Meni Rosenfeld Bitcoil - Haifux

It's time for a break: About the recent mess & temporary new rules

Unfortunately, I was on vacation this weekend, so I was unable to prevent /Bitcoin from becoming messy. Sorry about that. I and other moderators more-or-less cleaned it up. Report anything that we missed.
Because people are still probably in a "troll-happy" mood from the lack of moderation, moderation will be increased for a while. Everyone needs some time to calm down. In particular, posts about anything especially emotionally-charged will be deleted unless they introduce some very substantial new ideas about the subject. This includes the max block size debate (any side) and /Bitcoin moderation. Also, people are continuously spamming links to inferior clones of /Bitcoin and the XT subreddit -- these links will be removed and the posters banned unless the links are remarkably appropriate for the given situation. When this sticky is removed, the rules will return to what they were previously.
It is possible that some people have been or will be banned too readily due to the increased moderation. If this happens to you, mail /Bitcoin with a justification of your actions, then wait 2 days and mail again if there's no satisfactory response, then wait 4 days, then 8, 16, 32, etc. If your mail to /Bitcoin is too high-volume, we may block all further mail from you, which will make it impossible for your to appeal your ban.

About XT

/Bitcoin exists to serve Bitcoin. XT will, if/when its hardfork is activated, diverge from Bitcoin and create a separate network/currency. Therefore, it and services that support it should not be allowed on /Bitcoin. In the extremely unlikely event that the vast majority of the Bitcoin economy switches to XT and there is a strong perception that XT is the true Bitcoin, then the situation will flip and we should allow only submissions related to XT. In that case, the definition of "Bitcoin" will have changed. It doesn't make sense to support two incompatible networks/currencies -- there's only one Bitcoin, and /Bitcoin serves only Bitcoin.
If a hardfork has near-unanimous agreement from Bitcoin experts and it's also supported by the vast majority of Bitcoin users and companies, we can predict with high accuracy that this new network/currency will take over the economy and become the new definition of Bitcoin. (Miners don't matter in this, and it's not any sort of vote.) This sort of hardfork can probably be adopted on /Bitcoin as soon as it has been determined that the hardfork is not absolutely against the spirit of Bitcoin (inflating out-of-schedule, for example). For right now, there will always be too much controversy around any hardfork that increases the max block size, but this will probably change as there's more debate and research, and as block space actually becomes more scarce. I could see some kind of increase gaining consensus in as soon as 6 months, though it would have to be much smaller than the increase in XT for ~everyone to agree on it so soon.
There's a substantial difference between discussion of a proposed Bitcoin hardfork (which was previously always allowed here, even though I strongly disagree with many things posted) and promoting software that is programmed to diverge into a competing network/currency. The latter is clearly against the established rules of /Bitcoin, and while Bitcoin's technology will continue working fine no matter what people do, even the attempt at splitting Bitcoin up like this will harm the Bitcoin ecosystem and economy.

Why is XT considered an altcoin even though it hasn't broken away from Bitcoin yet?

Because it is intentionally programmed to diverge from Bitcoin, I don't consider it to be important that XT is not distinct from Bitcoin quite yet. If someone created a fork of Bitcoin Core that allowed miners to continue mining 25 BTC per block forever, would that be "Bitcoin" even though it doesn't split from the Bitcoin currency/network quite yet? (I'd say no.)

Can I still talk about hard fork proposals on /Bitcoin?

Right now, not unless you have something really new and substantial to say.
After this sticky is removed, it will be OK to discuss any hardfork to Bitcoin, but not any software that hardforks without consensus, since that software is not Bitcoin.

If XT is an altcoin then why aren't sidechains or Lightning altcoins?

/Bitcoin is about the Bitcoin currency and network. Lightning allows you to move the Bitcoin currency. Sidechains are on-topic in general because they are a possibly-useful addition to the Bitcoin network. It is possible that some specific sidechains might not be on-topic -- this isn't clear to me yet.
XT is programmed to create a separate currency and network, so it is not Bitcoin.

How do you know that there is no consensus?

Consensus is a high bar. It is not the same as a majority. In general, consensus means that there is near-unanimity. In the very particular case of a hardfork, "consensus" means "there is no noticeable probability that the hardfork will cause the Bitcoin economy to split into two or more non-negligible pieces".
I know almost for certain that there is no consensus to the change in XT because Bitcoin core developers Wladamir, Greg, and Pieter are opposed to it. That's enough to block consensus. And it works both ways: if Gavin and Mike are strongly opposed to Pieter's BIP, then this will also block consensus on that BIP.
Other than the core devs, big Bitcoin companies (especially Coinbase, BitPay, and exchanges) could block consensus, as could large groups of average users who are collectively capable of making reasonable arguments and exerting economic force (probably not just random unknown people complaining about nothing).
Even though consensus is such a high bar, I think that in practice any hardfork that gets consensus among the Bitcoin Core devs and makes it into Bitcoin Core has a good chance of succeeding. But again, the developers would just be spearheading the effort, and many others could block them if necessary.

But with such a high bar, 8 MB blocks will be impossible!

If consensus can never be reached on one particular hardfork proposal, then the hardfork should never occur. Just because you want something doesn't mean that it's ever reasonable for you to hijack Bitcoin from the people who don't want it, even if your side is the majority (which it isn't in this case). This isn't some democratic country where you can always get your way with sufficient politicking. Get consensus, live without the change, or create your own altcoin.
Hard forks are supposed to be hard. While some hard forks will probably be necessary in the long run, these hard forks will need to have consensus and be done properly or Bitcoin will die due to the economy being constantly shattered into several pieces, or as a side-effect of forcing through technically unsound changes that the majority of experts disagree with (like XT's 8MB block size).

Don't most experts want 8 MB blocks soon?

Not by any reasonable idea of "most experts" I can think of. For example, among people with expert flair on /Bitcoin, AFAIK any large near-term increase is opposed by nullc, petertodd, TheBlueMatt, luke-jr, pwuille, adam3us, maaku7, and laanwj. A large near-term increase is supported by gavinandresen, jgarzik, mike_hearn, and MeniRosenfeld. (Those 12 people are everyone with expert flair.)
I've heard concerns that some experts who oppose any large near-term increase have conflicts of interest. But many of them have been expressing the same concerns for years, so it's unlikely that any recent possible conflict of interest is influencing them. Also, if they believed that increasing the max block size would help Bitcoin as a whole, what reason would they have to prevent this? I don't see the incentive.
We don't need to trust the above list of experts, of course. But I for one have found the conservative position's arguments to be much more convincing than the huge-increase position's arguments. It's not reasonable to say, "You know a lot more than I do, and I don't see any fault in your arguments, but you must be trying to trick me due to this potential conflict of interest, so I'm going to ignore you."

Who are you working for?

I am not an employee of anyone but myself. As far as I know my only incentives for engaging in this policy are to make Bitcoin as strong as possible for ideological reasons, and in the long-term to increase the Bitcoin price. When I make policies, I do so because I believe that they are right. I am not being paid for my work on /Bitcoin or for creating certain policies.
It would have been far easier for me to simply allow XT. If I was a politician or a business, I probably would have bowed to community demands already. And on several occasions I have very seriously considered the possibility that I could be wrong here and the community right. But in the end I just don't see any way to both reasonably and consistently deal with XT and cases similar to XT except to ban them on /Bitcoin. Additionally, I am further motivated by my knowledge that a "hostile hardfork" like the one in XT is very harmful for Bitcoin no matter what the change entails, and that the change in XT is in fact amazingly bad.

See also

See my previous posts on this subject and the discussion in their child comments. Keep in mind that my comments are often downvoted to the point of being hidden by default.
Also, someone who could be Satoshi posted here. This email address was actually used by Satoshi before he left, and the email apparently did come from that email address legitimately (not a spoof). Whether he's actually Satoshi or not, I agree with what he's saying.

About majoritarianism

Just because many people want something doesn't make it right. There is example after example of this in history. You might reasonably believe that democracy is the best we can do in government (though I disagree), but it's not the best we can do with private and independent forums on the free market.
If you disagree with /Bitcoin policy, you can do one of these things:
Do not violate our rules just because you disagree with them. This will get you banned from /Bitcoin, and evading this ban will get you (and maybe your IP) banned from Reddit entirely.
If 90% of /Bitcoin users find these policies to be intolerable, then I want these 90% of /Bitcoin users to leave. Both /Bitcoin and these people will be happier for it. I do not want these people to make threads breaking the rules, demanding change, asking for upvotes, making personal attacks against moderators, etc. Without some real argument, you're not going to convince anyone with any brains -- you're just wasting your time and ours. The temporary rules against blocksize and moderation discussion are in part designed to encourage people who should leave /Bitcoin to actually do so so that /Bitcoin can get back to the business of discussing Bitcoin news in peace.
The purpose of moderation is to make the community a good one, which sometimes includes causing people to leave.

This thread

You can post comments about moderation policy here, but nowhere else.
submitted by theymos to Bitcoin [link] [comments]

Most alt-coins are NOT secure enough, they exist only for entertainment and speculation

(I believe this needs to be posted to /bitcoin as Bitcoin users/enthusiasts need to know the difference between Bitcoin and other cryptocurrencies. About author: I'm subscribed to /bitcoin since 2011, and have been involved in cryptocurrency security research for several years.)
Let's talk about security aspect of cryptocurrencies. I'm afraid an average user knows very little about this topic: he might know that hashrate is needed to protect the blockchain, and that higher hashrate is better, as it implies that attacker needs to spend more to get control of the blockchain.
But there is a plenty of other kinds of attacks (or, rather, economic models of attacks), some of which have much higher practical significance.
Let's start with something simple: there is a straightforward and rigorous model of double-spending attack under condition that attacker has a fraction of total network's hashrate. I highly recommend Meni Rosenfeld's Analysis of hashrate-based double-spending paper (PDF).
The main takeaway from this paper is that "maximal safe transaction value" is directly proportional to block reward (i.e. amount of coins miners get for each block). It is easy to understand this intuitively: bigger reward means that miners get more money from normal mining, so they will be reluctant to try double-spending attacks. On the other hand, if block reward was negligible, double-spending could be a lucrative source of revenue.
Let's look at numbers: if attacker controls 26% of hashrate and number of confirmations is 6, maximal safe transaction value is 1113 BTC when block reward is 25 BTC. This is pretty cool: you only need to wait 1 hour to make sure you irreversibly received half million USD worth of bitcoins (I assume exchange rate of $450 for 1 Bitcoin).
However, situation is pretty different for alt-coins which have much less valuable block rewards. For example, imagine there is a Foocoin with exchange rate of $1 for 1 Foocoin. If Foocoin's block reward is also 25 foocoins, then max save transaction value for 6 confirmations is only $1113 USD worth of Foocoins. It doesn't look like Foocoin is suitable for commerce, does it?
One could say that Foocoin simply requires larger number of confirmations for larger transactions. But that's wrong: higher number of confirmations helps only under condition that attacker is unable to obtain more than 50% of total hashrate, but for most alt-coins it isn't true.
First of all, let's note that so-called miners simply rent their equipment to "mining pool operators" and are paid in crypto-currency for it. In many cases they don't even care what cryptocurrency they mine as long as they are being paid. See Middlecoin:
This pool automatically mines the most profitable scrypt coin, automatically exchanges those coins for bitcoins, and pays out entirely in bitcoins.
So, miners who mine using Middlecoin do not know if their equipment is being used to mine Litecoins or Dogecoins or something else. And they wouldn't care if it is used for attacks on alt-coins, as they are being paid in bitcoins.
Let's consider a scenario where Middlecoin-like pool has higher hashrate than Foocoin, e.g. Middlecoin (not Middlecoin specifically, but any pool like that) has 20 GH/s, while Foocoin has 10 GH/s. Here's how one can profit from it:
  1. Buy $1M worth of Foocoins, get them into your wallet.
  2. Make an agreement with Middlecoin: you rent they hashrate for a couple of hours, paying them in bitcoin, slightly above what most profitable alt-coin yields.
  3. Send your foocoins to exchange Bar.
  4. Start mining a private chain which has a double-spend transaction which sends coins to exchange Baz.
  5. After your transaction gets 10 confirmations on the normal chain, convert foocoins to bitcoins on Bar and withdraw them immediately.
  6. After withdrawal transaction is confirmed on Bitcoin network (and thus cannot be reversed), you release the private chain you have mined, causing reorganization. You should have mined 20 blocks by then under if Middlecoin has hashrate which is twice higher than normal Foocoin's hashrate.
  7. Your deposit to exchange Baz is now confirmed, converl your foocoins to bitcoins again, and withdraw immediately.
  8. A day later 20 blocks you have mined will get mature, and you'll be able to sell them too.
If Foocoin price doesn't change in process, you can get approximately $1M profit on this attack, as cost of renting a mining pool is approximately equal to value of mined blocks.
In practice, you'll lose some money due to lack of liquidity on exchanges, so profit will be less than $1M.
The conclusion we get from this analysis is that alt-coins which have only a small fraction of total hashrate for a certain mining algorithm are extremely non-secure. And they cannot grow big: as soon as exchanges will have enough liquidity, it will be possible to perform the attack I described, which will result in the price drop.
So almost all alt-coins are simply not suitable for any kind of "real economy" applications. They are doomed to have high volatility, shallow markets, low "max safe transaction value".
One can't deny the fact that it is possible to make money on alt-coins. But that's just gambling. And people who create new alt-coins are in same position as people who build casinos. It is a business, but it is the entertainment sector, not in 'real economy' or 'financial' sectors as some people are trying to pretend.
Bitcoin is one of few cryptocurrencies which are actually serious. It isn't perfect, but attacking Bitcoin is very hard, so transactions worth millions of dollars can be confirmed in matter of hours. Same cannot be said about alt-coins, and this situation won't change unless new cryptocurrency designs will be found.
If there is an alt-coin which is more-or-less secure, it is probably Litecoin. Its hashrate is a significant fraction of total scrypt hashrate, so attacking Litecoin is hard. Interestingly, at some point Dogecoin's hashrate was higher than Litecoin's but it dropped after block reward have dropped. So, again, block reward is important for security.
This has dire implications for alt-coins which have short block reward schedules. If all coins will be mined in two years, this mean that alt-coin will be dead in two years.
(It's worth noting that same problem might affect Bitcoin in future, like in 10 years or so.)
Now there is a question: Is there a way to make multiple currencies all of which will be secure?
Probably. There are several approaches:
  1. Merged mining: The idea is that Bitcoin's proof-of-work can be re-used to mine alt-chains. This makes attacks harder, but hashrate-based double-spending considerations are still applicable, so safety can't be guaranteed... They will be safe only if miners are benevolent.
  2. Side-chains: This needs more research, but it looks like high degree of security is possible as long as you don't care about SPV.
  3. Proof-of-stake and PoW/PoS hybrid: Needs more research, there is some hope. Note that Peercoin's PoS is pretty bad.
  4. Multiple cryptocurrencies in the same blockchain (e.g. colored coins, Mastercoin, Counterparty, Ethereum, Ripple, etc.) will all be equally secure, so I believe this is what we should do instead of spawning a shitload of alt-coins.
submitted by killerstorm to Bitcoin [link] [comments]

Bobtail: A Proof-of-Work Target that Minimizes Blockchain Mining Variance

arXiv:1709.08750
Date: 2017-10-19
Author(s): George Bissias, Brian Neil Levine

Link to Paper


Abstract
Blockchain systems are designed to produce blocks at a constant average rate. The most popular systems currently employ a Proof of Work (PoW) algorithm as a means of creating these blocks. Bitcoin produces, on average, one block every 10 minutes. An unfortunate limitation of all deployed PoW blockchain systems is that the time between blocks has high variance. For example, 5% of the time, Bitcoin's inter-block time is at least 40 minutes. This variance impedes the consistent flow of validated transactions through the system. We propose an alternative process for PoW-based block discovery that results in an inter-block time with significantly lower variance. Our algorithm, called Bobtail, generalizes the current algorithm by comparing the mean of the k lowest order statistics to a target. We show that the variance of inter-block times decreases as k increases. If our approach were applied to Bitcoin, about 80% of blocks would be found within 7 to 12 minutes, and nearly every block would be found within 5 to 18 minutes; the average inter-block time would remain at 10 minutes. Further, we show that low-variance mining significantly thwarts doublespend and selfish mining attacks. For Bitcoin and Ethereum currently (k=1), an attacker with 40% of the mining power will succeed with 30% probability when the merchant sets up an embargo of 8 blocks; however, when k>=20, the probability of success falls to less than 1%. Similarly, for Bitcoin and Ethereum currently, a selfish miner with 40% of the mining power will claim about 66% of blocks; however, when k>=5, the same miner will find that selfish mining is less successful than honest mining. The cost of our approach is a larger block header.

References
[1] Bitcoin cash. https://www.bitcoincash.org/.
[2] Litecoin. https://litecoin.org/.
[3] Ethash. https://github.com/ethereum/wiki/wiki/Ethash, Aug 3 2017.
[4] Martin Abadi, Mike Burrows, Mark Manasse, and Ted Wobber. Moderately hard, memory-bound functions. ACM Trans. Internet Technol., 5(2):299–327, May 2005.
[5] Tuomas Aura, Pekka Nikander, and Jussipekka Leiwo. Dos-resistant authentication with client puzzles. In Revised Papers from the 8th International Workshop on Security Protocols, pages 170–177, 2001.
[6] Adam Back. Hashcash - Amortizable Publicly Auditable CostFunctions, 2002.
[7] Iddo Bentov, Ariel Gabizon, and Alex Mizrahi. Cryptocurrencies without proof of work. In International Conference on Financial Cryptography and Data Security, pages 142–157. Springer, 2016.
[8] Iddo Bentov, Charles Lee, Alex Mizrahi, and Meni Rosenfeld. Proof of Activity: Extending Bitcoin’s Proof of Work via Proof of Stake [Extended Abstract] y. ACM SIGMETRICS Performance Evaluation Review, 42(3):34–37, 2014.
[9] Bobtails. https://en.wikipedia.org/wiki/Natural_bobtail.
[10] Xavier Boyen, Christopher Carr, and Thomas Haines. BlockchainFree Cryptocurrencies: A Framework for Truly Decentralised Fast Transactions. Cryptology ePrint Archive, Report 2016/871, Sept 2016. http://eprint.iacr.org/2016/871.
[11] George Casella and Roger L. Berger. Statistical inference. Brooks Cole, Pacific Grove, CA, 2002.
[12] Liqun Chen and Wenbo Mao. An auditable metering scheme for web advertisement applications. Information Security, pages 475–485, 2001.
[13] F. Coelho. An (Almost) Constant-Effort Solution- Verification Proofof-Work Protocol Based on Merkle Trees. In Progress in Cryptology – AFRICACRYPT, pages 80–93, June 2008.
[14] Drew Dean and Adam Stubblefield. Using client puzzles to protect tls. In Proceedings of the 10th Conference on USENIX Security Symposium - Volume 10, SSYM’01, Berkeley, CA, USA, 2001. USENIX Association.
[15] J. Douceur. The Sybil Attack. In Proc. Intl Wkshp on Peer-to-Peer Systems (IPTPS), March 2002.
[16] Cynthia Dwork and Moni Naor. Pricing via processing or combatting junk mail. In In 12th Annual International Cryptology Conference, pages 139–147, 1992.
[17] Ethereum Homestead Documentation. http://ethdocs.org/en/latest/.
[18] Ittay Eyal, Adem Efe Gencer, Emin Gun Sirer, and Robbert Van Renesse. Bitcoin-ng: A scalable blockchain protocol. In 13th USENIX Symposium on Networked Systems Design and Implementation (NSDI 16), pages 45–59, Santa Clara, CA, 2016. USENIX Association.
[19] Ittay Eyal and Emin Gün Sirer. Majority is not enough: Bitcoin mining is vulnerable. In International conference on financial cryptography and data security, pages 436–454. Springer, 2014.
[20] M. Franklin and D. Malkhi. Auditable metering with ligthweigth security. In Proc. Financial Cryptography, pages 151–160, 1997.
[21] Arthur Gervais, Ghassan O. Karame, Karl Wust, Vasileios Glykantzis, Hubert Ritzdorf, and Srdjan Capkun. On the Security and Performance of Proof of Work Blockchains. https://eprint.iacr.org/2016/555, 2016.
[22] Bogdan Groza and Bogdan Warinschi. Cryptographic puzzles and dos resilience, revisited. Des. Codes Cryptography, 73(1):177–207, October 2014.
[23] Markus Jakobsson and Ari Juels. Proofs of Work and Bread Pudding Protocols. In Proc. Conference on Secure Information Networks: Communications and Multimedia Security, pages 258–272, 1999.
[24] A. Juels and J. Brainard. Client puzzles: A cryptographic countermeasure against connection depletion attacks. In Proc. Networks and Distributed Security Systems, pages 151–165, 1999.
[25] Ben Laurie and Richard Clayton. “Proof-of-work" proves not to work; version 0.2. In Proc. Workshop on Economics and Information Security, 2004.
[26] Andrew Miller, Ari Juels, Elaine Shi, Bryan Parno, and Jonathan Katz. Permacoin: Repurposing bitcoin work for data preservation. In Proc. IEEE Security and Privacy, pages 475–490, 2014.
[27] Satoshi Nakamoto. Bitcoin: A Peer-to-Peer Electronic Cash System, May 2009.
[28] A. Pinar Ozisik and Brian Neil Levine. An Explanation of Nakamoto’s Analysis of Double-spend Attacks. Technical Report arXiv:1701.03977, University of Massachusetts, Amherst, MA, January 2017.
[29] Ayelet Sapirshtein, Yonatan Sompolinsky, and Aviv Zohar. Optimal Selfish Mining Strategies in Bitcoin. https://arxiv.org/pdf/1507.06183.pdf, July 2015.
[30] XiaoFeng Wang and Michael K. Reiter. Defending against denial-ofservice attacks with puzzle auctions. In Proceedings of the 2003 IEEE Symposium on Security and Privacy, SP ’03, pages 78–, Washington, DC, USA, 2003. IEEE Computer Society
submitted by dj-gutz to myrXiv [link] [comments]

A bribe attack is ongoing

First of all, I should note it's not a big deal and there are no reasons to panic or anything, but it's just remarkable that the thing we knew is theoretically possible is happening now.
To provide background on this kind of attack I need to start from fundamentals. Here's the security assumption from the Bitcoin paper:
The system is secure as long as honest nodes collectively control more CPU power than any cooperating group of attacker nodes.
Originally mining was done by users themselves, it was a part of node/wallet software. However, later it became more specialized.
Hashing, running nodes and using Bitcoin are completely separate things nowadays when pooled mining is commonplace. That is, somebody can "mine" bitcoins using his hashing hardware without running a node. (And, perhaps, without even being a Bitcoin user, as a "miner" can auto-convert his revenue to dollars.)
Calling this "mining" isn't quite accurate. More precisely it can be described as renting (that is, mining pools rent hashing hardware of so-called "miners") or paying for a service (mining pools pays a "miner" for the efforts he's performed).
Some "miners" believe that they receive bitcoins they created, but it's not true in a general case. One thing is that more often then not, individual miners fail to solve the block, but are still compensated for their efforts (not for results). Also pools generally have reserves which they use to smooth out reward payments, thus rewards miners receive do not necessarily come from freshly mined bitcoins.
Now let's recall that hashpower is intimately linked to the security of the network. Attacker who controls a significant portion of total hashpower might be able to perform double-spend attacks (e.g. see Meni Rosenfeld's Analysis of Hashrate-Based Double Spending) or denial-of-service attacks (he might mine empty blocks).
It is usually understood that these attacks are practically unfeasible, as overpowering the honest network would require enormous amounts of hardware, energy, etc. However, there are several different attack model.
The most primitive one was relevant back when mining was done on CPUs: an attacker could rent CPU power from a cloud provider such as Amazon and try to do a double-spend reorganization or a 51% attack. It's fairly easy to do calculations within this model as the cost of an attack is known (for a certain difficulty) and one just needs to compare it to potential profits attacker might get.
But CPU mining is irrelevant now, attacker would need specialized hardware to have a chance. This makes attack much more complex, as attacker needs to buy hardware, deploy it, start mining... And once attack is complete, he needs to do something with that hardware. It's generally understood that parties who own hashing hardware will be reluctant to perform attack because a successful attack can drastically decrease the value of the hardware they own. Thus it can be said that ASICs made Bitcoin much more secure due to this stickiness.
But wait... what if an attacker rents hardware instead of buying it? It's much simpler than buying hardware: no complex logistics, little overhead, no concerns about how an attack would affect hardware price. Attacker would need to pay slightly above the market price to make sure he gets more than a half of total hashpower to make sure that it's statistically certain his attack can succeed.
This can be describe as a sort of a bribe. Normally miners get block rewards (subsidy + fees). Attacker adds a bribe to it, making it subsidy + fees + bribe. This is attractive to miners as it pays more. Once attack is successful, attacker receives subsidy + fees + attack profit. Thus his cost is
(subsidy + fees + attack profit) - (subsidy + fees + bribe) = attack profit - bribe 
Note that bribe can be arbitrarily small, it should be just enough to get miners interested. It can be 1% of a subsidy, for example. E.g. suppose attacker wants to earn 1000 BTC by double-spending, he gives a 10 BTC bribe to miners to orphan some of the recent blocks and pockets 990 BTC.
The cost of this attack can be arbitrarily small, but it requires a lot of a capital and is also quite risky. And also it's not possible right now because miners do not just rent their hashpower to the highest bidder, they use mining pools they trust. Thus there's no way for the attacker go get more than 50% of total hashpower to be successful with this attack.
There are, however, pools which allow people to rent hashpower. For example, NiceHash. It currently has 16 PH/s of SHA256 hashpower (according to the stats they publish), thus controlling around 1% of total hashpower. NiceHash allocates hashpower to highest bidder, and thus it can be potentially used for attacks I described above. But currently it's too small to have any effect.
So this is just something to keep in mind. Pools like NiceHash are evil, they can potentially destabilize Bitcoin if more than a half of total Bitcoin's hashpower will be rented out on pools like this. It is important for miners to choose legitimate pools.
So until now I thought that a bribe attack is just a curiosity in context of Bitcoin (it might be more relevant for alt-coins with much weaker hashpower), but today I was surprised with the fact that somebody tries to pull it off right now.
There's a post on /btc: Someone just donated 16 BTC towards Classic Hashpower. We are now at 2 Petahash/sec on Slush pool. Thank you, donator. The fund is at 30 BTC and recycling the mining rewards over and over..
This is exactly the bribe attack, but they aren't using for double-spending or DoS, but on an attempt to hard-fork Bitcoin. Basically it's an attempt to artificially prop up Classic hashpower a little, and is good only for PR. But still it's something we should be aware of, I think.
NodeCounter site the link points to is absolutely hilarious, BTW, totally recommend:
Bitcoin development has been bought out by a private company called "Blockstream". Blockstream has directed the crippling of Bitcoin in order to provide the solution, for their own future, financial gain.
(I hope moderators won't remove my post. /btc is currently being advertised in the sidebar of this subreddit, so every visitor is already one click away from learning information about "Classic Hashpower". I see absolutely no point in censoring this information.)
On topic of brigading: when I posted it initially the post was 100% upvoted, that is regular /bitcoin subscribers found it good and relevant. However a bit later upvote rate dropped to 65% and at the same time several comments defending Classic and /btc appeared. Brigading much? I don't really care what you do with hashpower (attack is just a technical term FYI, it's not necessarily morally wrong), but brigading is despicable.
submitted by killerstorm to Bitcoin [link] [comments]

Personalized Difficulty Adjustment for Countering the Double-Spending Attack in Proof-of-Work Consensus Protocols

arXiv:1807.02933
Date: 2018-07-09
Author(s): Chi-Ning Chou, Yu-Jing Lin, Ren Chen, Hsiu-Yao Chang, I-Ping Tu, Shih-wei Liao

Link to Paper


Abstract
Bitcoin is the first secure decentralized electronic currency system. However, it is known to be inefficient due to its proof-of-work (PoW) consensus algorithm and has the potential hazard of double spending. In this paper, we aim to reduce the probability of double spending by decreasing the probability of consecutive winning. We first formalize a PoW-based decentralized secure network model in order to present a quantitative analysis. Next, to resolve the risk of double spending, we propose the personalized difficulty adjustment (PDA) mechanism which modifies the difficulty of each participant such that those who win more blocks in the past few rounds have a smaller probability to win in the next round. To analyze the performance of the PDA mechanism, we observe that the system can be modeled by a high-order Markov chain. Finally, we show that PDA effectively decreases the probability of consecutive winning and results in a more trustworthy PoW-based system.

References
[1] Satoshi Nakamoto, “Bitcoin: A peer-to-peer electronic cash system,” Consulted, vol. 1, no. 2012.
[2] Ephraim Feig, “A framework for blockchain-based applications,” arXiv preprint arXiv:1803.00892, 2018.
[3] Marta Piekarska Harry Halpin, “Introduction to security and privacy on the blockchain,” in Symposium on Security and Privacy Workshops, 2017 IEEE European Symposium on. IEEE, 2017.
[4] Ayelet Sapirshtein, Yonatan Sompolinsky, and Aviv Zohar, “Optimal selfish mining strategies in bitcoin,” in Financial Cryptography and Data Security. 2017, pp. 515–532, Springer.
[5] Ghassan Karame, Elli Androulaki, and Srdjan Capkun, “Two bitcoins at the price of one? double-spending attacks on fast payments in bitcoin.,” IACR Cryptology ePrint Archive, vol. 2012.
[6] Ghassan O Karame, Elli Androulaki, Marc Roeschlin, Arthur Gervais, and Srdjan Capkun, “Misbehavior in bitcoin: A study ˇ of double-spending and accountability,” ACM Transactions on Information and System Security (TISSEC), vol. 18, no. 1.
[7] Tobias Bamert, Christian Decker, Lennart Elsen, Roger Wattenhofer, and Samuel Welten, “Have a snack, pay with bitcoins,” in Peer-to-Peer Computing (P2P), 2013 IEEE Thirteenth International Conference on. IEEE, 2013, pp. 1–5.
[8] Chrysoula Stathakopoulou, “A faster bitcoin network,” 2015.
[9] Adrian E Raftery, “A model for high-order markov chains,” Journal of the Royal Statistical Society. Series B (Methodological), pp. 528–539, 1985.
[10] Andre Berchtold and Adrian E Raftery, “The mixture tran- ´sition distribution model for high-order markov chains and non-gaussian time series,” Statistical Science, pp. 328–356, 2002.
[11] Waiki Ching, Michael K Ng, and Shuqin Zhang, “On computation with higher-order markov chains,” in Current Trends in High Performance Computing and Its Applications, pp. 15–24. Springer, 2005.
[12] Michael K Ng and WK Ching, Markov Chains: Models, Algorithms and Applications, Springer, 2006.
[13] Wen Li and Michael K Ng, “On the limiting probability distribution of a transition probability tensor,” Linear and Multilinear Algebra, vol. 62, no. 3.
[14] Jen-Hung Tseng, Yen-Chih Liao, Bin Chong, and Shih-Wei Liao, “Governance on the drug supply chain via gcoin blockchain,” International Journal of Environmental Research and Public Health, 2018.
[15] Shih-Wei Liao, Boyu Lin, and En-Ran Zhou, “Gcoin:wiki, code and whitepaper,” https://g-coin.org and github.com/OpenNetworking/gcoin-community/wiki/Gcoinwhite-paper-English, 2014.
[16] Meni Rosenfeld, “Analysis of hashrate-based double spending,” arXiv preprint arXiv:1402.2009, 2014.
[17] Joshua A Kroll, Ian C Davey, and Edward W Felten, “The economics of bitcoin mining, or bitcoin in the presence of adversaries,” in Proceedings of WEIS, 2013, vol. 2013.
submitted by dj-gutz to myrXiv [link] [comments]

Forkology 301: The Three Tiers of Investor Control over Bitcoin

DanielKrawisz's article Who Controls Bitcoin is a must-read for anyone wanting to understand how Bitcoin is governed.
This post builds on Krawisz's point - that investors hold all the cards - by describing in more detail how Bitcoin investors can exercise their control over Bitcoin through a tiered or layered structure of increasing directness and radicalness.
Tier 1: Expression of Intent
Investors simply make it known, in a credible way, that they support some change (say a bigger blocksize cap), meaning they intend to buy more BTC if the change is made in good time, and sell BTC if it is not. Then there are three ways the ecosystem can react:
(i) Core Capitulates: The Core dev team is pressured to up the blocksize cap in Core and does so in a way that satisfies investors.
(ii) Competing Implementations Arise: If Core refuses or raises the cap too slowly, other implementations like BitcoinXT spring up and miners - enticed by the additional gains through a higher BTC price - adopt it.
(iii) Bitcoin Unlimited Renders the Previous Two Moot: Bitcoin Unlimited is another implementation in development that attempts to dispense with centralized blocksize planning entirely by allowing each user to set their own blocksize cap through a pulldown menu. Set the cap too low and your node might fail to track consensus as larger blocks get into the chain; set it too high and you might waste resources dealing with blocks that will end up orphaned. Users can also set a block depth after which they will accept a block higher than their set limit only if the block gets deep enough in the chain.
This mechanism constitutes a kind of built in fork-tolerant logic.
Instead of a preset group of developers opining over the "correct" blocksize cap or an ivory-tower scheme of centrally planned "Flexcaps," the blocksize limit is an emergent property of each individual node and miner's cost/benefit analysis and priorities for their own situation, much like the price of graphite. The concept of consensus becomes more fluid, with nodes sometimes objecting to bigger blocks by refusing to relay them, thereby assuming a risk of temporarily falling out of consensus. Somewhat like the English language, consensus on the rules is emergent rather than consensus rules being handed down from Core dev.
Instead of "Concur with Core or go pound sand," Bitcoin Unlimited's consensus on blocksize is an aggregate product of each node and miner positioning themselves favorably in the market due to their own calculations of the trade-offs for their unique circumstances.
The result is expected to be a soft blocksize limit that grows dynamically as market forces (orphan rates and other incentives), transaction demand, and technology levels change, in a way that maximizes investor satisfaction and therefore BTC price and miner revenue. Miners will up the size of the blocks they mine as transaction demand grows, and as long as they do so conservatively other miners and nodes (all interested in seeing the BTC price rise) will approvingly build on and propagate these blocks. Blocks over the soft limit will be discouraged by most nodes (by definition of the term "soft limit"), but if they manage to get several blocks deep into the chain most nodes will accept them. Miners a take a risk (orphan risk) in producing these slightly oversized blocks, edging forward carefully when they believe nodes will respond approvingly because investors and users are demanding it.
If Bitcoin Unlimited catches on, Core and XT's centralized blocksize plans become relics. Investors announce their intent, ideally through a prediction market or futures market but cruder measures would also have an effect, and miners react (conservatively!) through adjusting blocksize cap (and chain depth at which they'll give in and accept an oversized block) through the pulldown menu to rake in those juicy profits. Nodes also have a voice in what they help propagate, with an interest to aid bigger blocks because of their stake in the BTC price as business owners, holders, etc.
Tier 2: Fork Arbitrage on Exchanges
This case is more radical, but it is only required if a change is too controversial for something like XT's 75% threshold to be relied upon. Here, several weeks/months before the fork is to occur, Bitcoin exchanges prepare futures contracts for, say, coins in Core and coins in XT, and let investors effectively sell their coins in Core to buy more coins in XT, or vice versa.
For example if you have 10 BTC, you would of course have 10 Core bitcoins and 10 XT bitcoins after the fork if you took no action, but if you choose to participate in the arbitrage you might sell your 10 future Core bitcoins and use them to increase your future XT bitcoin count to 15 or 20 BTC. Why would it ever be only 15 BTC? This would be the case where you entered the arbitraging late and Core bitcoin futures had already fallen to half the price of XT bitcoin futures, meaning your 10 Core BTC only buys you 5 XT BTC. [For more technical details, see Meni Rosenfeld's How I learned to stop worrying and love the fork, though he doesn't address the futures contract innovation, which further streamlines the process by giving a very strong indication of the winner before the fork even happens.]
In almost all conceivable cases a definitive winner emerges (and if not, no other method is going to do any better at determining the winner), and the other fork either dies or becomes a niche alt-protocol coin (not really an "altcoin," since it shares Bitcoin's ledger). The niche coin would likely only arise and persist if there truly were a key tradeoff being made, as some small block adherents argue. In any case, hodler purchasing power is completely preserved by default if they choose not to bet in the "forkbitrage" process, even in the event of a persistent split.
This forkbitrage process represents a more direct expression of investor will than in Tier 1. (Also, it may be possible that this process starting up would kick off Tier 1 effects that would allow the more radical measure of forbitrage to be halted early, with the exchanges returning investors' bets.)
Tier 3: Spinoff with New Hashing Algorithm
This is the most radical, because it is only required in the scenario where "miners go insane" and do something ridiculous like upping the block reward or refusing to implement obvious necessary changes like blocksize cap increases, despite investor support, and where the miners would threaten to 51% attack the investors' chosen fork in the above forkbitrage process. Of course this can only be a short term threat, since the fork winning the Tier 2 forkbitrage process would soon have far more hashpower thanks to far greater market cap, but short term matters when you could be 51% attacked.
Here the Bitcoin ledger is copied over to the investors' chosen protocol, so that all holders have the same number of coins (and same percentage of all outstanding coins) in the "new" coin, say a larger blocksize cap coin. The World Wide Ledger is preserved, which is all that should matter to investors, and the "old" Bitcoin is again sold off to nothing or goes niche. Hodler purchasing power is preserved, of course.
This is the very purest expression of investor will. Miners can be called a kind of investor, but with some complications. Spinoffs allow investors to circumvent even the miners - a radical measure for outlandish scenarios.
Tier 1 lets investors deal with attempted developer control, Tier 2 lets investors deal with controversy, and Tier 3 lets investors deal with pervasive miner irrationality. This is how investors rule the roost.

Previous Forkology posts and discussions:
Forkology 101
Forkology 201 (guest post by Peter__R)
submitted by ForkiusMaximus to btc [link] [comments]

Reflections on Bitcoin's problems over the years (can we get a sticky or sidebar link with some Lightning Network content?)

In the days before we had the luxury of worrying about Bitcoin's scaling, we focused endlessly on other problems and imperfections of the protocol. Back then, we'd talk about confirmation times. Ten minutes was far too long for much of commerce and as Meni Rosenfeld showed, the oft-repeated "I'd rather have one 10 minute block's security than five 2-minute blocks" was exactly wrong.
You learn a little more, and you realize that bitcoin's security is really all-or-nothing. Unconfirmed transactions, properly understood, are not transactions at all. Miners have no obligation to "drop" them after a few days, so the coins can disappear from your wallet even if your node has forgotten. Furthermore, the "safety" of 0-conf was widely misunderstood--the policy of honoring the first-seen transaction wasn't a consensus one, so miners have always been able to collude with double-spenders if they wanted to.
Fungibility and anonymity were other major concerns. Every single coin has a unique history and is "tainted" by it. If governments want, they can easily blacklist particular Bitcoins, be they stolen, used in the drug trade, or simply suspect. We worried about Mike Hearn's possible connections to similar "redlisting" of coins and had endless discussions about the anti-anonymous nature of the bitcoin network.
Personally, I've followed threads and topics such as this which relate to the equilibrium transaction fee when the block reward ends or reduces in value. In short, if there's no transaction backlog (and assuming competitive markets, etc), users have no incentive to pay anything more than 1 Satoshi per transaction, because larger blocks don't take more work to mine. Zero marginal cost means zero price. The Bitcoin Cash community denies this. I can provide more references if people are curious.
Over time, it's become clear to us who have been following bitcoin closely for years, and even to many of you newbies, that blockchains cannot scale through on-chain transactions (without sacrificing decentralization, which is the point: e.g. if you can't run your own node, you simply can't know if there are still only 21,000,000 bitcoins, or that you have any of them).
It turns out, all of these problems are addressed or hugely mitigated by the LN. It is such a remarkable fact that it suggests that Bitcoin is meant to be used as a fundamental settlement layer for LN transactions. Luke Dashjr seems to think so. With a little thought, it makes some sense: scaling Bitcoin is hard because you're telling the entire world to perpetually store and propagate your transactions--this also creates a public graph that can be analyzed by hackers, governments, or snoops. Almost all LN transactions are not stored, are only communicated between sender and receiver, and are onion-routed so traffic analysis is impossible. That they are communicated only between sender and receiver also means that Bitcoin's blockchain isn't needed to synchronize their transaction--thus, instant "confirmation" with no chance of double spends.
Lastly, this isn't vaporware. Right now, The (yes, The) Lightning Network is a protocol with multiple fully interoperable implementations (so all LN nodes can participate in a single network). This is the fully-realized version of what had been theorized for at least 5 years and is the solution to problems we've been complaining about for almost all of Bitcoin's existence.
For a basic intro to the LN, please read What is the Lightning Network and how can it help Bitcoin scale? and the links inside, check out Lightning Protocol 1.0: Compatibility Achieved and other info suggested by the commenters below.
submitted by joseph_miller to Bitcoin [link] [comments]

How to Get Wikipedia and Other Charities into Dogecoin

Hi Shibes!
It looks like Wikipedia now accepts BTC, and a major driver was a donor who previously pledged $8000 to them when they do accept it. Can we do this with Dogecoin? I think we can do something just as good or better.
  1. We raise several thousand dollars in Dogecoin, in a controlled donation account.
  2. Give wikipedia 1 month to accept as the account accumulates.
  3. If they don't accept, we move on to the next major, suitable charity based on votes. As the account grows and we add more charities, some big charity is bound to accept sooner rather than later. We're guaranteed lots of press no matter which way this goes.
  4. Moon, obviously.
While they ARE important, we should NOT include minor small unknown charities with this particular funding effort. It requires that whoever gets the funds generates a media buzz.
$8000 isn't that much even with out deflated prices. It would be well worth the publicity and could be an affordable way to get back on track with charitable projects.
Could this be the next big thing to get us back into fundraising?
submitted by echo85 to dogecoin [link] [comments]

Israel Bans Crypto Companies from the Tel Aviv Stock Exchange

The Tel Aviv Stock Exchange or TASE, has announced that crypto based companies are banned from the market indices. The regulation has been instituted by the Israel Securities Authority (ISA) after the authority had announced their plan for regulating cryptocurrencies in the TASE market earlier this year.
An ICO regulations and guided working manual is to be published soon this year and according to the ISA, the change of TASE regulations has no association with this new crypto update. The committee has instead issued a cautionary statement about investing and trading in cryptocurrency. ISA claims, “Such investment incurs many exceptional risks, including an absence of liquidity and ability to convert the currencies to money, exceptional price volatility, illegal activity, and risk of fraud”.
The warning from ISA further states that investor must be be prepared to face the high probability of risk from investing money, directly or indirectly, in cryptocurrency or crypto company. They elaborate on the risks of losing money and assets when it comes to the crypto market and trading in cryptocurrency as well. Many banks like the Bank of Israel, do not categorise cryptocurrency like Bitcoin as a valid type of currency but rather as an asset.
Anat Guetta, the chair of ISA, has held the post from January this year and has already taken her stance on cryptocurrency. She states that barring crypto companies from TASE will safeguard the market against passive investors that are prone to such risks. She further warns of the volatile environment surrounding crypto investment and high risk of losing money in this market. As per the new regulation, the ISA will review the regulations in TASE and block out any company related to cryptocurrency. This means that any business, exchange, platform, or company that allows investing, trading, and mining of crypto coins like Bitcoin, Ether, and other Altcoins will be restricted from investing in TASE. This regulation is temporary for the length of this year, until it is reviewed again and reinstated or not based on the market projections and developments. Chairman of the Israel Bitcoin Association, Meni Rosenfeld, responded to the new regulations on cryptocurrency, by stating, “There are indeed several risks in investing in digital currencies, and people should take them into account in order to make wise decisions. Investing in this sector is not suitable for everyone; it is only for those who understand both the potential and the risks”.
submitted by moneytradecoin to u/moneytradecoin [link] [comments]

REPOST from November 2015: "Forkology 301: The Three Tiers of Investor Control over Bitcoin - Tier 1: Expression of Intent; Tier 2: FORK ARBITRAGE ON EXCHANGES; Tier 3: Spinoff with New Hashing Algorithm" ~ u/ForkiusMaximus

This is one of the most important posts from u/ForkiusMaximus - and it is highly relevant today, now that exchanges (such as ViaBTC) have already started allowing investors to do "fork futures" or "fork arbitrage" trading - putting their money where their mouth is, to invest in Bitcoin-Cash versus Bitcoin-SegWit.
https://np.reddit.com/btc/comments/3t4kbk/forkology_301_the_three_tiers_of_investor_control/
Tier 2: Fork Arbitrage on Exchanges
This case is [...] only required if a change is too controversial for something like XT's 75% threshold to be relied upon. Here, several weeks/months before the fork is to occur, Bitcoin exchanges prepare futures contracts for, say, coins in Core and coins in XT, and let investors effectively sell their coins in Core to buy more coins in XT, or vice versa.
For example if you have 10 BTC, you would of course have 10 Core bitcoins and 10 XT bitcoins after the fork if you took no action, but if you choose to participate in the arbitrage you might sell your 10 future Core bitcoins and use them to increase your future XT bitcoin count to 15 or 20 BTC. Why would it ever be only 15 BTC? This would be the case where you entered the arbitraging late and Core bitcoin futures had already fallen to half the price of XT bitcoin futures, meaning your 10 Core BTC only buys you 5 XT BTC. [For more technical details, see Meni Rosenfeld's How I learned to stop worrying and love the fork, though he doesn't address the futures contract innovation, which further streamlines the process by giving a very strong indication of the winner before the fork even happens.]
In almost all conceivable cases a definitive winner emerges (and if not, no other method is going to do any better at determining the winner), and the other fork either dies or becomes a niche alt-protocol coin (not really an "altcoin," since it shares Bitcoin's ledger). The niche coin would likely only arise and persist if there truly were a key tradeoff being made, as some small block adherents argue. In any case, hodler purchasing power is completely preserved by default if they choose not to bet in the "forkbitrage" process, even in the event of a persistent split.
This forkbitrage process represents a more direct expression of investor will than in Tier 1. (Also, it may be possible that this process starting up would kick off Tier 1 effects that would allow the more radical measure of forbitrage to be halted early, with the exchanges returning investors' bets.)
submitted by ydtm to btc [link] [comments]

Most alt-coins are NOT secure enough, they exist only for entertainment and speculation (Taken from /r/Bitcoin)

TL;DR IMO this guy hates alt-coins.
OP: http://www.reddit.com/Bitcoin/comments/22aw8c/most_altcoins_are_not_secure_enough_they_exist/
(I believe this needs to be posted to /bitcoin[1] as Bitcoin users/enthusiasts need to know the difference between Bitcoin and other cryptocurrencies. About author: I'm subscribed to /bitcoin[2] since 2011, and have been involved in cryptocurrency security research for several years.)
Let's talk about security aspect of cryptocurrencies. I'm afraid an average user knows very little about this topic: he might know that hashrate is needed to protect the blockchain, and that higher hashrate is better, as it implies that attacker needs to spend more to get control of the blockchain.
But there is a plenty of other kinds of attacks (or, rather, economic models of attacks), some of which have much higher practical significance.
Let's start with something simple: there is a straightforward and rigorous model of double-spending attack under condition that attacker has a fraction of total network's hashrate. I highly recommend Meni Rosenfeld's Analysis of hashrate-based double-spending paper (PDF[3] ).
The main takeaway from this paper is that "maximal safe transaction value" is directly proportional to block reward (i.e. amount of coins miners get for each block). It is easy to understand this intuitively: bigger reward means that miners get more money from normal mining, so they will be reluctant to try double-spending attacks. On the other hand, if block reward was negligible, double-spending could be a lucrative source of revenue.
Let's look at numbers: if attacker controls 26% of hashrate and number of confirmations is 6, maximal safe transaction value is 1113 BTC when block reward is 25 BTC. This is pretty cool: you only need to wait 1 hour to make sure you irreversibly received half million USD worth of bitcoins (I assume exchange rate of $450 (Ɖ960k) for 1 Bitcoin).
However, situation is pretty different for alt-coins which have much less valuable block rewards. For example, imagine there is a Foocoin with exchange rate of $1 (Ɖ2.1k) for 1 Foocoin. If Foocoin's block reward is also 25 foocoins, then max save transaction value for 6 confirmations is only $1113 (Ɖ2.4M) USD worth of Foocoins. It doesn't look like Foocoin is suitable for commerce, does it? One could say that Foocoin simply requires larger number of confirmations for larger transactions. But that's wrong: higher number of confirmations helps only under condition that attacker is unable to obtain more than 50% of total hashrate, but for most alt-coins it isn't true.
First of all, let's note that so-called miners simply rent their equipment to "mining pool operators" and are paid in crypto-currency for it. In many cases they don't even care what cryptocurrency they mine as long as they are being paid. See Middlecoin[4] : This pool automatically mines the most profitable scrypt coin, automatically exchanges those coins for bitcoins, and pays out entirely in bitcoins.
So, miners who mine using Middlecoin do not know if their equipment is being used to mine Litecoins or Dogecoins or something else. And they wouldn't care if it is used for attacks on alt-coins, as they are being paid in bitcoins. Let's consider a scenario where Middlecoin-like pool has higher hashrate than Foocoin, e.g. Middlecoin (not Middlecoin specifically, but any pool like that) has 20 GH/s, while Foocoin has 10 GH/s. Here's how one can profit from it:
  1. Buy $1M worth of Foocoins, get them into your wallet.
  2. Make an agreement with Middlecoin: you rent they hashrate for a couple of hours, paying them in bitcoin, slightly above what most profitable alt-coin yields.
  3. Send your foocoins to exchange Bar.
  4. Start mining a private chain which has a double-spend transaction which sends coins to exchange Baz.
  5. After your transaction gets 10 confirmations on the normal chain, convert foocoins to bitcoins on Bar and withdraw them immediately.
  6. After withdrawal transaction is confirmed on Bitcoin network (and thus cannot be reversed), you release the private chain you have mined, causing reorganization. You should have mined 20 blocks by then under if Middlecoin has hashrate which is twice higher than normal Foocoin's hashrate.
  7. Your deposit to exchange Baz is now confirmed, converl your foocoins to bitcoins again, and withdraw immediately. A day later 20 blocks you have mined will get mature, and you'll be able to sell them too.
If Foocoin price doesn't change in process, you can get approximately $1M profit on this attack, as cost of renting a mining pool is approximately equal to value of mined blocks.
In practice, you'll lose some money due to lack of liquidity on exchanges, so profit will be less than $1M.
The conclusion we get from this analysis is that alt-coins which have only a small fraction of total hashrate for a certain mining algorithm are extremely non-secure. And they cannot grow big: as soon as exchanges will have enough liquidity, it will be possible to perform the attack I described, which will result in the price drop.
So almost all alt-coins are simply not suitable for any kind of "real economy" applications. They are doomed to have high volatility, shallow markets, low "max safe transaction value".
One can't deny the fact that it is possible to make money on alt-coins. But that's just gambling. And people who create new alt-coins are in same position as people who build casinos. It is a business, but it is the entertainment sector, not in 'real economy' or 'financial' sectors as some people are trying to pretend.
Bitcoin is one of few cryptocurrencies which are actually serious. It isn't perfect, but attacking Bitcoin is very hard, so transactions worth millions of dollars can be confirmed in matter of hours. Same cannot be said about alt-coins, and this situation won't change unless new cryptocurrency designs will be found.
If there is an alt-coin which is more-or-less secure, it is probably Litecoin. Its hashrate is a significant fraction of total scrypt hashrate, so attacking Litecoin is hard. Interestingly, at some point Dogecoin's hashrate was higher than Litecoin's but it dropped after block reward have dropped. So, again, block reward is important for security.
This has dire implications for alt-coins which have short block reward schedules. If all coins will be mined in two years, this mean that alt-coin will be dead in two years.
(It's worth noting that same problem might affect Bitcoin in future, like in 10 years or so.) Now there is a question: Is there a way to make multiple currencies all of which will be secure? Probably. There are several approaches:
submitted by ijmolder93 to dogecoin [link] [comments]

[GDG TLV] Past, Present and Future of Bitcoin - Ron Gross, Meni Rosenfeld (Bitcoil) LessWrong - Bitcoin, Chess AI and the Solstice (Hebrew, 19.12.2017) 46. BITCOIN 2013 - Day 3 - Mining Pool Reward Methods, part 2of3 Meni Rosenfeld - Early Days of Bitcoin Mining Mining Pool Reward Methods Meni Rosenfeld Technion Cyber and Computer Security Summer School

Meni Rosenfeld Bitcoil 4/2/2013 Written by Meni Rosenfeld 1 . Bitcoin adoption (Jan 2013) Bitcoin “Market capitalization”: $200M Users: 100K Bitcoin-accepting businesses: 2000, including Wordpress.com Freelancers, server hosting, software, books, clothing, video games, electronics, groceries, car accessories, ad networks, restaurants… Accepting donations: FSF, Wikileaks, Internet Archive ... Meni Rosenfeld After being exposed to Bitcoin in March 2011, he has focused exclusively on activity in this field. He has established the Bitcoin community in Israel, founded Israel's first Bitcoin exchange service, and performed mathematical research on the algorithms that underlie the functioning of the Bitcoin and blockchain system. Meni Rosenfeld Bitcoil 30/7/2013 Written by Meni Rosenfeld 1 . Bitcoin is a currency ... Limited supply –no built -in long term monetary and price inflation No chargebacks International Usable by weak/small countries Pseudonymous Public ledger Advanced applications 30/7/2013 Written by Meni Rosenfeld 6 . Inflation schedule 30/7/2013 Written by Meni Rosenfeld 7 . Bitcoin adoption (July 2013 ... In response, Meni Rosenfeld, Chairman of the Israeli Bitcoin Association, said that if the Bitcoin fee is too low, miners' funding will be insufficient, and if it is too high, BTC will be less useful. Generally, the Bitcoin fee growth rate is low, which can be a positive sign (of the price increase), but if it gets too high, you need to seriously consider the new solution. The conference took place on 28 March 2018. Sixteen countries have previously hosted the Blockchain & Bitcoin Conferences since Smile-Expo began hosting them in 2014. The post “Bitcoin Has Matured”: Meni Rosenfeld On Bitcoin In Israel appeared first on BitcoinNews.com.

[index] [25756] [43326] [39363] [33764] [39098] [706] [34616] [11525] [12999] [26720]

[GDG TLV] Past, Present and Future of Bitcoin - Ron Gross, Meni Rosenfeld (Bitcoil)

The lecture took place in the Inside Bitcoins Tel Aviv 2014 conference, organized by the Israeli Bitcoin Association and Buzz Productions, on October 19-20, 2014. Slides (for the entire conference ... Follow this channel for in-depth live interviews with various influencers in Bitcoin, crypto & blockchain. Email me at [email protected] for any feedback, ... Meni Rosenfeld is Founder of Bitcoil and Chairman of the Israeli Bitcoin Association. Having organized several meetups and conferences in Israel, he is a very active member of the Israeli Bitcoin ... 00:00 - Opening words and intro to LessWrong (Joshua Fox) 02:40 - Prehistory and governance of Bitcoin (Meni Rosenfeld) 37:07 - How traditional Chess engines work (Meni Rosenfeld) 1:33:39 - Notes ... This video is unavailable. Watch Queue Queue. Watch Queue Queue

#