[continued from above]



Does the miner gain an advantage?

But what if the effect is not zero?

1 - e^-(1 sec / 600 sec) = 0.167%.

​

[1]

Iterative Prisoner's Dilemma Games

Optimistic Mining Kills the 'Attack' Completely

Incremental Progress

[1] The cost of the attack includes the cost to find the collisions, the transactions fees consumed, and the change to the net present value of the miner's goodwill and its future revenue streams.

Not really. Xthin is intended for block relay across the P2P network. Miners presently rely mostly on the centralized Corallo Relay Network , and in they future we hope they use a decentralized method built into the client such as Bitcoin Unlimited's eXpedited service (which is a service that results in faster block propagation times than Xthin but at the expense of increased bandwidth consumption). Adding a second to the per-hop propagation time between certain pairs of non-miningdoes not significantly affect the time it takes blocks to propagate tothus a miner has little motivation to conduct this "attack."Instead of assuming that slowing block propagation tohason block propagation to, let's assume it has(perhaps miners begin to use Xthin between each other prior to the release of eXpedited): let's assume that adding 1 second to the per-hop block propagation times between non-miningalso adds 1 second to the block relay time to(although I suspect it would be significantly less than that).How much advantage does the miner gain by slowing down his competitors' blocks by 1 second? To answer that, we use the Andresen orphaning factor (also explored here ):The attacking miner would have a 0.167% advantage. A miner controlling 10% of the hash rate earns 10%*6*24*25 = 360 BTC per day. At a price of $500 / BTC, that's $180,000 per day in revenue. Bypulling off this attack, the expectation value of the miner's revenue would increase by 0.167%*180,000 = $300 per day. Including variance (luck), instead of averaging $180,000 +/- $45,000 per day, he'll average $180,300 +/- $45,000 per day instead. If the cost of the attackis less than $300 per day (unlikely IMO), itbe worthwhile to attempt (although it still wouldn't hurt the network).Maxwell's collision attack against Bitcoin Unlimited is unlikely to be profitableit succeeds; however, other types of attacks (the most well-known being the Selfish Mining Attack carefully described by Eyal and Sirer in their influential paper)could be profitable. Yet for some reason, even these attacks do not seem to occur.There is a general class of attacks against Bitcoin that appear to be valid if (a) a single miner is considered in isolation, and (b) a narrow definition of rational behaviour is assumed. To first order, this class of attack can be modelled as an iterative prisoner's dilemma . What these attacks have in common is that it is in the group's best interested for every miner to cooperate, yet each miner can increase his expected revenue regardless of what the other miners do by defecting. This is illustrated in the decision table below.If the miner defects and the other miners do not, then he is ahead by 1 - C where C is the cost of the attack (assuming C is less than 1). Similarly, if he defects and the other miners also defect, he is still ahead by 1 - C. Therefore, a rational miner will always defect if the attack cost is less than the gain, and the Nash Equilibrium is thatminers defect. The result is that all miners are worse off than if none had defected, while Bitcoin chugs along fine.So why doesn't this happen? A large body of research (e.g., see here ) has shown that humans actinstead of rationally in these types of iterative prisoner's dilemma games. That is, each member of the group learns that by cooperating they are better off than by attacking. Members that do attack on a given "round" of the game are punished by the others on subsequent rounds. Cooperative players tend to beat "nasty players." Bitcoin mining adds another data point here: to date there has not been a documented case of Selfish Mining.If the arguments above haven't convinced you that the attack is silly and pointless, this argument (courtesy of Tom Zander) will: Any miner cangain a greater advantage by simply mining off the quickly-propagated block headers. Conversely, any miner can overcome the 'attack' by optimistic mining off the block headers.In the unlikely case that this "attack" is seen in the wild (and in the even unlikelier case that it causes even a small problem), it is straightforward to eliminate it completely by salting the transactions hashes. However, this is a tradeoff as it comes at the cost of increased code complexity and CPU bandwidth.Let's make incremental progress and deal with obstacles as they arise.