Appetite for fee-rules publishing from mining pools?

[SgtSpike]

MtGox isn't the only entity that cares about network speed so they don't have to give up all their income. That's the point of the assurance contracts. It says "I agree to pay, if everybody pays". If not enough others agree to contribute, the people who were up for it lose nothing.

It may be that current speeds are too high. We haven't seen (as far as I know) any complaints about successful double spends. That implies to me that inflation is driving network security too high - we're effectively wasting energy. I'd expect to see occasionally successful double spends on a network funded entirely by fees, when people misjudge how much work an attacker is willing to do.

Ok, that was the part I was missing - that no one pays if not enough is contributed.

But, what happens to Bitcoin if the assurance contract doesn't go through?  Miners aren't paid, so transactions can't happen anymore (or at least happen VERY very slowly, as only the idealists who don't care if they lose money on mining would continue to mine).  If that were the case, people who still believed in Bitcoin might up and donate some BTC themselves to the contract, but then we're right back to where we started - the people paying the mining fees.

A successful double-spend would be disastrous, and cause most people to lose all confidence in Bitcoins.  I don't think it is something we should be wishing for (though I do see where you are coming from on it).  I do believe the network is over-secured by a vast amount, but that is why I also believe that, so long as the number of transactions per block picks up some and people are willing to accept higher fees in the $0.25/trans range, fees can pay for a sufficient number of miners to secure the network.

Again though, I don't think we need to worry about fees sustaining the miner network until we reach the 6.25 BTC/block point, because I think even 1 TH/s is enough to secure the network if all BTCs are only worth $50M.  And that's going to take a number of years yet, during which a number of miner-incentivising variables may change, such as transaction volume and BTC price.

I really doubt fees need to be that high.

Paypal for example is ~100 tps.  That is ~ 3.2 billion transactions per second. 

At 1% of that volume (320M transactions per second) we are looking at a transaction cost on the order of 0.08 BTC to generate current annual block subsidies.

If after 5 years Bitcoin can't even sustain 1% of the transaction volume of Paypal well it likely doesn't need much protecting.

I mean, that's kind of my point - this is really a useless conversation until we get closer to the time of block rewards being potentially unsuitable for maintaining enough hashing power on their own.

That said, I don't think it is safe to look at Paypal and how many transactions they process, then deduce future Bitcoin transactions based on that.  Bitcoin could forever be a niche method of wealth exchange.

But it really doesn't matter until we get closer to the 6.25 block reward (in my opinion, anyway).

[1713881426]

1713881426

[1713881426]

1713881426

[1713881426]

1713881426

[1713881426]

1713881426

[Mike Hearn]

I don't think we should set ourselves up for "a double spend is the end of the world". Payment reversals are so common in every other form of payment that "no reversals ever" is a standard far higher than it really needs to be. Miners are a way of managing risk. For instance, I think it'll be common in future for people to pass around free transactions without broadcasting them, until somebody in the chain of payments decides they can't totally trust the sender and broadcasts the entire chain, using the miners to lock it down.

Any given assurance contract is relatively small (for just one block). If the contract fails because nobody cares about that level of security, speeds will fall a bit until enough people care. It's self adjusting in that sense.

[DeathAndTaxes]

I don't think we should set ourselves up for "a double spend is the end of the world". Payment reversals are so common in every other form of payment that "no reversals ever" is a standard far higher than it really needs to be. Miners are a way of managing risk. For instance, I think it'll be common in future for people to pass around free transactions without broadcasting them, until somebody in the chain of payments decides they can't totally trust the sender and broadcasts the entire chain, using the miners to lock it down.

Any given assurance contract is relatively small (for just one block). If the contract fails because nobody cares about that level of security, speeds will fall a bit until enough people care. It's self adjusting in that sense.

I think you mistake a double spend w/ a persistent 51% attack.

A single isolated double spend wouldn't even make a headline.

An attacker w/ 51% of the hashing power could build an attack chain in private for days or even weeks generating thousands upon thousands of independent transactions worth millions in economic value which would all suddenly be reversed. 

An attacker which wasn't seeking economic benefit could even widen the damage and chaos by using unwitting pawns.  Make a website offering free PS3, get names & addresses.  Find a merchant selling PS3 for Bitcoins.  Pay for them in the legit chain and reverse them in the attack chain.  Merchant waits for 6 confirms and ships these "independent" purchases and then a week later (when the product is gone) the Bitcoins "disapear".  Now multiply that by hundreds of other merchants over the course of weeks.

Tell me that isn't "the end of the world for Bitcoin".  It would be like VISA telling all merchants around the world they won't get paid for any transactions the week before Christmas due to a security glitch.

[Mike Hearn]

Yes, if somebody does repeated double spends with a large value, that would make the headlines indeed. But there are unlikely to be so many merchants with high value attacks that are possible.

I think your VISA analogy is flawed. VISA routinely tells merchants they are the victim of fraud and then fines them for the privilege. There isn't much they can do to protect themselves from such fraud other than invest in expensive risk analysis solutions that try to spot repeated abuse attempts. If you're the victim of a double spend on Bitcoin, you at least don't get fined, and you have the option of ramping up your contributions to network security via the assurance contracts (assuming such a system is built and becomes widespread).

[SgtSpike]

I don't think we should set ourselves up for "a double spend is the end of the world". Payment reversals are so common in every other form of payment that "no reversals ever" is a standard far higher than it really needs to be. Miners are a way of managing risk. For instance, I think it'll be common in future for people to pass around free transactions without broadcasting them, until somebody in the chain of payments decides they can't totally trust the sender and broadcasts the entire chain, using the miners to lock it down.

Any given assurance contract is relatively small (for just one block). If the contract fails because nobody cares about that level of security, speeds will fall a bit until enough people care. It's self adjusting in that sense.

A double spend is the end of the world for Bitcoin in my book.  One of the key features of Bitcoin is that it can't be messed with or manipulated.  As soon as a double spend happens, then anyone who thinks about submitting a large transaction has to worry about it being reversed, either maliciously by the other party, or as a side effect of someone else doing a double-spend elsewhere.  You (and any companies that deal with Bitcoin) would have to start tracking all spends and receipts to make sure none of it gets reversed.  And with a blockchain that is lightly and very variably defended, as it would be in the case of assurance contracts, it'll be all the more easy for someone with malicious intentions to overtake it.  If you only get 1 BTC per block in donations for your contract, then we suddenly only have 200GH/s protecting the network, which is a heck of a lot easier to attack and double-spend against than 8 TH/s.

I really don't think you'd find enough people volunteering to give up their Bitcoins to secure the blockchain.  That's like allowing people to send in whatever they feel like contributing to the government come April 15th.  There's a reason why taxes are forced, not voluntary.  We all benefit from the uses of tax money, but we're not all willing to contribute towards those benefits voluntarily.  Too many people just like to freeload on whatever is given to them.

Anyway, I'm still of the opinion that transaction fees will be the only way to support miners in the future.  Hopefully, the number of transactions per block will have increased greatly by then, and the fee per transaction won't have to increase by much.

On that note, I wonder what would happen if someone released a modified Bitcoin client that doesn't drop the block reward, ever?  Would more than 50% of people gravitate towards it and use it?  I doubt it, but it's possible...  IMO, that would be the best route to go, but it would surely be a disappointment to everyone who was looking forward to Bitcoin being limited to 21M coins.

[DeathAndTaxes]

On that note, I wonder what would happen if someone released a modified Bitcoin client that doesn't drop the block reward, ever?  Would more than 50% of people gravitate towards it and use it?  I doubt it, but it's possible...  IMO, that would be the best route to go, but it would surely be a disappointment to everyone who was looking forward to Bitcoin being limited to 21M coins.

Clients would need to upgrade.  Clients who may not mine and know inflation reduces the value of the coins they hold.
Also unless the change is nearly unanimous both networks will continue to exist and that will create huge usability issues and new user confusion.

I don't think we will ever see a breaking change to the protocol with maybe the exception of a flaw being discovered in one of the algorithms used by Bitcoin.

[SgtSpike]

On that note, I wonder what would happen if someone released a modified Bitcoin client that doesn't drop the block reward, ever?  Would more than 50% of people gravitate towards it and use it?  I doubt it, but it's possible...  IMO, that would be the best route to go, but it would surely be a disappointment to everyone who was looking forward to Bitcoin being limited to 21M coins.

Clients would need to upgrade.  Clients who may not mine and know inflation reduces the value of the coins they hold.
Also unless the change is nearly unanimous both networks will continue to exist and that will create huge usability issues and new user confusion.

I don't think we will ever see a breaking change to the protocol with maybe the exception of a flaw being discovered in one of the algorithms used by Bitcoin.

It would certainly take an epic campaign to try and convert as many users as possible.  And yes, it would fork things badly, cause a lot of disruptions ("are you using the old Bitcoin or the new Bitcoin?"), etc.  The only way to do it seemlessly is to get nearly everyone to upgrade their client before the block reward drop in 2012.

But, too many people believe in a deflating currency to make such a change.  Despite the fact that a currency that neither inflates nor deflates is the best way to go, and having the block reward stay the same would eventually create perfect non-flation.  Oh well. 

[Mike Hearn]

A double spend is the end of the world for Bitcoin in my book.

Oh dear. Then I think you will be disappointed at some point. I think a successful double spend resulting in some merchant losing money is inevitable. It's just a question of when, not if.

You (and any companies that deal with Bitcoin) would have to start tracking all spends and receipts to make sure none of it gets reversed.

Bitcoin clients already track all this for you. The moment a reversal happens the software can notify you (within seconds, if need be).

I don't see why you believe the assurance contracts model is guaranteed to result in insufficient security. Not enough people care about network security? Well, then not enough people care, so being sure there won't be a double spend means waiting a long time (increase the attackers costs by forcing them to keep up with the best chain). Or just using a bank wire

Switching the rules of the system to result in "indefinite inflation" won't happen and wouldn't solve your problem anyway. Right now the security of the system is derived from the entirely arbitrary exchange rate. If there's a crash in Bitcoin value, the system still has utility because people treat BTC as a proxy currency. But the network security would fall a lot. Fee based security is more adaptive in the long run.

[DeathAndTaxes]

A double spend is the end of the world for Bitcoin in my book.

Oh dear. Then I think you will be disappointed at some point. I think a successful double spend resulting in some merchant losing money is inevitable. It's just a question of when, not if.

Come on man.

1 merchant getting double spent via finney attack is a problem of one scope.

A persistent 51% attack involving hundreds of merchants and thousands of transactions which hit the network simultaneously causing significant real world losses, paralyzing future commerce, and dropping exchange rate 90% (or more) is a problem of an entirely different scope.

Nobody is going to spend the resources to 51% the network to steal a single pair of Alpaca socks.

[Mike Hearn]

Yes, and as I said, I don't think it will happen, for the reasons outlined in Satoshis paper.

Your proposed scenario results in the attacker gaining a lot of either physical goods or fiat currency (other stuff can't really cause huge losses to the seller), which takes significant effort to hide your tracks, and taking back the original Bitcoins. That's the point of a double spend attack.

But executing large, simultaneous double spends against lots of merchants simultaneously means you get the goods you bought .... and now have a pile of worthless Bitcoins, having destroyed confidence in the currency. In other words you bought the goods legitimately and destroyed Bitcoin in the process, meaning there's nothing else you can double-spend on. You also have a lot of fairly useless hardware, unless you plan to flood the second hand video card market.

The point of a double spend attack is to double spend. It by definition requires repeated abuse. An attack so successful it wipes out the system is a pyrrhic victory.

At any rate, I'd like to see more frequent checkpointing (downloading signed blocks of head blocks from a trusted server) to act as a backstop against gigantic re-orgs.

[DeathAndTaxes]

Yes, and as I said, I don't think it will happen, for the reasons outlined in Satoshis paper.

Your proposed scenario results in the attacker gaining a lot of either physical goods or fiat currency (other stuff can't really cause huge losses to the seller), which takes significant effort to hide your tracks, and taking back the original Bitcoins. That's the point of a double spend attack.

But executing large, simultaneous double spends against lots of merchants simultaneously means you get the goods you bought .... and now have a pile of worthless Bitcoins, having destroyed confidence in the currency. In other words you bought the goods legitimately and destroyed Bitcoin in the process, meaning there's nothing else you can double-spend on. You also have a lot of fairly useless hardware, unless you plan to flood the second hand video card market.

The point of a double spend attack is to double spend. It by definition requires repeated abuse. An attack so successful it wipes out the system is a pyrrhic victory.

At any rate, I'd like to see more frequent checkpointing (downloading signed blocks of head blocks from a trusted server) to act as a backstop against gigantic re-orgs.

Well that is the whole point. 

There is no economical 51% attack.  The nature of the network, the huge cost, and limited direct financial benefit means the "danger" of an economical 51% attack is pretty much non-existent.

However the danger of a non-economical 51% attack still remains.  If it happens then Bitcoin is over.  The chaos, and economic losses will end this "experiment" forever. 

"An attack so successful it wipes out the system is a pyrrhic victory."
Unless your intent was to wipe out the system. 

[SgtSpike]

Yes, and as I said, I don't think it will happen, for the reasons outlined in Satoshis paper.

Your proposed scenario results in the attacker gaining a lot of either physical goods or fiat currency (other stuff can't really cause huge losses to the seller), which takes significant effort to hide your tracks, and taking back the original Bitcoins. That's the point of a double spend attack.

But executing large, simultaneous double spends against lots of merchants simultaneously means you get the goods you bought .... and now have a pile of worthless Bitcoins, having destroyed confidence in the currency. In other words you bought the goods legitimately and destroyed Bitcoin in the process, meaning there's nothing else you can double-spend on. You also have a lot of fairly useless hardware, unless you plan to flood the second hand video card market.

The point of a double spend attack is to double spend. It by definition requires repeated abuse. An attack so successful it wipes out the system is a pyrrhic victory.

At any rate, I'd like to see more frequent checkpointing (downloading signed blocks of head blocks from a trusted server) to act as a backstop against gigantic re-orgs.

Well that is the whole point.  

There is no economical 51% attack.  The nature of the network, the huge cost, and limited direct financial benefit means the "danger" of an economical 51% attack is pretty much non-existent.

However the danger of a non-economical 51% attack still remains.  If it happens then Bitcoin is over.  The chaos, and economic losses will end this "experiment" forever.  

"An attack so successful it wipes out the system is a pyrrhic victory."
Unless your intent was to wipe out the system.  

A 51% attack will be extremely disruptive, no doubt. I don't think it will kill Bitcoin though. Fork the chain, big deal. Maybe I'm an optimist.

I also think it's inevitable. Only a matter of time. Especially considering the miners' collective ability to ignore common sense. Maybe I'm a pessimist.

I hope I'm wrong.

I would definitely be gone from Bitcoin if there was a 51% attack.  It would kill value (down to the pennies of BTC) because no one could trust that their transactions wouldn't be reversed.  And once that happens, nearly all mining activities would cease (it would no longer be profitable, at all), making it incredibly easy to continue 51% attacks down the road.  Bitcoin would be pointless if anyone with malicious intentions was ever able to acquire more than 51% of the hashing power put towards Bitcoin, because it would just snowball into non-existence.

And you think it is inevitable?  Based on what?  Who has > 10 TH/s of hashing power they could stage an attack with?

[DeathAndTaxes]

It's not that bad. We just have to inform users to ignore the malicious chain. Figuring out which chain is malicious shouldn't be that difficult.

I think you misunderstand a non-economic 51% attack.  There is no "bad" chain.

For example I spend 1000 BTC w/ you (you ship 1000 BTC worth of goods)
In the attack chain I spend 1000 BTC w/ SgtSpike (he ships 1000 BTC worth of goods)

Even if you can determine the second chain is the bad one do you honestly think Sgt Spike is going to support the chain where his 1000 BTC payment "disapears"?

Really?  Now imagine thousands of transactions across both chains. 

You don't need 10 TH/s to perform a 51% attack. All you need is access to deepbit and ddos to slush and btcguild.

Which is why hopefully we will see the rise of "split pools". 

Similar to p2pool except w/ traditional payment system & pool infrastructure.

What makes deepbit an attack vector?  The fact that they had 3TH of hashing power?  No.  It is the fact that a single server gives ORDERS to 3TH worth of utterly stupid miners (the hardware not the people).  If the server tells them to double spend they double spend.

Take same deepbit but each miner generates block headers locally.  Deepbit is no longer a threat.  Hell they could have 7TH and still wouldn't be a threat.  Granted p2pool is even better because it is DDOS resistant but there is no reason that a larger pool HAS to be a threat.

[SgtSpike]

I would definitely be gone from Bitcoin if there was a 51% attack.  It would kill value (down to the pennies of BTC) because no one could trust that their transactions wouldn't be reversed.  And once that happens, nearly all mining activities would cease (it would no longer be profitable, at all), making it incredibly easy to continue 51% attacks down the road.  Bitcoin would be pointless if anyone with malicious intentions was ever able to acquire more than 51% of the hashing power put towards Bitcoin, because it would just snowball into non-existence.

And you think it is inevitable?  Based on what?  Who has > 10 TH/s of hashing power they could stage an attack with?

It's not that bad. We just have to inform users to ignore the malicious chain. Figuring out which chain is malicious shouldn't be that difficult.

You don't need 10 TH/s to perform a 51% attack. All you need is access to deepbit and ddos to slush and btcguild.

True...

I don't see it as very likely, but probably more likely than someone procuring their own hardware to stage an attack.

[SgtSpike]

True...

I don't see it as very likely, but probably more likely than someone procuring their own hardware to stage an attack.

Honestly, I don't see it as very likely either. But the fact that it's possible is troublesome.

/tinfoilhaton

Large governments intent on keeping their power have done stranger, more difficult things in the past. I guess it depends if you think Bitcoin is disruptive to the "powers that be" or not. Or if it "may" be disruptive in the future. I've certainly read enough forum posts suggesting it is.

Absolutely.

If a large government were to successfully disrupt Bitcoin via a 51% attack even just once, using their own hardware to do it, I can't imagine continuing to use it.  Governments just have too many resources to continue attacks, so I wouldn't be able to trust any future transactions made in the system.

If a 51% attack originated from deepbit with a DDOS on the other major pools, then miners would probably stop using any major pools to begin with.  Lots of mini pools would crop up, as the importance of the issue would be fully realized.  I can see continuing to use the currency afterward, provided there were no longer any pools that could be used in a similar attack.

[SgtSpike]

If a 51% attack originated from deepbit with a DDOS on the other major pools, then miners would probably stop using any major pools to begin with.  Lots of mini pools would crop up, as the importance of the issue would be fully realized.  I can see continuing to use the currency afterward, provided there were no longer any pools that could be used in a similar attack.

Also, I want to make clear that I'm not suggesting any of the pool operators would be involved. I'm suggesting that control of their pool is taken from them in some fashion.

Right, I understand.