"This isn't the kind of software where we can leave so many unresolved bugs that we need a tracker for them." -- Satoshi ertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertised sites are not endorsed by the Bitcoin Forum. They maybe unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.

AgentofCoin



Offline



Activity: 1092

Merit: 1001









LegendaryActivity: 1092Merit: 1001 Re: The Golden Ratio Attack. Blocks more than half full lead to mining monopoly. July 15, 2015, 11:02:00 PM #2 Thank you for posting this.

I agree with most of what you are saying and surprised other higher level members (such as yourself and higher),

have not created threads in reference to this crucial topic.



Also, could you do a TL:DR at the beginning or end of your post?

Certain users will gloss over your explanation and I believe will be helpful to gather discussion. I support a decentralized & unregulatable ledger first, with safe scaling over time.

Request a signed message if you are associating with anyone claiming to be me.

AgentofCoin



Offline



Activity: 1092

Merit: 1001









LegendaryActivity: 1092Merit: 1001 Re: The Golden Ratio Attack. Blocks more than half full lead to mining monopoly. July 15, 2015, 11:33:43 PM #5 Quote from: Cryddit on July 15, 2015, 11:22:14 PM They hadn't had a chance to yet; you responded only fifteen minutes or so after me.

I should have been more clear.

I believe that there was funny business going on with the recent "stress test".

There were users going here and there stating their opinions as to whether it was financially profitable or not (extra fees).

Many said that it was not. I stated it was very profitable if a miner was preforming this.

Most users here like to think it was the banks trying to "takedown bitcoin a few notches", or etc.



But from what I have seen, not many higher level or knowledgeable users actually weighed in on this/the topic.

You have created a well written post that I hope to see more discussion and in depth study by those who have such ability.







I should have been more clear.I believe that there was funny business going on with the recent "stress test".There were users going here and there stating their opinions as to whether it was financially profitable or not (extra fees).Many said that it was not. I stated it was very profitable if a miner was preforming this.Most users here like to think it was the banks trying to "takedown bitcoin a few notches", or etc.But from what I have seen, not many higher level or knowledgeable users actually weighed in on this/the topic.You have created a well written post that I hope to see more discussion and in depth study by those who have such ability. I support a decentralized & unregulatable ledger first, with safe scaling over time.

Request a signed message if you are associating with anyone claiming to be me.

AgentofCoin



Offline



Activity: 1092

Merit: 1001









LegendaryActivity: 1092Merit: 1001 Re: The Golden Ratio Attack. Blocks more than half full lead to mining monopoly. July 15, 2015, 11:58:11 PM #6 Quote from: Cryddit on July 15, 2015, 11:47:31 PM Quote from: AgentofCoin on July 15, 2015, 11:33:43 PM

There were users going here and there stating their opinions as to whether it was financially profitable or not (extra fees).

Many said that it was not. I stated it was very profitable if a miner was preforming this.

Most users here like to think it was the banks trying to "takedown bitcoin a few notches", or etc.



But from what I have seen, not many higher level or knowledgeable users actually weighed in on this/the topic.

You have created a well written post that I hope to see more discussion and in depth study by those who have such ability.





Yeah, I'd seen the conspiracy theories. You get that when people think that they're part of a rebellion and the whole world is trying to stop them.



But the people wondering whether it was financially profitable or not, just hadn't gotten around to doing the math. I actually did the math (I analyze attacks on crypto systems all the time) and went, holy crap, that's a lot less than the 51% everyone's been scared of.

Yeah, I'd seen the conspiracy theories. You get that when people think that they're part of a rebellion and the whole world is trying to stop them.But the people wondering whether it was financially profitable or not, just hadn't gotten around to doing the math. I actually did the math (I analyze attacks on crypto systems all the time) and went, holy crap, that's a lot less than the 51% everyone's been scared of.

Yes. I'm not a programmer nor good enough at math to do the heavy lifting. Thank you for your work. Yes. I'm not a programmer nor good enough at math to do the heavy lifting. Thank you for your work. I support a decentralized & unregulatable ledger first, with safe scaling over time.

Request a signed message if you are associating with anyone claiming to be me.

teppy



Offline



Activity: 184

Merit: 101







Full MemberActivity: 184Merit: 101 Re: The Golden Ratio Attack. Blocks more than half full lead to mining monopoly. July 16, 2015, 02:00:46 AM #12 So if I'm understand this correctly, a miner's profit using the outlined attack is as follows. Note that currently no transaction fees are "burned" - miners keep all of them.



L=Share of legitimate transactions

H=Share of hashing amount that the attacker controls

B=Share of the fees that must be burned



Profit=(L*H*(1-B))-(1-L)*(1-H)



Suppose there was a change to the Bitcoin protocol as follows: Every newly mined block must send half the transaction fees to a "burn" address. So we'll increase B from 0 (current protocol) to 1/2:



Under the original example L=2/3, H=1/2, B=0 and so Profit=1/6



Under the proposed change L=2/3, H=1/2, B=1/2 and so Profit=0



However, as L approaches 1 it doesn't matter how high you set B to, there is still profit to be extracted from this attack.



Setting B=0.5 protects the network from attacks where L<2/3, whereas before the network was only safe where L<1/2, so it's an improvement, but not the final solution.



Thoughts? Dragon's Tale is the longest running Bitcoin enterprise in the world.

coins101



Offline



Activity: 1456

Merit: 1000









LegendaryActivity: 1456Merit: 1000 Re: The Golden Ratio Attack. Blocks more than half full lead to mining monopoly. July 16, 2015, 02:15:52 AM #14 This doesn't pass the prisoner's dilemma test.



Creating a backlog to increase fees can be profitable. But while on paper this is the best outcome, it is not the optimal outcome as your investment in the mining capacity and your longer-term ROI will be diminished because you would end up impacting the confidence in the system that you want to profit from.



The most profitable monopolistic and selfish outcome is therefore not the most optimal outcome.

Mikestang



Offline



Activity: 1274

Merit: 1000









LegendaryActivity: 1274Merit: 1000 Re: The Golden Ratio Attack. Blocks more than half full lead to mining monopoly. July 16, 2015, 03:30:05 AM #16 Quote from: CanaryInTheMine on July 16, 2015, 03:18:49 AM This is very interesting and informative... I wouldn't mind seeing more detailed math behind this



Yes, the math would be very nice to see. It's an interesting theory, but it needs evidence (or in math you'd call it a proof I guess) to support it and make it more than a well thought out post.



If "someone" is doing this on purpose than there's less than a handful of someones that could be. That certainly narrows down the suspect list...



One thing that comes to mind, though, is that some of the pools capable of this also mine empty blocks and I'm not sure that helps an attack as described. Yes, the math would be very nice to see. It's an interesting theory, but it needs evidence (or in math you'd call it a proof I guess) to support it and make it more than a well thought out post.If "someone" is doing this on purpose than there's less than a handful of someones that could be. That certainly narrows down the suspect list...One thing that comes to mind, though, is that some of the pools capable of this also mine empty blocks and I'm not sure that helps an attack as described.

interfect



Offline



Activity: 143

Merit: 100







Full MemberActivity: 143Merit: 100 Re: The Golden Ratio Attack. Blocks more than half full lead to mining monopoly. July 16, 2015, 03:34:22 AM #17 I don't get how this is supposed to work.



It looks like someone with a minimum share of the hashing power can enforce a minimum fee, up to the point where the total fee paid by legitimate transactions willing to accept that minimum drops off. The miner enforcing the minimum fee can flood the network with transactions paying just below that fee, and get back a sufficient portion of their own transaction fees that the fees they pay in spam transactions mined by others are balanced by the fees they earn from legitimate transactions.



I fail to see how this results in that miner achieving a monopoly. The other miners will be enjoying the benefits of the higher minimum fee, and will collect some of the fees from spam transactions, without having to pay for any spam transactions of their own. So whatever profit the attacking miner is making, the other miners will be making more.



At best, this attack allows a sizable minority group of miners to engage in price fixing without running out of money, under the constraint that legitimate transactions are still wiling to pay enough to fill half the block.

gmaxwell

Legendary



Offline



Activity: 3178

Merit: 4301









StaffLegendaryActivity: 3178Merit: 4301 Re: The Golden Ratio Attack. Blocks more than half full lead to mining monopoly. July 16, 2015, 03:36:45 AM

Last edit: July 16, 2015, 04:28:07 AM by gmaxwell #18



The scheme you describe is scale-free; I see you clarified in later messages that you think the "solution" is dyanmic controls rather than a removal of limit but the bold increase blocksize response in your initial is quite confusing-- more than half your text is spent spinning hyperbole, it would have been much more useful to spend that text on describing what you're actually talking about.



Perhaps most importantly, it does not make a case that the attacker produces increased income relative to his hashpower. Consider:



Lets imagine your mine with half hashpower. Lets imagine that a block can contain 6000 transactions. Attacker has 1/2 hashpower. Offered load is 4000 tx/block.



Attacker crafts 2000/tx block at 1coin/tx fee level. Making the rest match him (plus episilon, which we'll disregard).



His average cost for spam is 1000 coin/block (2000 * 1-rate).

His average income is 2000 coin/block (4000 * rate). (He doesn't get income from his spam, he saves its cost however; see prior line)

His net income is 1000 coins/block, on average.



Now consider the consolidation of other miners:

Their average cost for spam is 0.

Their average income is 3000 coin/block (6000 * (1-rate)).

Their net income is 3000 coin/block.



Both groups have 50% hashrate, so the non-attacking miner has a fee income of three times greater the attacking miner per unit hashrate!



Normalized for hashrate thats 2000 vs 6000.



----

Lets instead imagine that there is also a backlog of fees episilon beflow the attackers floor, and he mines those instead of his own and that doing this doesn't somehow eliminate the floor effect:



Attacker average cost for spam is 1000 coin/block (2000*1-rate)

Attacker income is 3000 coin/block (6000 * rate)

Attacker net income is slightly under 2000 coins/block, on average.



Honest miners cost for spam 0.

Honest miners income is 3000 coins/block (6000*(1-rate))

Their net income is 3000 coins/block.



Again doesn't work.



----

We can work this for any other size, say and attacker with 40%:



Attacker cost for spam is 1200 coin/block (2000*(1-rate))

Attacker income is 1600 coin/block (4000*rate)

Attacker net income is 400 coin/block



Honest miners cost for spam is 0 coin/block

Honest miner income is 3600 coin/block (6000*(1-rate))

Honest miner net income is 3600 coin/block.



Normalized for rate, thats 1000 vs 6000.



---



Finally, we already know that the system is not incentive compatible when a single party (or collaborating conspiracy) has more than 1/3rd of the hashrate:





Quote from: interfect on July 16, 2015, 03:34:22 AM At best, this attack allows a sizable minority group of miners to engage in price fixing without running out of money, under the constraint that legitimate transactions are still wiling to pay enough to fill half the block.

Exactly, like anyone they can generate transactions to drive up fees; large miner hashpower gets a discount on fees; but they still lose funds; and everyone else shares the income. On the facts the above desciption doesn't describe behavior in the network at the moment-- e.g. backlog isn't there, and substantial amounts of the funds that went into the DOS attack paid for outputs, not fees.The scheme you describe is scale-free; I see you clarified in later messages that you think the "solution" is dyanmic controls rather than a removal of limit but the bold increase blocksize response in your initial is quite confusing-- more than half your text is spent spinning hyperbole, it would have been much more useful to spend that text on describing what you're actually talking about.Perhaps most importantly, it does not make a case that the attacker produces increased income relative to his hashpower. Consider:Lets imagine your mine with half hashpower. Lets imagine that a block can contain 6000 transactions. Attacker has 1/2 hashpower. Offered load is 4000 tx/block.Attacker crafts 2000/tx block at 1coin/tx fee level. Making the rest match him (plus episilon, which we'll disregard).His average cost for spam is 1000 coin/block (2000 * 1-rate).His average income is 2000 coin/block (4000 * rate). (He doesn't get income from his spam, he saves its cost however; see prior line)His net income is 1000 coins/block, on average.Now consider the consolidation of other miners:Their average cost for spam is 0.Their average income is 3000 coin/block (6000 * (1-rate)).Their net income is 3000 coin/block.Both groups have 50% hashrate, so the non-attacking miner has a fee income of three times greater the attacking miner per unit hashrate!Normalized for hashrate thats 2000 vs 6000.----Lets instead imagine that there is also a backlog of fees episilon beflow the attackers floor, and he mines those instead of his own and that doing this doesn't somehow eliminate the floor effect:Attacker average cost for spam is 1000 coin/block (2000*1-rate)Attacker income is 3000 coin/block (6000 * rate)Attacker net income is slightly under 2000 coins/block, on average.Honest miners cost for spam 0.Honest miners income is 3000 coins/block (6000*(1-rate))Their net income is 3000 coins/block.Again doesn't work.----We can work this for any other size, say and attacker with 40%:Attacker cost for spam is 1200 coin/block (2000*(1-rate))Attacker income is 1600 coin/block (4000*rate)Attacker net income is 400 coin/blockHonest miners cost for spam is 0 coin/blockHonest miner income is 3600 coin/block (6000*(1-rate))Honest miner net income is 3600 coin/block.Normalized for rate, thats 1000 vs 6000.---Finally, we already know that the system is not incentive compatible when a single party (or collaborating conspiracy) has more than 1/3rd of the hashrate: http://arxiv.org/abs/1311.0243 (The results below 1/3rd require information asymetry advantages which are handwavy, but at 1/3rd or beyond no such asymetry is required)-- though such attacks are highly conspicious.Exactly, like anyone they can generate transactions to drive up fees; large miner hashpower gets a discount on fees; but they still lose funds; and everyone else shares the income.