51% attack

[justusranvier]

I dislike #2 because I see it as a slippery slope to coin confiscation

There's no slope - that's exactly what it is.

Spending outputs without satisfying their scripts is a fundamental perversion of the network - it's like building a calculator that sometimes will declare that 2+2=5 when a committee decides that the result of some equation "doesn't deserve" to be 4.

[Peter R]

I dislike #2 because I see it as a slippery slope to coin confiscation

There's no slope - that's exactly what it is.

Spending outputs without satisfying their scripts is a fundamental perversion of the network - it's like building a calculator that sometimes will declare that 2+2=5 when a committee decides that the result of some equation "doesn't deserve" to be 4.

Yes.  You are correct.  It is coin confiscation. 

What is your opinion on #1?

[justusranvier]

What is your opinion on #1?

Miners are free to include or exclude any transactions in their blocks that they wish, and are also free to chose which valid block to extend the chain from.

The proof of work algorithm is the process of determining which chain is canonical.

[Peter R]

What is your opinion on #1?

Miners are free to include or exclude any transactions in their blocks that they wish, and are also free to chose which valid block to extend the chain from.

The proof of work algorithm is the process of determining which chain is canonical.

It sounds like we agree then.  If miners establish techniques to detect malicious blocks, they are free to choose not to build upon them. 

[justusranvier]

It sounds like we agree then.  If miners establish techniques to detect malicious blocks, they are free to choose not to build upon them. 

Miners choosing to collude is one of the potential failure cases of Bitcoin.

The protocol should not be changed to make this collusion easier to engineer, or more difficult to detect.

[jonald_fyookball]

What is your opinion on #1?

Miners are free to include or exclude any transactions in their blocks that they wish, and are also free to chose which valid block to extend the chain from.

I think this is one of the problems of Bitcoin which makes it vulnerable to a problems in a 51% attack.

See my thoughts here:

https://bitcointalk.org/index.php?topic=582386.0

[Peter R]

It sounds like we agree then.  If miners establish techniques to detect malicious blocks, they are free to choose not to build upon them. 

Miners choosing to collude is one of the potential failure cases of Bitcoin.

The protocol should not be changed to make this collusion easier to engineer, or more difficult to detect.

I'm confused with what exactly your position is now. 

If I as a miner have a technique to reliably detect malicious blocks created by double-spend services, and if I choose not to build upon those blocks, then this does not represent a change to the protocol IMO.  I am expressing my view of the legitimate chain with my hash power. 

Do you disagree?

[DannyHamilton]

I'm confused with what exactly your position is now.  

If I as a miner have a technique to reliably detect malicious blocks created by double-spend services, and if I choose not to build upon those blocks, then this does not represent a change to the protocol IMO.  I am expressing my view of the legitimate chain with my hash power.

Correct.

And if you don't have a majority of the hash power in the network, and the other miners don't implement your particular exact ruleset, then your chain will never be longer than the consensus chain.  Therefore, every block that you mine will be a waste of your hash power.

Since every other miner faces this same disincentive, the only financially logical thing for you or any other miner to do is to accept the protocol-valid blocks that you receive and mine blocks that follow them.

[justusranvier]

If I as a miner have a technique to reliably detect malicious blocks created by double-spend services

In addition to what DannyHamilton said, you don't have one of these because it's not a valid concept.

[eleuthria]

Just a reminder:

A 51% attack cannot break any existing protocol rules, only enforce it's own new rules on top of them, as long as they do not conflict.  Attempting to do otherwise is actually a hard fork where only the attacker is mining.  It will not merge with the "real" blockchain.  The rest of the network will continue happily on the real chain and not even notice the conflicting chain since it is not recognized by bitcoind (unless they update to the attacker's modified version).

[Peter R]

I'm confused with what exactly your position is now.  

If I as a miner have a technique to reliably detect malicious blocks created by double-spend services, and if I choose not to build upon those blocks, then this does not represent a change to the protocol IMO.  I am expressing my view of the legitimate chain with my hash power.

Correct.

And if you don't have a majority of the hash power in the network, and the other miners don't implement your particular exact ruleset, then your chain will never be longer than the consensus chain.  Therefore, every block that you mine will be a waste of your hash power.

Since every other miner faces this same disincentive, the only financially logical thing for you or any other miner to do is to accept the protocol valid blocks that you receive and mine blocks that follow them.

Here's what I'm wondering, Danny.  Imagine I'm a miner that control 5% of global hash power.  I have an employee who is always looking for out-of-band double-spend services.  Whenever he learns of a new service like this, he sends it one "test double-spend" every block.  If I see a block that includes the TX that I personally know to be a pseudo double spend attempt, I choose not to mine upon it.  Otherwise, our behaviour is unchanged.  If the block I rejected as malicious is built upon (i.e., not enough miners implemented my rule set), then I give up and start mining on the longest chain.  

Now imagine I talk about this idea at conferences, over IRC, here at the forum, and start a website dedicated to the cause. Perhaps I am able to convince others to implement the same rule set.  Every block I mine is not a waste, as normally I am working to extend the longest chain.  The only block rewards at risk are when I detect a block that I personally know to come from a malicious double-spend service.  But I think these blocks should be rare, and eventually disappear completely if they are rarely extended (the double-spend services would go out of business).

I don't see the flaw in my logic here.  It seems that this may work and that if it did that it would be a good thing.  Do you think this idea is dangerous some how?

[Peter R]

If I as a miner have a technique to reliably detect malicious blocks created by double-spend services

In addition to what DannyHamilton said, you don't have one of these because it's not a valid concept.

I'm not sure about that Justus.  Only 20% of respondents believe that out-of-band double spend services are not complicit in fraud (https://bitcointalk.org/index.php?topic=502571.0).  If I send these services trial double spends and detect the block with the transaction that I know to be fraudulent, based on the results of my poll only 20% of the bitcoin community would disagree with me.  So I think it is a valid concept and that one might achieve enough consensus to implement this.  

Do you think this is dangerous somehow?

[DannyHamilton]

Here's what I'm wondering, Danny.  Imagine I'm a miner that control 5% of global hash power.  I have an employee who is always looking for out-of-band double-spend services.  Whenever he learns of a new service like this, he sends it one "test double-spend" every block.  If I see a block that includes the TX that I personally know to be a pseudo double spend attempt, I choose not to mine upon it.  Otherwise, our behaviour is unchanged.  If the block I rejected as malicious is built upon (i.e., not enough miners implemented my rule set), then I give up and start mining on the longest chain.  

Now imagine I talk about this idea at conferences, over IRC, here at the forum, and start a website dedicated to the cause. Perhaps I am able to convince others to implement the same rule set.  Every block I mine is not a waste, as normally I am working to extend the longest chain.  The only block rewards at risk are when I detect a block that I personally know to come from a malicious double-spend service.  But I think these blocks should be rare, and eventually disappear completely if they are never extended (the double-spend services would go out of business).

I don't see the flaw in my logic here.  It seems that this may work and that if it did that it would be a good thing.  Do you think this idea is dangerous some how?

If each participating miner (or mining pool) implements your idea independently (searches for the double-spend services themselves, and makes their own determinations from their own double-spend attempts which blocks to ignore), then it's dangerous to the income and profitability of the individual miners (or pools).

It is likely that some miners will find some services, and other miners will find other services.  As such, they will waste time mining blocks that won't earn them income, while the rest of the network that hasn't discovered the particular service they are blacklisting continues on without them.  Additionally, if they happen to solve a block while mining a fork that won't make it, they lose out on the block reward they could have had if they had solved a block on the consensus chain.

Additionally, since there are likely to be many services that some miners find and others don't, the blockchain is likely to always be in a state of multiple competing blocks that are all trying to orphan all the others.  This significantly reduces the hashpower that an attacker would need to outpace the rest of the network with their own chain.  If an attacker can create a situation where there are regularly 5 different blocks that are all being treated by equal portions of the network as the last "valid" block, an attacker only needs 17% of the total hash power of the network to continuously outpace the network (instead of 51%).

If, instead of having each miner (or pool) independently search out and choose which blocks they want to try to ignore, you have some centralized service that provides the block blacklist that all miners are supposed to adhere to, then you've introduced a centralization to the decentralized network that can be abused.  The service can become malicious and (for a secret fee) allow some malicious blocks through, or even block some non-malicious blocks.  The service can segregate the network into as many competing forks as it likes by offering each segment a different block blacklist.

Because all of these repercussions result in reduced income for the honest miners (or pools), it will be difficult to convince any of them to take up your consensus destroying ideas.  As such, you'll be left occasionally ignoring blocks on your own, and drastically reducing your revenues wasting hash power on blocks that will never be part of the consensus chain.  Because mining is so competitive, reductions in revenue will almost certainly result in financial loss that will eventually deplete your capital until you can no longer operate.

[BenAnh]

51% should be utilized to block stolen funds and recreate those coins so 21M coins will always be in the network.

[DannyHamilton]

51% should be utilized to block stolen funds and recreate those coins so 21M coins will always be in the network.

No.

[justusranvier]

Only 20% of respondents believe that out-of-band double spend services are not complicit in fraud (https://bitcointalk.org/index.php?topic=502571.0).  If I send these services trial double spends and detect the block with the transaction that I know to be fraudulent, based on the results of my poll only 20% of the bitcoin community would disagree with me.  So I think it is a valid concept and that one might achieve enough consensus to implement this.

People can believe what they want, but it doesn't make it possible to solve the Byzantine General's Problem without actually solving the Byzantine General's Problem, which is what "a technique to reliably detect malicious blocks created by double-spend services" means.

[Peter R]

Here's what I'm wondering, Danny.  Imagine I'm a miner that control 5% of global hash power.  I have an employee who is always looking for out-of-band double-spend services.  Whenever he learns of a new service like this, he sends it one "test double-spend" every block.  If I see a block that includes the TX that I personally know to be a pseudo double spend attempt, I choose not to mine upon it.  Otherwise, our behaviour is unchanged.  If the block I rejected as malicious is built upon (i.e., not enough miners implemented my rule set), then I give up and start mining on the longest chain.  

Now imagine I talk about this idea at conferences, over IRC, here at the forum, and start a website dedicated to the cause. Perhaps I am able to convince others to implement the same rule set.  Every block I mine is not a waste, as normally I am working to extend the longest chain.  The only block rewards at risk are when I detect a block that I personally know to come from a malicious double-spend service.  But I think these blocks should be rare, and eventually disappear completely if they are never extended (the double-spend services would go out of business).

I don't see the flaw in my logic here.  It seems that this may work and that if it did that it would be a good thing.  Do you think this idea is dangerous some how?

If each participating miner (or mining pool) implements your idea independently (searches for the double-spend services themselves, and makes their own determinations from their own double-spend attempts which blocks to ignore), then it's dangerous to the income and profitability of the individual miners (or pools).

It is likely that some miners will find some services, and other miners will find other services.  As such, they will waste time mining blocks that won't earn them income, while the rest of the network that hasn't discovered the particular service they are blacklisting continues on without them.  Additionally, if they happen to solve a block while mining a fork that won't make it, they lose out on the block reward they could have had if they had solved a block on the consensus chain.

Additionally, since there are likely to be many services that some miners find and others don't, the blockchain is likely to always be in a state of multiple competing blocks that are all trying to orphan all the others.  This significantly reduces the hashpower that an attacker would need to outpace the rest of the network with their own chain.  If an attacker can create a situation where there are regularly 5 different blocks that are all being treated by equal portions of the network as the last "valid" block, an attacker only needs 17% of the total hash power of the network to continuously outpace the network (instead of 51%).

If, instead of having each miner (or pool) independently search out and choose which blocks they want to try to ignore, you have some centralized service that provides the block blacklist that all miners are supposed to adhere to, then you've introduced a centralization to the decentralized network that can be abused.  The service can become malicious and (for a secret fee) allow some malicious blocks through, or even block some non-malicious blocks.  The service can segregate the network into as many competing forks as it likes by offering each segment a different block blacklist.

Because all of these repercussions result in reduced income for the honest miners (or pools), it will be difficult to convince any of them to take up your consensus destroying ideas.  As such, you'll be left occasionally ignoring blocks on your own, and drastically reducing your revenues wasting hash power on blocks that will never be part of the consensus chain.  Because mining is so competitive, reductions in revenue will almost certainly result in financial loss that will eventually deplete your capital until you can no longer operate.

Thanks Danny.  I'd say I'm 75% convinced.  The missing 25% is due to my belief that it would be both "obvious" and "independently verifiable" that a certain miner is operating an out-of-band double spend service.  If both these conditions hold, then it seems intuitive that something could be done in a decentralized manner.  Perhaps I am wrong, however.

[chinacoinbase]

Bitcoin fans monitor and Bitcoin Foundation also manages  and monitor this issue, so  should avoid that. do not worry

[Peter R]

Only 20% of respondents believe that out-of-band double spend services are not complicit in fraud (https://bitcointalk.org/index.php?topic=502571.0).  If I send these services trial double spends and detect the block with the transaction that I know to be fraudulent, based on the results of my poll only 20% of the bitcoin community would disagree with me.  So I think it is a valid concept and that one might achieve enough consensus to implement this.

People can believe what they want, but it doesn't make it possible to solve the Byzantine General's Problem without actually solving the Byzantine General's Problem, which is what "a technique to reliably detect malicious blocks created by double-spend services" means.

There is no general solution to the Two General's Problem.  Bitcoin is a practical implementation where consensus is achieved by working on the longest chain.  Consensus can be achieved in other ways, however.  

I am not saying that Mike Hearn's idea (#1 only--#2 seems really bad) is necessarily a good one.  It's just that I'm still not fully convinced that it's a bad one.  

[jonald_fyookball]

Here's what I'm wondering, Danny.  Imagine I'm a miner that control 5% of global hash power.  I have an employee who is always looking for out-of-band double-spend services.  Whenever he learns of a new service like this, he sends it one "test double-spend" every block.  If I see a block that includes the TX that I personally know to be a pseudo double spend attempt, I choose not to mine upon it.  Otherwise, our behaviour is unchanged.  If the block I rejected as malicious is built upon (i.e., not enough miners implemented my rule set), then I give up and start mining on the longest chain.  

Now imagine I talk about this idea at conferences, over IRC, here at the forum, and start a website dedicated to the cause. Perhaps I am able to convince others to implement the same rule set.  Every block I mine is not a waste, as normally I am working to extend the longest chain.  The only block rewards at risk are when I detect a block that I personally know to come from a malicious double-spend service.  But I think these blocks should be rare, and eventually disappear completely if they are never extended (the double-spend services would go out of business).

I don't see the flaw in my logic here.  It seems that this may work and that if it did that it would be a good thing.  Do you think this idea is dangerous some how?

If each participating miner (or mining pool) implements your idea independently (searches for the double-spend services themselves, and makes their own determinations from their own double-spend attempts which blocks to ignore), then it's dangerous to the income and profitability of the individual miners (or pools).

It is likely that some miners will find some services, and other miners will find other services.  As such, they will waste time mining blocks that won't earn them income, while the rest of the network that hasn't discovered the particular service they are blacklisting continues on without them.  Additionally, if they happen to solve a block while mining a fork that won't make it, they lose out on the block reward they could have had if they had solved a block on the consensus chain.

Additionally, since there are likely to be many services that some miners find and others don't, the blockchain is likely to always be in a state of multiple competing blocks that are all trying to orphan all the others.  This significantly reduces the hashpower that an attacker would need to outpace the rest of the network with their own chain.  If an attacker can create a situation where there are regularly 5 different blocks that are all being treated by equal portions of the network as the last "valid" block, an attacker only needs 17% of the total hash power of the network to continuously outpace the network (instead of 51%).

If, instead of having each miner (or pool) independently search out and choose which blocks they want to try to ignore, you have some centralized service that provides the block blacklist that all miners are supposed to adhere to, then you've introduced a centralization to the decentralized network that can be abused.  The service can become malicious and (for a secret fee) allow some malicious blocks through, or even block some non-malicious blocks.  The service can segregate the network into as many competing forks as it likes by offering each segment a different block blacklist.

Because all of these repercussions result in reduced income for the honest miners (or pools), it will be difficult to convince any of them to take up your consensus destroying ideas.  As such, you'll be left occasionally ignoring blocks on your own, and drastically reducing your revenues wasting hash power on blocks that will never be part of the consensus chain.  Because mining is so competitive, reductions in revenue will almost certainly result in financial loss that will eventually deplete your capital until you can no longer operate.

Thanks Danny.  I'd say I'm 75% convinced.  The missing 25% is due to my belief that it would be both "obvious" and "independently verifiable" that a certain miner is operating an out-of-band double spend service.  If both these conditions hold, then it seems intuitive that something could be done in a decentralized manner.  Perhaps I am wrong, however.

And to me it seems intuitive that something could be done in a decentralized manner to prevent empty blocks or excluded transactions, but I could be wrong also.