diff options
| author | Peter Todd <pete@petertodd.org> | 2014-01-10 06:11:28 -0500 |
|---|---|---|
| committer | bitcoindev <bitcoindev@gnusha.org> | 2014-01-10 11:11:45 +0000 |
| commit | f1c04f563a6dc873515545f52296a3c353f967fd (patch) | |
| tree | 8d9fa91d34f4767fd1200b9159d0dd3f6eae1a65 | |
| parent | 34297e01706c83f2d426f247bd29aa406610dd0f (diff) | |
| download | pi-bitcoindev-f1c04f563a6dc873515545f52296a3c353f967fd.tar.gz pi-bitcoindev-f1c04f563a6dc873515545f52296a3c353f967fd.zip | |
Re: [Bitcoin-development] The insecurity of merge-mining
| -rw-r--r-- | 00/3696c65f777a0a1ed41d69da216203ad4e6619 | 175 |
1 files changed, 175 insertions, 0 deletions
diff --git a/00/3696c65f777a0a1ed41d69da216203ad4e6619 b/00/3696c65f777a0a1ed41d69da216203ad4e6619 new file mode 100644 index 000000000..93429814e --- /dev/null +++ b/00/3696c65f777a0a1ed41d69da216203ad4e6619 @@ -0,0 +1,175 @@ +Received: from sog-mx-2.v43.ch3.sourceforge.com ([172.29.43.192] + helo=mx.sourceforge.net) + by sfs-ml-2.v29.ch3.sourceforge.com with esmtp (Exim 4.76) + (envelope-from <pete@petertodd.org>) id 1W1a09-0001fi-53 + for bitcoin-development@lists.sourceforge.net; + Fri, 10 Jan 2014 11:11:45 +0000 +Received-SPF: pass (sog-mx-2.v43.ch3.sourceforge.com: domain of petertodd.org + designates 62.13.148.102 as permitted sender) + client-ip=62.13.148.102; envelope-from=pete@petertodd.org; + helo=outmail148102.authsmtp.net; +Received: from outmail148102.authsmtp.net ([62.13.148.102]) + by sog-mx-2.v43.ch3.sourceforge.com with esmtp (Exim 4.76) + id 1W1a07-0000qp-Vg for bitcoin-development@lists.sourceforge.net; + Fri, 10 Jan 2014 11:11:45 +0000 +Received: from mail-c235.authsmtp.com (mail-c235.authsmtp.com [62.13.128.235]) + by punt14.authsmtp.com (8.14.2/8.14.2) with ESMTP id s0ABBZ6i063475; + Fri, 10 Jan 2014 11:11:35 GMT +Received: from savin (76-10-178-109.dsl.teksavvy.com [76.10.178.109]) + (authenticated bits=128) + by mail.authsmtp.com (8.14.2/8.14.2/) with ESMTP id s0ABBSnr001889 + (version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-SHA bits=128 verify=NO); + Fri, 10 Jan 2014 11:11:30 GMT +Date: Fri, 10 Jan 2014 06:11:28 -0500 +From: Peter Todd <pete@petertodd.org> +To: Jorge =?iso-8859-1?Q?Tim=F3n?= <jtimon@monetize.io> +Message-ID: <20140110111128.GC25749@savin> +References: <CAMkFLsSwKEiEtV1OaAsGPiU8iAWbb77fDNJDmRwbgKnZ_kjG6Q@mail.gmail.com> + <20131230232225.GA10594@tilt> <201312310114.05600.luke@dashjr.org> + <20140101045342.GA7103@tilt> + <CAC1+kJPTYzvU4ngFspvULDMvQK4ckkM719Y+_hx272PCU3amyg@mail.gmail.com> + <20140103210139.GB30273@savin> + <CAC1+kJNM=67Yw0Rde9y7H0v0x07MsWmh6oK++hDtsKEmLtqcNg@mail.gmail.com> + <20140106154456.GA18449@savin> + <CAC1+kJPjj1N59PbAKyymwcF3DC6x4Ra+z8LKdzae4oUvmpERCA@mail.gmail.com> +MIME-Version: 1.0 +Content-Type: multipart/signed; micalg=pgp-sha256; + protocol="application/pgp-signature"; boundary="3siQDZowHQqNOShm" +Content-Disposition: inline +In-Reply-To: <CAC1+kJPjj1N59PbAKyymwcF3DC6x4Ra+z8LKdzae4oUvmpERCA@mail.gmail.com> +User-Agent: Mutt/1.5.21 (2010-09-15) +X-Server-Quench: f59d7679-79e7-11e3-b802-002590a15da7 +X-AuthReport-Spam: If SPAM / abuse - report it at: + http://www.authsmtp.com/abuse +X-AuthRoute: OCd2Yg0TA1ZNQRgX IjsJECJaVQIpKltL GxAVKBZePFsRUQkR + aQdMdwIUElQaAgsB AmIbWlVeUVx7WmI7 bAxPbAVDY01GQQRq + WVdMSlVNFUsrAW1z dH1AEBlydg1OcTBy Z0JqVj4NWU0uckB6 + S1NTHDgBeGZhPWMC AkhYdR5UcAFPdx8U a1UrBXRDAzANdhES + HhM4ODE3eDlSNilR RRkIIFQOdA43HjN0 RhYZED4yB0wZVm00 + IVQjJ0QTEQMUM0Mz N1RJ +X-Authentic-SMTP: 61633532353630.1023:706 +X-AuthFastPath: 0 (Was 255) +X-AuthSMTP-Origin: 76.10.178.109/587 +X-AuthVirus-Status: No virus detected - but ensure you scan with your own + anti-virus system. +X-Spam-Score: -1.5 (-) +X-Spam-Report: Spam Filtering performed by mx.sourceforge.net. + See http://spamassassin.org/tag/ for more details. + -1.5 SPF_CHECK_PASS SPF reports sender host as permitted sender for + sender-domain + -0.0 SPF_PASS SPF: sender matches SPF record +X-Headers-End: 1W1a07-0000qp-Vg +Cc: bitcoin-development@lists.sourceforge.net +Subject: Re: [Bitcoin-development] The insecurity of merge-mining +X-BeenThere: bitcoin-development@lists.sourceforge.net +X-Mailman-Version: 2.1.9 +Precedence: list +List-Id: <bitcoin-development.lists.sourceforge.net> +List-Unsubscribe: <https://lists.sourceforge.net/lists/listinfo/bitcoin-development>, + <mailto:bitcoin-development-request@lists.sourceforge.net?subject=unsubscribe> +List-Archive: <http://sourceforge.net/mailarchive/forum.php?forum_name=bitcoin-development> +List-Post: <mailto:bitcoin-development@lists.sourceforge.net> +List-Help: <mailto:bitcoin-development-request@lists.sourceforge.net?subject=help> +List-Subscribe: <https://lists.sourceforge.net/lists/listinfo/bitcoin-development>, + <mailto:bitcoin-development-request@lists.sourceforge.net?subject=subscribe> +X-List-Received-Date: Fri, 10 Jan 2014 11:11:45 -0000 + + +--3siQDZowHQqNOShm +Content-Type: text/plain; charset=iso-8859-1 +Content-Disposition: inline +Content-Transfer-Encoding: quoted-printable + +On Thu, Jan 09, 2014 at 06:19:04PM +0100, Jorge Tim=F3n wrote: +> On 1/6/14, Peter Todd <pete@petertodd.org> wrote: +> > On Sat, Jan 04, 2014 at 01:27:42AM +0100, Jorge Tim=F3n wrote: +> > It's not meant to prove anything - the proof-of-sacrificed-bitcoins +> > mentioned(*) in it is secure only if Bitcoin itself is secure and +> > functional. I referred you to it because understanding the system will +> > help you understand my thinking behind merge-mining. +> > +> > *) It also mentions proof-of-sacrificed-zerocoins which *is* distinct +> > because you're sacrificing the thing that the chain is about. Now that +> > has some proof-of-stake tinges to it for sure - I myself am not +> > convinced it is or isn't a viable scheme. +>=20 +> I'm not sure I understand all the differences between +> proof-of-sacrificed-bitcoins and proof-of-sacrificed-newcoins, but I'm +> still convinced this doesn't have anything to do with MM PoW vs PoW. + +Proof-of-sacrified-bitcoins is always a true sacrifice - provided +Bitcoin itself maintains consensus the proof is a guarantee that +something of value was given up. + +Proof-of-sacrificed-"newcoins" means that within some consensus system I +created a signed statement that *within the system* means I lose +something of value. However that sacrifice is only valid if the +consensus of the system includes that sacrifice within the consensus, +and if the mechanism by which that consensus is maintained has anything +to do with those sacrifices you quickly find yourself on pretty shakey +ground. + +> > You know, something that I haven't made clear in this discussion is that +> > while I think merge-mining is insecure, in the sense of "should my new +> > fancy alt-coin protocol widget use it?", I *also* don't think regular +> > mining is much better. In some cases it will be worse due to social +> > factors. (e.g. a bunch of big pools are going to merge-mine my scheme on +> > launch day because it makes puppies cuter and kids smile) +>=20 +> Fair enough. +> Do you see any case where an independently pow validated altcoin is +> more secure than a merged mined one? + +Situations where decentralized consensus systems are competing for +market share in some domain certainely apply. For instance if I were to +create a competitor to Namecoin, perhaps because I thought the existing +allocation of names was unfair, and/or I had technical improvements like +SPV, it's easy to imagine Namecoin miners deciding to attack my +competitor to preserve the value of their namecoins and domain names +registered in Namecoin. + +The problem here is that my new system has a substantial *negative* +value to those existing Namecoin holders - if it catches on the value of +their Namecoin investment in the form of coins and domain names may go +down. Thus for them doing nothing has a negative return, attacking my +coin has a positive return minus costs, and with merge-mining the costs +are zero. + +Without merge mining if the value to the participants in the new system +is greater than the harm done to the participants in the old system the +total work on the new system's chain will still be positive and it has a +chance of surviving. + +Of course, this is what Luke-Jr was getting at when he was talking about +scam-coins and merge mining: if you're alt-currency is a currency, and +it catches on, then it dilutes the value of your existing coins and +people who own those coins have an incentive to attack the competitor. +That's why merge-mined alt-coins that are currencies get often get +attacked very quickly. + +--=20 +'peter'[:-1]@petertodd.org +00000000000000028a5c9edabc9697fe96405f667be1d6d558d1db21d49b8857 + +--3siQDZowHQqNOShm +Content-Type: application/pgp-signature; name="signature.asc" +Content-Description: Digital signature + +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1.4.12 (GNU/Linux) + +iQGrBAEBCACVBQJSz9VfXhSAAAAAABUAQGJsb2NraGFzaEBiaXRjb2luLm9yZzAw +MDAwMDAwMDAwMDAwMDI4YTVjOWVkYWJjOTY5N2ZlOTY0MDVmNjY3YmUxZDZkNTU4 +ZDFkYjIxZDQ5Yjg4NTcvFIAAAAAAFQARcGthLWFkZHJlc3NAZ251cGcub3JncGV0 +ZUBwZXRlcnRvZC5vcmcACgkQJIFAPaXwkfuoSAf/XdUjwBqxp8YETm/+27H3gscJ +7FIA0BqSFJ6lOk3NUjGH34nSczTO6g4LZozm/GeSpehDMmd/UE9vnq3dAavfaM7j ++BMjSu7U+OzJB9gt3hBrlzRQrG5bjo8Sh242FwhTY37jpYjcI6nUXjy71gcZRTJP +8Un8zEQhj7xXjR2o2IwE8fOg7R8FYqZdFlhK9vSnm7lTKQO855sSBpRoplzrwq8m +kTxbxpIy/GizsNyj++W+YTaICEOLNmNCCp/LNd8c0HV5WBlPjM8NyDM4W6Y8zhPA +zo/Uf/kGICM8nH4fGxhtLWZYPyHBF4akdMH2ADNqXF0vYVV7Tj5EvPzAVfcIbw== +=P6fo +-----END PGP SIGNATURE----- + +--3siQDZowHQqNOShm-- + + |