Bitcoin Forum
December 06, 2016, 10:08:54 PM *
News: To be able to use the next phase of the beta forum software, please ensure that your email address is correct/functional.
 
   Home   Help Search Donate Login Register  
Poll
Question: Will you support Gavin's new block size limit hard fork of 8MB by January 1, 2016 then doubling every 2 years?
1.  yes
2.  no

Pages: « 1 ... 1139 1140 1141 1142 1143 1144 1145 1146 1147 1148 1149 1150 1151 1152 1153 1154 1155 1156 1157 1158 1159 1160 1161 1162 1163 1164 1165 1166 1167 1168 1169 1170 1171 1172 1173 1174 1175 1176 1177 1178 1179 1180 1181 1182 1183 1184 1185 1186 1187 1188 [1189] 1190 1191 1192 1193 1194 1195 1196 1197 1198 1199 1200 1201 1202 1203 1204 1205 1206 1207 1208 1209 1210 1211 1212 1213 1214 1215 1216 1217 1218 1219 1220 1221 1222 1223 1224 1225 1226 1227 1228 1229 1230 1231 1232 1233 1234 1235 1236 1237 1238 1239 ... 1560 »
  Print  
Author Topic: Gold collapsing. Bitcoin UP.  (Read 1805256 times)
bassclef
Hero Member
*****
Offline Offline

Activity: 910



View Profile
May 09, 2015, 11:24:59 PM
 #23761

huge inconsistency in logic for someone who claims to be logical.  or maybe it's just from someone who lacks comprehension of how Bitcoin incentives work in practice?

He's just jealous that he didn't think of Bitcoin before Satoshi. But he's apparently created something better, so we will wait with bated breath until he reveals it to the world and his superior intellect will finally get the recognition that it deserves.
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1481062134
Hero Member
*
Offline Offline

Posts: 1481062134

View Profile Personal Message (Offline)

Ignore
1481062134
Reply with quote  #2

1481062134
Report to moderator
cypherdoc
Legendary
*
Offline Offline

Activity: 1764



View Profile
May 09, 2015, 11:28:53 PM
 #23762

An attacker with 49% of the hashpower will succeed in double-spending a 6-confirm transaction 96% of the time:  



I understand the probability equations, but am trying to understand the logic in how they are being used and how an attacker with less than 50% could have an almost 100% chance of forcing a new longer chain.
...

I think there's two ways to look at it:

1.  Clearly, if an attacker has 50.0001%, then he has a 100% chance of eventually forging the longest chain.  If the attacker has 49.9999% instead, it makes sense that he'd have almost 100% chance, but not quite (why would it suddenly drop to less than 50%?).

2.  It's the attacker who gets to choose when to broadcast the attack chain.  Just by random luck, there's a good chance that at some point the attacker will hit a lucky streak and mine several blocks in quick succession.  When he hits this lucky streak and pulls ahead of the honest chain, he broadcasts his attack chain.

but assuming the attacker with 49% hashrate starts constructing his alternative secret chain at the same moment he pays for his toaster at the check out stand, there is absolutely no chance that he'll hit that lucky streak of block formation within the next hour or 6 blocks. 
Peter R
Legendary
*
Offline Offline

Activity: 938



View Profile
May 09, 2015, 11:33:44 PM
 #23763

An attacker with 49% of the hashpower will succeed in double-spending a 6-confirm transaction 96% of the time:  



I understand the probability equations, but am trying to understand the logic in how they are being used and how an attacker with less than 50% could have an almost 100% chance of forcing a new longer chain.
...

I think there's two ways to look at it:

1.  Clearly, if an attacker has 50.0001%, then he has a 100% chance of eventually forging the longest chain.  If the attacker has 49.9999% instead, it makes sense that he'd have almost 100% chance, but not quite (why would it suddenly drop to less than 50%?).

2.  It's the attacker who gets to choose when to broadcast the attack chain.  Just by random luck, there's a good chance that at some point the attacker will hit a lucky streak and mine several blocks in quick succession.  When he hits this lucky streak and pulls ahead of the honest chain, he broadcasts his attack chain.

but assuming the attacker with 49% hashrate starts constructing his alternative secret chain at the same moment he pays for his toaster at the check out stand, there is absolutely no chance that he'll hit that lucky streak of block formation within the next hour or 6 blocks.  

Yes, that's a really good point Cypherdoc.  The equation I used (which I took from the Satoshi white paper), gives the probability that the attacker will be able to double spend if he is willing to work on the attack chain forever.  In reality, he would give up at some point.  It would be interesting to calculate the probability that the attacker succeeds within X number of blocks.  

Run Bitcoin Unlimited (www.bitcoinunlimited.info)
cypherdoc
Legendary
*
Offline Offline

Activity: 1764



View Profile
May 09, 2015, 11:38:27 PM
 #23764

An attacker with 49% of the hashpower will succeed in double-spending a 6-confirm transaction 96% of the time:  



I understand the probability equations, but am trying to understand the logic in how they are being used and how an attacker with less than 50% could have an almost 100% chance of forcing a new longer chain.
...

I think there's two ways to look at it:

1.  Clearly, if an attacker has 50.0001%, then he has a 100% chance of eventually forging the longest chain.  If the attacker has 49.9999% instead, it makes sense that he'd have almost 100% chance, but not quite (why would it suddenly drop to less than 50%?).

2.  It's the attacker who gets to choose when to broadcast the attack chain.  Just by random luck, there's a good chance that at some point the attacker will hit a lucky streak and mine several blocks in quick succession.  When he hits this lucky streak and pulls ahead of the honest chain, he broadcasts his attack chain.

but assuming the attacker with 49% hashrate starts constructing his alternative secret chain at the same moment he pays for his toaster at the check out stand, there is absolutely no chance that he'll hit that lucky streak of block formation within the next hour or 6 blocks.  

Yes, that's a really good point Cypherdoc.  The equation I used (which I took from the Satoshi white paper), gives the probability that the attacker will be able to double spend if he is willing to work on the attack chain forever.  In reality, he would give up at some point.  It would be interesting to calculate the probability that the attacker succeeds within X number of blocks.  

and forever is financially impractical b/c at 49% hashrate statistically he will begin to fall further and further behind to the pt that the lucky "spurt" in block formation will most likely not be enough to propel him ahead of the 51% chain.
Zangelbert Bingledack
Legendary
*
Offline Offline

Activity: 1022


View Profile
May 09, 2015, 11:39:13 PM
 #23765

Here's a thought about Gmax's "big block attack" where powerful miners try to eliminate their competition by producing very large blocks that the smaller miners can't handle:

In the absence of a blocksize cap, if I understand correctly, the limiting factor on how big a miner can profitably make their blocks (the orphan rate) correlates negatively with bandwidth in the network, but bandwidth itself it a major factor limiting smaller miners' ability to handle those large blocks. Is there some way that, in essence, the inability of the network to handle large blocks issued by a powerful miner would itself defeat the attack by frequently orphaning such blocks? (Thus making it prohibitively expensive to sustain the attack long enough to actually put any miners out of business.)

This sounds too good to be true, since it suggests a kind of soft consensus mechanism where miners would be prevented from "doing their own thing" too much precisely because others couldn't keep up. I await correction from someone more familiar with mining.
cypherdoc
Legendary
*
Offline Offline

Activity: 1764



View Profile
May 09, 2015, 11:48:59 PM
 #23766

Here's a thought about Gmax's "big block attack" where powerful miners try to eliminate their competition by producing very large blocks that the smaller miners can't handle:

In the absence of a blocksize cap, if I understand correctly, the limiting factor on how big a miner can profitably make their blocks (the orphan rate) correlates negatively with bandwidth in the network, but bandwidth itself it a major factor limiting smaller miners' ability to handle those large blocks. Is there some way that, in essence, the inability of the network to handle large blocks issued by a powerful miner would itself defeat the attack by frequently orphaning such blocks? (Thus making it prohibitively expensive to sustain the attack long enough to actually put any miners out of business.)

This sounds too good to be true, since it suggests a kind of soft consensus mechanism where miners would be prevented from "doing their own thing" too much precisely because others couldn't keep up. I await correction from someone more familiar with mining.

are you sure (bolded part)? the bigger the network bandwidth, the faster a bloat block constructed by an attacking large miner would propagate thus increasing their chances of tormenting smaller miners.  conversely, the smaller the bandwidth, the higher the latency and thus the higher probability of the bloat block being orphaned resulting in failure of the attack.
Zangelbert Bingledack
Legendary
*
Offline Offline

Activity: 1022


View Profile
May 10, 2015, 12:00:33 AM
 #23767

An attacker with 49% of the hashpower will succeed in double-spending a 6-confirm transaction 96% of the time:  



I understand the probability equations, but am trying to understand the logic in how they are being used and how an attacker with less than 50% could have an almost 100% chance of forcing a new longer chain.
...

I think there's two ways to look at it:

1.  Clearly, if an attacker has 50.0001%, then he has a 100% chance of eventually forging the longest chain.  If the attacker has 49.9999% instead, it makes sense that he'd have almost 100% chance, but not quite (why would it suddenly drop to less than 50%?).

2.  It's the attacker who gets to choose when to broadcast the attack chain.  Just by random luck, there's a good chance that at some point the attacker will hit a lucky streak and mine several blocks in quick succession.  When he hits this lucky streak and pulls ahead of the honest chain, he broadcasts his attack chain.

On this, is it the case that every failed attempt essentially wastes all the block rewards the miner would have otherwise gotten? So for example with 50% of all the hashing power if they had an expected block income of 3 blocks at 25 BTC apiece during their 6-confirmation double-spend attempt, they forego an average of 75 BTC every time they attempt this unsuccessfully?* Does that mean, assuming they have to try an average of 2^6 = 64 times to succeed, the attacker would need to be buying something worth more than 75 x 64 = 4800 BTC (currently about $1 million) to have an expected profit? If so, then the price rising 100x again requires them to be buying an item worth $100 million, etc. so it seems pretty solid.

*Actually significantly less I guess because if they for example mine two blocks then miss the third one, they start over so they are only out around 25 for two blocks they were offline for.
inca
Legendary
*
Offline Offline

Activity: 980


View Profile
May 10, 2015, 12:04:31 AM
 #23768

Yes, but profit based incentives only work if you assume the adversary is motivated by greed. Excepting a major technical failure or something better appearing, the only foes I worry about with respect to bitcoin already own printers - and they aren't afraid to use them!
The question then becomes whether or not any technical solution is possible against attackers who have printers and aren't afraid to use them.

Wouldn't it suck to implement countermeasures against such attackers that not only won't work and also hinder legitimate use or, even worse, make attacks more likely instead of less likely?

I would have to agree that it would be impossible to defend bitcoin against an adversary with unlimited funds. They could attack the network directly with a 51% attack to smash confidence in the nascent store of value (that would go down badly on Wall st), or simply do as we must imagine they are doing now and use regulatory and legal means to try and keep bitcoin contained. But lets not forget the old price manipulation strategy, our friendly overlords central bankers have a vast experience of controlling financial markets now.

My position is probably that even if they do kill bitcoin as a viable counter currency and store of value, that like a hydra, another will grow in it's wake, this time hardened in some way.

It may be in their interests to simply allow bitcoin to exist as a digital asset, a digital curio, in the knowledge that currently it will not scale up sufficiently to function as a reserve currency.



Zangelbert Bingledack
Legendary
*
Offline Offline

Activity: 1022


View Profile
May 10, 2015, 12:05:02 AM
 #23769

Here's a thought about Gmax's "big block attack" where powerful miners try to eliminate their competition by producing very large blocks that the smaller miners can't handle:

In the absence of a blocksize cap, if I understand correctly, the limiting factor on how big a miner can profitably make their blocks (the orphan rate) correlates negatively with bandwidth in the network, but bandwidth itself it a major factor limiting smaller miners' ability to handle those large blocks. Is there some way that, in essence, the inability of the network to handle large blocks issued by a powerful miner would itself defeat the attack by frequently orphaning such blocks? (Thus making it prohibitively expensive to sustain the attack long enough to actually put any miners out of business.)

This sounds too good to be true, since it suggests a kind of soft consensus mechanism where miners would be prevented from "doing their own thing" too much precisely because others couldn't keep up. I await correction from someone more familiar with mining.

are you sure (bolded part)? the bigger the network bandwidth, the faster a bloat block constructed by an attacking large miner would propagate thus increasing their chances of tormenting smaller miners.  conversely, the smaller the bandwidth, the higher the latency and thus the higher probability of the bloat block being orphaned resulting in failure of the attack.

I'm very much not sure since I'm not familiar with mining technicals, but I think that's what I was saying: the lower the bandwidth in the network, the higher chance of failure of the attack.

The key thing I meant to ask, though, is whether a high amount of bandwidth in the network implies a high average capacity of the miners, meaning it's harder to torment them? In other words, in proposing that attack, is Gmax assuming two mutually incompatible situations are present at once: 1) the network is so slow on average that big blocks can torment many of the miners, and the network is so fast on average that the big blocks won't be orphaned?
cypherdoc
Legendary
*
Offline Offline

Activity: 1764



View Profile
May 10, 2015, 12:11:06 AM
 #23770

Here's a thought about Gmax's "big block attack" where powerful miners try to eliminate their competition by producing very large blocks that the smaller miners can't handle:

In the absence of a blocksize cap, if I understand correctly, the limiting factor on how big a miner can profitably make their blocks (the orphan rate) correlates negatively with bandwidth in the network, but bandwidth itself it a major factor limiting smaller miners' ability to handle those large blocks. Is there some way that, in essence, the inability of the network to handle large blocks issued by a powerful miner would itself defeat the attack by frequently orphaning such blocks? (Thus making it prohibitively expensive to sustain the attack long enough to actually put any miners out of business.)

This sounds too good to be true, since it suggests a kind of soft consensus mechanism where miners would be prevented from "doing their own thing" too much precisely because others couldn't keep up. I await correction from someone more familiar with mining.

btw, shame on pwiullie and gmax for pushing this boogie man attack FUD. 

lemme tell you a story.  almost a quarter of a century ago now i started my own business in a small, highly desirable community that even you would think there would be significant competition.  all the other similar businesses in the area told me i couldn't do it.  and especially my biggest competitor called me on the phone and said he would crush me if i dared enter the area.  he said he was highly capitalized and had unlimited resources to put me out of business.  i was scared shitless after that call but a little bird inside me said fuck that guy.  i was young, motivated, and knew i was exceptional at what i do.  so i set up, the guy did in fact try to crush me with all sorts of underhanded dirty politics and maneuvers.  but he failed.  the attack should have worked from a pure mathematical basis; he had unlimited resources, i had loans, he had 30 yrs experience on me, i had none.  but he failed to consider all the intangibles of my ability to run business on a shoe string, me being fast, nimble, and skilled.  and, doing the right things.  he was a dirty player and everyone could see it.  he eventually stopped the attacks and i've been fine ever since.

so it will be with any stupid large miner who tries to attack the amorphous definition of "small miners" with bloated block games.  they will fail b/c they would not be concentrating on what they do best, which is if they were a 30% hasher, harvesting 30% of all block rewards and fees which is calculable, consistent, and virtually guaranteed.  they have no idea how skilled this amorphous group of small miners would be.  who knows?   maybe each of them has put aside a $10M war chest for expenses to weather such attacks or create orphans of large blocks.  this will be a good test of Nash's game theory of mining.  that's how i think it will play out.
cypherdoc
Legendary
*
Offline Offline

Activity: 1764



View Profile
May 10, 2015, 12:22:08 AM
 #23771

An attacker with 49% of the hashpower will succeed in double-spending a 6-confirm transaction 96% of the time:  



I understand the probability equations, but am trying to understand the logic in how they are being used and how an attacker with less than 50% could have an almost 100% chance of forcing a new longer chain.
...

I think there's two ways to look at it:

1.  Clearly, if an attacker has 50.0001%, then he has a 100% chance of eventually forging the longest chain.  If the attacker has 49.9999% instead, it makes sense that he'd have almost 100% chance, but not quite (why would it suddenly drop to less than 50%?).

2.  It's the attacker who gets to choose when to broadcast the attack chain.  Just by random luck, there's a good chance that at some point the attacker will hit a lucky streak and mine several blocks in quick succession.  When he hits this lucky streak and pulls ahead of the honest chain, he broadcasts his attack chain.

On this, is it the case that every failed attempt essentially wastes all the block rewards the miner would have otherwise gotten? So for example with 50% of all the hashing power if they had an expected block income of 3 blocks at 25 BTC apiece during their 6-confirmation double-spend attempt, they forego an average of 75 BTC every time they attempt this unsuccessfully?* Does that mean, assuming they have to try an average of 2^6 = 64 times to succeed, the attacker would need to be buying something worth more than 75 x 64 = 4800 BTC (currently about $1 million) to have an expected profit? If so, then the price rising 100x again requires them to be buying an item worth $100 million, etc. so it seems pretty solid.

*Actually significantly less I guess because if they for example mine two blocks then miss the third one, they start over so they are only out around 25 for two blocks they were offline for.

yes, in general, if an attack fails the attacking miner loses any block rewards and fees he would have otherwise gained by playing honestly.

back in October, i mentioned here on this thread about a post presentation talk i had with Emin Sirer of Selfish Mining.  i was challenging him about his theory in practice.  he admitted that it is a dangerous attack to perform b/c at the time blocks were worth around $11000 and those would be the losses if his strategy failed.   he said it was very tricky and one of the keys strategies to increase success was to place strategic nodes across the internet to immediately transmit the attackers longer chain IF successful in forging ahead of the honest chain so as to decrease latency of the attack.

i still called bullshit.
Adrian-x
Legendary
*
Offline Offline

Activity: 1330



View Profile
May 10, 2015, 12:34:50 AM
 #23772

Just to add my 0.002XBT

I was listening to this while mowing the lawn today.

"Simon Sinek: If You Don't Understand People, You Don't Understand Business"

The bottom line is business is about trust and people seek to work and trust people who believe what they believe.

Cypher is correct in my view that it's just the small transactions that happen in a trust free environment.

This is also where I see Gmax falls short, it's: what is it about the money we need to trust. Ultimately it's the people we trust when you are dealing with large value you can't make a transaction and 6 confirmations later claim deal done then have it reverse and think all is well. If its not reflected in the blockchain 324 blocks later it didn't happen.

Where the real opportunity for innovation is, is in using the blockchain to make identities you can trust that are linked to people.

The identify needs to reveal just the information you need to know. Like going to a bar it only reveals your likeness and your age.
Your identity is private information and must be managed as such, you choose to expose just what is relevant at the time.

We are moving into a reputation economy and you're going to have to trust the reputation.

Thank me in Bits 12MwnzxtprG2mHm3rKdgi7NmJKCypsMMQw
smooth
Legendary
*
Offline Offline

Activity: 1246



View Profile
May 10, 2015, 12:45:40 AM
 #23773

I understand the probability equations, but am trying to understand the logic in how they are being used and how an attacker with less than 50% could have an almost 100% chance of forcing a new longer chain. I would expect that no matter what the probability of being successful would be less than 50%.

The reason is the attacker just keeps going with his attack until (with a tiny bit of luck) his chain is longer. At that point everyone else will join his chain and his need to "attack" is over, he just mines his chain along with everyone else.

Intuitively, realize that the success probability is 100% at >50%, because he can always be assured of outrunning the other fork. It doesn't just jump right from near-zero to 100% as soon as you get 50%, it rises gradually with significant shares <50%.



TPTB_need_war
Sr. Member
****
Offline Offline

Activity: 420


View Profile
May 10, 2015, 12:47:12 AM
 #23774

Something that's more interesting than the anonymint noise is the under-appreciated fact that Satoshi believed Bitcoin's profit incentives were so strong that even if an individual accumulated a majority of the hashing power their desire to be profitable in bitcoin terms would be so strong that they wouldn't use that power to attack the network.

Maybe he was right and maybe he was wrong, but the people who are insisting that Bitcoin mining is too centralized should at least start out making their arguments by acknowledging that position and explaining why they believe it is incorrect.

Yes, but profit based incentives only work if you assume the adversary is motivated by greed. Excepting a major technical failure or something better appearing, the only foes I worry about with respect to bitcoin already own printers - and they aren't afraid to use them!

Inspired to see you understood and/or agreed with my point, despite "Lol" slandering me in your prior post and not quoting or acknowledging that I had made the same point as you did in the post immediately before yours as follows.

Any way, I think the profit motive crap is total nonsense and I expect he knew that. The pools don't have any large investment in hardware. Thus they are free to maximize revenue by any paradigm which does so, including collusion and selling out to the banksters who captured the State and the fiat levers. Economics rules, not morals.

Upthread I broke down the argument that the miners who own the hardware are in control. Sorry (in theory and maybe in practice already) the Sybil attack which are the pools is in control.

If you want to convince me that crypto isn't just another paradigm that falls right into the control of the problem we are trying to fix with crypto, then we need that fundamental tenet of decentralized trust.

The power held by the banksters who have captured the government through the power vacuum of the Iron Law of Collective Action, is not limited to printing money at the Central Banks. This DEEP STATE (which on the eve of 9/11 the Secretary of Defense admitted had $4 trillion missing from the Dept of Defense budget, and all the records & investigators were eliminated the next day at the Pentagon attack) has the power to do 9/11, unmask 100s of Tor .onion hidden services, and more saliently to our discussion they can render competition insolvent with regulatory requirements they create with the government they control (i.e. democracy is a lie and a power vacuum, and I was making the analogy that pools are also).

If you want to defeat this paradigm, you are going to have to think more out-of-the-box, because it patently obvious to me they designed Bitcoin.

Regarding my design solution to this problem, once you see my solution you will have an epiphany and realize there are a gamut of choices of what we centralize and what we decentralize, and it is those choices which determine whether the crypto-currency falls into the power vacuum or not.

You can start by showing me some mutual respect, which I will then return in kind. Or not. It won't stop me in either case.

P.S. I seriously have Multiple Sclerosis. If you had any clue what it is like to battle this (debilitating headaches, dizziness, and chronic fatigure, etc), you might understand why I was incapable of a lot of coding action from 2012 to 2015, until I discovered what appears so far to be a viable treatment a month ago.

smooth
Legendary
*
Offline Offline

Activity: 1246



View Profile
May 10, 2015, 12:49:04 AM
 #23775

On this, is it the case that every failed attempt essentially wastes all the block rewards the miner would have otherwise gotten?

Yes, but the probability of failure with substantial hash shares is relatively low. It is that the probability of failure is so high with small hash shares (and only this) that makes multiple confirmations extremely secure. There is no incentive to even try to attack with say 1% hash power, because your probability of success is minuscule, you are just wasting hash power by trying. With 40% it isn't necessarily a waste, it is a bit of a gamble is all. If the payoff is there, then it's worth it.

Cypherdoc, this has nothing to do with selfish mining, just probability. It's right in satoshi's white paper.

Zangelbert Bingledack
Legendary
*
Offline Offline

Activity: 1022


View Profile
May 10, 2015, 12:57:16 AM
 #23776

On this, is it the case that every failed attempt essentially wastes all the block rewards the miner would have otherwise gotten?

Yes, but the probability of failure with substantial hash shares is relatively low. It is that the probability of failure is so high with small hash shares (and only this) that makes multiple confirmations extremely secure. There is no incentive to even try to attack with say 1% hash power, because your probability of success is minuscule, you are just wasting hash power by trying. With 40% it isn't necessarily a waste, it is a bit of a gamble is all. If the payoff is there, then it's worth it.

Seems like more than a bit of a gamble, if 50% of the hashrate means you have a 50/50 chance of mining each block. That's a 1 in 64 chance of mining 6 blocks is a row, per my calculation above, right?
smooth
Legendary
*
Offline Offline

Activity: 1246



View Profile
May 10, 2015, 01:00:30 AM
 #23777

On this, is it the case that every failed attempt essentially wastes all the block rewards the miner would have otherwise gotten?

Yes, but the probability of failure with substantial hash shares is relatively low. It is that the probability of failure is so high with small hash shares (and only this) that makes multiple confirmations extremely secure. There is no incentive to even try to attack with say 1% hash power, because your probability of success is minuscule, you are just wasting hash power by trying. With 40% it isn't necessarily a waste, it is a bit of a gamble is all. If the payoff is there, then it's worth it.

Seems like more than a bit of a gamble, if 50% of the hashrate means you have a 50/50 chance of mining each block. That's a 1 in 64 chance of mining 6 blocks is a row, per my calculation above, right?

You don't need 6 in a row. Let's say you get 6 out of the next 7. You are in great shape here. Or consider that with 51% you are guaranteed to eventually succeed, but you still probably won't get 6 in a row. Peter R's calculation is I'm sure correct (knowing him), and was at least in the right ballpark. With 49% you will very likely succeed.

TPTB_need_war
Sr. Member
****
Offline Offline

Activity: 420


View Profile
May 10, 2015, 01:02:42 AM
 #23778

His entire argument about the security of multiple confirmations fails in the presence of concentration, since it relies on the premise of an attacker being a price-taker with respect to hash power. If he felt the profit motive of a majority miner were enough to render the system secure, he wouldn't bother with the probabilistic game theory. It is quite clear to me that the later is much stronger than the former.

That is an elegant way of arguing what is the more fundamental tenet or key aspect of Satoshi's contribution and invention, which was my point.

We also have to admit it was likely a ruse to suck us into wetting our ideological underwear and falling into the trap of a centralized public ledger Digital Kill Switch.

TPTB_need_war
Sr. Member
****
Offline Offline

Activity: 420


View Profile
May 10, 2015, 01:17:03 AM
 #23779

The question then becomes whether or not any technical solution is possible against attackers who have printers and aren't afraid to use them.

There is. I was very skeptical and had basically given up on finding a solution. But it turns out that I was thinking about the problem the wrong way. Paradigm shift epiphanies are like this. And of course the blinded won't believe it until you spell it out for them.

Wouldn't it suck to implement countermeasures against such attackers that not only won't work and also hinder legitimate use or, even worse, make attacks more likely instead of less likely?

Of course. But again I detect that you are likely playing politics and preparing to slander something again which is your past pattern of behavior.

cypherdoc
Legendary
*
Offline Offline

Activity: 1764



View Profile
May 10, 2015, 01:17:17 AM
 #23780

I understand the probability equations, but am trying to understand the logic in how they are being used and how an attacker with less than 50% could have an almost 100% chance of forcing a new longer chain. I would expect that no matter what the probability of being successful would be less than 50%.

The reason is the attacker just keeps going with his attack until (with a tiny bit of luck) his chain is longer. At that point everyone else will join his chain and his need to "attack" is over, he just mines his chain along with everyone else.

Intuitively, realize that the success probability is 100% at >50%, because he can always be assured of outrunning the other fork. It doesn't just jump right from near-zero to 100% as soon as you get 50%, it rises gradually with significant shares <50%.





but for every "bit of luck" the 49% attacker gets (by that i'm assuming you mean a "spurt" of luck with several blocks in a row) the 51% honest chain has the same chances of that "bit of luck" of a block spurt.  not only does the 51% honest chain have the advantage of slowly pulling further ahead via percentages alone while the 49% attacker is withholding blocks, he has the advantage of the same block spurt of luck.  both of these factors as the 51% chain pulls further and further ahead will eventually force the 49% attacker to abandon his attack, start over, while suffering losses from the blocks he could have claimed by publishing them instead of holding them back.  in effect, you can neutralize the spurt of blocks from the analysis and just say that the 51% chain will always outrun the 49% chain on average.
Pages: « 1 ... 1139 1140 1141 1142 1143 1144 1145 1146 1147 1148 1149 1150 1151 1152 1153 1154 1155 1156 1157 1158 1159 1160 1161 1162 1163 1164 1165 1166 1167 1168 1169 1170 1171 1172 1173 1174 1175 1176 1177 1178 1179 1180 1181 1182 1183 1184 1185 1186 1187 1188 [1189] 1190 1191 1192 1193 1194 1195 1196 1197 1198 1199 1200 1201 1202 1203 1204 1205 1206 1207 1208 1209 1210 1211 1212 1213 1214 1215 1216 1217 1218 1219 1220 1221 1222 1223 1224 1225 1226 1227 1228 1229 1230 1231 1232 1233 1234 1235 1236 1237 1238 1239 ... 1560 »
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!