Return-Path: Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org [172.17.192.35]) by mail.linuxfoundation.org (Postfix) with ESMTPS id E6D111067 for ; Mon, 28 Dec 2015 19:30:35 +0000 (UTC) X-Greylist: whitelisted by SQLgrey-1.7.6 Received: from mail-qk0-f171.google.com (mail-qk0-f171.google.com [209.85.220.171]) by smtp1.linuxfoundation.org (Postfix) with ESMTPS id 0B10013D for ; Mon, 28 Dec 2015 19:30:34 +0000 (UTC) Received: by mail-qk0-f171.google.com with SMTP id n135so78054687qka.2 for ; Mon, 28 Dec 2015 11:30:34 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :content-type; bh=7cfd6T0dBX6qLqmYXBgJ0V2zLn7j+KQmf9tD1d1VfJs=; b=CPue2fbjmG4eiEmpe6vKjGw00Mrj+PS9G15WIWsJTdGSbQzMQ96/8R21CQShOsdgzJ IPY5sItyHTlBmSRai2a4mHIuWFvK8WGS85FKttPokLz0bInejgtFrIj3RPAcVj3HJMMw jcvNKw2ZigPh0qTvMdIPtNnKcVWRB2qaiZB9cZuJ05iS2qDs/dFO1JOrZYRm9VH8YXq9 MvX9VnVSSttNYF9QwaecwU2qnceG+XaLpKbJNgaLfELdQYwmxjK9frZHDpgLRm20xjgS +23wsFc3hPKobOUI92PuovoyR93OOAcAzmRjmKUmMvsxWsMCvBnGGG8Axw5SLV/qqNVw N8wA== X-Received: by 10.55.78.207 with SMTP id c198mr72084997qkb.34.1451331034207; Mon, 28 Dec 2015 11:30:34 -0800 (PST) MIME-Version: 1.0 Received: by 10.140.29.73 with HTTP; Mon, 28 Dec 2015 11:30:14 -0800 (PST) In-Reply-To: <20151228191228.GC12298@muck> References: <20151219184240.GB12893@muck> <4882BD35-D890-4860-9222-5C23AEB6AE89@mattcorallo.com> <20151220044450.GA23942@muck> <20151228191228.GC12298@muck> From: =?UTF-8?Q?Emin_G=C3=BCn_Sirer?= Date: Mon, 28 Dec 2015 14:30:14 -0500 Message-ID: To: Bitcoin Dev Content-Type: multipart/alternative; boundary=001a114a7c9cbedce70527fa5677 X-Spam-Status: No, score=-2.7 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,FREEMAIL_FROM,HTML_MESSAGE,RCVD_IN_DNSWL_LOW autolearn=ham version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on smtp1.linux-foundation.org Subject: Re: [bitcoin-dev] We need to fix the block withholding attack X-BeenThere: bitcoin-dev@lists.linuxfoundation.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Bitcoin Development Discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 28 Dec 2015 19:30:36 -0000 --001a114a7c9cbedce70527fa5677 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable On Mon, Dec 28, 2015 at 2:12 PM, Peter Todd via bitcoin-dev < bitcoin-dev@lists.linuxfoundation.org> wrote: > Do you specifically mean selfish mining as defined in Emin G=C3=BCn > Sirer/Ittay Eyal's paper? Keep in mind that attack is only a significant > issue in a scenario - one malicious miner with >30% hashing power - > where you're already very close to the margins anyway; the difference > between a 50% attack threshold and a 30% attack threshold isn't very > significant. > This is not quite right: we know that selfish mining is a guaranteed win at 34%. We do not know when exactly it begins to pay off. The more consolidated and centralized the other mining pools, the less of a threat it is below 34%; the more decentralized, the more likely it is to pay off at lower thresholds. Far more concerning is network propagation effects between large and > small miners. On a related note, the Bitcoin-NG paper took a big step towards moving these kinds of concerns out of the realm of gut-feelings and wavy hands into science. In particular, it introduced metrics for fairness (i.e. differential rate in orphans experienced by small and large miners), hash power efficiency, as well as consensus delay. > For that class of issues, if you are in an environemnt > where selfish mining is possible - a fairly flat, easily DoS/sybil > attacked network topology - the profitability difference between small > and large miners even *without* attacks going on is a hugely worrying > problem. Indeed, there is a slight, quantifiable benefit to larger pools. Which is why we need to be diligent about not letting pools get too big. > Note though that Eligius is *not* the only pool to have had problems > with block withholding, though AFAIK Eligius is the only one who has > gone on record so far. (as I said in my original post, I'm relaying > information given to me under condition of confidentiality) > I can see why they don't want to go public with this: it means that they are less profitable than other pools. It still looks to me like Ittay's discovery is doing exactly the right thing: this pool will need to be more careful when signing up new people, curbing its otherwise steady march towards the 51% boundary. - egs - egs --001a114a7c9cbedce70527fa5677 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable


On Mon, Dec 28, 2015 at 2:12 PM, Peter Todd via bitcoin-dev <bitcoin-dev@lists.linuxfoundation.org> wrote:
Do you specifically mean selfish mining as = defined in Emin G=C3=BCn
Sirer/Ittay Eyal's paper? Keep in mind that attack is only a significan= t
issue in a scenario - one malicious miner with >30% hashing power -
where you're already very close to the margins anyway; the difference between a 50% attack threshold and a 30% attack threshold isn't very significant.

This is not quite right: w= e know that selfish mining is a guaranteed win
at 34%. We do not = know when exactly it begins to pay off. The more=C2=A0
consolidat= ed and centralized the other mining pools, the less of a threat
i= t is below 34%; the more decentralized, the more likely it is to pay off=C2= =A0
at lower thresholds.

Far more concerning is network propagation effects between large and
small miners.

On a related note, the Bitco= in-NG paper took a big step towards moving
these kinds of concern= s out of the realm of gut-feelings and wavy hands=C2=A0
into scie= nce. In particular, it introduced metrics for fairness (i.e. differential
rate in orphans experienced by small and large miners), hash power= =C2=A0
efficiency, as well as consensus delay.=C2=A0
= =C2=A0
For that class of issues, if you= are in an environemnt
where selfish mining is possible - a fairly flat, easily DoS/sybil
attacked network topology - the profitability difference between small
and large miners even *without* attacks going on is a hugely worrying
problem.

Indeed, there is a slight, quanti= fiable benefit to larger pools. Which is why
we need to be dilige= nt about not letting pools get too big.
=C2=A0
Note though that Eligius is *not* the only pool to ha= ve had problems
with block withholding, though AFAIK Eligius is the only one who has
gone on record so far. (as I said in my original post, I'm relaying
information given to me under condition of confidentiality)

I can see why they don't want to go public with th= is: it means that they
are less profitable than other pools.=C2= =A0

It still looks to me like Ittay's discover= y is doing exactly the right thing:
this pool will need to be mor= e careful when signing up new people,=C2=A0
curbing its otherwise= steady march towards the 51% boundary.

- egs


- egs

<= /div> --001a114a7c9cbedce70527fa5677--