Bitcoin Forum
May 21, 2018, 09:51:21 PM *
News: Latest stable version of Bitcoin Core: 0.16.0  [Torrent]. (New!)
 
   Home   Help Search Donate Login Register  
Pages: 1 2 [All]
  Print  
Author Topic: The invulnerabe Bitcoin myth. (Basic math risk analysis)  (Read 3356 times)
Transisto
Donator
Legendary
*
Offline Offline

Activity: 1718
Merit: 1000



View Profile WWW
November 18, 2011, 04:58:54 AM
 #1

To all people minimizing the threat from the establishments,  / topic "Guy admits it is his job to destroy Bitcoin."

What is required to keep BTC working and safe from a 51% attack  ?
1, Transistors  2, Electricity 3, Balance of power

1. Chips cost money
2. Electricity cost money
3. Money is very unevenly distributed.

Have you ever heard of the CIA cracking password, ?
Have you ever heard of banks using GPU/FPGA to predict markets ?

a: The gov/banks already have/use more computing power than the whole Bitcoin network.
b: They can, in a matter of months, purchase the additional equipment required for a 51% attack (5 Thash/s) for 2 500 000 $ or less, (333mhs@165$), (with consumer GPU, not even ASICS)

Dumping their earned coins on the markets cause the price to fall and make mining unprofitable.
... Feedback loop...
The hash-rate is rising while the price is tanking.

It may not be happening now but the risk is really there.

I think very few people truly realize how small the Bitcoin market is in comparison to the pocket of those who want to keep full control.
A handful of people would spend Billions on that.

Taking a 1 billion $ figure, a 51% attack could happen even if hashing power was 1000x what it is now (yes, 8 Peta hash/s).
(300$ per ghs, with 2011 ASIC technologies)

Ps: Please do not respond only to correct my maths, these are very rough estimate.
1526939481
Hero Member
*
Offline Offline

Posts: 1526939481

View Profile Personal Message (Offline)

Ignore
1526939481
Reply with quote  #2

1526939481
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1526939481
Hero Member
*
Offline Offline

Posts: 1526939481

View Profile Personal Message (Offline)

Ignore
1526939481
Reply with quote  #2

1526939481
Report to moderator
1526939481
Hero Member
*
Offline Offline

Posts: 1526939481

View Profile Personal Message (Offline)

Ignore
1526939481
Reply with quote  #2

1526939481
Report to moderator
1526939481
Hero Member
*
Offline Offline

Posts: 1526939481

View Profile Personal Message (Offline)

Ignore
1526939481
Reply with quote  #2

1526939481
Report to moderator
DeathAndTaxes
Donator
Legendary
*
Offline Offline

Activity: 1218
Merit: 1003


Gerald Davis


View Profile
November 18, 2011, 05:05:48 AM
 #2

Your numbers are wrong.  Not going to waste any more time on them but "the banks" (there is no such single entity) don't have more computing power than Bitcoin.  Bitcoin is larger than 500 largest super computers combined.  

As for a billion dollars.  LOLZ.  Nobody said Bitcoin is invulnerable.  Today it couldn't survive a $1B attack, it also couldn't survive a nuclear holocaust either.  Not many things (hell even countries) can survive a determined enemy w/ $1B budget.

If Bitcoin is large enough to warrant a $1B attack then it is large enough to have the hashing power to survive one.

Quote
b: They can, in a matter of months, purchase the additional equipment required for a 51% attack (5 Thash/s) for 2 500 000 $ or less, (333mhs@165$), (with consumer GPU, not even ASICS)

At least take a slightly less nonsensical stab then $0.5 per MH.  Show me the rig you can build (everything including warehouse space, cooling, power distribution, networking, racks, MB, CPU, RAM, GPU, labor, maintenance, administration, security (you going to leave $20M+ worth of gear unguarded) for $0.50 per MH.  I would like to see that rig.
ALPHA.
Jr. Member
*
Offline Offline

Activity: 42
Merit: 0


View Profile
November 18, 2011, 05:07:45 AM
 #3

a: The gov/banks already have/use more computing power than the whole Bitcoin network.

Nope.

b: They can, in a matter of months, purchase the additional equipment required for a 51% attack (5 Thash/s) for 2 500 000 $ or less, (333mhs@165$), (with consumer GPU, not even ASICS)

Hah. No, here's what will happen. A contractor will come along and say he can do it for 50 mil, alright, with 20 for him and 20 for the other guy and maybe -- just maybe -- 10 mil for the inefficient bureaucrats to do the actual job. People will sit on their asses and twiddle their thumbs while pretending to do the project, then they'll have something horribly obsolete in 2 years or so.

Maybe the banks will do a better job discreetly but I doubt it. They would probably rather destroy bitcoin through FUD. Anyways, don't overestimate a farce of bureaucrats and corporate puppets we call the government. They can hardly do anything right without destroying more wealth along the way.
evoorhees
Legendary
*
Offline Offline

Activity: 994
Merit: 1000


Democracy is the original 51% attack


View Profile
November 18, 2011, 05:11:53 AM
 #4


Dumping their earned coins on the markets cause the price to fall and make mining unprofitable.


Man... almost every day has far more than 7,200 coins sold on the market. Many of these coins are from the mining already. Even if a nefarious entity mined every single coin and sold it, that wouldn't have a lasting or seriously detrimental effect on the market price.

And come on... if a news story like that broke?!  You instantly have a million people around the world suddenly interested in this stuff. Price would not collapse I assure you.

More dangerous than dumping the mined coins is simply manipulating the network with the majority hashing power issue. That's still a legitimate, if unlikely, concern.
Clark
Hero Member
*****
Offline Offline

Activity: 540
Merit: 500


So much code.


View Profile WWW
November 18, 2011, 05:12:31 AM
 #5

I don't see the 51% attack as the weak point of Bitcoin. Establishing an alternate block chain requires more skill than just acquiring the majority of computing power.

The biggest threat to the establishment lies in doing business exclusively in Bitcoin and taking away the banks' precious fees and interest payments on the debt. When small / large business sees that they can save $X M per year in fees, and when consumes are actually able to buy something (in a store) with coins, that's when the real attack begins.

I don't think that the Congress and equivalent ruling bodies of nations have enough foresight to stop this sort of legitimate threat to the coins of the realm.

PGP KEY | 1Bitcoin3Tg2KWyAq3wzivdqwYqGwKYaGd
evoorhees
Legendary
*
Offline Offline

Activity: 994
Merit: 1000


Democracy is the original 51% attack


View Profile
November 18, 2011, 05:12:34 AM
 #6

They would probably rather destroy bitcoin through FUD.

Bingo.
ALPHA.
Jr. Member
*
Offline Offline

Activity: 42
Merit: 0


View Profile
November 18, 2011, 05:14:51 AM
 #7

Look, it makes things easier if we believe that with a large amount of money comes potential evil. To portray coin dumping as a nuclear bomb keeps the world-view in tact. It would be much easier for people's psyche if we keep things that way.  Roll Eyes If you're wealthy, you're evil unless you endorse eugenics or are Micheal Moore.
freequant
Hero Member
*****
Offline Offline

Activity: 770
Merit: 500


View Profile
November 18, 2011, 05:20:46 AM
 #8

The establishment knows not to piss off hackers by challenging them on technical grounds: that tends to yield the exact opposite of the desired outcome.
It is much easier to attack the weak points: communication and public relations.
Phinnaeus Gage
Legendary
*
Offline Offline

Activity: 1358
Merit: 1000


Bitcoin: An Idea Worth Spending


View Profile
November 18, 2011, 05:52:30 AM
 #9

They would probably rather destroy bitcoin through FUD.

Bingo.

I see it somewhat different. Why would the banks destroy it, when there's an opportunity to profit from it? The biggest game in town--housing--bubbled and burst. They (the bank(er)s) are always looking for ways to manipulate their un-fellow man. If China can do it with mining WOW by their prisoners, surely embracing Bitcoin in a creative fashion could reap tremendous rewards.
casascius
Mike Caldwell
VIP
Legendary
*
Offline Offline

Activity: 1386
Merit: 1039


The Casascius 1oz 10BTC Silver Round (w/ Gold B)


View Profile WWW
November 18, 2011, 06:04:52 AM
 #10

I am not too worried about a 51% attack.

A 51% attack endeavors to create blocks without including valid transactions, right?  Either that, or to give us blocks full of spam.

I believe the client should have a means to resubmit an unconfirmed transaction to the network with a transaction fee, or a higher transaction fee, with the network accepting the new transaction as replacing the old one.  This would allow anyone whose transaction doesn't stand out from the spam - or which miners don't seem to want to touch - to get their transaction reprioritized.

With that, any logic added to the client code that ignored blocks that clearly appear to avoid containing valid highest-priority transactions more than a minute or two old would ignore the very blocks an attacker would create.  That could very simply make a 51% attack far less disruptive.  A 51% attack might do little more than exert upward pressure on transaction fees for those who want their transactions confirmed, rather than cripple the network.

Anyone care to refute this crazy thought?


Companies claiming they got hacked and lost your coins sounds like fraud so perfect it could be called fashionable.  I never believe them.  If I ever experience the misfortune of a real intrusion, I declare I have been honest about the way I have managed the keys in Casascius Coins.  I maintain no ability to recover or reproduce the keys, not even under limitless duress or total intrusion.  Remember that trusting strangers with your coins without any recourse is, as a matter of principle, not a best practice.  Don't keep coins online. Use paper or hardware wallets instead.
DeathAndTaxes
Donator
Legendary
*
Offline Offline

Activity: 1218
Merit: 1003


Gerald Davis


View Profile
November 18, 2011, 06:10:40 AM
 #11

I am not too worried about a 51% attack.

A 51% attack endeavors to create blocks without including valid transactions, right?  Either that, or to give us blocks full of spam.

I believe the client should have a means to resubmit an unconfirmed transaction to the network with a transaction fee, or a higher transaction fee, with the network accepting the new transaction as replacing the old one.  This would allow anyone whose transaction doesn't stand out from the spam - or which miners don't seem to want to touch - to get their transaction reprioritized.

With that, any logic added to the client code that ignored blocks that clearly appear to avoid containing valid highest-priority transactions more than a minute or two old would ignore the very blocks an attacker would create.  That could very simply make a 51% attack far less disruptive.  A 51% attack might do little more than exert upward pressure on transaction fees for those who want their transactions confirmed, rather than cripple the network.

Anyone care to refute this crazy thought?



51% attack is 100% control of network.  You can do a lot more than just delay transactions.

For example I buy 100,000 BTC coins from you.  51% and replace that transaction with one where I sent those coins to another address I control.  You see 100,000 coins disappear from your wallet.
tvbcof
Legendary
*
Online Online

Activity: 2506
Merit: 1002


View Profile
November 18, 2011, 06:28:59 AM
 #12

I am not too worried about a 51% attack.

A 51% attack endeavors to create blocks without including valid transactions, right?  Either that, or to give us blocks full of spam.

I believe the client should have a means to resubmit an unconfirmed transaction to the network with a transaction fee, or a higher transaction fee, with the network accepting the new transaction as replacing the old one.  This would allow anyone whose transaction doesn't stand out from the spam - or which miners don't seem to want to touch - to get their transaction reprioritized.

With that, any logic added to the client code that ignored blocks that clearly appear to avoid containing valid highest-priority transactions more than a minute or two old would ignore the very blocks an attacker would create.  That could very simply make a 51% attack far less disruptive.  A 51% attack might do little more than exert upward pressure on transaction fees for those who want their transactions confirmed, rather than cripple the network.

Anyone care to refute this crazy thought?


It seems to me that the most damaging thing about a 51% attack would be psychological.  And that if it happened once, it might be able to happen again and again.

I personally am not to worried about a loss of hashing power due to a BTC value collapse and loss of interest, and a subsequent 51% attack.  It seems to me that a viable Bitcoin system could run fine in a fraction of today's hashing power.  There would have to be a compelling reason to mount a 51% attack and some significant coordination.  Promising some mining pool a bunch of  scamcoins in trade for their cooperation a) probably would not be sufficient motivation, and b) word would get out and a lot of miners would likely not cooperate or switch sides to actively support Bitcoin.  Probably a fair number of them would fire up their idle rigs to protect their BTC hoard.

In a truely crazy world where TPTB somehow gathered enough hashing power to attack Bitcoin successfully on an ongoing basis, there would always exist a 'nuclear option' of changing the code and getting users to upgrade (which seems to be what you are alluding to to some extent.)


Gabi
Legendary
*
Offline Offline

Activity: 1148
Merit: 1008


If you want to walk on water, get out of the boat


View Profile
November 18, 2011, 06:32:19 AM
 #13

Quote
Your numbers are wrong.  Not going to waste any more time on them but "the banks" (there is no such single entity) don't have more computing power than Bitcoin.  Bitcoin is larger than 500 largest super computers combined.  

You forget saying that the 500 computers are made out of CPU, that have big memory and caches too, not of GPU  Roll Eyes

Comparing cpu with gpu is fail, they are 2 very different thing.

Transisto
Donator
Legendary
*
Offline Offline

Activity: 1718
Merit: 1000



View Profile WWW
November 18, 2011, 08:43:48 AM
 #14

Your numbers are wrong.  Not going to waste any more time on them but "the banks" (there is no such single entity) don't have more computing power than Bitcoin.  Bitcoin is larger than 500 largest super computers combined.
Bitcoin can be defined as larger than the top 500 only if you decided to measure power by the amount of one of the most basic form of calculation almost nobody has use for.

What do banks and military agencies use their processing power for ? Competitive advantage.
So you think they'd show they card to everyone ?

... Man... almost every day has far more than 7,200 coins sold on the market. Many of these coins are from the mining already. Even if a nefarious entity mined every single coin and sold it, that wouldn't have a lasting or seriously detrimental effect on the market price.

And come on... if a news story like that broke?!  You instantly have a million people around the world suddenly interested in this stuff. Price would not collapse I assure you.
I won't bother calculating this but take the profit of one week at 2 Ths and dump it every sunday to see where price would be.

What news ? There would be no obvious way to know.

It seems to me that the most damaging thing about a 51% attack would be psychological.  And that if it happened once, it might be able to happen again and again.

...   There would have to be a compelling reason to mount a 51% attack and some significant coordination. Word would get out and a lot of miners would likely not cooperate or switch sides to actively support Bitcoin.  Probably a fair number of them would fire up their idle rigs to protect their BTC hoard.

In a truely crazy world where TPTB somehow gathered enough hashing power to attack Bitcoin successfully on an ongoing basis, there would always exist a 'nuclear option' of changing the code and getting users to upgrade (which seems to be what you are alluding to to some extent.)
I agree with everything you said aside from your uber optimism.
I still don't like the idea of having the future of Bitcoin at the mercy of an old fart billionaire or bureaucrat needing "a compelling reason" to spend 2M$ "to mount a 51% attack"
cbeast
Donator
Legendary
*
Offline Offline

Activity: 1736
Merit: 1000

Let's talk governance, lipstick, and pigs.


View Profile
November 18, 2011, 10:51:32 AM
 #15

I am not too worried about a 51% attack.

A 51% attack endeavors to create blocks without including valid transactions, right?  Either that, or to give us blocks full of spam.

I believe the client should have a means to resubmit an unconfirmed transaction to the network with a transaction fee, or a higher transaction fee, with the network accepting the new transaction as replacing the old one.  This would allow anyone whose transaction doesn't stand out from the spam - or which miners don't seem to want to touch - to get their transaction reprioritized.

With that, any logic added to the client code that ignored blocks that clearly appear to avoid containing valid highest-priority transactions more than a minute or two old would ignore the very blocks an attacker would create.  That could very simply make a 51% attack far less disruptive.  A 51% attack might do little more than exert upward pressure on transaction fees for those who want their transactions confirmed, rather than cripple the network.

Anyone care to refute this crazy thought?



51% attack is 100% control of network.  You can do a lot more than just delay transactions.

For example I buy 100,000 BTC coins from you.  51% and replace that transaction with one where I sent those coins to another address I control.  You see 100,000 coins disappear from your wallet.

Your new transaction would be unconfirmed. The transaction can be resent and your attack would be rejected. You can make another 51% attack, but the odds of being successful depend on variance.

Any significantly advanced cryptocurrency is indistinguishable from Ponzi Tulips.
Littleshop
Legendary
*
Offline Offline

Activity: 1316
Merit: 1000



View Profile WWW
November 18, 2011, 01:10:41 PM
 #16

Your numbers are wrong.  Not going to waste any more time on them but "the banks" (there is no such single entity) don't have more computing power than Bitcoin.  Bitcoin is larger than 500 largest super computers combined.
Bitcoin can be defined as larger than the top 500 only if you decided to measure power by the amount of one of the most basic form of calculation almost nobody has use for.

For the purposes of attacking bitcoin that is exactly how we can and will define it.  Because if you were to attack bitcoin with standard
super computers you would need more then the entire top 500.  You basically proved deathandtaxes point. 


deepceleron
Legendary
*
Offline Offline

Activity: 1512
Merit: 1000



View Profile WWW
November 18, 2011, 01:33:45 PM
 #17

The myth is that there is a "51% attack". You would need to sustain 120 continuous blocks of block solving, outpacing the rest of the Bitcoin network, for us not to just take your alternate blocks and orphan them. Even after that, the longest most difficult blockchain would still come out the winner.
DeathAndTaxes
Donator
Legendary
*
Offline Offline

Activity: 1218
Merit: 1003


Gerald Davis


View Profile
November 18, 2011, 01:36:14 PM
 #18

Your numbers are wrong.  Not going to waste any more time on them but "the banks" (there is no such single entity) don't have more computing power than Bitcoin.  Bitcoin is larger than 500 largest super computers combined.
Bitcoin can be defined as larger than the top 500 only if you decided to measure power by the amount of one of the most basic form of calculation almost nobody has use for.

For the purposes of attacking bitcoin that is exactly how we can and will define it.  Because if you were to attack bitcoin with standard super computers you would need more then the entire top 500.

Exactly.  Looking at pure computational power isn't a measure of utility.  Sure the largest supercomputers have more utility.  They have large amounts of RAM, low latency interconnects, and access to tremendous storage arrays.  Those may make super computers more useful (in terms of the type and scope of problems they can solve) but are utterly useless when it comes to improving hashing performance.

DeathAndTaxes
Donator
Legendary
*
Offline Offline

Activity: 1218
Merit: 1003


Gerald Davis


View Profile
November 18, 2011, 01:44:33 PM
 #19

The myth is that there is a "51% attack". You would need to sustain 120 continuous blocks of block solving, outpacing the rest of the Bitcoin network, for us not to just take your alternate blocks and orphan them. Even after that, the longest most difficult blockchain would still come out the winner.

Well that isn't exactly accurate. It isn't like the bad chain has a "WARNING: THIS IS AN ATTACK CHAIN PLEASE USE THE GOOD CHAIN INSTEAD" sign.  Once it is the longest chain client will orphan the good chain and miners will build off the attack chain.

Also one can pull off a 51% attack in a much shorter time frame.
Deposit 100,000 BTC into Mt. Gox, sell, get Mt. Gox code withdraw.

In "attack chain" (which you keep private until it is 2+ blocks longer than the "good chain") create a transaction which has the same 100,000 BTC but transfer them not to Mt. Gox but instead to an address you control.

Once attack chain is longer, publish it.  Client will orphan the good chain and build off the attack chain as it is longest.  You just minted 100,000 BTC out of thin air and Mt. Gox accounts are now short 100,000 BTC.

Now imagine instead of doing that just once you did it 500 times across 30 different merchants & exchanges.  Also keep the attack chain private longer so that it cause a ripple effect.  i.e. Mt. Gox paid you from the 100,000 BTC account but in the new chain that transaction shows up as "invalid" in your wallet and your coins disapear because history has been rewritten and Mt. Gox never had the coins to pay you to begin with.  Now imagine all the tens of thousands of secondary and tertiary effects.
casascius
Mike Caldwell
VIP
Legendary
*
Offline Offline

Activity: 1386
Merit: 1039


The Casascius 1oz 10BTC Silver Round (w/ Gold B)


View Profile WWW
November 18, 2011, 02:24:39 PM
 #20

I was thinking more like a scenario where someone attempts to attack the whole network... as opposed to double spends. If someone scams me, I am just one guy, not quite the whole network, and I would have some idea of who did it (if they had me mail them coins).

If anyone pulled off a double spend on MtGox that would be devastating but there may also be a countermeasure. If MtGox sent you back at least 1 satoshi of your own coins, your double spend would kill your own withdrawal with it. If MtGox merely combined incoming transactions into a single large transactions at a single address and used it for paying large withdrawals, the double spend would be foiled as well, as it would undo all the outgoing payments made since they received your double spent funds.  They wrote their own bitcoind and could do this if they felt threatened. The only way to scam them would be to withdraw USD in that case, which would offer a trail to follow.

Companies claiming they got hacked and lost your coins sounds like fraud so perfect it could be called fashionable.  I never believe them.  If I ever experience the misfortune of a real intrusion, I declare I have been honest about the way I have managed the keys in Casascius Coins.  I maintain no ability to recover or reproduce the keys, not even under limitless duress or total intrusion.  Remember that trusting strangers with your coins without any recourse is, as a matter of principle, not a best practice.  Don't keep coins online. Use paper or hardware wallets instead.
DeathAndTaxes
Donator
Legendary
*
Offline Offline

Activity: 1218
Merit: 1003


Gerald Davis


View Profile
November 18, 2011, 02:51:47 PM
 #21

I was thinking more like a scenario where someone attempts to attack the whole network... as opposed to double spends. If someone scams me, I am just one guy, not quite the whole network, and I would have some idea of who did it (if they had me mail them coins).

If you have 51% of network power you have 100% control over double spends.  The single example involving you was just that an example.  The double spends wouldn't be a single event.  With 51% network control they would be never ending   Actually the most disruptive attack would be to pulse the network with waves of double spends between periods of "normal" economic activity.  The attacker spends "normally" while simultaneously building attack chain in private.  Attacker publishes "attack chain", watches reversals and regains funds.  Attacker waits, possibly even black-flag operators to encourage confidence in network (it was a one time thing, all we need is more hashing power, I still trust Bitcoin, etc).   Then attacker begins the cycle again.

If the intent of the attack is to disrupt the network then there will be no product to trace.  Put a "win a free coin, free PS3, free giftcard, free silver" contest online and collect addresses of winners/patsies.  Create orders with merchants sending products to winners.  Reverse those transactions and there is no trail to the attacker just thousands of clueless & innocent winners.

BTW I believe a 51% attack is very unlikely.  If Bitcoin remains small nobody will care enough to spend the ~$20M to destroy it.  If Bitcoin becomes popular the cost will rise with transaction volumes*.  At Paypal level volumes and average fee of 0.1% it would require roughly $500M to destroy Bitcoin.  At VISA level transaction volumes it would require $20B to mount a 51% attack.  While attackers could "cheat" and use ASICS if Bitcoin becomes successful enough to warrant ASIC research for attackers ... it will warrant ASIC research for honest miners too.  So please don't take this as believing a 51% attack is probable just pointing out you are incorrect in thinking the damage and scope would be contained.


* This requires a more realistic transaction fee system.  The current fee system is unsustainable and won't be able to protect the network.  IIRC the developers have indicated they intent to push for transaction fee changes so I don't think this is an issue.

Gabi
Legendary
*
Offline Offline

Activity: 1148
Merit: 1008


If you want to walk on water, get out of the boat


View Profile
November 18, 2011, 02:52:25 PM
 #22

Your numbers are wrong.  Not going to waste any more time on them but "the banks" (there is no such single entity) don't have more computing power than Bitcoin.  Bitcoin is larger than 500 largest super computers combined.
Bitcoin can be defined as larger than the top 500 only if you decided to measure power by the amount of one of the most basic form of calculation almost nobody has use for.

For the purposes of attacking bitcoin that is exactly how we can and will define it.  Because if you were to attack bitcoin with standard
super computers you would need more then the entire top 500.  You basically proved deathandtaxes point. 


Ye but why use standard supercomputers?

Standard supercomputers are made out of cpu and have big cache (that's why they use cpu) and memory. Why? Because the problems they tackle, require big cache and memory.

For bitcoin, such things are useless, a gpu is much better. Only an idiot would take 500 supercomputers made out of CPU to attack bitcoin.

DeathAndTaxes
Donator
Legendary
*
Offline Offline

Activity: 1218
Merit: 1003


Gerald Davis


View Profile
November 18, 2011, 03:21:28 PM
 #23

Ye but why use standard supercomputers?

Standard supercomputers are made out of cpu and have big cache (that's why they use cpu) and memory. Why? Because the problems they tackle, require big cache and memory.

For bitcoin, such things are useless, a gpu is much better. Only an idiot would take 500 supercomputers made out of CPU to attack bitcoin.

Please keep up. I never said they did or would be used.  

Just pointing out the claim that "the banks" (this single global banking entity) have more computing power than the Bitcoin network is false.  It is SPECIFICALLY because of specialized hardware (like GPU) and the fact that rigs are so efficient (in terms of cost per unit of Bitcoin work) that makes the claim in the OP false.

While "the banks" have hundreds of millions of dollars in general purpose computing hardware that hardware is ill-suited for attacking Bitcoin network.
Transisto
Donator
Legendary
*
Offline Offline

Activity: 1718
Merit: 1000



View Profile WWW
November 18, 2011, 04:31:22 PM
 #24

I don't know why TOP 500 keep coming-up in the discussion,

It does not matter if Japan is building a 1.3 billion supercomputer, what does matter is the very slim chances a crypto breaking supercomputer would be made public, and that it doesn't cost that much.

Why ? if we knew the CIA had 100 time more powerful cracking powerhouse that expected we could want to use stronger password.

...
While "the banks" have hundreds of millions of dollars in general purpose computing hardware that hardware is ill-suited for attacking Bitcoin network.

If you define general purpose computing hardware as shitloads of FPGA then once reprogramed they may not be that ill-suited to the task.
If we're talking about the CIA having SHA-2 specific ASICs then it may not be that ill-suited to the task either.

It's like saying there is little chance of life in the universe based on what you see with your naked eye.
DeathAndTaxes
Donator
Legendary
*
Offline Offline

Activity: 1218
Merit: 1003


Gerald Davis


View Profile
November 18, 2011, 04:50:32 PM
 #25

It does not matter if Japan is building a 1.3 billion supercomputer, what does matter is the very slim chances a crypto breaking supercomputer would be made public, and that it doesn't cost that much. Why ? if we knew the CIA had 100 time more powerful cracking powerhouse that expected we could want to use stronger password.

If you understood cryptography you would understand how foolish that sounds. 

If you define general purpose computing
hardware as shitloads of FPGA then once reprogramed they may not be that ill-suited to the task.

FPGA are quite expensive.  8TH of FPGA would cost in the ballpark of tens of millions of dollars.  No bank is going to spend tens of millions of dollars to attack Bitcoin.  They generally are worried about the bottom line and outside of an episode of Alias nobody justs blows off tens of millions of dollars of hardware to attack a network that 0.000001% of the planet is using.

Your response ... someday Bitcoin may be a threat. My response ... yeah and when Bitcoin is a threat the network will be 100x larger so the cost now won't be tens of millions but billions of dollars.
btc_artist
Full Member
***
Offline Offline

Activity: 154
Merit: 100


Bitcoin!


View Profile WWW
November 18, 2011, 04:51:28 PM
 #26

This requires a more realistic transaction fee system.  The current fee system is unsustainable and won't be able to protect the network.  IIRC the developers have indicated they intent to push for transaction fee changes so I don't think this is an issue.
What would you see as being a sustainable fee system?  Something like a minimum fee of 0.5% on all transactions-- no minimum, 1BTC maximum?

BTC: 1CDCLDBHbAzHyYUkk1wYHPYmrtDZNhk8zf
LTC: LMS7SqZJnqzxo76iDSEua33WCyYZdjaQoE
DeathAndTaxes
Donator
Legendary
*
Offline Offline

Activity: 1218
Merit: 1003


Gerald Davis


View Profile
November 18, 2011, 05:15:24 PM
 #27

What would you see as being a sustainable fee system?  Something like a minimum fee of 0.5% on all transactions-- no minimum, 1BTC maximum?

Well that is difficult to say because the Bitcoin network has no concept of the actual value being spent.  If I use a 100 BTC address to send you 1 BTC (99 BTC change) Bitcoin the network has no idea if that is 1 BTC or 99 BTC transaction.  It only knows 100 BTC total has been transferred.  So fees will likely never be based on transaction amounts however it is useful to consider the "average fee" relative to useful transaction amount.

To get some ballpark ideas.  A 0.1% "average effective fee" with Paypal level volume ($80B annually) that would be ~$80M in annual transaction fees.  Currently block rewards are worth ~$7M and that collectively "buys" us 8TH in network security.  Granted some miners are unprofitable and likely should quit on economic reasons so maybe it is more realistic to say that $1M in fees buys us ~0.5TH to 1TH in sustainable network security (circa 2011 computing power).

Remember Moore's law will make the nominal hashing power of network rise but we won't be any "safer".  If GPU are twice as cheap one would expect us to have 2x the hashing power but attackers can get 2x the hashing power just as cheaply so any analysis is based on computing power at the time.  The level of security is directly related to annual transaction fees and how much hardware/electricity that buys. So $80M in fees would "buy" us a network roughly 11x as secure as we currently have (in whatever the prevailing hardware of the future is).

Some discussion on future fees and how current setup is unsustainable:
http://bitcoin.stackexchange.com/questions/876/how-much-will-transaction-fees-eventually-be

Simple version the current fees structure ensure that one should never pay more than 1 satoshi for every transaction.  Also no miner has no incentive to exclude a paying transaction no matter how little it pays (unless some future network rules prohibited the transaction as invalid).  Given that dynamic almost all transactions will have a 1 satoshi.  It creates a tragedy of the commons where miners can't force higher prices because there is no disincentive to exclude even a transaction w/ a single satoshi as a fee.

To show how that is unsustainable; even if Bitcoin was worth $1,000 each, 1 satoshi is only 1/1000th of a cent.  To achieve just the current level of network security (costing ~$7M annually) would require 22,000 transactions per second (at BTC: $1K USD & 1 satoshi "average effective fee").
casascius
Mike Caldwell
VIP
Legendary
*
Offline Offline

Activity: 1386
Merit: 1039


The Casascius 1oz 10BTC Silver Round (w/ Gold B)


View Profile WWW
November 18, 2011, 05:35:22 PM
 #28

A while ago, I mentioned that Bitcoin needed a "poison block" feature.  That is, manually given a hash, the bitcoin client will refuse to accept that block into the block chain.  That came up as a random thought in the thread where MtGox sent 2200+ BTC into oblivion.

In the event of a real sustained 51% attack, we're not powerless.

If enough honest mining power could be persuaded to poison blocks understood by consensus to be bad, the honest mining power could fight back.

Right now, the Satoshi client avoids all kinds of centralized control, which presumably it must as the "reference" client.  But as other clients proliferate, having those clients check in with their respective authors might not be viewed as a bad thing (centralized, yes, but anyone can disable the phone home feature or take their money elsewhere and stop using the client anytime if the author abuses the privilege).  The operators of such clients could also command all installations of their clients to reject certain blocks if necessary.

Bottom line, I suppose my suggestion in a nutshell, is that a certain level of democracy is possible - enemies can cause FUD, but individuals can also be empowered to vote out bogus blocks.  Those who run mining pools or develop bitcoin clients will be the most qualified to decide which blocks are bogus, and these are also people who can exert the greatest influence on what honest miners do.


Companies claiming they got hacked and lost your coins sounds like fraud so perfect it could be called fashionable.  I never believe them.  If I ever experience the misfortune of a real intrusion, I declare I have been honest about the way I have managed the keys in Casascius Coins.  I maintain no ability to recover or reproduce the keys, not even under limitless duress or total intrusion.  Remember that trusting strangers with your coins without any recourse is, as a matter of principle, not a best practice.  Don't keep coins online. Use paper or hardware wallets instead.
DeathAndTaxes
Donator
Legendary
*
Offline Offline

Activity: 1218
Merit: 1003


Gerald Davis


View Profile
November 18, 2011, 05:39:07 PM
 #29

A while ago, I mentioned that Bitcoin needed a "poison block" feature.  That is, manually given a hash, the bitcoin client will refuse to accept that block into the block chain.  That came up as a random thought in the thread where MtGox sent 2200+ BTC into oblivion.

In the event of a real sustained 51% attack, we're not powerless.

If enough honest mining power could be persuaded to poison blocks understood by consensus to be bad, the honest mining power could fight back.

Right now, the Satoshi client avoids all kinds of centralized control, which presumably it must as the "reference" client.  But as other clients proliferate, having those clients check in with their respective authors might not be viewed as a bad thing (centralized, yes, but anyone can disable the phone home feature or take their money elsewhere and stop using the client anytime if the author abuses the privilege).  The operators of such clients could also command all installations of their clients to reject certain blocks if necessary.

Bottom line, I suppose my suggestion in a nutshell, is that a certain level of democracy is possible - enemies can cause FUD, but individuals can also be empowered to vote out bogus blocks.  Those who run mining pools or develop bitcoin clients will be the most qualified to decide which blocks are bogus, and these are also people who can exert the greatest influence on what honest miners do.

I think that is a dangerous route to go and can lead to forking the blockchain where part of network this X is bad and part think X is good.  Is subnets have "disagreements" on blocks in their fork you can see even more forking.  Also indentifying a double spend block on a global network w/ millions of daily transactions in real time is tough.
Transisto
Donator
Legendary
*
Offline Offline

Activity: 1718
Merit: 1000



View Profile WWW
November 18, 2011, 05:56:50 PM
 #30

FPGA are quite expensive.  8TH of FPGA would cost in the ballpark of tens of millions of dollars.  No bank is going to spend tens of millions of dollars to attack Bitcoin.  They generally are worried about the bottom line and outside of an episode of Alias nobody justs blows off tens of millions of dollars of hardware to attack a network that 0.000001% of the planet is using.
I'll reply with this : "information technology spending by financial services institutions is expected to reach US$363.8 billion in 2011 (+3.7%)"
Add to that any leftover hardware from the previous years.

It's 0.000001 of their yearly IT spending for 4-5 Ths , yeah, bottom line is that they are evil and have more money than sense.
jetmine
Jr. Member
*
Offline Offline

Activity: 53
Merit: 0


View Profile
November 18, 2011, 07:04:13 PM
 #31

A while ago, I mentioned that Bitcoin needed a "poison block" feature.  That is, manually given a hash, the bitcoin client will refuse to accept that block into the block chain.  That came up as a random thought in the thread where MtGox sent 2200+ BTC into oblivion.

That can't be much more than "a random thought" though!

If the community were to include this, it would open the doors for fraud.  I could repeatedly send my coins from one address to another (all controlled by me).  I would do it very often so that my coins appear in many blocks.  They are all over the blockchain.

I would wait for someone to do a "bad thing".  When it happens, and with a bit of luck, my coins would figurate in the same block as the "bad thing".

Now I'm ready to spend my coins.  Quickly, and while the community still discusses about the "bad thing" and whether or not to use your poison block weapon.  With a bit of luck, the decision is yes.

And the bad block is nuked ...
And the link is broken ...
Home sweet home - my coins back in my wallet!

Think about it.
casascius
Mike Caldwell
VIP
Legendary
*
Offline Offline

Activity: 1386
Merit: 1039


The Casascius 1oz 10BTC Silver Round (w/ Gold B)


View Profile WWW
November 18, 2011, 07:33:35 PM
 #32

A while ago, I mentioned that Bitcoin needed a "poison block" feature.  That is, manually given a hash, the bitcoin client will refuse to accept that block into the block chain.  That came up as a random thought in the thread where MtGox sent 2200+ BTC into oblivion.

That can't be much more than "a random thought" though!

If the community were to include this, it would open the doors for fraud.  I could repeatedly send my coins from one address to another (all controlled by me).  I would do it very often so that my coins appear in many blocks.  They are all over the blockchain.

I would wait for someone to do a "bad thing".  When it happens, and with a bit of luck, my coins would figurate in the same block as the "bad thing".

Now I'm ready to spend my coins.  Quickly, and while the community still discusses about the "bad thing" and whether or not to use your poison block weapon.  With a bit of luck, the decision is yes.

And the bad block is nuked ...
And the link is broken ...
Home sweet home - my coins back in my wallet!

Except home sweet home didn't work out so well - your transaction never gets relayed, it gets rejected as a double spend because it conflicts with an existing transaction now in the memory pool.

Home sweet home only if you are a miner who happens to mine the block that replaces the poisoned one, before your original transaction makes it back into the block chain.

Companies claiming they got hacked and lost your coins sounds like fraud so perfect it could be called fashionable.  I never believe them.  If I ever experience the misfortune of a real intrusion, I declare I have been honest about the way I have managed the keys in Casascius Coins.  I maintain no ability to recover or reproduce the keys, not even under limitless duress or total intrusion.  Remember that trusting strangers with your coins without any recourse is, as a matter of principle, not a best practice.  Don't keep coins online. Use paper or hardware wallets instead.
tvbcof
Legendary
*
Online Online

Activity: 2506
Merit: 1002


View Profile
November 18, 2011, 07:37:58 PM
 #33

A while ago, I mentioned that Bitcoin needed a "poison block" feature.  That is, manually given a hash, the bitcoin client will refuse to accept that block into the block chain.  That came up as a random thought in the thread where MtGox sent 2200+ BTC into oblivion.

That can't be much more than "a random thought" though!

If the community were to include this, it would open the doors for fraud.  I could repeatedly send my coins from one address to another (all controlled by me).  I would do it very often so that my coins appear in many blocks.  They are all over the blockchain.

I would wait for someone to do a "bad thing".  When it happens, and with a bit of luck, my coins would figurate in the same block as the "bad thing".

Now I'm ready to spend my coins.  Quickly, and while the community still discusses about the "bad thing" and whether or not to use your poison block weapon.  With a bit of luck, the decision is yes.

And the bad block is nuked ...
And the link is broken ...
Home sweet home - my coins back in my wallet!

Think about it.


I think that some mechanism to feasibly include a blacklist or replacement list which could somehow take effect if a majority choose to do it may be worthwhile.  If very carefully considered and implemented that is.  This is effectively the same thing as a 'poison block' feature, I think, but possibly more usable.

The idea would be simply to provide a credible defense against an attacker thinking about amassing a sufficient degree of hashing power to attack the system against the will of the users.  The goal would be just to deter such an attempt since it would likely be futile anyway.

In other words, the expectation is that the list would never need to be used and someone sitting around 'waiting for a bad thing' would become old and grey before realizing any satisfaction.


enquirer
Sr. Member
****
Offline Offline

Activity: 297
Merit: 250


View Profile
November 19, 2011, 03:16:06 AM
 #34

Wouldn't it be easier to just 1) seize bitcoin.org, bitcointalk.org and few other domains under money-laundering laws 2) replace bitcoin.exe with the one that sends all of your coins to 1FederalReserveWallet Grin
Transisto
Donator
Legendary
*
Offline Offline

Activity: 1718
Merit: 1000



View Profile WWW
November 19, 2011, 03:23:47 AM
 #35

Wouldn't it be easier to just 1) seize bitcoin.org, bitcointalk.org and few other domains under money-laundering laws 2) replace bitcoin.exe with the one that sends all of your coins to 1FederalReserveWallet Grin
That would make them look bad and would be good publicity for Bitcoin .
Pages: 1 2 [All]
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!