Peter Todd [ARCHIVE] on Nostr: π Original date posted:2013-11-04 π Original message:On Mon, Nov 04, 2013 at ...
π
Original date posted:2013-11-04
π Original message:On Mon, Nov 04, 2013 at 09:49:09AM -0500, Ittay wrote:
> 1. Something important that is being overlooked is that the attack is
> relevant even without the sybil attack. Even if you assume the selfish
> miners loose every time on a 1:1 competition, they can still benefit in
> pools larger than 33%. And pools often reach this size.
>
> 2. The selfish pool can essentially hide its behavior behind multiple IP
> addresses. I fear employing an anti-sybil mechanism of this sort may expose
> new vulnerabilities. The current approach is great - the attacker cannot
> partition the network, only gain a slight timing advantage. Our approach
> just takes away the network-induced arbitrariness and replaces it with
> explicit randomness, which cannot introduce new vulnerabilities. It
> protects us from 25% attacks, which is excellent (though unfortunately not
> as good as the 51% security we believed before).
The problem is picking which side of the fork you mine on randomly isn't
rational for an individual miner. The time that you heard about a block
is important information: the block you heard about first is more likely
to have propagated to the majority of the hashing power than the one you
learn about second. You're rational incentive is to always mine on the
majority side as that side has the highest probability of no competing
blocks being found when the next block is found. (with the one exception
of the previous block being yours) In addition the next block found will
propagate to the majority of hashing power faster, as that majority
already has the previous block. By suggesting that miners pick randomly
half the time they will be going against their best interests. (if not
the interests of the network as a whole)
On the other hand my near-target broadcast solution gives miners honest
proof of what the majority actually is. Making use of that information
is the economically rational choice even at an individual level. Yet it
still defeats the attack, and it does better in returning the threshold
to the originally assumed 51% level.
--
'peter'[:-1]@petertodd.org
0000000000000005fa5454135b2638d1b2240d565737a24586f31490025e2de0
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 490 bytes
Desc: Digital signature
URL: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/attachments/20131104/255b5a05/attachment.sig>
π Original message:On Mon, Nov 04, 2013 at 09:49:09AM -0500, Ittay wrote:
> 1. Something important that is being overlooked is that the attack is
> relevant even without the sybil attack. Even if you assume the selfish
> miners loose every time on a 1:1 competition, they can still benefit in
> pools larger than 33%. And pools often reach this size.
>
> 2. The selfish pool can essentially hide its behavior behind multiple IP
> addresses. I fear employing an anti-sybil mechanism of this sort may expose
> new vulnerabilities. The current approach is great - the attacker cannot
> partition the network, only gain a slight timing advantage. Our approach
> just takes away the network-induced arbitrariness and replaces it with
> explicit randomness, which cannot introduce new vulnerabilities. It
> protects us from 25% attacks, which is excellent (though unfortunately not
> as good as the 51% security we believed before).
The problem is picking which side of the fork you mine on randomly isn't
rational for an individual miner. The time that you heard about a block
is important information: the block you heard about first is more likely
to have propagated to the majority of the hashing power than the one you
learn about second. You're rational incentive is to always mine on the
majority side as that side has the highest probability of no competing
blocks being found when the next block is found. (with the one exception
of the previous block being yours) In addition the next block found will
propagate to the majority of hashing power faster, as that majority
already has the previous block. By suggesting that miners pick randomly
half the time they will be going against their best interests. (if not
the interests of the network as a whole)
On the other hand my near-target broadcast solution gives miners honest
proof of what the majority actually is. Making use of that information
is the economically rational choice even at an individual level. Yet it
still defeats the attack, and it does better in returning the threshold
to the originally assumed 51% level.
--
'peter'[:-1]@petertodd.org
0000000000000005fa5454135b2638d1b2240d565737a24586f31490025e2de0
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 490 bytes
Desc: Digital signature
URL: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/attachments/20131104/255b5a05/attachment.sig>