1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
|
Received: from sog-mx-2.v43.ch3.sourceforge.com ([172.29.43.192]
helo=mx.sourceforge.net)
by sfs-ml-3.v29.ch3.sourceforge.com with esmtp (Exim 4.76)
(envelope-from <pete@petertodd.org>) id 1W0CMe-00031r-UA
for bitcoin-development@lists.sourceforge.net;
Mon, 06 Jan 2014 15:45:16 +0000
Received-SPF: pass (sog-mx-2.v43.ch3.sourceforge.com: domain of petertodd.org
designates 62.13.148.99 as permitted sender)
client-ip=62.13.148.99; envelope-from=pete@petertodd.org;
helo=outmail148099.authsmtp.net;
Received: from outmail148099.authsmtp.net ([62.13.148.99])
by sog-mx-2.v43.ch3.sourceforge.com with esmtp (Exim 4.76)
id 1W0CMd-0003Xb-Ky for bitcoin-development@lists.sourceforge.net;
Mon, 06 Jan 2014 15:45:16 +0000
Received: from mail-c237.authsmtp.com (mail-c237.authsmtp.com [62.13.128.237])
by punt18.authsmtp.com (8.14.2/8.14.2/) with ESMTP id s06Fj6ju053604;
Mon, 6 Jan 2014 15:45:06 GMT
Received: from savin (76-10-178-109.dsl.teksavvy.com [76.10.178.109])
(authenticated bits=128)
by mail.authsmtp.com (8.14.2/8.14.2/) with ESMTP id s06Fiu1O039773
(version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-SHA bits=128 verify=NO);
Mon, 6 Jan 2014 15:44:59 GMT
Date: Mon, 6 Jan 2014 10:44:56 -0500
From: Peter Todd <pete@petertodd.org>
To: Jorge =?iso-8859-1?Q?Tim=F3n?= <jtimon@monetize.io>
Message-ID: <20140106154456.GA18449@savin>
References: <CAMkFLsSwKEiEtV1OaAsGPiU8iAWbb77fDNJDmRwbgKnZ_kjG6Q@mail.gmail.com>
<20131230232225.GA10594@tilt> <201312310114.05600.luke@dashjr.org>
<20140101045342.GA7103@tilt>
<CAC1+kJPTYzvU4ngFspvULDMvQK4ckkM719Y+_hx272PCU3amyg@mail.gmail.com>
<20140103210139.GB30273@savin>
<CAC1+kJNM=67Yw0Rde9y7H0v0x07MsWmh6oK++hDtsKEmLtqcNg@mail.gmail.com>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha256;
protocol="application/pgp-signature"; boundary="0F1p//8PRICkK4MW"
Content-Disposition: inline
In-Reply-To: <CAC1+kJNM=67Yw0Rde9y7H0v0x07MsWmh6oK++hDtsKEmLtqcNg@mail.gmail.com>
User-Agent: Mutt/1.5.21 (2010-09-15)
X-Server-Quench: 802d3100-76e9-11e3-94fa-002590a135d3
X-AuthReport-Spam: If SPAM / abuse - report it at:
http://www.authsmtp.com/abuse
X-AuthRoute: OCd2Yg0TA1ZNQRgX IjsJECJaVQIpKltL GxAVKBZePFsRUQkR
aQdMdgQUElQaAgsB AmIbWlFeVFh7WWM7 bAxPbAVDY01GQQRq
WVdMSlVNFUsrARp3 X1sfLRlxfgJBezBy ZEVkXj5TXEYudkd9
QlNTEzgPeGZhPWMC WUQOJh5UcAFPdx8U a1N6AHBDAzANdhES
HhM4ODE3eDlSNilR RRkIIFQOdA43HjN0 RhYZED4yB0wZVm00
IVQjJ0QTEQMUM0Mz N1RJ
X-Authentic-SMTP: 61633532353630.1024:706
X-AuthFastPath: 0 (Was 255)
X-AuthSMTP-Origin: 76.10.178.109/587
X-AuthVirus-Status: No virus detected - but ensure you scan with your own
anti-virus system.
X-Spam-Score: -1.5 (-)
X-Spam-Report: Spam Filtering performed by mx.sourceforge.net.
See http://spamassassin.org/tag/ for more details.
-1.5 SPF_CHECK_PASS SPF reports sender host as permitted sender for
sender-domain
-0.0 SPF_PASS SPF: sender matches SPF record
X-Headers-End: 1W0CMd-0003Xb-Ky
Cc: bitcoin-development@lists.sourceforge.net
Subject: Re: [Bitcoin-development] The insecurity of merge-mining
X-BeenThere: bitcoin-development@lists.sourceforge.net
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: <bitcoin-development.lists.sourceforge.net>
List-Unsubscribe: <https://lists.sourceforge.net/lists/listinfo/bitcoin-development>,
<mailto:bitcoin-development-request@lists.sourceforge.net?subject=unsubscribe>
List-Archive: <http://sourceforge.net/mailarchive/forum.php?forum_name=bitcoin-development>
List-Post: <mailto:bitcoin-development@lists.sourceforge.net>
List-Help: <mailto:bitcoin-development-request@lists.sourceforge.net?subject=help>
List-Subscribe: <https://lists.sourceforge.net/lists/listinfo/bitcoin-development>,
<mailto:bitcoin-development-request@lists.sourceforge.net?subject=subscribe>
X-List-Received-Date: Mon, 06 Jan 2014 15:45:17 -0000
--0F1p//8PRICkK4MW
Content-Type: text/plain; charset=iso-8859-1
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
On Sat, Jan 04, 2014 at 01:27:42AM +0100, Jorge Tim=F3n wrote:
> > It's a thought experiment; read my original post on how to make a
> > zerocoin alt-chain and it might make more sense:
> >
> > http://www.mail-archive.com/bitcoin-development@lists.sourceforge.net/m=
sg02472.html
> >
> > Even better might be to use a merge-mined version of Mastercoin as an
> > example, where the initial distribution of coins is fixed at genesis and
> > forward from that is independent of the Bitcoin blockchain.
>=20
> I've read it until the end this time, and I have many doubts about
> proof of sacrifice as a security mechanism. Although it's certainly
> not proof of stake, it smells similarly to me. I'll have to think more
> about it.
> I still think that link doesn't prove anything against merged mining secu=
rity.
It's not meant to prove anything - the proof-of-sacrificed-bitcoins
mentioned(*) in it is secure only if Bitcoin itself is secure and
functional. I referred you to it because understanding the system will
help you understand my thinking behind merge-mining.
*) It also mentions proof-of-sacrificed-zerocoins which *is* distinct
because you're sacrificing the thing that the chain is about. Now that
has some proof-of-stake tinges to it for sure - I myself am not
convinced it is or isn't a viable scheme.
> >> I think Namecoin has a lower reward for miners than litecoin and still
> >> has much better security. I haven't run the numbers but, will you deny
> >> it?
> >> How many amazon VMs do you need to attack each one of them?
> >
> > I'll give you a hint: "marginal cost"
>=20
> Please, don't give me clues and let's discuss the economics, that's
> precisely what I want and where I think you're getting it wrong.
> Since you refuse to try to prove that MM is less secure, I'll try
> myself to prove the opposite.
<snip>
> Feel free to ask for corrections in the example if you think it needs the=
m.
> Feel free to bring your edge legal cases back, but please try to do it
> on top of the example.
You're argument is perfectly valid and correct, *if* the assumptions
behind it hold. The problem is you're assuming miners act rationally and
have equal opportunities - that's a very big assumption and I have
strong doubts it holds, particularly for alts with a small amount of
hashing power.
You know, something that I haven't made clear in this discussion is that
while I think merge-mining is insecure, in the sense of "should my new
fancy alt-coin protocol widget use it?", I *also* don't think regular
mining is much better. In some cases it will be worse due to social
factors. (e.g. a bunch of big pools are going to merge-mine my scheme on
launch day because it makes puppies cuter and kids smile)
All I'm saying is that if you can afford the transaction fees stuffing
your data into the Bitcoin blockchain has orders of magnitude better
security. I'm not saying it'll be cheap - if miners start trying to
block your protocol blacklists they can make it fairly expensive for
your alt - but it will be just as secure against reorganization attack
as Bitcoin itself.
> PD I'm eager to read your post on BIP32-ish payment protocol, bloom
> filters and prefix filters, so I hope I'm not distracting you too much
> with this.
Heh, my one line reply might have been a bit harsh because of that. :)
--=20
'peter'[:-1]@petertodd.org
0000000000000000bf0a7634ebb2c909bada84ce0dce859e9298d3ac504db3c8
--0F1p//8PRICkK4MW
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iQGrBAEBCACVBQJSys93XhSAAAAAABUAQGJsb2NraGFzaEBiaXRjb2luLm9yZzAw
MDAwMDAwMDAwMDAwMDI4YWJmMmZjODY0NDE5MTE5NmJmZmZlNzg5ZjVjOTg1NGZm
ZGM4N2Q0ZjczMWMxYTEvFIAAAAAAFQARcGthLWFkZHJlc3NAZ251cGcub3JncGV0
ZUBwZXRlcnRvZC5vcmcACgkQJIFAPaXwkfu8Tgf/epQkP+fwkX3Z+s93hWcGbMZR
xYshWBgtd71g4E5YPQp77wdt1FzCIipWDyos4tqsNUpeCtWBDrm+mIMpJUQVFw/j
ho7W6OJV13af0Csi/TnOSJLWmbFTySm+M670taXNO+Ft0X7w21kKc24UK5l/+FB+
+lrd/QzUcAYF9d7Gi2VKYhcYe6cr/QY4TZ6t+VZhwMA8omom3FRNQdxNNn/Q7aUA
bsaOtvIVv0bgo3gjrhkav1kkonI1C3P2ln+mgV0bcP9xe3dIvwZpU2zYASAU8Kcr
g+EGhvAjV2zXIRj2qiy4yZUxY+1rQ8NTSvZtAoqPpjjsh9t1AbhKQeOtfv3yXw==
=TSTL
-----END PGP SIGNATURE-----
--0F1p//8PRICkK4MW--
|