How is the Byzantine Generals’ Problem related to Bitcoin?

[Felicity_Tide]

So earlier today, I started a book titled "The internet of money"(volume one) - by Andreas M. Antonopoulos, which I downloaded here on BTT as a basic recommended book for anyone who wants to understand basic concept about Bitcoin. I wasn't too sure or certain of what it might contain, but I was quite surprised with some mind blowing talks(write up) by the author after reading few chapters for the start.

The first phrase that caught my attention was "Byzantine Generals’ Problem". I wasn't too sure of what it meant, but the author went on further in relating it to Satoshi, which is quoted below...

It was first described in 1982. Until 2008, it was an unsolved problem. Then, Satoshi Nakamoto said, "I
have solved it." Guess what happened next? Everybody laughed, ignored him, and dismissed him. He
published his paper, and three months later, he published software that allowed people to start building
the bitcoin network.

How come i can't find the phrase "Byzantine Generals’ Problem" on the Bitcoin white paper, I asked myself.

While reading further, I came across this statement that also caught my attention...

There are
almost 200 currencies controlled by central banks and governments, but there is only one mathematical
currency today, and that is bitcoin.

I wasn't too sure of what the author meant by only one mathematical currency. In as much as this is a strict board for Bitcoin technical related matters, which am trying not to involve things outside context, but it still troubles me why other crypto that uses Similar PoW mechanism are were not referred to as mathematical currency.

My Question:
1. How is the Byzantine Generals’ Problem related to Bitcoin.
2. Did Satoshi specifically wrote the phrase on the Bitcoin white paper?.
3. Is Bitcoin practically the only mathematical currency?.
4. I have read across few Bitcoin codes written in C++. What other codes was Bitcoin written in?, and please, share me a GitHub link that contains any of those codes.

I hope my questions haven't in anyway deviated from Bitcoin technical matters. If I have, please pardon me. And here is the reference link to all quoted text above .

Reference
The Internet of Money: https://drive.google.com/file/d/1ldSYNJBGIOTPtS3-q0eP_UNon8XN9sJ6/view

[vjudeu]

How is the Byzantine Generals’ Problem related to Bitcoin.

https://www.metzdowd.com/pipermail/cryptography/2008-November/014849.html

Did Satoshi specifically wrote the phrase on the Bitcoin white paper?.

No, but you can find it in his e-mails from metzdowd.com.

Is Bitcoin practically the only mathematical currency?.

In general yes, but it depends, how do you want to classify the altcoins.

What other codes was Bitcoin written in?

The original one was just in C++. But in the current version, you also have some Python, some Sage scripts, and other stuff. For example: https://github.com/bitcoin/bitcoin/tree/master/src/secp256k1/sage

[NotATether]

He called it "mathematical money" because you can't mine (inflate) more of it unless you solve a SHA256 problem where the result is less than a particular number.

Laws can be corrupted, but the cryptographic properties of SHA256 and other message digest algorithms cannot, and as a result, it is a perfect base to build something like Bitcoin on - so long as it is the only means defined for creating new coins.

[Felicity_Tide]

Is Bitcoin practically the only mathematical currency?.

how do you want to classify the altcoins.

I was thinking, what about other alts that uses Similar Cryptographic proof (PoW) like Bitcoin?.

What other codes was Bitcoin written in?

The original one was just in C++. But in the current version, you also have some Python, some Sage scripts, and other stuff.

I guess the Bitcoin community developers were behind the further addition(current version), or was it Satoshi ?.

[d5000]

Regarding the classification of altcoins: PoW altcoins like BCH, LTC or XMR of course work in the same fashion than Bitcoin.

But there is still a quite big difference: Bitcoin is the only coin where we can sure that really 50% of the existing miners are needed to attack the network. "Existing miners" here refers to all miners in the crypto space, not only the Bitcoin miners. So the 50% threshold of adversary hashrate who are needed to attack the chain is only really sound for Bitcoin.[1]

Other SHA-256 altcoins like BCH in theory are all the time in danger to be attacked by a much lesser percentage than Bitcoin. BCH has currently a hashrate of about 3.4 Eh/s, Bitcoin's hashrate is 500-600 EH/s. So only 0.5% of all Bitcoin miners would be necessary to launch an 51% attack on BCH.

PoW altcoins with other algorithms like LTC and XMR are a little bit safer because the vast majority of Bitcoin mining nodes (I guess more than 99%) run on ASICs, and these ASICs can't easily be used to attack XMR or LTC with their different algorithms. The biggest coin of each algorithm (Scrypt for LTC, for example) has thus still a quite high safety. However, as these coins are also minable with GPUs relatively efficiently, they are vulnerable to attacks for example with botnets "capturing" servers doing AI calculations. At least, the mathematical assumption is not so sound as with Bitcoin.

Proof-of-Stake altcoins explicitly use "Byzantine Fault Tolerant" (edited mistake) algorithms (most, including Ethereum, use PBFT, a mechanism proposed first in 1999) since this mechanic was investigated properly. So they can only deal with 33% adversary validating power. They don't solve the Byzantine Generals problem, they "live with it".


[1] it might be actually more close to 49%, but as Bitcoin really has a vastly higher hashrate than all other PoW altcoins, the difference is negligible.

[ABCbits]

What other codes was Bitcoin written in?

The original one was just in C++. But in the current version, you also have some Python, some Sage scripts, and other stuff.

I guess the Bitcoin community developers were behind the further addition(current version), or was it Satoshi ?.

It should be someone who's not Satoshi. After all, Satoshi never use GitHub and that secp256k1 library created some time after Satoshi no longer appear.

PoW altcoins with other algorithms like LTC and XMR are a little bit safer because the vast majority of Bitcoin mining nodes (I guess more than 99%) run on ASICs, and these ASICs can't easily be used to attack XMR or LTC with their different algorithms. The biggest coin of each algorithm (Scrypt for LTC, for example) has thus still a quite high safety. However, as these coins are also minable with GPUs relatively efficiently, they are vulnerable to attacks for example with botnets "capturing" servers doing AI calculations. At least, the mathematical assumption is not so sound as with Bitcoin.

Efficiency difference for Scrypt between GPU and ASIC are too wide, so it's not practical for attacker to mine LTC after "capturing" such server. But generally you're right, as attacker would just mine "better" coin.

[BlackHatCoiner]

However, as these coins are also minable with GPUs relatively efficiently, they are vulnerable to attacks for example with botnets "capturing" servers doing AI calculations.

Take into consideration that Monero is designed to be mined by CPU. You can mine it with a GPU, but it's much less effective. Definitely not mineable by ASICs.

2. Did Satoshi specifically wrote the phrase on the Bitcoin white paper?.

Apart from the mentioned email, he had also posted the exact same in bitcoin.org: http://web.archive.org/web/20090309175840/http://www.bitcoin.org/byzantine.html. Nowhere else, as far as I'm aware. Nowhere in this forum at least.

[Wind_FURY]

Proof-of-Stake altcoins explicitly use "Byzantine Fault Tolerant" (edited mistake) algorithms (most, including Ethereum, use PBFT, a mechanism proposed first in 1999) since this mechanic was investigated properly. So they can only deal with 33% adversary validating power. They don't solve the Byzantine Generals problem, they "live with it".

Indeed. Plus Proof of Stake has a different security model wherein they secure their networks through different check-pointing schemes - often centralized, which make the Proof of Stake part in those networks reduced to mere "ornaments/decorations".

Why? Because what actually keeps the network secure is not the Proof of Stake, but something that Gregory Maxwell calls "ask a friend" - the check-pointing scheme.

[HeRetiK]

However, as these coins are also minable with GPUs relatively efficiently, they are vulnerable to attacks for example with botnets "capturing" servers doing AI calculations.

Take into consideration that Monero is designed to be mined by CPU. You can mine it with a GPU, but it's much less effective. Definitely not mineable by ASICs.

That makes Monero actually even more attractive for botnets, since just about any hardware will do.

Indeed. Plus Proof of Stake has a different security model wherein they secure their networks through different check-pointing schemes - often centralized, which make the Proof of Stake part in those networks reduced to mere "ornaments/decorations".

"Security theater" was the phrase, I think.

[btc78]

My Question:
1. How is the Byzantine Generals’ Problem related to Bitcoin.

Byzantine Generals basically is a hypothetical situation where the Byzantine army is divided into divisions each led by a general. They have to come to a consensus about how or whether they will even attack. They can only communicate through a messenger in which they are not even sure if trustworthy or not. So the problem here is that there is no way for them to verify if one messenger is bringing the right information.

This problem is then solved by the blockchain and bitcoin's consensus mechanism. You see the problem is the lack of transparency which in blockchain is finally solved. Each block is verified to ensure its validity and trueness in a sense. It is a decentralized

2. Did Satoshi specifically wrote the phrase on the Bitcoin white paper?.

I do not think so but blockchain technology is the closest to a solution to the Byzantine problem that we have currently.

3. Is Bitcoin practically the only mathematical currency?.

No, there are now other currencies that have followed bitcoin's technology.

[Felicity_Tide]

Byzantine Generals basically is a hypothetical situation where the Byzantine army is divided into divisions each led by a general. They have to come to a consensus about how or whether they will even attack. They can only communicate through a messenger in which they are not even sure if trustworthy or not. So the problem here is that there is no way for them to verify if one messenger is bringing the right information

What has the messenger got to do with this?. Am not sure if that's what Satoshi email described. Here is the email, which the link has been provided, from vjudeu's reply at the top, and I also think BlackHatCoiner also shared thesame explanation, but appears to be posted on a separate platform.

The problem is that the network is not instantaneous, and if two generals announce different attack times at close to the same time, some may hear one first and others hear the other first.

So there is no such thing as "a messenger failing to bring the right information". It's just a problem where it is difficult for others to listen to two attack instructions from two different generals, at same point in time. Just as the article says: some may hear one first and the others hear the other first. Hearing both attack instructions wasn't even stated, so you either here one or the other first, at a particular time.

This problem is then solved by the blockchain and bitcoin's consensus mechanism. You see the problem is the lack of transparency which in blockchain is finally solved. Each block is verified to ensure its validity and trueness in a sense. It is a decentralized

And i think this part of the email also explain how the problem can be solve

They use a proof-of-work chain to solve the problem. Once each general receives whatever attack time he hears first, he sets his computer to solve an extremely difficult proof-of-work problem that includes the attack time in its hash. The proof-of-work is so difficult, it's expected to take 10 minutes of them all working at once before one of them finds a solution. Once one of the generals finds a proof-of-work, he broadcasts it to the network, and everyone changes their current proof-of-work computation to include that proof-of-work in the hash they're working on. If anyone was working on a different attack time, they switch to this one, because its proof-of-work chain is now longer.

Why don't just read through the entire thread, when less busy.

[vjudeu]

So there is no such thing as "a messenger failing to bring the right information".

https://en.wikipedia.org/wiki/Byzantine_fault

The problem is complicated by the presence of treacherous generals who may not only cast a vote for a suboptimal strategy; they may do so selectively. For instance, if nine generals are voting, four of whom support attacking while four others are in favor of retreat, the ninth general may send a vote of retreat to those generals in favor of retreat, and a vote of attack to the rest. Those who received a retreat vote from the ninth general will retreat, while the rest will attack (which may not go well for the attackers). The problem is complicated further by the generals being physically separated and having to send their votes via messengers who may fail to deliver votes or may forge false votes.

As you can see, it is not only about the timing. It is also about knowing, which information is right, and which is wrong. If you have two blocks at the same height, with two conflicting transaction histories, then you may have Alice->Bob transaction in one block, and Alice->Charlie transaction in another. As long as you don't have the next block, both are valid. Your node can even show you that information as "valid-fork", if you execute "getchaintips" in your bitcoin-cli console.

[Felicity_Tide]

The problem is complicated by the presence of treacherous generals who may not only cast a vote for a suboptimal strategy; they may do so selectively. For instance, if nine generals are voting, four of whom support attacking while four others are in favor of retreat, the ninth general may send a vote of retreat to those generals in favor of retreat, and a vote of attack to the rest. Those who received a retreat vote from the ninth general will retreat, while the rest will attack (which may not go well for the attackers). The problem is complicated further by the generals being physically separated and having to send their votes via messengers who may fail to deliver votes or may forge false votes.

As you can see, it is not only about the timing. It is also about knowing, which information is right, and which is wrong. If you have two blocks at the same height, with two conflicting transaction histories, then you may have Alice->Bob transaction in one block, and Alice->Charlie transaction in another. As long as you don't have the next block, both are valid. Your node can even show you that information as "valid-fork", if you execute "getchaintips" in your bitcoin-cli console.

From your explanation using two separate blocks of same height, if an incoming candidate block is to be attached, what now determines which chain it should be attach to?, Because one of them ought to be neglected by incoming blocks as time passes.

[HeRetiK]

As you can see, it is not only about the timing. It is also about knowing, which information is right, and which is wrong. If you have two blocks at the same height, with two conflicting transaction histories, then you may have Alice->Bob transaction in one block, and Alice->Charlie transaction in another. As long as you don't have the next block, both are valid. Your node can even show you that information as "valid-fork", if you execute "getchaintips" in your bitcoin-cli console.

From your explanation using two separate blocks of same height, if an incoming candidate block is to be attached, what now determines which chain it should be attach to?, Because one of them ought to be neglected by incoming blocks as time passes.

The miner's software, as this conflict is not handled at the protocol level. At any given time a miner will keep only one of these blocks in their mempool (presumably the one they saw first), dismissing any other block that may come in.

Once they attach a new block to whichever of the conflicting blocks they ran with, that chain becomes the "correct" chain on a protocol level with the other block being orphaned.

[vjudeu]

what now determines which chain it should be attach to?

By default, it is "first seen", so whichever chain is received first, it is assumed to be the right one. However, you can always manually pick it, by using "preciousblock" command, and switch to the second, the third, or to any other competing chain, just by picking manually the hash of the block, which should be used as "valid".

Code:

preciousblock "blockhash"

Treats a block as if it were received before others with the same work.

A later preciousblock call can override the effect of an earlier one.

The effects of preciousblock are not retained across restarts.

Arguments:
1. blockhash    (string, required) the hash of the block to mark as precious

Result:
null    (json null)

Examples:
> bitcoin-cli preciousblock "blockhash"
> curl --user myusername --data-binary '{"jsonrpc": "2.0", "id": "curltest", "method": "preciousblock", "params": ["blockhash"]}' -H 'content-type: text/plain;' http://127.0.0.1:8332/
 (code -1)