Return-Path: Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org [172.17.192.35]) by mail.linuxfoundation.org (Postfix) with ESMTPS id AA35C116A for ; Sat, 26 Dec 2015 17:38:13 +0000 (UTC) X-Greylist: whitelisted by SQLgrey-1.7.6 Received: from mail-pf0-f177.google.com (mail-pf0-f177.google.com [209.85.192.177]) by smtp1.linuxfoundation.org (Postfix) with ESMTPS id 30034EC for ; Sat, 26 Dec 2015 17:38:13 +0000 (UTC) Received: by mail-pf0-f177.google.com with SMTP id 65so48085651pff.3 for ; Sat, 26 Dec 2015 09:38:13 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=user-agent:in-reply-to:references:mime-version:content-type :content-transfer-encoding:subject:from:date:to:cc:message-id; bh=HotRQ+LbWgL3dBF0Y2CC1sW70W/522MuOhiiTolpUKU=; b=zCc+a5HA6rl4ZMAS+4UD28xcw0urNZtdhzwAlGUxsmHwvqJXvq6oeSqR4H7NWHVXa8 PxuM/5EO2KbpAlEtHyFMxD9VavF1ygNErSeM1dGKC7QNiL2sEZYTc4RV65YNVjfAe2gd CLzs2bTyM0Y00ICmHfZS2PlNjjPaT35qWKqcMiR6iXZffkOWXnB6fxzH72i8Fd4kQq2+ DwPG1lZ32uRq7+XCzrrBmUMcujg8N9U5iCDt3yzOuownNNyVgspeO+RVM0/aFMwfbD8H EpVrllXg36xZmj/Zgm3tCpFJS+FwqGRZMYxWCKYdVL5cCEyvVD7evpUDQK07UWJl1edY AMjQ== X-Received: by 10.98.68.198 with SMTP id m67mr67059640pfi.56.1451151492911; Sat, 26 Dec 2015 09:38:12 -0800 (PST) Received: from [192.168.1.104] (cpe-76-167-237-202.san.res.rr.com. [76.167.237.202]) by smtp.gmail.com with ESMTPSA id 19sm30508371pfj.16.2015.12.26.09.38.11 (version=TLSv1/SSLv3 cipher=OTHER); Sat, 26 Dec 2015 09:38:12 -0800 (PST) User-Agent: K-9 Mail for Android In-Reply-To: References: <20151220132842.GA25481@muck> MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----HFR2LPWF5LFY0JZ58R59BNQBCVCIGR" Content-Transfer-Encoding: 8bit From: Eric Lombrozo Date: Sat, 26 Dec 2015 09:38:33 -0800 To: =?ISO-8859-1?Q?Jorge_Tim=F3n?= Message-ID: X-Spam-Status: No, score=-2.7 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,FREEMAIL_FROM,HTML_MESSAGE,RCVD_IN_DNSWL_LOW autolearn=ham version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on smtp1.linux-foundation.org Cc: Bitcoin Dev , nbvfour@gmail.com Subject: Re: [bitcoin-dev] We need to fix the block withholding attack X-BeenThere: bitcoin-dev@lists.linuxfoundation.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Bitcoin Development Discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 26 Dec 2015 17:38:13 -0000 ------HFR2LPWF5LFY0JZ58R59BNQBCVCIGR Content-Transfer-Encoding: 8bit Content-Type: text/plain; charset=UTF-8 For simplicity, assume total network hashpower is constant. Also, assume the soft fork activates at the beginning of a retarget period. At the moment the soft fork activates, the effective difficulty is increased (by adding a second independent PoW check that must also be satisfied) which means more hashes on average (and proportionally more time) are required to find a block. At the end of the retarget period, the difficulty is lowered so that if the second PoW difficulty were to be kept constant the block interval would again average 10 mins. If we were to keep the second PoW difficulty constant, we would restore the same total PoW-to-time-unit ratio and the retarget difficulty would stabilize again so each block would once more require the same number of hashes (and same amount of time) on average as before. But we don't keep the second PoW difficulty constant - we increase it so once again more hashes on average are required to find a block by the same proportion as before. And we keep doing this. Now, the assumption that hashpower is constant is obviously unrealistic. If this is your bone of contention, then yes, I agree my model is overly simplistic. My larger point was to explore the extent of what's possible with only a soft fork - and we can actually go pretty far and even compensate for these economic shifts by increasing block size and rewards. The whole thing is clearly a huge mess - and I wouldn't recommend actually doing it. On December 26, 2015 7:33:53 AM PST, "Jorge Timón" wrote: >On Dec 26, 2015 9:24 AM, "Eric Lombrozo via bitcoin-dev" < >bitcoin-dev@lists.linuxfoundation.org> wrote: > >> Unfortunately, this also means longer confirmation times, lower >throughput, and lower miner revenue. Note, however, that confirmations >would (on average) represent more PoW, so fewer confirmations would be >required to achieve the same level of security. >> > >I'm not sure I understand this. If mining revenue per unit of time >drops, >total pow per unit of time should also drop. Even if the inter-block >time >is increased, it's not clear to me that the pow per block would >necessarily >be higher. >What am I missing? ------HFR2LPWF5LFY0JZ58R59BNQBCVCIGR Content-Type: text/html; charset=utf-8 Content-Transfer-Encoding: 8bit For simplicity, assume total network hashpower is constant. Also, assume the soft fork activates at the beginning of a retarget period.

At the moment the soft fork activates, the effective difficulty is increased (by adding a second independent PoW check that must also be satisfied) which means more hashes on average (and proportionally more time) are required to find a block. At the end of the retarget period, the difficulty is lowered so that if the second PoW difficulty were to be kept constant the block interval would again average 10 mins.

If we were to keep the second PoW difficulty constant, we would restore the same total PoW-to-time-unit ratio and the retarget difficulty would stabilize again so each block would once more require the same number of hashes (and same amount of time) on average as before.

But we don't keep the second PoW difficulty constant - we increase it so once again more hashes on average are required to find a block by the same proportion as before. And we keep doing this.

Now, the assumption that hashpower is constant is obviously unrealistic. If this is your bone of contention, then yes, I agree my model is overly simplistic.

My larger point was to explore the extent of what's possible with only a soft fork - and we can actually go pretty far and even compensate for these economic shifts by increasing block size and rewards. The whole thing is clearly a huge mess - and I wouldn't recommend actually doing it.



On December 26, 2015 7:33:53 AM PST, "Jorge Timón" <jtimon@jtimon.cc> wrote:


On Dec 26, 2015 9:24 AM, "Eric Lombrozo via bitcoin-dev" <bitcoin-dev@lists.linuxfoundation.org> wrote:
 
> Unfortunately, this also means longer confirmation times, lower throughput, and lower miner revenue. Note, however, that confirmations would (on average) represent more PoW, so fewer confirmations would be required to achieve the same level of security.
>  

I'm not sure I understand this. If mining revenue per unit of time drops, total pow per unit of time should also drop. Even if the inter-block time is increased, it's not clear to me that the pow per block would necessarily be higher.
What am I missing?

------HFR2LPWF5LFY0JZ58R59BNQBCVCIGR--