Date: Thu, 08 Oct 2020 01:39:45 +0000
To: Bitcoin Protocol Discussion <bitcoin-dev@lists.linuxfoundation.org>
From: ZmnSCPxj <ZmnSCPxj@protonmail.com>
Reply-To: ZmnSCPxj <ZmnSCPxj@protonmail.com>
Message-ID: <STSmfzWKGGPx0yJ9ysTPbDw-KpvlBLmr9R5IPDogPw0FRzG0BZ7Bk_NeWiwPUYw6Nhrqkq5DlrmtN9T3vXE83p_JH6LDizMTWZ9MCQSaous=@protonmail.com>
In-Reply-To: <CALFqKjTY6d2nQtUe-NyyKJEYcWKEj1mfdQfAzKkB-NRDwYD5JQ@mail.gmail.com>
References: <CALFqKjTY6d2nQtUe-NyyKJEYcWKEj1mfdQfAzKkB-NRDwYD5JQ@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
Subject: Re: [bitcoin-dev] Progress on Miner Withholding - FPNC
Precedence: list

Good morning all,

>
> Below is a novel discussion=C2=A0on block-withholding=C2=A0attacks and FP=
NC. These are=C2=A0two very simple changes being proposed here that will dr=
amatically=C2=A0impact the network for the better.
>
> But first of all, I'd like to say that the idea for FPNC came out of a co=
nversation=C2=A0with ZmnSCPxj's in regards to=C2=A0re-org stability.=C2=
=A0 When I had proposed blockchain pointers with the PubRef opcode, he took=
 the time to explain to me concerns around re-orgs and why it is a bigger p=
roblem than I initially had thought=C2=A0=E2=80=94 and I greatly appreciate=
 this detail.=C2=A0 =C2=A0After touching base with ZmnSCPxj and Greg Maxwel=
l there is an overwhelming view that the current problems that face the net=
work outweigh any theoretical ones.
>
> Currently the elephant in the room is the miner withholding attack.=C2=
=A0There is an unintended incentive to hold onto blocks because keeping kno=
wledge of this coinbase private gives a greedy miner more time to calculate=
 the next block.=C2=A0 Major mining pools are actively employing this strat=
egy because winning two blocks in a row has a much greater payoff than comm=
on robbery. This unfair advantage=C2=A0happens each time a=C2=A0new block i=
s found, and provides a kind of home-field advantage for large pools, and c=
ontributes to a more centralized network. This odd feature of the bitcoin p=
rotocol provides a material incentive to delay transactions and encourages =
the formation of disagreements. In a sense, withholding is a deception of t=
he computational power of a miner, and by extension a deception of their in=
fluence within the electorate.=C2=A0 In effect, other miners are forced to =
work harder,=C2=A0and when they are successful in finding a 2nd solution of=
 the same height=C2=A0=E2=80=94 no one benefits. Disagreement on the bitcoi=
n network is not good for the environment, or for the users, or for honest =
miners, but is ideal for dishonest miners looking for an advantage.

This is my understanding:

The selfish mining attack described above was already presented and known a=
bout **many years** ago, with the solution presented here: https://www.cs.c=
ornell.edu/~ie53/publications/btcProcFC.pdf

The solution was later determined to actually raise the needed threshhold t=
o 33%, not 25% in the paper.

That solution is what is used in the network today.

Implementing floating-point Nakamoto Consensus removes the solution present=
ed in the paper, and therefore risks reintroducing the selfish mining attac=
k.

Therefore, floating-point Nakamoto Consensus is a hard NAK.


Regards,
ZmnSCPxj