What if Bitcoin had 1 minute block time and 1 minute difficulty retarget

[FutureSeeker2021]

What if Bitcoin had 1 minute block time and 1 minute difficulty re-target?  Wouldn't we get instant transactions and better network speed?

[1714862499]

1714862499

[1714862499]

1714862499

[1714862499]

1714862499

[1714862499]

1714862499

[1714862499]

1714862499

[1714862499]

1714862499

[TangentC]

What if Bitcoin had 1 minute block time and 1 minute difficulty re-target?  Wouldn't we get instant transactions and better network speed?

Yep , but the Bitcoin developers would never do it.

Funny enough , I believe that Doge is 1 minute block time and 1 minute difficulty re-target.

Bitcoin Devs will claim Bitcoin can't do it , but the irony is Doge has been doing it for years.

Bitcoin Devs goals are to force people to use their offchain solutions, so improving bitcoin onchain performance would hinder their efforts. 

[o_e_l_e_o]

Sure, you can speed up confirmations, but you do so at the cost of decentralization and security.

Decreased block time and/or bigger blocks requires more bandwidth and processing power. You then make it less profitable for smaller miners to continue mining, and centralize the hash rate to larger miners.

You also cause increased forks and stale blocks. With the block time being so short, then the chance of two miners mining a block at the same height increases dramatically, as does the chance of both these chains being extended. You therefore increase the risk of double spends, as well as significantly increase the amount of wasted hashrate in the mining process.

And because of all of that, your security is much worse. 1 new confirmation is nowhere near as secure as 1 old confirmation. Double spends are common. Much of the hashrate is wasted, making 51% attacks by the few remaining large miners much easier.

[tbct_mt2]

If Bitcoin has 1 minute block time, exchanges will require 10 or 30 confirmations to credit your deposit amount to your account. They have to increase number of confirmations.

I don't know OP noticed it yet, with altcoin deposits, exchanges will require more confirmations than Bitcoin deposits. With Bitcoin, they require from 1 to 3 confirmations but for altcoins, the number will be higher considerably. This fact is visible answer.

[TangentC]

If Bitcoin has 1 minute block time, exchanges will require 10 or 30 confirmations to credit your deposit amount to your account. They have to increase number of confirmations.

I don't know OP noticed it yet, with altcoin deposits, exchanges will require more confirmations than Bitcoin deposits. With Bitcoin, they require from 1 to 3 confirmations but for altcoins, the number will be higher considerably. This fact is visible answer.

BTC  recommend 3 confirmations.  up to 30 minutes at a 10 minute blockspeed
LTC   recommend 6 confirmations   up to 15 minutes at a 2½ minute blockspeed
Doge recommend 6 confirmations   up to   6 minutes at a 1 minute blockspeed

Any increase in the above by an exchange is a random increase by an exchange
and unnecessary except as an artificial PR trick on the unknowing.

[o_e_l_e_o]

Any increase in the above by an exchange is a random increase by an exchange
and unnecessary except as an artificial PR trick on the unknowing.

If an exchange is happy to accept fewer confirmations then that's their choice, but they are risking the security of their deposits by doing so.

Take a look at the comparisons here: https://howmanyconfs.com/

For Litecoin to reach the same security as 6 Bitcoin confirmations, it requires ~400 confirmations and ~15 hours.
For Dogecoin, it takes ~600 confirmations and ~10 hours.

[Sithara007]

Satoshi kept the average block interval at around 10 minutes and he may have his reasons to do so. There are altcoins such as Doge, which have a lower block interval. I strongly believe that the relatively large gap between the blocks may be one of the ways to enhance security of the Blockchain. If someone steals a large number of coins from an exchange or any other business, then the victims have enough time to inform everyone, so that the BTC to fiat conversion can be blocked.

[TangentC]

Any increase in the above by an exchange is a random increase by an exchange
and unnecessary except as an artificial PR trick on the unknowing.

If an exchange is happy to accept fewer confirmations then that's their choice, but they are risking the security of their deposits by doing so.

Take a look at the comparisons here: https://howmanyconfs.com/

For Litecoin to reach the same security as 6 Bitcoin confirmations, it requires ~400 confirmations and ~15 hours.
For Dogecoin, it takes ~600 confirmations and ~10 hours.

The site is totally bogus, BTC & LTC/Doge are using different mining algorithms.
Name one person that was doublespent on with LTC  with 6 confirms, their are none.
Like I said random increases are chosen to give bitcoiners a false sense of superiority, key word on false.
https://blog.coinbase.com/announcing-new-confirmation-requirements-4a5504ba8d81
As you can see , they randomly changed confirmations with no real data to back up the changes.
They use to make bitcoin wait 6 confirms and LTC only waited 6 for years.
 
 

[ranochigo]

Decreased block time and/or bigger blocks requires more bandwidth and processing power. You then make it less profitable for smaller miners to continue mining, and centralize the hash rate to larger miners.

Mining is already fairly centralized and smaller miners tend to just use a pool for it. It isn't as feasible to be running your own server at home, hosting it in a data center with greater bandwidth and latency is better. Bandwidth requirement does not increase for the mining farm itself then.

You also cause increased forks and stale blocks. With the block time being so short, then the chance of two miners mining a block at the same height increases dramatically, as does the chance of both these chains being extended. You therefore increase the risk of double spends, as well as significantly increase the amount of wasted hashrate in the mining process.

Given the fact that connections has increased so much and that the bandwidth has improved as well, doesn't the argument weakens? Miners almost always attempts to connect to each other directly to avoid stale blocks. The lesser hops there are, the lesser chance of stale blocks. The situation of having more stales is less prominent than when Bitcoin didn't have these many optimizations.

Probability increases assuming the blocks has to propagate through several hops though, which is how most forks are formed nowadays, with at least one of the pool being less known. But wouldn't it make sense for some compromise as well?

And because of all of that, your security is much worse. 1 new confirmation is nowhere near as secure as 1 old confirmation. Double spends are common. Much of the hashrate is wasted, making 51% attacks by the few remaining large miners much easier.

Depends on the probability of fork occurance. Wouldn't it be more secure primarily because it takes more work to get a confirmation with a 10 minute rather than a 1 minute block interval?

[bitmover]

What if Bitcoin had 1 minute block time and 1 minute difficulty re-target?  Wouldn't we get instant transactions and better network speed?

Your idea probably came from this tweet, right?


Changing parameters like this is not the solution. This is nothing new, and this is not a new technology.  This is  a trade off, as o_e_l_e_o explained.

Scalability should not cost decentralization,  which is the reason for bitcoin to exist.

Although there are other blockchains with short block times, like 30 seconds in ethereum, this is not the solution.

If it were that simple, people would just change that parameter and problems would be solved.

And because of all of that, your security is much worse. 1 new confirmation is nowhere near as secure as 1 old confirmation. Double spends are common. Much of the hashrate is wasted, making 51% attacks by the few remaining large miners much easier.

This is what is most wierd. Elon musk is crying about bitcoin energy consumption ,  but his solution would waste (literally) more energy.

[o_e_l_e_o]

Given the fact that connections has increased so much and that the bandwidth has improved as well, doesn't the argument weakens? Miners almost always attempts to connect to each other directly to avoid stale blocks. The lesser hops there are, the lesser chance of stale blocks. The situation of having more stales is less prominent than when Bitcoin didn't have these many optimizations.

But we still have stale blocks with a frequency of somewhere around 0.1% with a block time of 10 minutes. Decreasing that to 1 minute would increase the number of stale blocks exponentially.

The probability of finding a block in time x is given by the equation 1 - e^(-x/y), where y is the expected block time. If we take x = 10 and y = 600, then the chances of finding a block with 10 seconds currently is around 1.65%. If you drop the block time to a minute and make y = 60, then that chance increases to 15.35%. That's a huge increase in stale blocks and a huge increase in wasted hash power.

This is what is most wierd. Elon musk is crying about bitcoin energy consumption ,  but his solution would waste (literally) more energy.

Elon doesn't actually care about the energy consumption (not that it is a major problem to begin with). It was just an easy target for him to use to manipulate the price. The dude launched a car in to space for crying out loud.

[ranochigo]

But we still have stale blocks with a frequency of somewhere around 0.1% with a block time of 10 minutes. Decreasing that to 1 minute would increase the number of stale blocks exponentially.

The probability of finding a block in time x is given by the equation 1 - e^(-x/y), where y is the expected block time. If we take x = 10 and y = 600, then the chances of finding a block with 10 seconds currently is around 1.65%. If you drop the block time to a minute and make y = 60, then that chance increases to 15.35%. That's a huge increase in stale blocks and a huge increase in wasted hash power.

The fork occurs if two different miners were to broadcast their own blocks and the propagation makes it such that different miners are working on different chain and one of the block gets continued. So assuming that, the time it takes for a block to propagate becomes a factor. If the blocks were to be propagated quicker than X, then the chance of a stale block occurring lowers significantly as well. That is assuming two different miners don't mine the blocks at the same time.

Now, there are implementations such as FIBRE which supposedly reduces latency to the range of milliseconds among miners who runs the node. It is unfortunately deprecated now so I can't find any stats on it. If we were to use it in conjunction with FIBRE, then there shouldn't be a very significant increase in the stale. Of course, there is a limit at which stale blocks becomes far more prominent but I'm sure that 10 minutes at 2MB is still quite conservative given the conditions that we have today.

Besides, it is to the miners interest to attempt to reduce their latency as well. I've not really seen a whole lot of stale blocks involving well known miners so much nowadays. It is almost always between a larger mining pool and some miner that didn't tag their own block. I wouldn't be surprised if the larger miners are far more interconnected than the rest of the network using some form of direct connection.

For the record, I don't think 1 minute block would be well supported and might cut too close to the threshold but I find that we could perhaps explore the possibility of capacity increase in Bitcoin either with larger block sizes or block intervals.

[BlackHatCoiner]

Currently watching. These discussions are probably my favourite ones.

BTC  recommend 3 confirmations.  up to 30 minutes at a 10 minute blockspeed
LTC   recommend 6 confirmations   up to 15 minutes at a 2½ minute blockspeed
Doge recommend 6 confirmations   up to   6 minutes at a 1 minute blockspeed

Did you just make up these?

The incident won't be happening every day. And who told you that 6 confirmations are considered secure for Litecoin? Assuming that 1 Bitcoin confirmation is 4 Litecoin confirmations then it's 6*4 = 24. Dogecoin would be 6*10 = 60, because 1 Bitcoin confirmation is equivalent to 10 Dogecoin confirmations in terms of time.

Name one person that was doublespent on with LTC  with 6 confirms, their are none.

If it ever happens once, it'll be a strong evidence of what is secure and what's not. I consider that response really casual, no offense. I'm personally fine with one confirmation, but if I ever wanted to transact huge amounts, I wouldn't risk it. Recently, the chain was reorganized because two miners mined the same block at the same time. The transactions on the abandoned block are now invalid.

Take a look at the comparisons here: https://howmanyconfs.com/

Something must go wrong. This site calculates the equivalent time of 6 Bitcoin confirmations compared with other cryptocurrencies, based on their offered work. Correct me if I'm wrong, but the offered work refrains from security. Isn't the distribution of the hash rate that matters?

[o_e_l_e_o]

So assuming that, the time it takes for a block to propagate becomes a factor.

What is the average time for any given node to receive a newly mined block, though? If it is around 10 seconds as I used in my example above, then we are still looking at a greater than 9 fold increase in the number of stale blocks by reducing the block time to 1 minute. Sure, if we can speed up propagation through the network then this improves, but it still tends toward centralization because it gives larger miners who will receive blocks first a greater advantage than at present.

I don't think that reducing the block time is the correct approach to scaling anyway. Even if you drop it down to 1 minute, for example, then that is still too long for the "buying coffee" scenario, and thanks to the exponential distribution of blocks you will still see plenty of blocks which take >5 minutes to be found. You would need to wait just as long for the same amount of security as you do on the current chain, if not longer since more hash rate is being wasted mining stale blocks.

Something must go wrong. This site calculates the equivalent time of 6 Bitcoin confirmations compared with other cryptocurrencies, based on their offered work. Correct me if I'm wrong, but the offered work refrains from security. Isn't the distribution of the hash rate that matters?

You can consider it using simple math. Let's say two coins both have 100 hashes per second of mining power. Coin X has a 1 minute block time, while coin Y has a 10 minute block time. After 6 confirmations, coin X will have done 6 minutes of work, which would be 36,000 hashes (on average). After 6 confirmations, coin Y will have done 60 minutes of work, which would be 360,000 hashes (on average). 6 confirmations on both coins are not equivalent in terms of security, even before you consider any differences in hash rate.

[ranochigo]

What is the average time for any given node to receive a newly mined block, though? If it is around 10 seconds as I used in my example above, then we are still looking at a greater than 9 fold increase in the number of stale blocks by reducing the block time to 1 minute. Sure, if we can speed up propagation through the network then this improves, but it still tends toward centralization because it gives larger miners who will receive blocks first a greater advantage than at present.

Back in 2017, the 50th percentile as mentioned by Bitcoinstats.com is ~2s but the 90th percentile will definitely take some time. It is to the best interest of the miners to be included as upper bound of 50th percentile. It is to the best interest of the miners to be as well connected to each other as possible, while centralization concerns are valid, it becomes less if the time it takes to propagate through the network is fairly quick and it isn't illogical to assume every miners will try to get the best possible connection.

Certain miners are more well connected than the rest as of now, either through zombie nodes or a similar implementation to FIBRE.

I don't think that reducing the block time is the correct approach to scaling anyway. Even if you drop it down to 1 minute, for example, then that is still too long for the "buying coffee" scenario, and thanks to the exponential distribution of blocks you will still see plenty of blocks which take >5 minutes to be found. You would need to wait just as long for the same amount of security as you do on the current chain, if not longer since more hash rate is being wasted mining stale blocks.

I don't disagree but that is assuming stales are still occurring on a regular basis. Since 10 minutes essentially represents 10 minute worth of PoW mining and thus a higher cost, doesn't it make sense for merchants to be still allowing 1 confirmations? The need for a 10 minute confirmation as a measure of security can be quite overblown at times; I find it sufficient for half or 10 times less of the current opportunity cost for something that costs $1.

If it ever happens once, it'll be a strong evidence of what is secure and what's not. I consider that response really casual, no offense. I'm personally fine with one confirmation, but if I ever wanted to transact huge amounts, I wouldn't risk it. Recently, the chain was reorganized because two miners mined the same block at the same time. The transactions on the abandoned block are now invalid.

Transactions are not invalid after getting mined in a stale block. In fact, large proportion of the transactions are probably included in both the blocks and thus no matter which fork prevails, your transaction has already been included in the chain. Stale blocks are not a very serious security risk, if the transactions pay enough fees,  then there is a high probability of them being included in both the blocks. It does make it easier for someone to double spend if merchants starting accepting 1-2 confirmations if stale are very prone, which makes it a risk and people can probably exploit it without much effort.

Something must go wrong. This site calculates the equivalent time of 6 Bitcoin confirmations compared with other cryptocurrencies, based on their offered work. Correct me if I'm wrong, but the offered work refrains from security. Isn't the distribution of the hash rate that matters?

No. The cost of re-organizing the blocks is what matters. It doesn't exactly matter if I have 60% of the hashrate, I can easily do a 51% attack but there is no incentives as it is far more expensive than to just mine as an honest entity.

[NotATether]

Changing parameters like this is not the solution. This is nothing new, and this is not a new technology.  This is  a trade off, as o_e_l_e_o explained.

This.

I wish more people understood that you can't just change blockchains by tweaking a bunch of parameters, actual work inside the protocol and consensus must be done to create the specifications which will make your intended effect in the first place.

Because node count will not increase 10X after doing his proposed changes, for example.

But this requires actual programming knowledge and when was the last time you saw an [enterprise, but only because it's a buzzword] blockchain head/visionary/etc who knows C++? And unfortunately, too many people with just theories with no implementation are leading these kinds of projects. Blockchains are sensitive applications where a single code mistake can irrevocably change the protocol. Why do you think we have to add OP_0 at the beginning of multisig scriptSig, or the first block not having any effect on difficulty time, or the average block time being just a little off from 10 minutes because of some precision error? They are all bugs turned unintentional specs.

[BlackHatCoiner]

After 6 confirmations, coin X will have done 6 minutes of work, which would be 600 hashes (on average).

Wouldn't it be total_seconds * hashes_per_sec? In this case, wouldn't it be 360 * 100 = 36,000 hashes ever 6 minutes of work on average?

6 confirmations on both coins are not equivalent in terms of security, even before you consider any differences in hash rate.

Their offered work isn't the same on these confirmations, I get it. But if the hash rate isn't “fairly” distributed then someone could offer more work in a certain time period and hence, more proof.

No. The cost of re-organizing the blocks is what matters. It doesn't exactly matter if I have 60% of the hashrate, I can easily do a 51% attack but there is no incentives as it is far more expensive than to just mine as an honest entity.

Does re-organization differs from replacing previous blocks? If you had 30% of the hash rate, it'd be easier for you to re-organize the blocks in contrast with someone controlling the 10%.

[ranochigo]

Their offered work isn't the same on these confirmations, I get it. But if the hash rate isn't “fairly” distributed then someone could offer more work in a certain time period and hence, more proof.

We're not concerned about the potential of someone executing an attack but rather how much resources is required to attack the chain.

Does re-organization differs from replacing previous blocks? If you had 30% of the hash rate, it'd be easier for you to re-organize the blocks in contrast with someone controlling the 10%.

Reorganizing is equivalent to replacing the blocks. Yes, you will. The distribution of the hashpower isn't the main point here though, distribution of the current hashrate gives you the potential of the majority to execute an attack but it doesn't take into account the cost. Distribution is thus independent of the game theory which is whether they will attack the chain, given the cost and benefit of it as well as the decisions of the other stakeholders.

[o_e_l_e_o]

The need for a 10 minute confirmation as a measure of security can be quite overblown at times; I find it sufficient for half or 10 times less of the current opportunity cost for something that costs $1.

Sure, but even with a 1 minute block time you can't reliably achieve this. Waiting 1 minute for 1 confirmation is still too long for Starbucks or McDonald's, especially when that 1 minute could easily turn in to 5 minutes or more.

Wouldn't it be total_seconds * hashes_per_sec? In this case, wouldn't it be 360 * 100 = 36,000 hashes ever 6 minutes of work on average?

Yeah thanks. I used minutes instead of seconds, but the principle still stands. It doesn't really matter how fast or slow your confirmations are; what matters is how much work an attacker would have to do to reverse your transaction. If you have 6 confirmations in an hour or 60 in an hour, they still need to do an hour's worth of hashrate to reverse a transaction.

[BlackHatCoiner]

It doesn't really matter how fast or slow your confirmations are; what matters is how much work an attacker would have to do to reverse your transaction.

Yes, but in howmanyconfs.com it says that the equivalent time of 6 Bitcoin confirmation blocks would be 375 Litecoin ones, while it should say 24. (1 BTC block = 4 LTC blocks)

[o_e_l_e_o]

Yes, but in howmanyconfs.com it says that the equivalent time of 6 Bitcoin confirmation blocks would be 375 Litecoin ones, while it should say 24. (1 BTC block = 4 LTC blocks)

howmanyconfs.com also takes account of the different hashrates between different coins, and their different algorithms. Litecoin has 0.381 PH/s at present, whereas Bitcoin has 141,544 PH/s. Litecoin also uses Scrpyt, whereas Bitcoin uses SHA-256. The comparisons it makes are based on the power required for the hashrate being used for the specific alogrithm each coin is using. You can see how it is worked out here: https://github.com/lukechilds/howmanyconfs.com

[BlackHatCoiner]

howmanyconfs.com also takes account of the different hashrates between different coins, and their different algorithms. Litecoin has 0.381 PH/s at present, whereas Bitcoin has 141,544 PH/s. Litecoin also uses Scrpyt, whereas Bitcoin uses SHA-256. The comparisons it makes are based on the power required for the hashrate being used for the specific alogrithm each coin is using. You can see how it is worked out here: https://github.com/lukechilds/howmanyconfs.com

I may be misunderstanding, but doesn't howmanyconfs.com compare the hash rate based on Bitcoin's work? For example, if the difficulty dropped 50% then wouldn't 6 Bitcoin confirmations be equal with 150 Litecoin ones? If it does, then it only exclude the possibility for an outpace attacker to attack the network. It does not exclude the possibility for the pools' decision. On a completely decentralized cryptocurrency like Bitcoin, if one pool gathered the majority of the computational power, it'd be much easier to reverse a transaction 6 blocks deep in contrast with, let's say, Monero, that has a better hashrate distribution.

Shouldn't it compare the distribution too?

[o_e_l_e_o]

For example, if the difficulty dropped 50% then wouldn't 6 Bitcoin confirmations be equal with 150 Litecoin ones?

Sure. If the difficulty dropped by 50% because the hashrate had dropped by 50%, then 6 new confirmations would only require half as much work to reverse than 6 old confirmations.

If it does, then it only exclude the possibility for an outpace attacker to attack the network. It does not exclude the possibility for the pools' decision.

As far as a 51% attack is concerned, the source of the malicious hashrste is irrelevant. If a single entity controls 51% of the hashrate, and can sustain that for long enough, then any number of confirmations can be overturned.

[ranochigo]

I may be misunderstanding, but doesn't howmanyconfs.com compare the hash rate based on Bitcoin's work? For example, if the difficulty dropped 50% then wouldn't 6 Bitcoin confirmations be equal with 150 Litecoin ones? If it does, then it only exclude the possibility for an outpace attacker to attack the network. It does not exclude the possibility for the pools' decision. On a completely decentralized cryptocurrency like Bitcoin, if one pool gathered the majority of the computational power, it'd be much easier to reverse a transaction 6 blocks deep in contrast with, let's say, Monero, that has a better hashrate distribution.

Shouldn't it compare the distribution too?

Read the asterisk (https://github.com/lukechilds/howmanyconfs.com/blob/master/README.md#how-are-these-values-calculated). The site measures the work done needed for each confirmation which may or may not correspond to the possibility of a majority attack on the network. It does not outright reflect the security of the network as attacks has to be done with its profitability in mind.

Distribution or rather decentralization is not an accurate way of predicting the possibility of a 51% attack. Any adversary would not openly state that they have the majority of the network's hashrate but would attempt to distribute it in such a way that it is not obvious. Either that or they won't openly state the blocks that they mine. It is wrong to assume that attacks would only be carried out with a singular entity. It can also be done with multiple entities colluding as well.

[todiefor17]

The number of Bitcoins that are constant is 21 million Bitcoins. It takes 6 confirmations per transaction so the block reward and mining difficulty decrease. That is a calculation that I think is reasonable with your conditions. If block times are faster, there will be more transactions and costs can be significantly reduced.

[TangentC]

As far as a 51% attack is concerned, the source of the malicious hashrate is irrelevant.
If a single entity controls 51% of the hashrate, and can sustain that for long enough, then any number of confirmations can be overturned.

Single entity can be a group that colludes for the attack.
As in the 4 pool operators that garner over 51% of the hashrate on a daily basis.

When Satoshi was around he added program coded checkpoints with every software update,
those checkpoints prevented even someone with 99% control from rewriting the blocks before the checkpoint.
Bitcoin Devs that took over after Satoshi, quit adding checkpoints, I believe it interfered in their btc is infallible religious cult.  

But as it stands, no checkpoints have been added to BTC since before segwit, in 2017.
So a rewrite can go back , at least to 2017, if enough computing power was available.
That would be an insanely large amount of Computing Power,
maybe a coordinated attack by quantum computers with a self-aware AI in charge.  

Other coins has installed rolling checkpoints,
which is nothing more than clients refusing reorgs after 1 to 2 days.

That does nothing to interfere with the security of the hashrate or decentralization or any other trigger words for the BTC cultist,  
all it does is guarante that after the rolling checkpoint those prior transactions are forever safe even from a 99% attacker.  
It adds a finality to transactions, that is required to truly be a world currency. IMO.  

But since it interferes with the Bitcoiner cultist beliefs, BTC will never use checkpoints again.  

[Vishnu.Reang]

As far as a 51% attack is concerned, the source of the malicious hashrste is irrelevant. If a single entity controls 51% of the hashrate, and can sustain that for long enough, then any number of confirmations can be overturned.

A few months back, someone actually did a rough calculation on the cost of a 51% attack on Bitcoin. According to his estimate, it will take hardware worth $5.46 billion to start such an attack. Now the question is, can so much of mining hardware be purchased in one go? Now comes the second part. Hardware worth this much amount will require a proportionate amount of electricity, which will be around 125 TWh per hour.  This means that such an attack will be possible only if it is spread across several countries.

[TangentC]

As far as a 51% attack is concerned, the source of the malicious hashrste is irrelevant. If a single entity controls 51% of the hashrate, and can sustain that for long enough, then any number of confirmations can be overturned.

A few months back, someone actually did a rough calculation on the cost of a 51% attack on Bitcoin. According to his estimate, it will take hardware worth $5.46 billion to start such an attack. Now the question is, can so much of mining hardware be purchased in one go? Now comes the second part. Hardware worth this much amount will require a proportionate amount of electricity, which will be around 125 TWh per hour.  This means that such an attack will be possible only if it is spread across several countries.

4 colluding pool operators can do it at zero cost.
As the miners are giving them over 51% control daily.
Would their pools collapse afterwards , yep, but the damage would already be done.
Plus you always have the security risk, that those 4 individuals are coerced against their will by an evil organization or government.

[NeuroticFish]

4 colluding pool operators can do it at zero cost.

If the 51% attack goes through, probably a hard fork will have to be forced and most probably the miners will leave those pools.
This means that the cost is a high risk to go out of business. It doesn't look like zero cost to me.

[TangentC]

4 colluding pool operators can do it at zero cost.

If the 51% attack goes through, probably a hard fork will have to be forced and most probably the miners will leave those pools.
This means that the cost is a high risk to go out of business. It doesn't look like zero cost to me.

Zero up front costs, but going out of business afterwards is a guarantee for those 4.
Which is why the biggest security threat is coercion to those 4 , by outside forces with nothing to lose.
Say, you are a criminal organization and you want to earn guaranteed money by betting against bitcoin in a futures market,
a double-spend would make that happen. And coercion is a normal tactic of your criminal business model.

[NeuroticFish]

coercion is a normal tactic of your criminal business model.

I'm not sure I understand your point, since coercion is normal everywhere against wrongdoers, no matter it's a criminal organization or it's the law structure of a normal country.
I guess that it's only the Bible that tells you to turn the other cheek, everybody else will go from explaining that you did wrong (if you are small child) to some sort of coercion sooner or later.

[TangentC]

coercion is a normal tactic of your criminal business model.

I'm not sure I understand your point, since coercion is normal everywhere against wrongdoers, no matter it's a criminal organization or it's the law structure of a normal country.

Criminal organization use coercion as a means to achieving their goals.
Coercion can be simple blackmail, ie: cheating spouses
or
Coercion can be force, ie: Bodily harm to you or your loved ones.

My point is they already use coercion in their dealings on a daily basis,
if they decided to profit in a bitcoin futures market by causing a double-spend.
They already have the resources and the tactics and the people necessary to coerce the 4 mining pool operators.

In short, making sure that those 4 mining pool operators and their families have around the clock security details is paramount to bitcoin continued security.

[NeuroticFish]

In short, making sure that those 4 mining pool operators and their families have around the clock security details is paramount to bitcoin continued security.

OK, this somewhat makes sense, although I expect that those pools are not operated by single individuals and most of those are anonymous. So it won't be easy to get to them.
And this is the same with any other coin and this also doesn't make Bitcoin less secure, really. Especially as just getting 51% of the hash rate is not enough for an "attack", you have to also do a double spend that worth the hassle. And as I said, if it's the case, a hard fork can "fix" this. It won't be pretty, but it can be done.

[o_e_l_e_o]

When Satoshi was around he added program coded checkpoints with every software update,
those checkpoints prevented even someone with 99% control from rewriting the blocks before the checkpoint.
Bitcoin Devs that took over after Satoshi, quit adding checkpoints, I believe it interfered in their btc is infallible religious cult.  

Except the checkpoints were never intended to prevent chain re-orgs. They were there to prevent an attacker flooding new nodes with low difficulty blocks, not as protection against 51% attacks. And since we now synchronize headers first rather than entire blocks, the checkpoints became unnecessary.

But as it stands, no checkpoints have been added to BTC since before segwit, in 2017.
So a rewrite can go back , at least to 2017, if enough computing power was available.

In which case a checkpoint is useless. It makes no difference if someone can rewrite the history back to 2017 or back to last week. Either way, the security model of bitcoin would be completely broken and bitcoin would be worthless.

Other coins has installed rolling checkpoints,
which is nothing more than clients refusing reorgs after 1 to 2 days.

Which means those coins are insecure. If you have to hard code your security like that, then your security is weak. If the security of your coin depends on a developer implemented checkpoint every hour/day/week/whatever, then your security model is is completely centralized.

[TangentC]

When Satoshi was around he added program coded checkpoints with every software update,
those checkpoints prevented even someone with 99% control from rewriting the blocks before the checkpoint.
Bitcoin Devs that took over after Satoshi, quit adding checkpoints, I believe it interfered in their btc is infallible religious cult.  

Except the checkpoints were never intended to prevent chain re-orgs. They were there to prevent an attacker flooding new nodes with low difficulty blocks, not as protection against 51% attacks. And since we now synchronize headers first rather than entire blocks, the checkpoints became unnecessary.

Feel free to argue with satoshi about it.  
https://decentralizedthoughts.github.io/2019-09-13-dont-trust-checkpoint/

Imagine that that Aliens land on earth with a new superfast SHA256 machine. Imagine this machine always gives them more than 51% of the current world Bitcoin hash power (but not enough hash power to completely break SHA256). Suppose they decide to build a chain from the Bitcoin Genesis block that is longer than any other chain on earth and put only empty blocks on it. Could they erase all bitcoin transactions?

Anticipating this type of attack, Satoshi suggested the following security safeguard:

The security safeguard makes it so even if someone does have more than 50% of the network’s CPU power,
they can’t try to go back and redo the block chain before yesterday. (if you have this update)

I’ll probably put a checkpoint in each version from now on.
Once the software has settled what the widely accepted block chain is,
there’s no point in leaving open the unwanted non-zero possibility of revision months later. – Satoshi 2010

* Note : the old satoshi installed checkpoints were never removed from Bitcoin Code,
so their protection is still there even using headersync.

 checkpointData = {
            {
                { 11111, uint256S("0x0000000069e244f73d78e8fd29ba2fd2ed618bd6fa2ee92559f542fdb26e7c1d")},
                { 33333, uint256S("0x000000002dd5588a74784eaa7ab0507a18ad16a236e7b1ce69f00d7ddfb5d0a6")},
                { 74000, uint256S("0x0000000000573993a3c9e41ce34471c079dcf5f52a0e824a81e7f953b8661a20")},
                {105000, uint256S("0x00000000000291ce28027faea320c8d2b054b2e0fe44a773f3eefb151d6bdc97")},
                {134444, uint256S("0x00000000000005b12ffd4cd315cd34ffd4a594f430ac814c91184a0d42d2b0fe")},
                {168000, uint256S("0x000000000000099e61ea72015e79632f216fe6cb33d7899acb35b75c8303b763")},
                {193000, uint256S("0x000000000000059f452a5f7340de6682a977387c17010ff6e6c3bd83ca8b1317")},
                {210000, uint256S("0x000000000000048b95347e83192f69cf0366076336c639f9b7228e9ba171342e")},
                {216116, uint256S("0x00000000000001b4f4b433e81ee46494af945cf96014816a4e2370f11b23df4e")},
                {225430, uint256S("0x00000000000001c108384350f74090433e7fcf79a606b8e797f065b130575932")},
                {250000, uint256S("0x000000000000003887df1f29024b06fc2200b55f8af8f35453d7be294df2d214")},
                {279000, uint256S("0x0000000000000001ae8c72a0b0c301f67e3afca10e819efa9041e458e9bd7e40")},
                {295000, uint256S("0x00000000000000004d9b4ef50f0f9d686fd69db2e03af35a100370c64632a983")},

But as it stands, no checkpoints have been added to BTC since before segwit, in 2017.
So a rewrite can go back , at least to 2017, if enough computing power was available.

In which case a checkpoint is useless. It makes no difference if someone can rewrite the history back to 2017 or back to last week. Either way, the security model of bitcoin would be completely broken and bitcoin would be worthless.

Checkpoints are only useless, if you don't ever use any.  

Other coins has installed rolling checkpoints,
which is nothing more than clients refusing reorgs after 1 to 2 days.

Which means those coins are insecure. If you have to hard code your security like that, then your security is weak. If the security of your coin depends on a developer implemented checkpoint every hour/day/week/whatever, then your security model is is completely centralized.

Nope, rolling checkpoints do nothing to secure transaction after the checkpoint , only before the checkpoint,
reread the quote from satoshi above to help you understand.
It has no effect on the security generated by hashrate or staking, since they should be guaranteeing security for the minimum recommend confirmations, which is usually within 30 minutes to 1 hour.

[o_e_l_e_o]

* Note : the old satoshi installed checkpoints were never removed from Bitcoin Code,
so their protection is still there even using headersync.

They are still there to prevent against the attack I mentioned above:

No, they're still needed to prevent low-difficulty header spam. It's not a particularly strong attack, but without checkpoints it's trivial. The current checkpoints suffice to make it sufficiently expensive.

Checkpoints are only useless, if you don't ever use any.  

And if you do need to use them, your security model is broken. So either useless, or a broken coin. Either way, they add nothing.

[TangentC]

* Note : the old satoshi installed checkpoints were never removed from Bitcoin Code,
so their protection is still there even using headersync.

They are still there to prevent against the attack I mentioned above:

No, they're still needed to prevent low-difficulty header spam. It's not a particularly strong attack, but without checkpoints it's trivial. The current checkpoints suffice to make it sufficiently expensive.

Checkpoints are only useless, if you don't ever use any.  

And if you do need to use them, your security model is broken. So either useless, or a broken coin. Either way, they add nothing.

Again , you are arguing with Satoshi not me,
he thought they had merit so that is why he used them.
IF he had stayed, they would have been added with every update,
unless he moved to a rolling checkpoint , which he probably would have.

if you are so strong on your viewpoints, should you not contact the BTC core devs and have the checkpoints removed,
since according to you they have no value.  
That would embolden your position on checkpoints.

I mean you must be smarter than satoshi, right?

[BlackHatCoiner]

Again , you are arguing with Satoshi not me,
he thought they had merit so that is why he used them.

I think he's arguing with you. Satoshi also set the block size limit to 32MB. What he's trying to tell you is that if your entire money system depends on checkpoints, it's already insecure.

[TangentC]

Again , you are arguing with Satoshi not me,
he thought they had merit so that is why he used them.

I think he's arguing with you. Satoshi also set the block size limit to 32MB. What he's trying to tell you is that if your entire money system depends on checkpoints, it's already insecure.

Well then Bitcoin is insecure, as the old checkpoints were never removed according to your analysis.

When will you two have the checkpoints removed to make bitcoin secure?  

FYI:
With zero checkpoints,
it also opens an improbable but now not impossible task of bitcoin blockchain being rewritten back to the genesis block.
But hey, we don't need no stinkin checkpoints.  

FYI2:
Had the 32mb limit been installed , their would be no need for Offchain nonsense,
their would be zero delays, and the transaction fees could be low.
Shame that one did not get included.

[BlackHatCoiner]

Well then Bitcoin is insecure, as the old checkpoints were never removed according to your analysis.

It's secure as long as the majority of the hash rate isn't owned by an entity that wants to attack the network and that's all it is. If someone gained that much computational power, no checkpoints could secure Bitcoin.

[stompix]

Sure, you can speed up confirmations, but you do so at the cost of decentralization and security.
Decreased block time and/or bigger blocks requires more bandwidth and processing power. You then make it less profitable for smaller miners to continue mining, and centralize the hash rate to larger miners.

~

640k blocks should be enough for anyone, right? And yeah, I know Gates never actually said that, but still.
Satoshi chooses the 10 minutes for block propagation time reasons in 2009, still thinking that is the norm is like ripping videos to 600mb so they can fit CDs.

Let's be honest about it, when he created bitcoin the average download speed in the US was 4 Mbps and now its up to 80 Mbps and the US is not really the best example when it comes to speed. Storage? Common even with this crisis in computer parts price you can still get a 1TB m2 for 100$, if decentralization will fall because 10k people can't afford 50$ drives how the hell is the network protected right now? We're bragging that an attacker has to spend billions for 51% but at the same time the risk is about $500k?

Those numbers and concerns were valid at that time, if they would be true by now ETH would have forked 2 thousand times already and so would have LTC. I'm no fan of large blocks and 5 seconds blocks but at the same time, I feel like sooner or later something has to be done for the on-chain capacity, remember that in order to use LN you still need space in those blocks.

[teosanru]

What if Bitcoin had 1 minute block time and 1 minute difficulty re-target?  Wouldn't we get instant transactions and better network speed?

1. I don't think now it's possible unless we have a hard fork that obviously will make an alternative BTC and won't change the already existing one.

2. It would make the energy concerns of people even larger. Because for the same difficult people will fight for more blocks a day but the reward will be lowered and might even make mining nonprofitable. Moreover, I am not sure about BTC but for some unpopular currencies chances are that we might also have a lot of empty blocks. Which means miner will use all their computing power to confirm zero transactions. BTC because of it's wide usage might not face this issue.

[TangentC]

Well then Bitcoin is insecure, as the old checkpoints were never removed according to your analysis.

It's secure as long as the majority of the hash rate isn't owned by an entity that wants to attack the network and that's all it is. If someone gained that much computational power, no checkpoints could secure Bitcoin.

And that is where you are wrong,
checkpoints can secure a coin against a 99% attack rewriting anything prior to the checkpoint.

Let me know when you get the devs to remove them from the bitcoin source code.  

[o_e_l_e_o]

Well then Bitcoin is insecure, as the old checkpoints were never removed according to your analysis.

Because I've already explained why the checkpoints are still there, and it has nothing to do with preventing 51% attacks or chain re-orgs. They prevent flooding of low difficulty blocks. See the quote from Pieter Wuille above. Or this one from Greg Maxwell: https://github.com/bitcoin/bitcoin/issues/7591#issuecomment-188369540

it also opens an improbable but now not impossible task of bitcoin blockchain being rewritten back to the genesis block.

Sure. And if someone can rewrite the history of bitcoin back to the genesis block, back to the last checkpoint in 2014, or back to last month, then the outcome is always the same - bitcoin's security model is broken, trust is destroyed, and bitcoin is worthless.

The checkpoints we have are, on average, ~5 months apart. You honestly think if someone rewrote bitcoin history for the last 5 months everyone would shrug their shoulders and say "Well, at least they didn't rewrite more than that!" and carry on as if nothing had happened?

checkpoints can secure a coin against a 99% attack rewriting anything prior to the checkpoint.

And having a centralized security model, which is effectively what checkpoints are since it puts the decision regarding what is the longest chain in the hands of a small group of developers, is 100% effective against any rewriting attack. Why not just use a bank?

[TangentC]

Well then Bitcoin is insecure, as the old checkpoints were never removed according to your analysis.

Because I've already explained why the checkpoints are still there, and it has nothing to do with preventing 51% attacks or chain re-orgs. They prevent flooding of low difficulty blocks. See the quote from Pieter Wuille above. Or this one from Greg Maxwell: https://github.com/bitcoin/bitcoin/issues/7591#issuecomment-188369540

it also opens an improbable but now not impossible task of bitcoin blockchain being rewritten back to the genesis block.

Sure. And if someone can rewrite the history of bitcoin back to the genesis block, back to the last checkpoint in 2014, or back to last month, then the outcome is always the same - bitcoin's security model is broken, trust is destroyed, and bitcoin is worthless.

The checkpoints we have are, on average, ~5 months apart. You honestly think if someone rewrote bitcoin history for the last 5 months everyone would shrug their shoulders and say "Well, at least they didn't rewrite more than that!" and carry on as if nothing had happened?

You can't have it both ways ,
on 1 hand they do something valuable and on the other hand they are worthless.
If they are worthless , remove them.
If not, not using more is naive.

You honestly think anything but a major collusion of mining pools could rewrite the last two days.
Which are why rolling checkpoints have value in giving real finality that not even colluding mining pools could harm.

Protecting Bitcoin transaction data should be of paramount concern to all bitcoin users,
but thanks to bitcoiner cultist beliefs it is taboo.

FYI:
If your Father and Mother purchased a house with bitcoin, would you not want it finality assured,
not at the whim of a 51% attacker from an indefinite time frame wiping out their purchase.
That is why Satoshi included checkpoints, to make the improbable task an impossible task to protect people.
Failure to recognize that for a bitcoiner cultist false belief puts everyone using bitcoin at unneeded risk.

checkpoints can secure a coin against a 99% attack rewriting anything prior to the checkpoint.

And having a centralized security model, which is effectively what checkpoints are since it puts the decision regarding what is the longest chain in the hands of a small group of developers, is 100% effective against any rewriting attack. Why not just use a bank?

You know so little about checkpoints, if you did some research , you would not be so wrong all the time.
A rolling checkpoint is based on a certain number of blocks passing , say two days worth.
Only the mining or staking determined those block, there is no centralized control, so drop your trigger words and learn.

[o_e_l_e_o]

You can't have it both ways ,
on 1 hand they do something valuable and on the other hand they are worthless.

I'm only going to repeat myself one more time. They protect against an unrelated low difficulty flood attack. They are worthless when protecting against a 51% attack. This is not a difficult concept. Adding more is unnecessary to protect against the low difficulty attack they already protect against.

You honestly think anything but a major collusion of mining pools could rewrite the last two days.

If the last 2 days and ~300 blocks can be rewritten, then proof of work is no longer secure, checkpoints or no checkpoints.


I just got round to checking your post history and realizing that you are an alt account of a well known BCash shill, and one that I've had this exact conversation with before. It's clear now why you are so pro-checkpoints, since BCash has been successfully 51% attacked on more than one occasion in the past.

[TangentC]

You can't have it both ways ,
on 1 hand they do something valuable and on the other hand they are worthless.

I'm only going to repeat myself one more time. They protect against an unrelated low difficulty flood attack. They are worthless when protecting against a 51% attack. This is not a difficult concept. Adding more is unnecessary to protect against the low difficulty attack they already protect against.

You honestly think anything but a major collusion of mining pools could rewrite the last two days.

If the last 2 days and ~300 blocks can be rewritten, then proof of work is no longer secure, checkpoints or no checkpoints.


I just got round to checking your post history and realizing that you are an alt account of a well known BCash shill, and one that I've had this exact conversation with before. It's clear now why you are so pro-checkpoints, since BCash has been successfully 51% attacked on more than one occasion in the past.

Yes yes, once it can not be denied how wrong you are, then I must be a troll.

So was Satoshi also a troll, since the checkpoints were his idea.

If so , I am in good company with satoshi,

Enjoy your bitcoiner cultist thoughts , no matter how far removed from reality they are.

My Conversation on checkpoints with Bitcoiners is over , as there is just no hope to break thru your false beliefs.
Tell your BTC cultist Pastor Maxwell, he is still wrong.  

FYI:
Total Shame Reason and Logic get crowed out by false cultist beliefs in these forums,
but it is what it is. 

[FutureSeeker2021]

It doesn't really matter how fast or slow your confirmations are; what matters is how much work an attacker would have to do to reverse your transaction.

Yes, but in howmanyconfs.com it says that the equivalent time of 6 Bitcoin confirmation blocks would be 375 Litecoin ones, while it should say 24. (1 BTC block = 4 LTC blocks)

I see what your saying