User-Agent: K-9 Mail for Android
In-Reply-To: <CABm2gDp4ac=E+T-FT=ZQPnW_ao2GdF1QOg8tROYoV=QKypQS1g@mail.gmail.com>
References: <20151220132842.GA25481@muck>
	<ema8a70574-c28e-4c43-a1e3-5f2f4df7d3a2@platinum>
	<CABm2gDp4ac=E+T-FT=ZQPnW_ao2GdF1QOg8tROYoV=QKypQS1g@mail.gmail.com>
MIME-Version: 1.0
Content-Type: multipart/alternative;
	boundary="----HFR2LPWF5LFY0JZ58R59BNQBCVCIGR"
Content-Transfer-Encoding: 8bit
From: Eric Lombrozo <elombrozo@gmail.com>
Date: Sat, 26 Dec 2015 09:38:33 -0800
To: =?ISO-8859-1?Q?Jorge_Tim=F3n?= <jtimon@jtimon.cc>
Message-ID: <EC9193E8-DEC6-413F-A9AC-903E26E51824@gmail.com>
Cc: Bitcoin Dev <bitcoin-dev@lists.linuxfoundation.org>, nbvfour@gmail.com
Subject: Re: [bitcoin-dev] We need to fix the block withholding attack
Precedence: list

------HFR2LPWF5LFY0JZ58R59BNQBCVCIGR
Content-Transfer-Encoding: 8bit
Content-Type: text/plain;
 charset=UTF-8

For simplicity, assume total network hashpower is constant. Also, assume the soft fork activates at the beginning of a retarget period.

At the moment the soft fork activates, the effective difficulty is increased (by adding a second independent PoW check that must also be satisfied) which means more hashes on average (and proportionally more time) are required to find a block. At the end of the retarget period,  the difficulty is lowered so that if the second PoW difficulty were to be kept constant the block interval would again average 10 mins.

If we were to keep the second PoW difficulty constant, we would restore the same total PoW-to-time-unit ratio and the retarget difficulty would stabilize again so each block would once more require the same number of hashes (and same amount of time) on average as before.

But we don't keep the second PoW difficulty constant - we increase it so once again more hashes on average are required to find a block by the same proportion as before. And we keep doing this.

Now, the assumption that hashpower is constant is obviously unrealistic. If this is your bone of contention, then yes, I agree my model is overly simplistic.

My larger point was to explore the extent of what's possible with only a soft fork - and we can actually go pretty far and even compensate for these economic shifts by increasing block size and rewards. The whole thing is clearly a huge mess - and I wouldn't recommend actually doing it.


On December 26, 2015 7:33:53 AM PST, "Jorge Timón" <jtimon@jtimon.cc> wrote:
>On Dec 26, 2015 9:24 AM, "Eric Lombrozo via bitcoin-dev" <
>bitcoin-dev@lists.linuxfoundation.org> wrote:
>
>> Unfortunately, this also means longer confirmation times, lower
>throughput, and lower miner revenue. Note, however, that confirmations
>would (on average) represent more PoW, so fewer confirmations would be
>required to achieve the same level of security.
>>
>
>I'm not sure I understand this. If mining revenue per unit of time
>drops,
>total pow per unit of time should also drop. Even if the inter-block
>time
>is increased, it's not clear to me that the pow per block would
>necessarily
>be higher.
>What am I missing?

------HFR2LPWF5LFY0JZ58R59BNQBCVCIGR
Content-Type: text/html;
 charset=utf-8
Content-Transfer-Encoding: 8bit

<html><head></head><body>For simplicity, assume total network hashpower is constant. Also, assume the soft fork activates at the beginning of a retarget period.<br>
<br>
At the moment the soft fork activates, the effective difficulty is increased (by adding a second independent PoW check that must also be satisfied) which means more hashes on average (and proportionally more time) are required to find a block. At the end of the retarget period,  the difficulty is lowered so that if the second PoW difficulty were to be kept constant the block interval would again average 10 mins.<br>
<br>
If we were to keep the second PoW difficulty constant, we would restore the same total PoW-to-time-unit ratio and the retarget difficulty would stabilize again so each block would once more require the same number of hashes (and same amount of time) on average as before.<br>
<br>
But we don&#39;t keep the second PoW difficulty constant - we increase it so once again more hashes on average are required to find a block by the same proportion as before. And we keep doing this.<br>
<br>
Now, the assumption that hashpower is constant is obviously unrealistic. If this is your bone of contention, then yes, I agree my model is overly simplistic.<br>
<br>
My larger point was to explore the extent of what&#39;s possible with only a soft fork - and we can actually go pretty far and even compensate for these economic shifts by increasing block size and rewards. The whole thing is clearly a huge mess - and I wouldn&#39;t recommend actually doing it.<br>
<br>
<br><br><div class="gmail_quote">On December 26, 2015 7:33:53 AM PST, &quot;Jorge Timón&quot; &lt;jtimon@jtimon.cc&gt; wrote:<blockquote class="gmail_quote" style="margin: 0pt 0pt 0pt 0.8ex; border-left: 1px solid rgb(204, 204, 204); padding-left: 1ex;">
<p dir="ltr"><br />
On Dec 26, 2015 9:24 AM, &quot;Eric Lombrozo via bitcoin-dev&quot; &lt;<a href="mailto:bitcoin-dev@lists.linuxfoundation.org">bitcoin-dev@lists.linuxfoundation.org</a>&gt; wrote:<br />
  <br />
&gt; Unfortunately, this also means longer confirmation times, lower throughput, and lower miner revenue. Note, however, that confirmations would (on average) represent more PoW, so fewer confirmations would be required to achieve the same level of security.<br />
&gt;  </p>
<p dir="ltr">I&#39;m not sure I understand this. If mining revenue per unit of time drops, total pow per unit of time should also drop. Even if the inter-block time is increased, it&#39;s not clear to me that the pow per block would necessarily be higher.<br />
What am I missing?<br />
</p>
</blockquote></div></body></html>
------HFR2LPWF5LFY0JZ58R59BNQBCVCIGR--