. He said ArtForz brought them up in the Alternative Currencies board.

See this thread for details:
  https://bitcointalk.org/index.php?topic=43692.msg521772#msg521772

How often do you get the chance to work on a potentially world-changing project?
kano
Legendary
*
Offline Offline

Activity: 1932


Linux since 1997 RedHat 4


View Profile
October 03, 2011, 01:18:29 AM
 #23

I'm sure there are other 'security problems', but at least mention them ...

He did. He said ArtForz brought them up in the Alternative Currencies board.

See this thread for details:
  https://bitcointalk.org/index.php?topic=43692.msg521772#msg521772

Yes well that one has been discussed to death over there and there is even a fix for it, but no I've not looked at the bitcoin git to see if a related commit has gone in there ...

OK, so that one's OK to ignore. Anyone got some more? Smiley

I am quite serious about this idea because I hear a lot of people saying 'bitcoin will die soon' and although that really doesn't matter, I'm interested in it staying alive and this particular issue is one that could make a hiccough turn into a nightmare.
It is pretty easy to see the problem but (as I said) the solution should be to handle the unexpected case of it happening and otherwise have no effect.

I'm also certain that if the discussion changed to completely replacing the current 2016 method the discussion would go on forever and never be implemented.

Edit: all things in economics have ups and downs, but it's a really good idea to not help the bad downs go down faster yourself.

Pool: https://kano.is BTC: 1KanoiBupPiZfkwqB7rfLXAzPnoTshAVmb
CKPool and CGMiner developer, IRC FreeNode #ckpool and #cgminer kanoi
Help keep Bitcoin secure by mining on pools with Stratum, the best protocol to mine Bitcoins with ASIC hardware
Gavin Andresen
Legendary
*
qt
Offline Offline

Activity: 1652


Chief Scientist


View Profile WWW
October 03, 2011, 01:28:01 AM
 #24

Fine, then ponder this for a while:
  https://bitcointalk.org/index.php?topic=42417.msg517020#msg517020

Executive summary:  asymmetric difficulty adjustments and adjustments based on time are really, really hard to get correct.

I haven't thought about it hard, but I trust ArtForz when he says he thinks it is IMPOSSIBLE to get it right.

How often do you get the chance to work on a potentially world-changing project?
Transisto
Donator
Legendary
*
Offline Offline

Activity: 1624



View Profile WWW
October 03, 2011, 02:01:33 AM
 #25

How much hashing power do people running BF3 have to think this affect Bitcoin ?

10 min for a transaction is already so long than having it take even 30 min would not change usage much.

Sorry I don't see where this is going at all.

... As if not enough people have near free electricity and brought GPU specifically for mining that price of BTC or a game release threaten the network ...
kano
Legendary
*
Offline Offline

Activity: 1932


Linux since 1997 RedHat 4


View Profile
October 03, 2011, 02:41:55 AM
 #26

Fine, then ponder this for a while:
  https://bitcointalk.org/index.php?topic=42417.msg517020#msg517020

Executive summary:  asymmetric difficulty adjustments and adjustments based on time are really, really hard to get correct.

I haven't thought about it hard, but I trust ArtForz when he says he thinks it is IMPOSSIBLE to get it right.

Well that's a link back to around when he first pointed out the issue.
So your saying his fix that even he proposed doesn't work?
(yes I haven't looked at his fix - I guess I was silly to trust ArtForz's comments about there being a fix Tongue)

Anyway, there's a 144 block buffer in my suggestion already (the 12 block test can only re-diff once before the buffer hits again)
My reasoning for the buffer was to avoid statistical variance after a re-diff - but it seems to help with the time problem also.

The 'ArtForz' takeover requires 51% which really is a non issue for the main block chain.
If we suddenly fall low enough for someone to do a 51% takeover (other than a company like MS or google or a large government who could do it now anyway) then with the current software everyone will just ride it straight to the ground anyway due to no re-diff happening ever again.
* kano ... wanders off to read up about the problems with the time fix and who actually implemented it ...

How much hashing power do people running BF3 have to think this affect Bitcoin ?

10 min for a transaction is already so long than having it take even 30 min would not change usage much.

Sorry I don't see where this is going at all.

... As if not enough people have near free electricity and brought GPU specifically for mining that price of BTC or a game release threaten the network ...
Going ... it's about the problem that if the network hash power did drop drastically, then the next difficulty recalculation could end up being weeks or even months away.
That would of course have obvious roll on effects on the new hashing power ... and could lead to a rather drastic downward spiral ... which could lead to all sorts of financial issues and decisions by the few companies/people who do allow BTC payments (among other things)

Edit: as stated in my first post

Pool: https://kano.is BTC: 1KanoiBupPiZfkwqB7rfLXAzPnoTshAVmb
CKPool and CGMiner developer, IRC FreeNode #ckpool and #cgminer kanoi
Help keep Bitcoin secure by mining on pools with Stratum, the best protocol to mine Bitcoins with ASIC hardware
kjj
Legendary
*
Offline Offline

Activity: 1302



View Profile
October 03, 2011, 03:19:10 AM
 #27

Fine, then ponder this for a while:
  https://bitcointalk.org/index.php?topic=42417.msg517020#msg517020

Executive summary:  asymmetric difficulty adjustments and adjustments based on time are really, really hard to get correct.

I haven't thought about it hard, but I trust ArtForz when he says he thinks it is IMPOSSIBLE to get it right.

Well that's a link back to around when he first pointed out the issue.
So your saying his fix that even he proposed doesn't work?
(yes I haven't looked at his fix - I guess I was silly to trust ArtForz's comments about there being a fix Tongue)

Anyway, there's a 144 block buffer in my suggestion already (the 12 block test can only re-diff once before the buffer hits again)
My reasoning for the buffer was to avoid statistical variance after a re-diff - but it seems to help with the time problem also.

The 'ArtForz' takeover requires 51% which really is a non issue for the main block chain.
If we suddenly fall low enough for someone to do a 51% takeover (other than a company like MS or google or a large government who could do it now anyway) then with the current software everyone will just ride it straight to the ground anyway due to no re-diff happening ever again.
* kano ... wanders off to read up about the problems with the time fix and who actually implemented it ...

I'm of the opinion that if there is ever a huge sudden decline in the hashing power, there won't be a system to worry about.

But, since your scenario is about what to do in exactly that situation, you can't hide behind the "but bitcoin is huge" thing any more, because 51% isn't a big deal at that scale.

At any rate, the big problem is that it aligns the incentives in a bad way.  With an asymmetric system, each miner has a personal incentive to join the cabal.  The current system is careful about keeping the interests of each participant aligned with the interests of the system as a whole.

p2pcoin: a USB/CD/PXE p2pool miner - 1N8ZXx2cuMzqBYSK72X4DAy1UdDbZQNPLf - todo
I routinely ignore posters with paid advertising in their sigs.  You should too.
maaku
Legendary
*
expert
Offline Offline

Activity: 905


View Profile
October 03, 2011, 03:47:54 AM
 #28

Unless I'm seriously misunderstanding, no one is discussing asymmetric adjustments here..

You are.  This is exactly what is under discussion.
From the OP: “It would (as I said) be an up or down adjustment test, not just for downward adjustments.”

Maybe I'm misunderstanding what you mean by asymmetric?

EDIT: Regarding ArtForz's attack (the one you linked to), it was against against an off-by-one error in the implementation of bitcoin. That sort of thing is really orthogonal to the discussion here. Unless there is another attack he published that I'm not aware of?

I'm an independent developer working on bitcoin-core, making my living off community donations.
If you like my work, please consider donating yourself: 13snZ4ZyCzaL7358SmgvHGC9AxskqumNxP
Transisto
Donator
Legendary
*
Offline Offline

Activity: 1624



View Profile WWW
October 03, 2011, 03:55:04 AM
 #29

...it's about the problem that if the network hash power did drop drastically, then the next difficulty recalculation could end up being weeks or even months away.
That would of course have obvious roll on effects on the new hashing power ... and could lead to a rather drastic downward spiral ... which could lead to all sorts of financial issues and decisions by the few companies/people who do allow BTC payments (among other things)...

The network hash could drop drastically if ... :

  • New hype game come out : 1-3% drop (very likely, insignificant)
  • Bitcoin price drop to ~1$: 40-50% drop depending on popularity of PFGAs,ASICs (Yes, many people actually pay this little and others use the heat for other purposes.)
    (very unlikely, can be tolerated)
  • Natural disasters of the order to affect ~50% of world population at once for more than 1 month, (Yellowstone ?, Impact ?, Geomagnetic storm ?)
  • Voluntary attempt at destabilizing the network in preparation of 51% attack,  Example: Massive sellout dropping the price to ~1$, combined with a 20-40% addition in hashing power at start of new adjustment (51% attack would now require ~33%) They'd need to attack fast because we'd have time to spread to word and keep mining at lost.
  • ... ?
*Given 1.6m difficulty

kano
Legendary
*
Offline Offline

Activity: 1932


Linux since 1997 RedHat 4


View Profile
October 03, 2011, 05:15:06 AM
 #30

Fine, then ponder this for a while:
  https://bitcointalk.org/index.php?topic=42417.msg517020#msg517020

Executive summary:  asymmetric difficulty adjustments and adjustments based on time are really, really hard to get correct.

I haven't thought about it hard, but I trust ArtForz when he says he thinks it is IMPOSSIBLE to get it right.

Well that's a link back to around when he first pointed out the issue.
So your saying his fix that even he proposed doesn't work?
(yes I haven't looked at his fix - I guess I was silly to trust ArtForz's comments about there being a fix Tongue)

Anyway, there's a 144 block buffer in my suggestion already (the 12 block test can only re-diff once before the buffer hits again)
My reasoning for the buffer was to avoid statistical variance after a re-diff - but it seems to help with the time problem also.

The 'ArtForz' takeover requires 51% which really is a non issue for the main block chain.
If we suddenly fall low enough for someone to do a 51% takeover (other than a company like MS or google or a large government who could do it now anyway) then with the current software everyone will just ride it straight to the ground anyway due to no re-diff happening ever again.
* kano ... wanders off to read up about the problems with the time fix and who actually implemented it ...

I'm of the opinion that if there is ever a huge sudden decline in the hashing power, there won't be a system to worry about.

But, since your scenario is about what to do in exactly that situation, you can't hide behind the "but bitcoin is huge" thing any more, because 51% isn't a big deal at that scale.

At any rate, the big problem is that it aligns the incentives in a bad way.  With an asymmetric system, each miner has a personal incentive to join the cabal.  The current system is careful about keeping the interests of each participant aligned with the interests of the system as a whole.
Hmm misunderstanding there I think.

I'm not hiding behind anything - you obviously misread.
My point says that if that happens it will probably be a scenario that falls into my suggested code 'intercept'.
However, without anything to handle it "everyone will just ride it straight to the ground anyway due to no re-diff happening ever again."

The estimate change I keep seeing for the current difficulty is 7% to 10% as it stands now.
If we see it reach 20% then not having something in place to handle 50% early would be tantamount to bitcoin suicide in my opinion.

I'd also say that everyone would have the same disincentive if the problem occurred.
The death of bitcoin (though that would be an incentive for those who want that ...)
I can't see "the interests of the system as a whole" related to the problem the system ignores if halfway through a 2016 the network hash rate has dropped to 50%
The possibility of a 50% drop causing a downward spiral are not nothing and are not related to aligned incentives at all ...

Pool: https://kano.is BTC: 1KanoiBupPiZfkwqB7rfLXAzPnoTshAVmb
CKPool and CGMiner developer, IRC FreeNode #ckpool and #cgminer kanoi
Help keep Bitcoin secure by mining on pools with Stratum, the best protocol to mine Bitcoins with ASIC hardware
kano
Legendary
*
Offline Offline

Activity: 1932


Linux since 1997 RedHat 4


View Profile
October 03, 2011, 05:19:23 AM
 #31

...it's about the problem that if the network hash power did drop drastically, then the next difficulty recalculation could end up being weeks or even months away.
That would of course have obvious roll on effects on the new hashing power ... and could lead to a rather drastic downward spiral ... which could lead to all sorts of financial issues and decisions by the few companies/people who do allow BTC payments (among other things)...

The network hash could drop drastically if ... :

  • New hype game come out : 1-3% drop (very likely, insignificant)
  • Bitcoin price drop to ~1$: 40-50% drop depending on popularity of PFGAs,ASICs (Yes, many people actually pay this little and others use the heat for other purposes.)
    (very unlikely, can be tolerated)
  • Natural disasters of the order to affect ~50% of world population at once for more than 1 month, (Yellowstone ?, Impact ?, Geomagnetic storm ?)
  • Voluntary attempt at destabilizing the network in preparation of 51% attack,  Example: Massive sellout dropping the price to ~1$, combined with a 20-40% addition in hashing power at start of new adjustment (51% attack would now require ~33%) They'd need to attack fast because we'd have time to spread to word and keep mining at lost.
  • ... ?
*Given 1.6m difficulty

It seems to have dropped as much as 10% at the moment ...

I'm not saying this will happen, I'm suggesting a change in case it does happen.

Think of it this way: Is everyone who takes life insurance suicidal?

Pool: https://kano.is BTC: 1KanoiBupPiZfkwqB7rfLXAzPnoTshAVmb
CKPool and CGMiner developer, IRC FreeNode #ckpool and #cgminer kanoi
Help keep Bitcoin secure by mining on pools with Stratum, the best protocol to mine Bitcoins with ASIC hardware
kjj
Legendary
*
Offline Offline

Activity: 1302



View Profile
October 03, 2011, 05:41:38 AM
 #32

Unless I'm seriously misunderstanding, no one is discussing asymmetric adjustments here..

You are.  This is exactly what is under discussion.
From the OP: “It would (as I said) be an up or down adjustment test, not just for downward adjustments.”

Maybe I'm misunderstanding what you mean by asymmetric?

EDIT: Regarding ArtForz's attack (the one you linked to), it was against against an off-by-one error in the implementation of bitcoin. That sort of thing is really orthogonal to the discussion here. Unless there is another attack he published that I'm not aware of?

If the difficulty adjustment takes fewer blocks in certain circumstances, that is what I mean by asymmetric.  And it can be gamed.

p2pcoin: a USB/CD/PXE p2pool miner - 1N8ZXx2cuMzqBYSK72X4DAy1UdDbZQNPLf - todo
I routinely ignore posters with paid advertising in their sigs.  You should too.
kano
Legendary
*
Offline Offline

Activity: 1932


Linux since 1997 RedHat 4


View Profile
October 03, 2011, 05:49:18 AM
 #33

Unless I'm seriously misunderstanding, no one is discussing asymmetric adjustments here..

You are.  This is exactly what is under discussion.
From the OP: “It would (as I said) be an up or down adjustment test, not just for downward adjustments.”

Maybe I'm misunderstanding what you mean by asymmetric?

EDIT: Regarding ArtForz's attack (the one you linked to), it was against against an off-by-one error in the implementation of bitcoin. That sort of thing is really orthogonal to the discussion here. Unless there is another attack he published that I'm not aware of?
That is the one he's referring to.
I've spent a little time finding related links:

ArtForz' last post about it (Forum time: September 13, 2011, 06:37:13 PM)
https://bitcointalk.org/index.php?topic=42417.msg523751#msg523751
saying that bitcoin doesn't have the fix included

I then went through the bitcoin git and read all the commits since 12/13 Sep:
https://github.com/bitcoin/bitcoin/commits/master

(AND a complete off topic comment on the last lot of commits:
LOL you let namecoin merged mining sneak in - did anyone realise that's what this is?
https://github.com/bitcoin/bitcoin/pull/476
Oh well, I guess it doesn't matter that they will be adding extra non-bitcoin data to the block-chain ...)

ArtForz' comment that there is a fix for the timewarp exploit:
https://bitcointalk.org/index.php?topic=42417.msg523714#msg523714

GG Git: ArtForz' NTP commit:
https://github.com/Lolcust/GeistGeld/commit/a25e1ce480f5bfbf7529bccd56df28b54c0eea77
basically trying to keep bitcoin's time accurate with the -ntp option
(on linux install ntpd as I always have Tongue)

But I can't find the change to the actual calculation ...
and I can't find anything like this link of Gavin's anywhere in GG or bitcoin:
https://bitcointalk.org/index.php?topic=42417.msg517020#msg517020

Pool: https://kano.is BTC: 1KanoiBupPiZfkwqB7rfLXAzPnoTshAVmb
CKPool and CGMiner developer, IRC FreeNode #ckpool and #cgminer kanoi
Help keep Bitcoin secure by mining on pools with Stratum, the best protocol to mine Bitcoins with ASIC hardware
kano
Legendary
*
Offline Offline

Activity: 1932


Linux since 1997 RedHat 4


View Profile
October 03, 2011, 05:51:46 AM
 #34

Unless I'm seriously misunderstanding, no one is discussing asymmetric adjustments here..

You are.  This is exactly what is under discussion.
From the OP: “It would (as I said) be an up or down adjustment test, not just for downward adjustments.”

Maybe I'm misunderstanding what you mean by asymmetric?

EDIT: Regarding ArtForz's attack (the one you linked to), it was against against an off-by-one error in the implementation of bitcoin. That sort of thing is really orthogonal to the discussion here. Unless there is another attack he published that I'm not aware of?

If the difficulty adjustment takes fewer blocks in certain circumstances, that is what I mean by asymmetric.  And it can be gamed.
Yep it may take 1/14 of the blocks when needed.
So how can it be gamed ... unless you are simply referring to Artforz' attack he did on GG?
(that I have made a few comments about in the post above)

Pool: https://kano.is BTC: 1KanoiBupPiZfkwqB7rfLXAzPnoTshAVmb
CKPool and CGMiner developer, IRC FreeNode #ckpool and #cgminer kanoi
Help keep Bitcoin secure by mining on pools with Stratum, the best protocol to mine Bitcoins with ASIC hardware
ArtForz
Sr. Member
****
Offline Offline

Activity: 406


View Profile
October 03, 2011, 06:42:23 AM
 #35

Unless I'm seriously misunderstanding, no one is discussing asymmetric adjustments here..

You are.  This is exactly what is under discussion.
From the OP: “It would (as I said) be an up or down adjustment test, not just for downward adjustments.”

Maybe I'm misunderstanding what you mean by asymmetric?

EDIT: Regarding ArtForz's attack (the one you linked to), it was against against an off-by-one error in the implementation of bitcoin. That sort of thing is really orthogonal to the discussion here. Unless there is another attack he published that I'm not aware of?
That is the one he's referring to.
I've spent a little time finding related links:

ArtForz' last post about it (Forum time: September 13, 2011, 06:37:13 PM)
https://bitcointalk.org/index.php?topic=42417.msg523751#msg523751
saying that bitcoin doesn't have the fix included

I then went through the bitcoin git and read all the commits since 12/13 Sep:
https://github.com/bitcoin/bitcoin/commits/master

(AND a complete off topic comment on the last lot of commits:
LOL you let namecoin merged mining sneak in - did anyone realise that's what this is?
https://github.com/bitcoin/bitcoin/pull/476
Oh well, I guess it doesn't matter that they will be adding extra non-bitcoin data to the block-chain ...)

ArtForz' comment that there is a fix for the timewarp exploit:
https://bitcointalk.org/index.php?topic=42417.msg523714#msg523714

GG Git: ArtForz' NTP commit:
https://github.com/Lolcust/GeistGeld/commit/a25e1ce480f5bfbf7529bccd56df28b54c0eea77
basically trying to keep bitcoin's time accurate with the -ntp option
(on linux install ntpd as I always have Tongue)

But I can't find the change to the actual calculation ...
and I can't find anything like this link of Gavin's anywhere in GG or bitcoin:
https://bitcointalk.org/index.php?topic=42417.msg517020#msg517020

Nope, bitcoin still has the off-by-1, as for now it's deemed "too big to fail" and fixing it would mean a backwards-incompatible change to the blockchain.

The off-by-1 fix is completely orthogonal to the NTP stuff.
It's right here:
https://github.com/Lolcust/GeistGeld/commit/f9523f33ec22e26b7781f5a545fc74b4ecdc31a6#diff-3

Iirc my "why asymmetric diff adjustment is bad" was in a thread discussing SCs adjustment algo, and so far every asymmetric diff adjustment method I bothered to figure out a optimal strategy on has the same problem, a 51% attacker can create more blocks in the same nTime window than "he should be able to" while only doing the same # of hashes as the real chain over the same nTime window. And every time the factor gained happened to come out exactly as the maximum down adjustment over the maximum up adjustment for the same # of blocks.
Trivial example for how time-based has the same flaw, let's say daily retarget and /4 *4 limits
official chain hashes along at difficulty 1 for 2 days, so it has 2 difficulty-days and takes 2 days worth of nTime.
attackers chain has 0 blocks on day 1 (= diff retargets by /4), 8 times the normal blocks at diff 1/4 on day 2 (=diff retargets *4 and is back to 1 afterwards), so the attackers chain has a total of 1/4 * 8 = 2 difficulty-days, starts and ends with diff 1, also takes 2 days worth of nTime, but contains 4 times the # of blocks of the official chain.

bitcoin: 1Fb77Xq5ePFER8GtKRn2KDbDTVpJKfKmpz
i0coin: jNdvyvd6v6gV3kVJLD7HsB5ZwHyHwAkfdw
maaku
Legendary
*
expert
Offline Offline

Activity: 905


View Profile
October 03, 2011, 07:24:14 AM
 #36

Trivial example for how time-based has the same flaw, let's say daily retarget and /4 *4 limits
official chain hashes along at difficulty 1 for 2 days, so it has 2 difficulty-days and takes 2 days worth of nTime.
attackers chain has 0 blocks on day 1 (= diff retargets by /4), 8 times the normal blocks at diff 1/4 on day 2 (=diff retargets *4 and is back to 1 afterwards), so the attackers chain has a total of 1/4 * 8 = 2 difficulty-days, starts and ends with diff 1, also takes 2 days worth of nTime, but contains 4 times the # of blocks of the official chain.
Other clients won't accept the new blockchain unless it represents more work, which at no point it does... unless you side network has 51% the hash power of the main network, which would make this just a fancy 51% attack (50% in this example), and is not exploitable otherwise, no?

I'm an independent developer working on bitcoin-core, making my living off community donations.
If you like my work, please consider donating yourself: 13snZ4ZyCzaL7358SmgvHGC9AxskqumNxP
ArtForz
Sr. Member
****
Offline Offline

Activity: 406


View Profile
October 03, 2011, 07:50:05 AM
 #37

Yep, all the "fucking with timestamps" are "only" worsening the result of 51% attacks.
The problem is this changes the economic incentives of miners, as "defecting" is suddenly a lot more profitable...

Short version of the simple version, cooperators are mining "as planned", defectors fork the chain and communicate to collectively build a alternate version with optimally adjusted timestamps, N is the fraction of "cooperating" hashrate:

Bitcoin as planned:
N = 1 cooperate, everyone gets 1.
N > 0.5 cooperate, cooperators get 1/N, defectors get 0.
N < 0.5 cooperate, cooperators get 0, defectors get 1/(1-N).
N = 0 cooperate, everyone gets 1.

Solidcoin/ixcoin/i0coin/... with *1.1 /4 limits (edit: in theory, as the real chains all also have the same off-by-1 in their retargeting):
N = 1 cooperate, everyone gets 1.
N > 0.5 cooperate, cooperators get 1/N, defectors get 0.
N < 0.5 cooperate, cooperators get 0, defectors get 3.6/(1-N).
N = 0 cooperate, everyone gets 3.6.

Bitcoin with off-by-1:
N = 1 cooperate, everyone gets 1.
N > 0.5 cooperate, cooperators get 1/N, defectors get 0.
N < 0.5 cooperate, cooperators get 0, defectors get near infinite (really (what difficulty should be)/(minimum difficulty)).
N = 0 cooperate, everyone gets near INF.

edit: forgot, all current *1.1 /4 chains *also* have the off-by-1, so it's really "near infinite" for "defectors get a majority" there, too...

bitcoin: 1Fb77Xq5ePFER8GtKRn2KDbDTVpJKfKmpz
i0coin: jNdvyvd6v6gV3kVJLD7HsB5ZwHyHwAkfdw
maaku
Legendary
*
expert
Offline Offline

Activity: 905


View Profile
October 03, 2011, 08:23:16 AM
 #38

Under the “bitcoin as planned” alternative there is no incentive either way, so fix the off-by-1 and make sure adjustments are +/- the same maximum ("symmetric" by everyone but kjj's definition) and we're done, right? In other words, you need the off-by-1 or asymmetry for this to be exploitable, right?

Also, once new coins are not being generated, the issue goes away as well, right? It doesn't matter how many blocks you generate if the entire subsidy is coming from transaction fees (a blocknumber based demurrage would still suffer the same problem, however).

I'm an independent developer working on bitcoin-core, making my living off community donations.
If you like my work, please consider donating yourself: 13snZ4ZyCzaL7358SmgvHGC9AxskqumNxP
Meni Rosenfeld
Donator
Legendary
*
expert
Offline Offline

Activity: 1890



View Profile WWW
October 03, 2011, 08:46:45 AM
 #39

Solidcoin/ixcoin/i0coin/... with *1.1 /4 limits (edit: in theory, as the real chains all also have the same off-by-1 in their retargeting):
N = 1 cooperate, everyone gets 1.
N > 0.5 cooperate, cooperators get 1/N, defectors get 0.
N < 0.5 cooperate, cooperators get 0, defectors get 3.6/(1-N).
N = 0 cooperate, everyone gets 3.6.
Can't this kind of problem be solved with a term corresponding to the I in PID? If more blocks than normal are found consistently, this will kick in and increase the difficulty.

Also, the suggestion in the OP isn't to change the limits asymmetrically. It's to expedite the adjustment when the recent history indicates the next adjustment is expected too far in the future. If the hashrate goes backup, the difficulty can rapidly increase just fine. Maybe even make it so that in this scenario the difficulty can even more easily go up, to further decrease any gameability.

All I'm saying is that just because some alts came up with a half-assed algo, doesn't mean the doomsday problem is unsolvable.


Under the “bitcoin as planned” alternative there is no incentive either way, so fix the off-by-1 and make sure adjustments are +/- the same maximum ("symmetric" by everyone but kjj's definition) and we're done, right? In other words, you need the off-by-1 or asymmetry for this to be exploitable, right?
Done with ArtForz's attack, yes. But not with the problem of the OP.

Also, once new coins are not being generated, the issue goes away as well, right? It doesn't matter how many blocks you generate if the entire subsidy is coming from transaction fees (a blocknumber based demurrage would still suffer the same problem, however).
I believe so. But the dynamics of that era are still not understood well enough even without considering potential attacks.

1EofoZNBhWQ3kxfKnvWkhtMns4AivZArhr   |   Who am I?   |   bitcoin-otc WoT
Bitcoil - Exchange bitcoins for ILS (thread)   |   Israel Bitcoin community homepage (thread)
Analysis of Bitcoin Pooled Mining Reward Systems (thread, summary)  |   PureMining - Infinite-term, deterministic mining bond
Zibbo
Jr. Member
*
Offline Offline

Activity: 58


View Profile
October 03, 2011, 09:13:00 AM
 #40

Wouldn't it be easiest to keep the original retarget algo (with 2016 block window etc), but just do the retargetting more often so that retarget windows overlap? You could retarget every block if you wanted (or every 10 or whatever).

With system like this, for example Namecoin difficulty would have dropped to "profitable" levels a long long time ago, and it would have suffered only a temporary slowdown.

Is there a downside to a system like this that I don't see? Some problem it doesn't solve or some exploit it introduces? It seems so simple :-)
Pages: « 1 [2] 3 4 5 6 »  All
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!