Patrick [ARCHIVE] on Nostr: 📅 Original date posted:2013-11-05 📝 Original message:The ratio of honest miners ...
📅 Original date posted:2013-11-05
📝 Original message:The ratio of honest miners that mine the first block they see is > 0.5
Your proposed solution would reduce that ratio to 0.5
In other words your proposed change would make the attack you describe
easier not harder.
On 11/05/2013 09:26 AM, Ittay wrote:
> That sounds like selfish mining, and the magic number is 25%. That's
> the minimal pool size.
> Today the threshold is 0% with good connectivity.
>
> If I misunderstood your point, please elaborate.
>
> Ittay
>
>
>
> On Tue, Nov 5, 2013 at 12:05 PM, Peter Todd <pete at petertodd.org
> <mailto:pete at petertodd.org>> wrote:
>
> On Tue, Nov 05, 2013 at 11:56:53AM -0500, Ittay wrote:
> > Hello,
> >
> > Please see below our BIP for raising the selfish mining threshold.
> > Looking forward to your comments.
>
> <snip>
>
> > 2. No new vulnerabilities introduced:
> > Currently the choice among equal-length chains is done arbitrarily,
> > depending on network topology. This arbitrariness is a source of
> > vulnerability. We replace it with explicit randomness, which is
> at the
> > control of the protocol. The change does not introduce
> executions that were
> > not possible with the old protocol.
>
> Credit goes to Gregory Maxwell for pointing this out, but the random
> choice solution does in fact introduce a vulnerability in that it
> creates incentives for pools over a certain size to withhold blocks
> rather than immediately broadcasting all blocks found.
>
> The problem is that when the pool eventually choses to reveal the
> block
> they mined, 50% of the hashing power switches, thus splitting the
> network. Like the original attack this can be to their benefit. For
> pools over a certain size this strategy is profitable even without
> investing in a low-latency network; Maxwell or someone else can
> chime in
> with the details for deriving that threshold.
>
> I won't get a chance to for a few hours, but someone should do the
> analysis on a deterministic switching scheme.
>
> --
> 'peter'[:-1]@petertodd.org <http://petertodd.org>;
> 0000000000000005e25ca9b9fe62bdd6e8a2b4527ad61753dd2113c268bec707
>
>
>
>
> ------------------------------------------------------------------------------
> November Webinars for C, C++, Fortran Developers
> Accelerate application performance with scalable programming models. Explore
> techniques for threading, error checking, porting, and tuning. Get the most
> from the latest Intel processors and coprocessors. See abstracts and register
> http://pubads.g.doubleclick.net/gampad/clk?id=60136231&iu=/4140/ostg.clktrk
>
>
> _______________________________________________
> Bitcoin-development mailing list
> Bitcoin-development at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/bitcoin-development
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/attachments/20131105/3ac68674/attachment.html>;
📝 Original message:The ratio of honest miners that mine the first block they see is > 0.5
Your proposed solution would reduce that ratio to 0.5
In other words your proposed change would make the attack you describe
easier not harder.
On 11/05/2013 09:26 AM, Ittay wrote:
> That sounds like selfish mining, and the magic number is 25%. That's
> the minimal pool size.
> Today the threshold is 0% with good connectivity.
>
> If I misunderstood your point, please elaborate.
>
> Ittay
>
>
>
> On Tue, Nov 5, 2013 at 12:05 PM, Peter Todd <pete at petertodd.org
> <mailto:pete at petertodd.org>> wrote:
>
> On Tue, Nov 05, 2013 at 11:56:53AM -0500, Ittay wrote:
> > Hello,
> >
> > Please see below our BIP for raising the selfish mining threshold.
> > Looking forward to your comments.
>
> <snip>
>
> > 2. No new vulnerabilities introduced:
> > Currently the choice among equal-length chains is done arbitrarily,
> > depending on network topology. This arbitrariness is a source of
> > vulnerability. We replace it with explicit randomness, which is
> at the
> > control of the protocol. The change does not introduce
> executions that were
> > not possible with the old protocol.
>
> Credit goes to Gregory Maxwell for pointing this out, but the random
> choice solution does in fact introduce a vulnerability in that it
> creates incentives for pools over a certain size to withhold blocks
> rather than immediately broadcasting all blocks found.
>
> The problem is that when the pool eventually choses to reveal the
> block
> they mined, 50% of the hashing power switches, thus splitting the
> network. Like the original attack this can be to their benefit. For
> pools over a certain size this strategy is profitable even without
> investing in a low-latency network; Maxwell or someone else can
> chime in
> with the details for deriving that threshold.
>
> I won't get a chance to for a few hours, but someone should do the
> analysis on a deterministic switching scheme.
>
> --
> 'peter'[:-1]@petertodd.org <http://petertodd.org>;
> 0000000000000005e25ca9b9fe62bdd6e8a2b4527ad61753dd2113c268bec707
>
>
>
>
> ------------------------------------------------------------------------------
> November Webinars for C, C++, Fortran Developers
> Accelerate application performance with scalable programming models. Explore
> techniques for threading, error checking, porting, and tuning. Get the most
> from the latest Intel processors and coprocessors. See abstracts and register
> http://pubads.g.doubleclick.net/gampad/clk?id=60136231&iu=/4140/ostg.clktrk
>
>
> _______________________________________________
> Bitcoin-development mailing list
> Bitcoin-development at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/bitcoin-development
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/attachments/20131105/3ac68674/attachment.html>;