Peter Todd [ARCHIVE] on Nostr: 📅 Original date posted:2013-11-04 📝 Original message:(not sure if you meant ...
📅 Original date posted:2013-11-04
📝 Original message:(not sure if you meant this to go to the list, my apologies if not)
On Mon, Nov 04, 2013 at 10:50:25AM -0500, Ittay wrote:
> On Mon, Nov 4, 2013 at 10:46 AM, Peter Todd <pete at petertodd.org> wrote:
>
> > On Mon, Nov 04, 2013 at 10:25:19AM -0500, Ittay wrote:
> > > Peter - how can you guarantee that the majority mines on the non-selfish
> > > block?
> >
> > Of course, it may be the case that competing near-block headers are
> > found, but no matter: as long as miners switch to the block with the
> > most hashing power, this forms a feedback effect that quickly brings
> > everyone to consensus. With everyone mining to extend the same block,
> > there's nothing the selfish miner can do; there's no disagreement to
> > exploit.
> >
>
> This is not the exploit! The majority you create might just as well follow
> the previously-private block, so we're back in square one.
Right, but the thing is, if all miners quickly come to consensus and are
all mining on the same block, there's nothing the attacker can exploit
in the first place.
Suppose Alice the attacker is 100 blocks ahead of the main network
somehow. We'll say the other miners are working to extend block n, and
she's in posession of 100 blocks extending that. She also has just under
50% of the hashing power.
Now when the main network finds a block n+1, Alice can do one of two
things: she can publish her own n+1 block, or she can do nothing. If she
does nothing, the main network will find block n+2 faster than she finds
n+101, so eventually she loses. Thus she has to publish.
In your attack she publishes to a subset of nodes strategicly, splitting
the hashing power between nodes working to extend her n+1, and the other
n+1 found. However, with near-target headers, very quickly all hashing
power will come to consensus and all work to extend the same block,
either theirs or Alice's. Given that they have the majority, they will
find another block faster on average than Alice can extend her lead, and
thus eventually Alice will lose.
Now there is still a slight advantage for Alice in that it takes some
time for the whole network to come to consensus, but this is a much
slimmer margin, maybe a few percentage points, so at best Alice might
need, say, 45% of the total hashing power.
--
'peter'[:-1]@petertodd.org
0000000000000004b8381fe97338c8b710cb662160f08e391820f30a375bb9b9
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 490 bytes
Desc: Digital signature
URL: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/attachments/20131104/647ddf7c/attachment.sig>;
📝 Original message:(not sure if you meant this to go to the list, my apologies if not)
On Mon, Nov 04, 2013 at 10:50:25AM -0500, Ittay wrote:
> On Mon, Nov 4, 2013 at 10:46 AM, Peter Todd <pete at petertodd.org> wrote:
>
> > On Mon, Nov 04, 2013 at 10:25:19AM -0500, Ittay wrote:
> > > Peter - how can you guarantee that the majority mines on the non-selfish
> > > block?
> >
> > Of course, it may be the case that competing near-block headers are
> > found, but no matter: as long as miners switch to the block with the
> > most hashing power, this forms a feedback effect that quickly brings
> > everyone to consensus. With everyone mining to extend the same block,
> > there's nothing the selfish miner can do; there's no disagreement to
> > exploit.
> >
>
> This is not the exploit! The majority you create might just as well follow
> the previously-private block, so we're back in square one.
Right, but the thing is, if all miners quickly come to consensus and are
all mining on the same block, there's nothing the attacker can exploit
in the first place.
Suppose Alice the attacker is 100 blocks ahead of the main network
somehow. We'll say the other miners are working to extend block n, and
she's in posession of 100 blocks extending that. She also has just under
50% of the hashing power.
Now when the main network finds a block n+1, Alice can do one of two
things: she can publish her own n+1 block, or she can do nothing. If she
does nothing, the main network will find block n+2 faster than she finds
n+101, so eventually she loses. Thus she has to publish.
In your attack she publishes to a subset of nodes strategicly, splitting
the hashing power between nodes working to extend her n+1, and the other
n+1 found. However, with near-target headers, very quickly all hashing
power will come to consensus and all work to extend the same block,
either theirs or Alice's. Given that they have the majority, they will
find another block faster on average than Alice can extend her lead, and
thus eventually Alice will lose.
Now there is still a slight advantage for Alice in that it takes some
time for the whole network to come to consensus, but this is a much
slimmer margin, maybe a few percentage points, so at best Alice might
need, say, 45% of the total hashing power.
--
'peter'[:-1]@petertodd.org
0000000000000004b8381fe97338c8b710cb662160f08e391820f30a375bb9b9
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 490 bytes
Desc: Digital signature
URL: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/attachments/20131104/647ddf7c/attachment.sig>;