Gold collapsing. Bitcoin UP.

[TPTB_need_war]

Satoshi believed Bitcoin's profit incentives were so strong that even if an individual accumulated a majority of the hashing power their desire to be profitable in bitcoin terms would be so strong that they wouldn't use that power to attack the network.

Maybe he was right and maybe he was wrong, but the people who are insisting that Bitcoin mining is too centralized should at least start out making their arguments by acknowledging that position and explaining why they believe it is incorrect.

Again I don't think he was pitching that as the likely scenario. He was arguing that in the exceptional case, the profit motive would guard us. I do remember seeing a quote where he argued that eventually the mining might be done by large corporations, so he was aware eventually the exceptional case might become the normal one. But during this rampup phase we are being sold the "one CPU, one vote" lie to get us to wet our ideological underwear.

Any way, I think the profit motive crap is total nonsense and I expect he knew that. The pools don't have any large investment in hardware. Thus they are free to maximize revenue by any paradigm which does so, including collusion and selling out to the banksters who captured the State and the fiat levers. Economics rules, not morals.

Upthread I broke down the argument that the miners who own the hardware are in control. Sorry (in theory and maybe in practice already) the Sybil attack which are the pools is in control.

If you want to convince me that crypto isn't just another paradigm that falls right into the control of the problem we are trying to fix with crypto, then we need that fundamental tenet of decentralized trust.

[1714221115]

1714221115

[1714221115]

1714221115

[1714221115]

1714221115

[inca]

Something that's more interesting than the anonymint noise is the under-appreciated fact that Satoshi believed Bitcoin's profit incentives were so strong that even if an individual accumulated a majority of the hashing power their desire to be profitable in bitcoin terms would be so strong that they wouldn't use that power to attack the network.

Maybe he was right and maybe he was wrong, but the people who are insisting that Bitcoin mining is too centralized should at least start out making their arguments by acknowledging that position and explaining why they believe it is incorrect.

Yes, but profit based incentives only work if you assume the adversary is motivated by greed. Excepting a major technical failure or something better appearing, the only foes I worry about with respect to bitcoin already own printers - and they aren't afraid to use them!

[medusa13]

You are missing the end, I rather prefer this chart:

--snipped--

Btw, most altcoin charts look like this, when btc declines, most alts decline even worse. Also, the first top of 0.01 was during the crazy pre-mintpal pump. I wasn't around back then so I hope smooth can elaborate more on this matter, but for some reason it was insanely pumped by whales back then.

Furthermore, unlike most other altcoins, Monero was fairly launched (http://devtome.com./doku.php?id=a_massive_investigation_of_instamines_and_fastmines_for_the_top_alt_coins#monero). It has a relatively high inflation though, which could also be a reason for the "bearish/declining" chart.

PS: Remember that Monero was launched during a BTC bearmarket, chart would probably looked a whole lot different when launched during a bullmarket.

i want to highlight here that monero marketcap(in btc) is now higher than it was during the minpal launch bubble. back then in mid june 2014, only 1.5 million monero existed. with 0.01 per this makes a 15k btc marketcap.

right now we are also floating again around a 15k btc marketcap with 7.5 milllion coins. in april this year we reached nearly a 30k btc marketcap with 7 million coins back then.
very brutal infaltion, but this should be considered when looking at this chart



btw coinmarketcap charts seem to be fucked up anyway, at least the time scale

[smooth]

that Monero chart looks brutal:

There was some early silliness with a huge and unsustainable pump shortly after launch ("the Mintpal pump") but if you look at the 365 day charts it's pretty much in line with what Bitcoin has been doing over the same period.

[smooth]

Something that's more interesting than the anonymint noise is the under-appreciated fact that Satoshi believed Bitcoin's profit incentives were so strong that even if an individual accumulated a majority of the hashing power their desire to be profitable in bitcoin terms would be so strong that they wouldn't use that power to attack the network.

Maybe he was right and maybe he was wrong, but the people who are insisting that Bitcoin mining is too centralized should at least start out making their arguments by acknowledging that position and explaining why they believe it is incorrect.

I would say his comment was optimistic, a bit noncommittal, and backed by no analysis or argument, unless you know of something beyond the white paper.

His entire argument about the security of multiple confirmations fails in the presence of concentration, since it relies on the premise of an attacker being a price-taker with respect to hash power. If he felt the profit motive of a majority miner were enough to render the system secure, he wouldn't bother with the probabilistic game theory. It is quite clear to me that the later is much stronger than the former.

BTW, it is also a myth that >50% is needed to successfully double-spend with a "51%-attack". It is needed to guarantee success, but with a substantial share <50% you still have a significant probability of success for whatever finite number of confirmations is considered "enough" by the recipient. If the payoff is high enough this can easily be worth it.

[justusranvier]

Yes, but profit based incentives only work if you assume the adversary is motivated by greed. Excepting a major technical failure or something better appearing, the only foes I worry about with respect to bitcoin already own printers - and they aren't afraid to use them!

The question then becomes whether or not any technical solution is possible against attackers who have printers and aren't afraid to use them.

Wouldn't it suck to implement countermeasures against such attackers that not only won't work and also hinder legitimate use or, even worse, make attacks more likely instead of less likely?

[Peter R]

Has anyone reddited this yet? With the right title it should get 100 or more upvotes.

Thanks.  I just submitted a slightly-beautified version to /r/bitcoin:

http://www.reddit.com/r/Bitcoin/comments/35fbqy/code_red_dead_ahead_historical_chart_of_average/

[rocks]

BTW, it is also a myth that >50% is needed to successfully double-spend with a "51%-attack". It is needed to guarantee success, but with a substantial share <50% you still have a significant probability of success for whatever finite number of confirmations is considered "enough" by the recipient. If the payoff is high enough this can easily be worth it.

This is where the 6 confirmation rule comes from. Even if someone had 49% hash power it, the probability that they could role back 6 blocks is negligible. So if you have 6 confirmations the odds that a high but less than 50% attacker could reverse a payment is too low to matter. But once you have 51%, you can always determine the longest chain and could eventually roll back any number of blocks.

[smooth]

BTW, it is also a myth that >50% is needed to successfully double-spend with a "51%-attack". It is needed to guarantee success, but with a substantial share <50% you still have a significant probability of success for whatever finite number of confirmations is considered "enough" by the recipient. If the payoff is high enough this can easily be worth it.

This is where the 6 confirmation rule comes from. Even if someone had 49% hash power it, the probability that they could role back 6 blocks is negligible. So if you have 6 confirmations the odds that a high but less than 50% attacker could reverse a payment is too low to matter. But once you have 51%, you can always determine the longest chain and could eventually roll back any number of blocks.

No!

6 confirmations comes from the assumption of the attacker having 10% hash rate or less (represented by q in the quote below)

Solving for P less than 0.1%...

   P < 0.001
   q=0.10   z=5
   q=0.15   z=8
   q=0.20   z=11
   q=0.25   z=15
   q=0.30   z=24
   q=0.35   z=41
   q=0.40   z=89
   q=0.45   z=340

As the attacker's share of the the hash rate approaches 50% the situation gets much, much worse. At 45% in his example you need >340 confirmations for the attack to succeed less than 1/1000.

[rocks]

BTW, it is also a myth that >50% is needed to successfully double-spend with a "51%-attack". It is needed to guarantee success, but with a substantial share <50% you still have a significant probability of success for whatever finite number of confirmations is considered "enough" by the recipient. If the payoff is high enough this can easily be worth it.

This is where the 6 confirmation rule comes from. Even if someone had 49% hash power it, the probability that they could role back 6 blocks is negligible. So if you have 6 confirmations the odds that a high but less than 50% attacker could reverse a payment is too low to matter. But once you have 51%, you can always determine the longest chain and could eventually roll back any number of blocks.

No!

6 confirmations comes from the assumption of the attacker having 10% hash rate or less (represented by q in the quote below)

Solving for P less than 0.1%...

   P < 0.001
   q=0.10   z=5
   q=0.15   z=8
   q=0.20   z=11
   q=0.25   z=15
   q=0.30   z=24
   q=0.35   z=41
   q=0.40   z=89
   q=0.45   z=340

As the attacker's share of the the hash rate approaches 50% the situation gets much, much worse. At 45% in his example you need >340 confirmations for the attack to succeed less than 1/1000.

At 49% the odds of reversing 6 confirmations may not be 1/1000, but they are still quite low probability, low enough that it is not a reliable attack.

[Peter R]

BTW, it is also a myth that >50% is needed to successfully double-spend with a "51%-attack". It is needed to guarantee success, but with a substantial share <50% you still have a significant probability of success for whatever finite number of confirmations is considered "enough" by the recipient. If the payoff is high enough this can easily be worth it.

This is where the 6 confirmation rule comes from. Even if someone had 49% hash power it, the probability that they could role back 6 blocks is negligible. So if you have 6 confirmations the odds that a high but less than 50% attacker could reverse a payment is too low to matter. But once you have 51%, you can always determine the longest chain and could eventually roll back any number of blocks.

No!

6 confirmations comes from the assumption of the attacker having 10% hash rate or less (represented by q in the quote below)

Solving for P less than 0.1%...

   P < 0.001
   q=0.10   z=5
   q=0.15   z=8
   q=0.20   z=11
   q=0.25   z=15
   q=0.30   z=24
   q=0.35   z=41
   q=0.40   z=89
   q=0.45   z=340

As the attacker's share of the the hash rate approaches 50% the situation gets much, much worse. At 45% in his example you need >340 confirmations for the attack to succeed less than 1/1000.

At 49% the odds of reversing 6 confirmations may not be 1/1000, but they are still quite low probability, low enough that it is not a reliable attack.

An attacker with 49% of the hashpower will succeed in double-spending a 6-confirm transaction 96% of the time: 

[Zangelbert Bingledack]

Has anyone reddited this yet? With the right title it should get 100 or more upvotes.

Thanks.  I just submitted a slightly-beautified version to /r/bitcoin:

http://www.reddit.com/r/Bitcoin/comments/35fbqy/code_red_dead_ahead_historical_chart_of_average/

Nice! Straight to the top. Looks like it's on course for several hundred.

[cypherdoc]

2.  i think that the majority of ppl in this world want to be honest and wish to live in a society that has order.  no one wants to live in chaos.  everybody loses.  in order for society to continue to progress and evolve, order, dependability, and a semblance of honesty is needed.  thus, in a system with so much potential to do good, like Bitcoin, the overwhelming desire is for participants to want to do what makes the system thrive.  to the extent that cheating, dishonesty, and colluding erodes confidence and threatens that goal, most participants will avoid those activities.

That is the same faith we put into a top-down democracy. Fact is a power vacuum sucks in those who can maximize the exploitation of the power vacuum.

You are violating the fundamental tenet of Satoshi's white paper which is decentralized trust, meaning we don't have to trust that people are honest.

you fail to comprehend what i was saying.  the above is simply an observation of mine on human behavior which i think is valid.  Satoshi's brilliance was that he designed what appears to be a rock solid system that allows it's participants to fulfill their desired behaviors w/o fear of widespread cheating.  the incentives programmed into Bitcoin align with their desired behaviors and in fact fosters them.  the need for trust is removed for the early adopters.  bootstrappers like me saw this brilliance and have invested accordingly and each day that goes by that the protocol doesn't get hacked or that a miner or a cabal of miners fails to perform a 51% is evidence that the system is getting stronger and stronger and more resilient.  what's quite obvious is that more and more deep pocketed investors are climbing onboard which makes it much harder for gvts or any bad actor to interfere. we're experiencing a growing economy.

if there is any trust necessary it will come from non-tech types who can't understand all the nuances and game theory i've outlined above.  but their trust is irrelevant for this trustless system to work.  they will learn to "trust" the system as it is.  the longer Bitcoin stays unhacked the greater that trust will grow from the masses.  we're seeing it all around us and ppl like you can't seem to see it. b/c you're a tech you fall squarely into the group i long ago defined:

"The geeks fail to understand that which they hath created"

You are blacksliding because there doesn't appear to be any solution the fact that pools become concentrated due to the variance cost to them not. It is pure economics.

what centralization?  i see the charts decentralizing.  and the proof in the pudding is that there are still no 51% attacks despite your FUD and Bitcoin keeps on growing.  and ghash has been reduced to a shadow of itself.

[cypherdoc]

The pools don't have any large investment in hardware. Thus they are free to maximize revenue by any paradigm which does so, including collusion and selling out to the banksters who captured the State and the fiat levers. Economics rules, not morals.

huge inconsistency in logic for someone who claims to be logical.  or maybe it's just from someone who lacks comprehension of how Bitcoin incentives work in practice?

so if the pools didn't invest in their hardware, then logically you're referring to pools that aggregate individual mining power.  if that is the case, how can pool operators freely collude and sell out to banksters or any other attacker when those same individuals can just as freely yank their power out of the pool and point it elsewhere as we saw in ghash?

[cypherdoc]

Something that's more interesting than the anonymint noise is the under-appreciated fact that Satoshi believed Bitcoin's profit incentives were so strong that even if an individual accumulated a majority of the hashing power their desire to be profitable in bitcoin terms would be so strong that they wouldn't use that power to attack the network.

Maybe he was right and maybe he was wrong, but the people who are insisting that Bitcoin mining is too centralized should at least start out making their arguments by acknowledging that position and explaining why they believe it is incorrect.

yes, why not use that 51% of power to mine 51% of the BTC rewards plus fees which is a guaranteed calculable process?

why instead would they perform a 51% attack to double spend a cup of coffee at a retail store?  i don't say that in jest b/c anything bought online would undergo 6 confirmations before the product ever got shipped out and anything bought at a retail store for substantially more  than a cup of coffee would likely be held to a standard of at least 1 confirmation before walking out the door.

in fact the incentive was so strong that the 3 pools over the last 6 yrs that got close to 51%, BTCGuild, ghash, and Artforz's pool all either backed down voluntarily or got forced down.

[rocks]

BTW, it is also a myth that >50% is needed to successfully double-spend with a "51%-attack". It is needed to guarantee success, but with a substantial share <50% you still have a significant probability of success for whatever finite number of confirmations is considered "enough" by the recipient. If the payoff is high enough this can easily be worth it.

This is where the 6 confirmation rule comes from. Even if someone had 49% hash power it, the probability that they could role back 6 blocks is negligible. So if you have 6 confirmations the odds that a high but less than 50% attacker could reverse a payment is too low to matter. But once you have 51%, you can always determine the longest chain and could eventually roll back any number of blocks.

No!

6 confirmations comes from the assumption of the attacker having 10% hash rate or less (represented by q in the quote below)

Solving for P less than 0.1%...

   P < 0.001
   q=0.10   z=5
   q=0.15   z=8
   q=0.20   z=11
   q=0.25   z=15
   q=0.30   z=24
   q=0.35   z=41
   q=0.40   z=89
   q=0.45   z=340

As the attacker's share of the the hash rate approaches 50% the situation gets much, much worse. At 45% in his example you need >340 confirmations for the attack to succeed less than 1/1000.

At 49% the odds of reversing 6 confirmations may not be 1/1000, but they are still quite low probability, low enough that it is not a reliable attack.

An attacker with 49% of the hashpower will succeed in double-spending a 6-confirm transaction 96% of the time: 

I understand the probability equations, but am trying to understand the logic in how they are being used and how an attacker with less than 50% could have an almost 100% chance of forcing a new longer chain. I would expect that no matter what the probability of being successful would be less than 50%.

Let's say I had 49% of the hash rate. I then made a payment (transaction A) to someone, who after 6 confirmation would consider the transaction valid and would then transfer something else over to me. I also immediately construct a different transaction B that double spends and invalidates transaction A.

Transaction A broadcasts to the network, and 51% of the hash rate starts hashing on that transaction. Simultaneously I dedicate my 49% of the hash rate on creating confirmations on transaction B. I also have to keep my chain a secret, so that the P2P network will only see the chain with transaction A and at some point acknowledge 6 confirmation on transaction A. After this happens the other person transfers something to myself (lets say a title to a car).

Once I have received my counter payment (the title) my goal is to now reverse the original transaction A, by announcing a new longer chain containing transaction B to the network. In order to reverse this, I now have to have a longer chain (i.e. 7 or more) in order to make the the network reorg and switch to my chain (if I only announce a new chain of 6, the network will continue to use the first chain of 6 it received).

Since my hash rate is 49%, and the rest of the network has 51%, it seems that the odds of the secret chain I've been working on (with 49%) being longer than the chain the rest of the network (51%) has been working on is less than 50/50. And again since my chain needs to be longer to force a reorg, the odds are less. I'm not saying that a 49% attacker cannot reverse 6 confirm transactions, but it seems it has to be a bit less than 50% of the time.

[Peter R]

An attacker with 49% of the hashpower will succeed in double-spending a 6-confirm transaction 96% of the time:  

I understand the probability equations, but am trying to understand the logic in how they are being used and how an attacker with less than 50% could have an almost 100% chance of forcing a new longer chain.
...

I think there's two ways to look at it:

1.  Clearly, if an attacker has 50.0001%, then he has a 100% chance of eventually forging the longest chain.  If the attacker has 49.9999% instead, it makes sense that he'd have almost 100% chance, but not quite (why would it suddenly drop to less than 50%?).

2.  It's the attacker who gets to choose when to broadcast the attack chain.  Just by random luck, there's a good chance that at some point the attacker will hit a lucky streak and mine several blocks in quick succession.  When he hits this lucky streak and pulls ahead of the honest chain, he broadcasts his attack chain.

[bassclef]

huge inconsistency in logic for someone who claims to be logical.  or maybe it's just from someone who lacks comprehension of how Bitcoin incentives work in practice?

He's just jealous that he didn't think of Bitcoin before Satoshi. But he's apparently created something better, so we will wait with bated breath until he reveals it to the world and his superior intellect will finally get the recognition that it deserves.

[cypherdoc]

An attacker with 49% of the hashpower will succeed in double-spending a 6-confirm transaction 96% of the time:  

I understand the probability equations, but am trying to understand the logic in how they are being used and how an attacker with less than 50% could have an almost 100% chance of forcing a new longer chain.
...

I think there's two ways to look at it:

1.  Clearly, if an attacker has 50.0001%, then he has a 100% chance of eventually forging the longest chain.  If the attacker has 49.9999% instead, it makes sense that he'd have almost 100% chance, but not quite (why would it suddenly drop to less than 50%?).

2.  It's the attacker who gets to choose when to broadcast the attack chain.  Just by random luck, there's a good chance that at some point the attacker will hit a lucky streak and mine several blocks in quick succession.  When he hits this lucky streak and pulls ahead of the honest chain, he broadcasts his attack chain.

but assuming the attacker with 49% hashrate starts constructing his alternative secret chain at the same moment he pays for his toaster at the check out stand, there is absolutely no chance that he'll hit that lucky streak of block formation within the next hour or 6 blocks. 

[Peter R]

An attacker with 49% of the hashpower will succeed in double-spending a 6-confirm transaction 96% of the time:  

I understand the probability equations, but am trying to understand the logic in how they are being used and how an attacker with less than 50% could have an almost 100% chance of forcing a new longer chain.
...

I think there's two ways to look at it:

1.  Clearly, if an attacker has 50.0001%, then he has a 100% chance of eventually forging the longest chain.  If the attacker has 49.9999% instead, it makes sense that he'd have almost 100% chance, but not quite (why would it suddenly drop to less than 50%?).

2.  It's the attacker who gets to choose when to broadcast the attack chain.  Just by random luck, there's a good chance that at some point the attacker will hit a lucky streak and mine several blocks in quick succession.  When he hits this lucky streak and pulls ahead of the honest chain, he broadcasts his attack chain.

but assuming the attacker with 49% hashrate starts constructing his alternative secret chain at the same moment he pays for his toaster at the check out stand, there is absolutely no chance that he'll hit that lucky streak of block formation within the next hour or 6 blocks.  

Yes, that's a really good point Cypherdoc.  The equation I used (which I took from the Satoshi white paper), gives the probability that the attacker will be able to double spend if he is willing to work on the attack chain forever.  In reality, he would give up at some point.  It would be interesting to calculate the probability that the attacker succeeds within X number of blocks.