1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
|
Received: from sog-mx-1.v43.ch3.sourceforge.com ([172.29.43.191]
helo=mx.sourceforge.net)
by sfs-ml-4.v29.ch3.sourceforge.com with esmtp (Exim 4.76)
(envelope-from <mh.in.england@gmail.com>) id 1WdI3r-00012o-Hn
for bitcoin-development@lists.sourceforge.net;
Thu, 24 Apr 2014 11:43:27 +0000
Received-SPF: pass (sog-mx-1.v43.ch3.sourceforge.com: domain of gmail.com
designates 209.85.219.45 as permitted sender)
client-ip=209.85.219.45; envelope-from=mh.in.england@gmail.com;
helo=mail-oa0-f45.google.com;
Received: from mail-oa0-f45.google.com ([209.85.219.45])
by sog-mx-1.v43.ch3.sourceforge.com with esmtps (TLSv1:RC4-SHA:128)
(Exim 4.76) id 1WdI3q-0002zD-F8
for bitcoin-development@lists.sourceforge.net;
Thu, 24 Apr 2014 11:43:27 +0000
Received: by mail-oa0-f45.google.com with SMTP id eb12so2486032oac.18
for <bitcoin-development@lists.sourceforge.net>;
Thu, 24 Apr 2014 04:43:21 -0700 (PDT)
MIME-Version: 1.0
X-Received: by 10.60.16.103 with SMTP id f7mr1158652oed.8.1398339801164; Thu,
24 Apr 2014 04:43:21 -0700 (PDT)
Sender: mh.in.england@gmail.com
Received: by 10.76.96.180 with HTTP; Thu, 24 Apr 2014 04:43:20 -0700 (PDT)
In-Reply-To: <CAC1+kJNE+k4kcTj3Ap0-A=PdD1=+-k5hN4431Z99A+S7M3=BoQ@mail.gmail.com>
References: <CANEZrP0szimdFSk23aMfO8p2Xtgfbm6kZ=x3rmdPDFUD73xHMg@mail.gmail.com>
<CAE28kUQ9WOnHuFR6WYeU6rep3b74zDweTPxffF0L6FjZObXE6A@mail.gmail.com>
<CANEZrP3WBWi5h04yyQ115vXmVHupoj5MG+-8sx=2zEcCT5a9hg@mail.gmail.com>
<CAC1+kJNE+k4kcTj3Ap0-A=PdD1=+-k5hN4431Z99A+S7M3=BoQ@mail.gmail.com>
Date: Thu, 24 Apr 2014 13:43:20 +0200
X-Google-Sender-Auth: QJSJZj17ltpksr8ECOSwsiADbyw
Message-ID: <CANEZrP3obO9rXKcX+G7bs2dd3AqEFOsO8pCUF6orrkGeZyr9Ew@mail.gmail.com>
From: Mike Hearn <mike@plan99.net>
To: =?UTF-8?B?Sm9yZ2UgVGltw7Nu?= <jtimon@monetize.io>
Content-Type: multipart/alternative; boundary=089e0149c04e1fb32e04f7c85b7a
X-Spam-Score: -0.5 (/)
X-Spam-Report: Spam Filtering performed by mx.sourceforge.net.
See http://spamassassin.org/tag/ for more details.
-1.5 SPF_CHECK_PASS SPF reports sender host as permitted sender for
sender-domain
0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider
(mh.in.england[at]gmail.com)
-0.0 SPF_PASS SPF: sender matches SPF record
1.0 HTML_MESSAGE BODY: HTML included in message
0.1 DKIM_SIGNED Message has a DKIM or DK signature,
not necessarily valid
-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature
X-Headers-End: 1WdI3q-0002zD-F8
Cc: Bitcoin Dev <bitcoin-development@lists.sourceforge.net>
Subject: Re: [Bitcoin-development] Coinbase reallocation to discourage
Finney attacks
X-BeenThere: bitcoin-development@lists.sourceforge.net
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: <bitcoin-development.lists.sourceforge.net>
List-Unsubscribe: <https://lists.sourceforge.net/lists/listinfo/bitcoin-development>,
<mailto:bitcoin-development-request@lists.sourceforge.net?subject=unsubscribe>
List-Archive: <http://sourceforge.net/mailarchive/forum.php?forum_name=bitcoin-development>
List-Post: <mailto:bitcoin-development@lists.sourceforge.net>
List-Help: <mailto:bitcoin-development-request@lists.sourceforge.net?subject=help>
List-Subscribe: <https://lists.sourceforge.net/lists/listinfo/bitcoin-development>,
<mailto:bitcoin-development-request@lists.sourceforge.net?subject=subscribe>
X-List-Received-Date: Thu, 24 Apr 2014 11:43:27 -0000
--089e0149c04e1fb32e04f7c85b7a
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
On Thu, Apr 24, 2014 at 1:22 PM, Jorge Tim=C3=B3n <jtimon@monetize.io> wrot=
e:
> > I'm using it in the same sense Satoshi used it. Honest miners work to
> > prevent double spends. That's the entire justification for their
> existence.
>
> I thought the mechanism they used to prevent double-spends was proof of
> work.
> Therefore dishonest miners where only those who mine on top of a block
> which is not the longest valid chain they've seen.
>
No! This is a misunderstanding. The mechanism they use to prevent double
spends is to *ignore double spends*. The blocks they created indicate the
ordering of transactions they saw and proof of work is used to arrive at a
shared consensus ordering given the possibility that transactions arrived
at different times.
I'm continually amazed at how many people seem to see the current algorithm
as the goal in and of itself, instead of an imperfect but workable means of
achieving the actual goal.
To distinguish this definition from your own "honest miners are those
> who decide on double-spends by mining the transaction they saw first"
>
This definition of honesty is not my own, the one Bitcoin has always used.
Obviously if Satoshi had wanted transactions to be double spendable by fee
in the mempool he would have made Bitcoin work that way, instead of coming
up with the nSequence based replacement scheme instead.
First-seen *is* a protocol rule, as much as Set-Cookie storing data in a
browser is an HTTP protocol rule. The fact that auditing compliance with it
is harder to do than some others does not make it less of a rule.
I completely disagree.
> Miner's proof of work makes transactions irreversible.
Again you are hopelessly confused. Miners that are trying to double spend
are *by definition* not making transactions irreversible, they are trying
to make transactions reversible.
Look at it this way. There is no inherent reason BitUndo has to undo only
Finney attacks. If it gets sufficient hash power it could offer undoing of
1-confirm transactions too, right? Sure it'll mostly fail but that's
already a part of its business model. Sometimes it'll get two blocks in a
row and succeed. It's a very minor tweak to what they're doing. Would you
argue these miners are still useful? After all, it's impossible to be
certain after the fact that miners built on top of the "wrong" block
because forks occur naturally.
> Even if you always had to wait for transactions to be confirmed with
> some irreversible proof of work (as described in Satoshi's
> whitepaper), it doesn't follow that "automatically resolves the
> Bitcoin experiment as a failure". I don't understand how can you
> conclude that.
>
What I said is, if you believe all miners are willing to double spend for a
fee then this resolves the experiment as a failure. This is also obvious -
if you can pay miners to go back and rewrite the chain at will, Bitcoin
doesn't work.
Consider the incentives. Let's say all miners are "smart" in your
estimation and are willing to double spend transactions for higher fees.
Because all miners follow this ridiculous policy, they should be willing to
fork the chain at any point to claim the higher fee on the new tx. After
all, although they will throw away the work they did on the previous chain,
if the fee on the new tx is high enough to balance this then it can be
profitable for them to do it.
Because a double spender can afford to give nearly all of his new tx away
in fees, this means even txns well buried in the chain can be profitably
double spent: even if the double spender gets back only 10% of the
transferred amount, if it was a big transfer for some expensive object,
they still win! They got object + 10%
Do you see now why your definition of honesty is completely broken?
--089e0149c04e1fb32e04f7c85b7a
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
<div dir=3D"ltr"><div class=3D"gmail_extra"><div class=3D"gmail_quote">On T=
hu, Apr 24, 2014 at 1:22 PM, Jorge Tim=C3=B3n <span dir=3D"ltr"><<a href=
=3D"mailto:jtimon@monetize.io" target=3D"_blank">jtimon@monetize.io</a>>=
</span> wrote:<br>
<blockquote class=3D"gmail_quote" style=3D"margin:0px 0px 0px 0.8ex;border-=
left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;p=
adding-left:1ex"><div class=3D"">> I'm using it in the same sense Sa=
toshi used it. Honest miners work to<br>
> prevent double spends. That's the entire justification for their e=
xistence.<br>
<br>
</div>I thought the mechanism they used to prevent double-spends was proof =
of work.<br>
Therefore dishonest miners where only those who mine on top of a block<br>
which is not the longest valid chain they've seen.<br></blockquote><div=
><br></div><div>No! This is a misunderstanding. The mechanism they use to p=
revent double spends is to <i>ignore double spends</i>. The blocks they cre=
ated indicate the ordering of transactions they saw and proof of work is us=
ed to arrive at a shared consensus ordering given the possibility that tran=
sactions arrived at different times.</div>
<div><br></div><div>I'm continually amazed at how many people seem to s=
ee the current algorithm as the goal in and of itself, instead of an imperf=
ect but workable means of achieving the actual goal.</div><div><br></div>
<blockquote class=3D"gmail_quote" style=3D"margin:0px 0px 0px 0.8ex;border-=
left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;p=
adding-left:1ex">
To distinguish this definition from your own "honest miners are those<=
br>
who decide on double-spends by mining the transaction they saw first"<=
br></blockquote><div><br></div><div>This definition of honesty is not my ow=
n, the one Bitcoin has always used. Obviously if Satoshi had wanted transac=
tions to be double spendable by fee in the mempool he would have made Bitco=
in work that way, instead of coming up with the nSequence based replacement=
scheme instead.</div>
<div><br></div><div>First-seen <b>is</b>=C2=A0a protocol rule, as much as S=
et-Cookie storing data in a browser is an HTTP protocol rule. The fact that=
auditing compliance with it is harder to do than some others does not make=
it less of a rule.=C2=A0</div>
<div><br></div><blockquote class=3D"gmail_quote" style=3D"margin:0px 0px 0p=
x 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-lef=
t-style:solid;padding-left:1ex"><div class=3D"">I completely disagree.<br><=
/div>
Miner's proof of work makes transactions irreversible. </blockquote><di=
v><br></div><div>Again you are hopelessly confused. Miners that are trying =
to double spend are <i>by definition</i>=C2=A0not making transactions irrev=
ersible, they are trying to make transactions reversible.</div>
<div><br></div><div>Look at it this way. There is no inherent reason BitUnd=
o has to undo only Finney attacks. If it gets sufficient hash power it coul=
d offer undoing of 1-confirm transactions too, right? Sure it'll mostly=
fail but that's already a part of its business model. Sometimes it'=
;ll get two blocks in a row and succeed. It's a very minor tweak to wha=
t they're doing. Would you argue these miners are still useful? After a=
ll, it's impossible to be certain after the fact that miners built on t=
op of the "wrong" block because forks occur naturally.</div>
<div>=C2=A0</div><blockquote class=3D"gmail_quote" style=3D"margin:0px 0px =
0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-l=
eft-style:solid;padding-left:1ex">Even if you always had to wait for transa=
ctions to be confirmed with<br>
some irreversible proof of work (as described in Satoshi's<br>
whitepaper), it doesn't follow that "automatically resolves the<br=
>
Bitcoin experiment as a failure". I don't understand how can you<b=
r>
conclude that.<br></blockquote><div><br></div><div>What I said is, if you b=
elieve all miners are willing to double spend for a fee then this resolves =
the experiment as a failure. This is also obvious - if you can pay miners t=
o go back and rewrite the chain at will, Bitcoin doesn't work.</div>
<div><br></div><div>Consider the incentives. Let's say all miners are &=
quot;smart" in your estimation and are willing to double spend transac=
tions for higher fees. Because all miners follow this ridiculous policy, th=
ey should be willing to fork the chain at any point to claim the higher fee=
on the new tx. After all, although they will throw away the work they did =
on the previous chain, if the fee on the new tx is high enough to balance t=
his then it can be profitable for them to do it.</div>
<div><br></div><div>Because a double spender can afford to give nearly all =
of his new tx away in fees, this means even txns well buried in the chain c=
an be profitably double spent: even if the double spender gets back only 10=
% of the transferred amount, if it was a big transfer for some expensive ob=
ject, they still win! They got object + 10%</div>
<div><br></div><div>Do you see now why your definition of honesty is comple=
tely broken?</div></div></div></div>
--089e0149c04e1fb32e04f7c85b7a--
|
