Ethereum could afford a 51% attack on Bitcoin, and profit greatly from it

[mjdamgaard]

Here you are ignoring/not considering this earlier reply:

[...] But in fact they can make several replays per reorg:
Suppose Alice trades 1 bitcoin with Bob for some tokens or some USD, then trades that for "another" bitcoin from Claire (meaning that Claire's ownership of the coin isn't dependent on the first transaction with Bob), then trades that bitcoin away again to Doris, then buys "another" bitcoin from Eric. And suppose that Alice is then able to rewrite this recent part of the ledger afterwards. Then Alice can keep the transactions with Claire and Eric, i.e. where a bitcoin is transferred to a wallet of Alice's, but replace the transactions with Bob and Doris with two other transactions where the bitcoins are instead transferred to two other wallets of Alice's. At the end of this, she will have 3 bitcoin in 3 separate wallets: the one she started with and the ones from Claire and Eric.

And she could in principle have kept repeating this process (before rewriting the ledger) as many times as she can find traders whose ownership over the traded bitcoin isn't dependent on earlier trades with herself (i.e. she can only replay each single bitcoin once).

Now turn this example into Alice instead being a great number of people, who are backed by billions of dollars in total to do this attack.

And furthermore consider the fact that it is typical to see around $15B being traded each day. (And again, you agreed that Ethereum investors could in theory afford an attack lasting for several months, once they've paid the CapEx.)

And like I've said: the confirmation period unfortunately cannot be changed retrospectively, at least not with pure PoW.

And you are ignoring/not considering my earlier point that when the attackers profit from (or believe that they are profiting from) a crash, they don't have an incentive to keep any other assets/products, but can keep their stolen bitcoin after the attack. (It's a win-win: Either bitcoin keeps its value, and they get rich, or it crashes, which is what their benefactors is trying to reward.)

i did address it
i already said the mitigating factors YOU missed
EG before alice trades with bob on the market, alices deposit goes into an exchange (so i presume you are calling the exchange bob) and needs X confirms (significant amount is usually 6confirms)

so the exchange(bob) would then have the coin
now alice then exchanges the usd in another exchange for more bitcoin
but that involves moving stablecoin of usd to a different exchange(claire) so that your held value is safe from not being drawn back by bob(no longer in bobs exchange database balance)
this again means waiting time for funds to clear for clair to then trade
repeat a couple times with a few more exchanges(doris, eric)

and then you want to re-org a old block where you deposited with bob(exchange) to make that A->B transaction disappear

well you are now going to have to go backward many many blocks. re-do that block. and then have to catch up with the network again and over take it and hope the other nodes accept your new list
even with a 10% advantage(55% attack) and only re-winding 6 blocks, it would take like ~50 blocks to catch up
so play out your time frame to just do a bob, claire, doris, eric trades.. and realise you would then need to go back a heck of alot more blocks and edit the block containing the alice-bob trade

so run the scenario and do the math

..
also you state the $1.5B traded each day
you can rewind a block and that makes YOUR transaction ge undone so you can re-spend YOUR funds to a different destination.. but yo dont have the keys for the other users transactions to change their destinations to you. you cant steal other peoples funds so you cant control the other $1.5b transactions
like i said if you wanted to perform an attack then you need to run the scenario out properly and consider the mitigting circumstances and whats actually going to happen based on real things, not the fantasy results you made up and hope people will agree with

if you made a transaction where you deposited $1b and traded it for USD and then withdrew it via wire transfer, you would have to wait 72 hours atleast for the banks to clear it meaning a minimum re-wind time of ~450 blocks and the a catchup and over-take time of THOUSANDS of blocks

Well, I think you are still forgetting about this part:

Now turn this example into Alice instead being a great number of people, who are backed by billions of dollars in total to do this attack.

In reality, "Alice" could be a great number of people, all making these kinds of trades at once. Since the transaction volume can easily reach $15B (not just $1.5B) on a normal day, they would seemingly be able to trade a billion each day, in principle, without raising major suspicions.

Not that they need to trade that much each day, by the way: Buying and selling something like $100M worth of bitcoin would also be enough if they just reverse enough blocks, as this would make them close to $100M for each day of the ledger that they rewrite. More precisely, they would earn $100M worth of bitcoin (using the pre-attack rates, of course), minus the mining costs of the attacking miners, plus the mined bitcoin.

Do you now see the potential severity of a successful a 51% attack?

[franky1]

here the thing, if they were to have enough incentivised people to buy 2,500,000 asics at $6.3k each ($16b)
.. then there is no point doing a 51% attack if the only aim is market manipulation... they can just market manipulate using the $16b without wasting money on hardware

did you know you can produce billions of market trade volume without needing billions of dollars to trade with

think about it
if you swap ETH->BTC and then sell BTC->USD and then buy USD->ETH
you can get back to ETH and if timed right only cost you some small % los in trade fee's and still have 9X% of funds back as ETH to then repeat

whilst the very act of doing it you can crash the bitcoin price(and raise the eth price) by the selling btc to USD and by the act of buying ETH with said USD.. and not need to throw $16b as a deposit into the market.. by instead depositing $200m and repeating that circle(arbitrage) many times(80x) and then deposit another $200m the next day

again please run the scenarios and realise how there are better ways to crash a market far cheaper than a 51% attack and far faster
again please run the scenarios and realise doing a 51% attack is more costly, slower and less market affecting, and less guaranteed to work

...
i know you want others to run through all the scenarios for you and give you the conclusions.. but sometimes when people act like they are unable to feed themselves and want to be spoonfed, and they reject what they are fed,, its time you learn to feed yourself and if you truly wanted a real answer you would take the time to work things out for yourself in about 10 minutes, rather then waiting multiple days for people to tell you things you dont want to hear

[buwaytress]

The preparation, the sheer breadth of collusion -- word would get out before they could put the resources in place, and the moral Ethereum devs and nodes would ensure a quick abortion.

I'm not sure that the Ethereum devs would necessarily try to prevent something which might force Bitcoin to switch to PoS. And even if a majority of them will want to abort/revert an attack, doing so will undermine Ethereum's own purpose, since Ethereum has no agreed-upon obligation to save Bitcoin in case of an attack. So even though they could abort/revert a smart contract rewarding a Goldfinger attack if a majority of the stakeholders also agree (otherwise the devs are powerless), unless they are required to do so by law, it would undermine the freedom of Ethereum.

I wasn't at all suggesting that devs would respond to prevent Bitcoin from switching. I was only saving devs would respond on moral conscience -- to simply attack another network using Ethereum resources (selling Ether as you said remember?) is not a coonscienable action.

Also, I personally think Ethereum undermined themselves long ago when they rolled back... mostly at the behest of the haves, but I suppose partially on a moralistic capitalist argument.

P.S. Reason I don't actually support or go against technical routes is simple -- I actually am very weak in technical discussions =)

P.P.S. I would actually really much like to see your theory put into practice to prove/disprove us all. Have a feeling we would see so many things happen in wildly different paths to what's been predicted. It would be fun, and we can dream, can we not?

[mjdamgaard]

here the thing, if they were to have enough incentivised people to buy 2,500,000 asics at $6.3k each ($16b)
.. then there is no point doing a 51% attack if the only aim is market manipulation... they can just market manipulate using the $16b without wasting money on hardware

did you know you can produce billions of market trade volume without needing billions of dollars to trade with

think about it
if you swap ETH->BTC and then sell BTC->USD and then buy USD->ETH
you can get back to ETH and if timed right only cost you some small % los in trade fee's and still have 9X% of funds back as ETH to then repeat

whilst the very act of doing it you can crash the bitcoin price(and raise the eth price) by the selling btc to USD and by the act of buying ETH with said USD.. and not need to throw $16b as a deposit into the market.. by instead depositing $200m and repeating that circle(arbitrage) many times(80x) and then deposit another $200m the next day

again please run the scenarios and realise how there are better ways to crash a market far cheaper than a 51% attack and far faster
again please run the scenarios and realise doing a 51% attack is more costly, slower and less market affecting, and less guaranteed to work

...
i know you want others to run through all the scenarios for you and give you the conclusions.. but sometimes when people act like they are unable to feed themselves and want to be spoonfed, and they reject what they are fed,, its time you learn to feed yourself and if you truly wanted a real answer you would take the time to work things out for yourself in about 10 minutes, rather then waiting multiple days for people to tell you things you dont want to hear

This is a turn of events.

You now seem to finally accept that a 51% attack could cause severe damage to the value of Bitcoin, thus ending our long discussion on this thread.

And not only that, you even claim that there are other, more efficient ways of doing this, and for someone (e.g. an investment fund) to easily and rather quickly make billions, at a low risk, starting with $16B in capital.

In fact, these ways are so trivial that someone like me (with a background in physics and computer science, by the way) should only spend 10 minutes in order to figure them out.

Maybe I'm blind, but I'm not too convinced about these latter claims myself quite yet. Feel free to elaborate. Also, I wonder what other people on this forum thinks about them?

However, I'm glad we finally seem to agree that a 51% attack could cause severe damage to Bitcoin.

Perhaps you (and others) would be interested, then, in discussing what Bitcoin could do, if anything, to mitigate such an attack?

User @d5000 has already given some suggestions above in this regard.

[mjdamgaard]

The preparation, the sheer breadth of collusion -- word would get out before they could put the resources in place, and the moral Ethereum devs and nodes would ensure a quick abortion.

I'm not sure that the Ethereum devs would necessarily try to prevent something which might force Bitcoin to switch to PoS. And even if a majority of them will want to abort/revert an attack, doing so will undermine Ethereum's own purpose, since Ethereum has no agreed-upon obligation to save Bitcoin in case of an attack. So even though they could abort/revert a smart contract rewarding a Goldfinger attack if a majority of the stakeholders also agree (otherwise the devs are powerless), unless they are required to do so by law, it would undermine the freedom of Ethereum.

I wasn't at all suggesting that devs would respond to prevent Bitcoin from switching. I was only saving devs would respond on moral conscience -- to simply attack another network using Ethereum resources (selling Ether as you said remember?) is not a coonscienable action.

Ah, I see. You are saying that the devs wouldn't try to support an attack, not that they necessarily would try actively to prevent it? In that case, I think you're probably right.

P.P.S. I would actually really much like to see your theory put into practice to prove/disprove us all. Have a feeling we would see so many things happen in wildly different paths to what's been predicted. It would be fun, and we can dream, can we not?

Ha, yeah, I'm sure it would shake things up somehow...

(But in all seriousness, I would personally rather see a good, broad discussion of the risk first, such that investors aren't caught unaware of it.)

[franky1]

here the thing, if they were to have enough incentivised people to buy 2,500,000 asics at $6.3k each ($16b)
.. then there is no point doing a 51% attack if the only aim is market manipulation... they can just market manipulate using the $16b without wasting money on hardware

did you know you can produce billions of market trade volume without needing billions of dollars to trade with

think about it
if you swap ETH->BTC and then sell BTC->USD and then buy USD->ETH
you can get back to ETH and if timed right only cost you some small % los in trade fee's and still have 9X% of funds back as ETH to then repeat

whilst the very act of doing it you can crash the bitcoin price(and raise the eth price) by the selling btc to USD and by the act of buying ETH with said USD.. and not need to throw $16b as a deposit into the market.. by instead depositing $200m and repeating that circle(arbitrage) many times(80x) and then deposit another $200m the next day

again please run the scenarios and realise how there are better ways to crash a market far cheaper than a 51% attack and far faster
again please run the scenarios and realise doing a 51% attack is more costly, slower and less market affecting, and less guaranteed to work

...
i know you want others to run through all the scenarios for you and give you the conclusions.. but sometimes when people act like they are unable to feed themselves and want to be spoonfed, and they reject what they are fed,, its time you learn to feed yourself and if you truly wanted a real answer you would take the time to work things out for yourself in about 10 minutes, rather then waiting multiple days for people to tell you things you dont want to hear

This is a turn of events.

You now seem to finally accept that a 51% attack could cause severe damage to the value of Bitcoin, thus ending our long discussion on this thread.

And not only that, you even claim that there are other, more efficient ways of doing this, and for someone (e.g. an investment fund) to easily and rather quickly make billions, at a low risk, starting with $16B in capital.

In fact, these ways are so trivial that someone like me (with a background in physics and computer science, by the way) should only spend 10 minutes in order to figure them out.

Maybe I'm blind, but I'm not too convinced about these latter claims myself quite yet. Feel free to elaborate. Also, I wonder what other people on this forum thinks about them?

However, I'm glad we finally seem to agree that a 51% attack could cause severe damage to Bitcoin.

you are not even reading whats being said. you are not even running scenarios to convince yourself either way if a theory works or not
heck you dont even realise what was said had nothing to do with a 51% attack nor made any suggestion that a 51% attack would affect the market in any meaningful way

you have not run the time frame to perform the alice-eric fund movements to realise how many confirms you would then have to undo to then catch up on.

again just take 10 minutes of your own time to run the scenarios out. stop thinking you are finding people who are agreeing with you when you are not even reading whats being wrote.

stop waiting hours and days for peoples next replies or waiting for people to suggest things and then saying "im not convinced" .. and instead do the research and scenario game theory playouts yourself
dont say your not convinced to then ignore whats been said, and then pretend what was said then agrees with your silly notions which you are too afraid to even think deeply about

you dont want to think deeply about the scenarios, you simply sound like a ethereum shill just trying to see if you can get people to say they adore ethereum and think is better... its not

[Casdinyard]

But why would it do that? I believe that in my 6+ years of investing and looking at both markets closely I can safely say that these two cryptocurrencies and their communities are both hand-in-hand keeping the entire cryptocurrency industry alive, cause big as it may seem the crypto world is pretty infantile compared to tried and tested investment tactics, and they badly need bitcoin and ethereum's support at this stage to keep the whole thing afloat and make sure that no one's caving in. Ethereum undermines bitcoin or the other way around? We're going to see a massive collapse in price, value, and purpose for cryptocurrency as a whole, may even be the cause of its death for all I know.

[mjdamgaard]

@franky1, I'm very sorry if I misunderstood you. But you first of all start your reply by saying "here's the thing," which already seems to imply at least that you don't necessarily disagree with my point. Then you go on to write that there is in fact an even better way for attackers to target Bitcoin and make a lot of money. You follow that up with two comparative statements, saying that your way is better than the 'Rival Goldfinger attack,' and that the latter is more costly, slower, etc., than your way.

This is a complete change of the conversation. Now we are not talking about the feasibility of the 'Rival Goldfinger attack,' but of its efficiency compared to some arbitrage venture, that you have by the way only brought up in the same post. (You have talked about arbitrage before, but as I recall, you have never stated that it is a more lucrative way to target Bitcoin as part of this discussion.)

Why do you even bring up this arbitrage venture as a better way to target Bitcoin if you are still not agreeing (against the conventional wisdom) that a 51% attack would be severely harmful to Bitcoin?  

But oh well, apparently bringing up your arbitrage venture idea was only a somewhat unrelated tangent to the discussion (?), and you still think that a 51% attack can't be profitable (given that the value of Bitcoin doesn't crash).

You seem to be hung up on the confirmation time. But even if the attackers exchange their BTC back and forth for USD (rather than trade them perhaps more quickly for tokens or ETH), you still agree that it only takes a few days at max for each confirmation. Now, whatever confirmation period there is, this is something that all traders have to deal with. Yet there are still being traded BTC worth billions of dollars each day, despite these long confirmation times! You must agree that with enough money and backing, there is nothing stopping the attackers from trading many millions each day on average (and in principle, it seems that they might be able to trade upwards of billions).

So do you see that we don't really have to discuss the current confirmation time here; not when we are talking about a long-range attack that could rewrite months of the ledger?

Also, you seem to want me to research your arbitrage venture idea, which I definitely want to do if it indeed only takes 10 minutes, and constitutes a business that completely blows all other investment options out of the water, which, you must admit, you make it sound like. I'm sure more people on this forum would love to hear more about this idea, even if it is only half as good as you make it out to be. (But maybe you should create another discussion thread for it, though, if it is not directly related to this one?)

[mjdamgaard]

But why would it do that? I believe that in my 6+ years of investing and looking at both markets closely I can safely say that these two cryptocurrencies and their communities are both hand-in-hand keeping the entire cryptocurrency industry alive, cause big as it may seem the crypto world is pretty infantile compared to tried and tested investment tactics, and they badly need bitcoin and ethereum's support at this stage to keep the whole thing afloat and make sure that no one's caving in. Ethereum undermines bitcoin or the other way around? We're going to see a massive collapse in price, value, and purpose for cryptocurrency as a whole, may even be the cause of its death for all I know.

This is a good point. If your wisdom is well-founded, then Bitcoin might not have anything to fear.

I guess we really ought to hear out the Ethereum community of their opinion(s): Would a fall of PoW be good for Ethereum or not?

[franky1]

arbitraging the bitcoin market is about manipulating the market.. it has nothing to do with the PoW mechanisms of mining and changing the blockchain
emphasis TWO SEPARATE THINGS

..
YOUR whole premiss was that you want to manipulate the market purely by changing blockchain data.. but you have avoided, ignored, dissmissed and been not convinced of all the mitigations of the blockchain attack vectors you discussed.

and you also did not understand:
the real world timeframes of doing one thing to realise if it would help or hinder the other thing
the real world affects and limits to effects of one thing on the other
the real world costs of one thing compared to the other

you did not seem to actually want to play out any theoretical attack and see if it actually results in a market manipulation. instead you just posted some lame theories hoping to find some ethereum shills to blindly agree and pat you on the back to pretend that ethereum is better without any actual knowledge or thought

it seems you just want to pretend bitcoin can be attacked easily by ethereum, but you have not gone into the research depths of even trying to prove a point

you seem to only want to find people whom you think are saying "yes buddy ethereum wil be the master currency" almost as if you are looking for a confidence builder of why you invested in ethereum, by pretending that ethereum will overtake bitcoin.. well im sorry to tell you that its actually bitcoin that is keeping ethereum afloat. and ethereum can crash alot harder and faster than bitcoin would and could

[mjdamgaard]

YOUR whole premiss was that you want to manipulate the market purely by changing blockchain data.. [...]

It's not really 'market manipulation' in any way. It's an 'adversarial exposure of a security flaw in the technology of a competitor,' and arguably 'sabotage' if they really go through with a full attack.

[...] but you have avoided, ignored, dissmissed and been not convinced of all the mitigations of the blockchain attack vectors you discussed.

Name one mitigation strategy that you have mentioned above on this thread that isn't either 'extending the confirmation period,' which as I've explained doesn't really seem to help much since it cannot be done retrospectively, or would mean a departure from pure PoW, which would be a remarkable option as it would go against Bitcoin's protocol as is.

Also if you like, feel free to mention any other interesting ones that you can think of, as this discussion was the main intention behind this thread.

[franky1]

ive said it multiple times now

you dont need to extend the confirmation periods,, for over a decade now services have always followed the guidelines that if someone is spending $millions to wait 6+confirms to deem it settled. because if you DO THE MATH(said many times)
to go back certain amount of blocks to rewrite those blocks and then catch up and over take the network with a certain amount of competing hashrate takes alot of that hashrate cost to achieve. and services can also delay the withdrawal of the funds so the attacker wont try instigating the attack until after the withdrawal clears to ensure when they finally go backward X blocks they get to truly double spend. it then becomes unworthy of attacking the network just to get a refund, because CEX have other mitigating factors

..
as for manipulating the market price.. the market price is based on centralised exchange market orders on THEIR databases.. not the blockchain. so run some scenarios nd realise the separation between blockchain attacks vs market manipulation and realise if your end goal is "market crash", that there are easier methods that could have better success rates at less cost, compared to your un-thought-out scenario of thinking a 51% attack will affect the market as much as you assumed without thinking

run some scenarios. and try thing out. learn how bitcoin works, learn the mechanics and economics of bitcoin and what affects what

[mjdamgaard]

you dont need to extend the confirmation periods,, for over a decade now services have always followed the guidelines that if someone is spending $millions to wait 6+confirms to deem it settled. because if you DO THE MATH(said many times)
to go back certain amount of blocks to rewrite those blocks and then catch up and over take the network with a certain amount of competing hashrate takes alot of that hashrate cost to achieve.  [...]

You know that I already did that exact math:

With 55% of the hash power, it will take, let's do some math: 55% × (6 blocks/hour) × t > 45% × (6 blocks/hour) × t + 6 blocks  <=>  t × (6 blocks/hour) × (55% - 45%) > 6 blocks  <=>  t > 6 blocks / (6 blocks/hour × 10%) = 10 hours.

In an earlier reply, you agreed that a 51% attack from Ethereum could last for several months in principle. (And in fact, if they go absolutely all in on the attack, then it could even be many years, at least in theory, as mentioned in my preprint.)

[...] and services can also delay the withdrawal of the funds so the attacker wont try instigating the attack until after the withdrawal clears to ensure when they finally go backward X blocks they get to truly double spend. it then becomes unworthy of attacking the network just to get a refund, because CEX have other mitigating factors

Isn't this exactly that 'extend the confirmation time' idea I was talking about? You know that this isn't going to do anything to prevent an attack on that scale, as I've already made clear:

You seem to be hung up on the confirmation time. But even if the attackers exchange their BTC back and forth for USD (rather than trade them perhaps more quickly for tokens or ETH), you still agree that it only takes a few days at max for each confirmation. Now, whatever confirmation period there is, this is something that all traders have to deal with. Yet there are still being traded BTC worth billions of dollars each day, despite these long confirmation times! You must agree that with enough money and backing, there is nothing stopping the attackers from trading many millions each day on average (and in principle, it seems that they might be able to trade upwards of billions).

So do you see that we don't really have to discuss the current confirmation time here; not when we are talking about a long-range attack that could rewrite months of the ledger?

Or what exactly are those "other mitigation factors" that you are talking about? 

as for manipulating the market price.. the market price is based on centralised exchange market orders on THEIR databases.. not the blockchain. so run some scenarios nd realise the separation between blockchain attacks vs market manipulation and realise if your end goal is "market crash", that there are easier methods that could have better success rates at less cost, compared to your un-thought-out scenario of thinking a 51% attack will affect the market as much as you assumed without thinking

run some scenarios. and try thing out. learn how bitcoin works, learn the mechanics and economics of bitcoin and what affects what

Just saying that "I know some much better ways to target Bitcoin than your un-thought-out one" gets us exactly nowhere. If you sit on some arguments why the 'Rival Goldfinger attack' wouldn't work that you haven't yet divulged, then do so. Or if you know of another way that is sure to make Bitcoin crash... Well, I guess make another thread about it.

[stompix]

here the thing, if they were to have enough incentivised people to buy 2,500,000 asics at $6.3k each ($16b)
.. then there is no point doing a 51% attack if the only aim is market manipulation... they can just market manipulate using the $16b without wasting money on hardware

Why would you go for the most expensive hashrate on the market?
Bitmain sells plenty of gear way cheaper at $20/ths or even s19 at $11/ths, which would bring the numbers down to 6 billion, and this not even counting that you can buy used gear even cheaper, huge batches of gear sold at $4 per this, and you only need to run them for a few days.

So that 16b is closer to a number that would guarantee you more the hashrate for the next few months, at maximum efficiency and not counting how many miners will go bankrupt when their income is halved because you add that much hashrate.
A far more down-to-earth number would be a quarter of that at max.

I wasn't at all suggesting that devs would respond to prevent Bitcoin from switching. I was only saving devs would respond on moral conscience -- to simply attack another network using Ethereum resources (selling Ether as you said remember?) is not a coonscienable action.

Also, I personally think Ethereum undermined themselves long ago when they rolled back... mostly at the behest of the haves, but I suppose partially on a moralistic capitalist argument.

P.S. Reason I don't actually support or go against technical routes is simple -- I actually am very weak in technical discussions =)

Too much talk about morals in an ecosystem driven only by $.

Besides, I don't understand why everyone is focused just on ETH, for example, another player, CZ could do this with just a fraction of his wealth, and more importantly, he already has a pool set up and can grab a lot of rented hash while playing innocent.

[franky1]

here the thing, if they were to have enough incentivised people to buy 2,500,000 asics at $6.3k each ($16b)
.. then there is no point doing a 51% attack if the only aim is market manipulation... they can just market manipulate using the $16b without wasting money on hardware

Why would you go for the most expensive hashrate on the market?
Bitmain sells plenty of gear way cheaper at $20/ths or even s19 at $11/ths, which would bring the numbers down to 6 billion, and this not even counting that you can buy used gear even cheaper, huge batches of gear sold at $4 per this, and you only need to run them for a few days.

So that 16b is closer to a number that would guarantee you more the hashrate for the next few months, at maximum efficiency and not counting how many miners will go bankrupt when their income is halved because you add that much hashrate.
A far more down-to-earth number would be a quarter of that at max.

i didnt go for the most expensive hasrate, however you are just looking at the hardware cost, not realising that there is an electric cost involved(something that for years you have 'guesstimated' wrongly many times or ignored in your estimations)
as for saying only needs to run for a few days to ROI shows you have not done the math or run scenarios, much like the OP has not
if you think miners get ROI in days, you have not learned about mining
if you think people buy hardware and only run it for days you have not learned about mining industry
if you think people can get $billions in returns so fast, you have not learned about mining industry
if you think people can obtain $billions of hardware in days you have not learned about the mining industry

[...] and services can also delay the withdrawal of the funds so the attacker wont try instigating the attack until after the withdrawal clears to ensure when they finally go backward X blocks they get to truly double spend. it then becomes unworthy of attacking the network just to get a refund, because CEX have other mitigating factors

Isn't this exactly that 'extend the confirmation time' idea I was talking about? You know that this isn't going to do anything to prevent an attack on that scale,

no.. its about YOU need to run scenarios based on the CURRENT mitigating delays services put on the deposits and withdrawals to cause a attacker to have to wait out clearing their settled other currency.. to then go backwards..
its not about asking services to change things from now on..

Just saying that "I know some much better ways to target Bitcoin than your un-thought-out one" gets us exactly nowhere. If you sit on some arguments why the 'Rival Goldfinger attack' wouldn't work that you haven't yet divulged, then do so. Or if you know of another way that is sure to make Bitcoin crash... Well, I guess make another thread about it.

yes there are other mitigating factors. but you seem to not want to run scenarios on the CURRENT factors.. thus until you can see how things would play out on just the basic mitigating factors discussed so far, it wont make sense to then teach you about the others..

but here is a hint which i did mention already
if a large value transaction got undone. services can red flag a utxo that got undone and if any exchange then got a deposit of that same utxo spend a second time then they can just ban the user from doing any market orderbook trades, (there are other things too but.. before you can run through those factors you need to first walk through the basics factors discussed already and not bypass them

..
as for your end goal of wanting to use some ethereum funded richguy or group to try to crash the bitcoin market.. your obsession with thinking a 51% attack is the route is aimless and not guaranteed nor a high chance without causing actual real losses to the ethereum individual/group... where as a direct economic market attack not involving asic renting/purchasing and instead just market manipulation would be more of a success rate

please just run some scenarios of the theories you present.(play devils advocate on your own theory, work things out) stop just posting a theory and wasting days for responses where you just hope people will blindly tell you they love your plan and think ethereum is best(which i think is your true desire to hear) instead you see people debunk your theory just for you to then ignore with "im not convinced" as an  avoidance tactic to not think deeply about how your theories wont work..
play out your scenarios and actually articulate things

[mjdamgaard]

@franky1, it's clear that you are not really listening.

Here in this comment:

[...] and services can also delay the withdrawal of the funds so the attacker wont try instigating the attack until after the withdrawal clears to ensure when they finally go backward X blocks they get to truly double spend. it then becomes unworthy of attacking the network just to get a refund, because CEX have other mitigating factors

Isn't this exactly that 'extend the confirmation time' idea I was talking about? You know that this isn't going to do anything to prevent an attack on that scale,

no.. its about YOU need to run scenarios based on the CURRENT mitigating delays services put on the deposits and withdrawals to cause a attacker to have to wait out clearing their settled other currency.. to then go backwards..
its not about asking services to change things from now on..

you are saying that "no, it isn't about extending the confirmation time," and then in the same breath you saying that it is about "delay services" instead. Unless you can somehow explain to me that "delay services" isn't about 'extending the confirmation time,' I will regard you as being dishonest.

You also give me a "hint" that:

but here is a hint which i did mention already
if a large value transaction got undone. services can red flag a utxo that got undone and if any exchange then got a deposit of that same utxo spend a second time then they can just ban the user from doing any market orderbook trades, (there are other things too but.. before you can run through those factors you need to first walk through the basics factors discussed already and not bypass them

This either assumes that attackers need to do several reorgs in order for the attack to work, or that the attackers are somehow reliant on being accepted by specific crypto exchanges after the attack. If you had paid attention (i.e. to me explaining about the long-range attack above, or the fact that the ultimate goal is to crash the market), you would know that neither of these things are relevant. So either you are not paying attention or you are being dishonest.

As for your whole tactic of avoiding argument by pretending that you know something that I don't while being unwilling to say what that is, and at the same time pretending that I'm the one not listening to your arguments while hardly doing anything to point us back to whatever arguments that would be... Well, I don't think I'm the only one who sees through that tactic.

Please stop that behavior, or just leave the thread.

[mjdamgaard]

Besides, I don't understand why everyone is focused just on ETH, for example, another player, CZ could do this with just a fraction of his wealth, and more importantly, he already has a pool set up and can grab a lot of rented hash while playing innocent.

Well, unless Bitcoin somehow retains its value after the attack (in which case he could just steal, steal, steal), he would either have to be smart enough to be able to end up with other assets/products/currency that don't lose their value (Edit: and this would require a quick short-range attack, which means he can't steal very much, and not enough to make it worth it), and also get away with that (staying anonymous or within the bounds of the law somehow). Or he would have to take a large enough short position to cover the loss from the crash of Bitcoin, which would probably also be quite a tall order, as far as I know.

But rather than taking a large short position, he could also invest in ETH instead, and hope that a fall of PoW will elevate Ethereum by a large enough factor to cover his costs (and future loss of revenue from his ASICs).

Now, the thing about this latter option is that if it succeeds, it will also make all other Ethereum investors besides him have their ETH grow in value by a similar factor. So by e.g. creating a smart contract like the one described in my preprint, he might be able to get some of these other Ethereum investors to help fund the attack, thus lowering his own costs and risk associated with it.

If enough Ethereum investors joins in, the risk of losing $6B–$16B might be worth the potential gains (of upwards of a trillion dollars) if the plan succeeds.

But yeah, not saying that investing in ETH is the only option (let alone paying the miners in ETH).

[franky1]

@franky1, it's clear that you are not really listening.

Here in this comment:

[...] and services can also delay the withdrawal of the funds so the attacker wont try instigating the attack until after the withdrawal clears to ensure when they finally go backward X blocks they get to truly double spend. it then becomes unworthy of attacking the network just to get a refund, because CEX have other mitigating factors

Isn't this exactly that 'extend the confirmation time' idea I was talking about? You know that this isn't going to do anything to prevent an attack on that scale,

no.. its about YOU need to run scenarios based on the CURRENT mitigating delays services put on the deposits and withdrawals to cause a attacker to have to wait out clearing their settled other currency.. to then go backwards..
its not about asking services to change things from now on..

you are saying that "no, it isn't about extending the confirmation time," and then in the same breath you saying that it is about "delay services" instead. Unless you can somehow explain to me that "delay services" isn't about 'extending the confirmation time,' I will regard you as being dishonest.

again.. these delaying things are actually standard practice that have and are ALREADY been in practice for decades.. again ill explain, its not about services suddenly needing to implement new delays to mitigate a new attack.. its about the mitigations already in practice for decades that already mitigate the attack you want to discuss
again. run your scenario, play it out. think about how long it would take to do your alice to eric fund shuffle.. work out how many blocks that would be of time thats passed. then work out how far back you would have to go and then work out based on 2% extra luck (51% attack) 10% extra luck(55% attack) how long it would take you(from the position of going back) to then catch up and over take the network. then ontop of that work out would the rest of the honest network accept your overtaking block as the chain to follow if your blockheights block+1 doesnt include the previous block that matches the honest network..

realise how these mitigating factors already in practice do not mean your attack is a guarantee..
emphasis again: current mitigating factors, not requiring adding new unused before mitigating factors
and once you learn the situation we can then progress the conversation to other mitigating factors i have not yet explained.. but first you need to understand the basic ones already mentioned and fully realise how your attack is not as convincing as you want it to be
i know you just want to bypass working things out for yourself, but do try, it will help you to learn instead of bypassing it with empty statements of "im not convinced".. so try to work things out, try to play out scenarios, play devils advocate on your own theory

You also give me a "hint" that:

but here is a hint which i did mention already
if a large value transaction got undone. services can red flag a utxo that got undone and if any exchange then got a deposit of that same utxo spend a second time then they can just ban the user from doing any market orderbook trades, (there are other things too but.. before you can run through those factors you need to first walk through the basics factors discussed already and not bypass them

This either assumes that attackers need to do several reorgs in order for the attack to work, or that the attackers are somehow reliant on being accepted by specific crypto exchanges after the attack. If you had paid attention (i.e. to me explaining about the long-range attack above, or the fact that the ultimate goal is to crash the market), you would know that neither of these things are relevant. So either you are not paying attention or you are being dishonest.

it would require several re-orgs.. because you cant just do one double spend and crash the market. because you have other mitigating factor at play.. i would love to discuss the other factors at play and in practice already.. but until you fully understand the first ones i talked about we cant progress the discussion..
i did hint at some, but no point going into depth of those until you gone into depths of understanding the first ones.. but here is another mitigating factor at play right now

if you were to make the btc price come down 5% you will have many other traders selling their BTC for eth at the ~1:XX ratio of btc:eth. then sell the eth for USD causing the eth-usd market to crash, which based on supply on the market orders would crash the eth market by more then 5%. and then using the USD to then buy BTC at a 5% discount to bring back the btc-usd back up.
in short whilst you are arbitraging in one direction to try crashing the btc market. there are whales on the BTC side countering your attempt by arbitraging in the other direction to get cheaper btc which would bring the market for btc back up whilst making the Eth market crash further

so for you to(in your theory) try to keep fighting the btc whales, you would need to keep shifting funds around and then re-orging to double spend again to try again which all takes time. which you are not willing to account or run scenarios to realise how much time it would take to continually put pressure on the market.

As for your whole tactic of avoiding argument by pretending that you know something that I don't while being unwilling to say what that is, and at the same time pretending that I'm the one not listening to your arguments while hardly doing anything to point us back to whatever arguments that would be... Well, I don't think I'm the only one who sees through that tactic.

Please stop that behavior, or just leave the thread.

its not about me pretending to know something you dont.. its about you just not knowing all the things that are already in practice within the btc market and economy and mining industry(which many already know). i simply ask you to try learning more about bitcoin and testing out your theory, run scenarios, play devils advocate. however its you that dont see all the mitigating factors nor want to look into them, nor test them. you constantly just want someone to beleive your theory will work as is, un tested, and tell you that your a clever guy for mentioning something,... however MANY MANY people know the mitigating factors and yet you just respond "im not convinced", its become obvious you are not even willing to try to work things out to see if your theory has a high chance of success

again if your end goal is to crash the btc market, but doing so via blockchain re-orgs. you are missing many factors which you have yet to think about that make your theory not as easy as you try to make it seem. also there are other ways to crash the market without even needing to mess with the blockchain. your perceived notion that blockchain re-orgs = market crash, fall flat of guaranteed success due to you not understanding the factors at play.

[mjdamgaard]

@franky1, it's clear that you are not really listening.

Here in this comment:

[...] and services can also delay the withdrawal of the funds so the attacker wont try instigating the attack until after the withdrawal clears to ensure when they finally go backward X blocks they get to truly double spend. it then becomes unworthy of attacking the network just to get a refund, because CEX have other mitigating factors

Isn't this exactly that 'extend the confirmation time' idea I was talking about? You know that this isn't going to do anything to prevent an attack on that scale,

no.. its about YOU need to run scenarios based on the CURRENT mitigating delays services put on the deposits and withdrawals to cause a attacker to have to wait out clearing their settled other currency.. to then go backwards..
its not about asking services to change things from now on..

you are saying that "no, it isn't about extending the confirmation time," and then in the same breath you saying that it is about "delay services" instead. Unless you can somehow explain to me that "delay services" isn't about 'extending the confirmation time,' I will regard you as being dishonest.

again.. these delaying things are actually standard practice that have and are ALREADY been in practice for decades.. again ill explain, its not about services suddenly needing to implement new delays to mitigate a new attack.. its about the mitigations already in practice for decades that already mitigate the attack you want to discuss

Okay, I will accept that maybe you sincerely thought that I was talking about "implementing new delays." So I'm giving you the benefit of the doubt, even though you still ought to have paid better attention.

We are both talking about exchanges (and such) delaying the confirmation time (beyond the standard 6 blocks), which is indeed a standard and well-known thing that they can do. And each individual exchange/trader is indeed able to do it independently, and temporarily, whenever they want to.

Regardless, I've explained why that wouldn't help anything in a long-range attack. Now, you both ask me to once again do the (easy) catch-up math, and you also explicitly state that an attack would require several reorgs, "otherwise they wouldn't be able to steal enough to make it affordable."

This all shows that you either don't know what a long-range attack is, or have somehow missed the point, even after this long conversation.

Okay, I'll forgive you for that, but then you better listen more carefully now:

In a normal replay attack, an attacker tries to pay for other assets/currency/etc. with BTC, then reorgs the ledger, and then quickly tries to cheat another party to sell some other assets/currency/etc. for the same BTC, before they notice that a big reorg has happened, thus "replaying" the same BTC.

If this were the kind of attack we were talking about here, then you would be right: The attacker would not be very likely to make this attack worth it, namely since exchanges and such would likely notice the large transfers on the blockchian and choose to temporarily require a longer confirmation time (more than 6 blocks, i.e.), until that large transfer is more sure to be finalized. (This is the "delay services" that you are also talking about; we are talking about the same thing here.)

However, this is not the kind of attack that I'm talking about. Note that in my Bob–Eric example, Alice ends up with BTC, not other assets/currency/etc. And note also that Alice is making exactly one reorg of the ledger in this attack. (And note that she could have made many more trades in principle, even in parallel rather than one at a time, and trade more BTC each time.)

This kind of attack is known as a long-range attack, where the goal is not to replay non-BTC assets/currency/etc, but to steal BTC alone.

Now, it is normally assumed that Bitcoin would crash as a result of such an attack (unless honest miners somehow manages to regain a majority of the hash rate after the attack and then soft-fork the blockchain back to the original chain), which means that long-range attacks haven't been much feared before, since they have thus also been deemed as very unlikely to be profitable for the attacker, and therefore "who would do it?"

The so-called 'Goldfinger attack,' however, gives a potential reason why attackers might do it anyway: Either they could be politically motivated, and/or act on behalf of some government/institution, or the attackers could perhaps take large short positions (I assume you know what that is). In particular, if they do the latter, this might then potentially make up for the fact that Bitcoin would crash as a result of such a long-range 51% attack (or another potent 51% attack, more on that in a minute).

Because if the attackers have a reverse stake in Bitcoin, and will thus profit from a crash, then this turns it into a win-win situation, as I have already explained: Either Bitcoin doesn't crash, in which case the attackers can now spend all their stolen BTC at will, perhaps after some whitewashing first, or they profit from the crash itself due to their reverse stake.

And as you know by now, I point to the fact that rather than trying to take such a large short position in order to make this work, the attackers might instead be (or be funded by) stakeholders in a rival blockchain, and one that does not use a PoW protocol itself, hoping to profit from the fall of the competitor.

Now, I must also add to all this: A long-range attack is not necessarily the only kind of 51% attack that could work for such a (rival) Goldfinger attack. A sustained 51% attack that DoS'es Bitcoin for months or years might also do the trick. But let's put this discussion on the shelf for now until you have shown that you now finally understand how a long-range Goldfinger attack could be profitable for the attackers (assuming that they can profit from a crash of Bitcoin in the first place, of course, and also assuming Bitcoin does not take any new steps to mitigate such an attack).  

[franky1]

you have again avoided alot of factors and then tried to debate something else yet again to then say that the new debate is not what you were talking about whilst in same sentence saying it was what you were talking about

anyway, you had your chances to learn, but instead just repeated your same mistakes

its obvious now that you only know of ethereum and a newbie to bitcoin, hense why i said several times for you to atleast play out your scenarios, playing devils advocate.. this means learn bitcoin and its mitigating factors and not just run things from the position of how ethereum can have a fantasy wet dream scenario of winning if bitcoin conditions are ignored

goodluck though, but ill leave you now to work out that your theory and method wont crash the market as a long or short term attack.. but enjoy working that out for yourself the hard way, because i know any further hints will just be met with "not convinced" or other avoidance's

so ill just leave you to it with your comedy of thinking you can steal alot of bitcoin in your fantasy, great laughs