Received: from sog-mx-1.v43.ch3.sourceforge.com ([172.29.43.191] helo=mx.sourceforge.net) by sfs-ml-4.v29.ch3.sourceforge.com with esmtp (Exim 4.76) (envelope-from ) id 1W1JGF-0004BQ-B3 for bitcoin-development@lists.sourceforge.net; Thu, 09 Jan 2014 17:19:15 +0000 Received: from mail-lb0-f170.google.com ([209.85.217.170]) by sog-mx-1.v43.ch3.sourceforge.com with esmtps (TLSv1:RC4-SHA:128) (Exim 4.76) id 1W1JGC-00004y-VC for bitcoin-development@lists.sourceforge.net; Thu, 09 Jan 2014 17:19:15 +0000 Received: by mail-lb0-f170.google.com with SMTP id c11so2560029lbj.29 for ; Thu, 09 Jan 2014 09:19:04 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type :content-transfer-encoding; bh=mDHD8HZkTREmfquH2hPPiYOA8IPI/IPUbcF/qq2+F48=; b=Q8+LN1eAcTPFA+tp3tlDp0tET/yyDFkGdpgaJlIe6JUZ2Ubyp7BcDxSKpRXx9Hzhnq zBYfSoRzce1XgK0et/PTDw70UNCPtnIij5PKCJAIhD2VRdz5sg31zBFKS/dSRFukAY+a MGf7NWxhM6pyhlfu3yViGHI4S8mD74GI0ep0lo0GZMHuOPBQ+swziauKUkd0uHdo/9kM /a6gdltlvFJLyV72lGHI4fdeWPrnTInWq6aQkwNObSWaSkh+H7x6YQGAMN5AsZdeuhXU izdh7J9KgCQo4lNHzE2aPPofjVUxDjLiq94M9qqdcBPxFgmUvMqd9iunbUsoW6jBxiNY Tl6A== X-Gm-Message-State: ALoCoQml9rDPJkBjSxXdrUvCz3gdqooGfhiT31JSVp7lIZdOpHQ06cBjEzz7kgbAGTYFwLKpp+bh MIME-Version: 1.0 X-Received: by 10.112.151.74 with SMTP id uo10mr1688629lbb.45.1389287944147; Thu, 09 Jan 2014 09:19:04 -0800 (PST) Received: by 10.112.74.71 with HTTP; Thu, 9 Jan 2014 09:19:04 -0800 (PST) X-Originating-IP: [85.53.148.187] In-Reply-To: <20140106154456.GA18449@savin> References: <20131230232225.GA10594@tilt> <201312310114.05600.luke@dashjr.org> <20140101045342.GA7103@tilt> <20140103210139.GB30273@savin> <20140106154456.GA18449@savin> Date: Thu, 9 Jan 2014 18:19:04 +0100 Message-ID: From: =?ISO-8859-1?Q?Jorge_Tim=F3n?= To: Peter Todd Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable X-Spam-Score: 0.0 (/) X-Spam-Report: Spam Filtering performed by mx.sourceforge.net. See http://spamassassin.org/tag/ for more details. X-Headers-End: 1W1JGC-00004y-VC Cc: bitcoin-development@lists.sourceforge.net Subject: Re: [Bitcoin-development] The insecurity of merge-mining X-BeenThere: bitcoin-development@lists.sourceforge.net X-Mailman-Version: 2.1.9 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 09 Jan 2014 17:19:15 -0000 On 1/6/14, Peter Todd wrote: > On Sat, Jan 04, 2014 at 01:27:42AM +0100, Jorge Tim=F3n wrote: > It's not meant to prove anything - the proof-of-sacrificed-bitcoins > mentioned(*) in it is secure only if Bitcoin itself is secure and > functional. I referred you to it because understanding the system will > help you understand my thinking behind merge-mining. > > *) It also mentions proof-of-sacrificed-zerocoins which *is* distinct > because you're sacrificing the thing that the chain is about. Now that > has some proof-of-stake tinges to it for sure - I myself am not > convinced it is or isn't a viable scheme. I'm not sure I understand all the differences between proof-of-sacrificed-bitcoins and proof-of-sacrificed-newcoins, but I'm still convinced this doesn't have anything to do with MM PoW vs PoW. The idea looks very interesting and I will ask you and adam to understand it better on IRC, but take into account that when you say "merged mining is insecure" some people hear "merged mined altcoins are less secure than non-MM altcoins" (which is false) and somehow conclude "scrypt altchains are more secure than SHA256 altchains". Whether we like it or not, many people believe that scrypt, quark or primecoin PoW algorithms are somehow more secure than SHA256, and claims that "merged mining is insecure" from core bitcoin developers contribute to spread those beliefs and that no new altcoin has been created with the intend of being merged mined for quite a while. I'm not trying to make you or anyone here responsible for the mistakes other people make. But rephrasing your claims as "We're exploring new ideas for altchains that could be more secure than MM..." sounds very different from "MM is insecure, by the way look at this new idea..." >> Feel free to ask for corrections in the example if you think it needs >> them. >> Feel free to bring your edge legal cases back, but please try to do it >> on top of the example. > > You're argument is perfectly valid and correct, *if* the assumptions > behind it hold. The problem is you're assuming miners act rationally and > have equal opportunities - that's a very big assumption and I have > strong doubts it holds, particularly for alts with a small amount of > hashing power. That's why I made the offer above. What you point out is the reason why freicoin started without merged mining, to grow its own independent security first, before starting to be merged mined. > You know, something that I haven't made clear in this discussion is that > while I think merge-mining is insecure, in the sense of "should my new > fancy alt-coin protocol widget use it?", I *also* don't think regular > mining is much better. In some cases it will be worse due to social > factors. (e.g. a bunch of big pools are going to merge-mine my scheme on > launch day because it makes puppies cuter and kids smile) Fair enough. Do you see any case where an independently pow validated altcoin is more secure than a merged mined one? The reason why I participated in the discussion was that I believe that merged mined PoW is more secure than completely-independent-from-bitcoin pow. And I thought that that was the general understanding in the Bitcoin development community. If that's the case, we agree on what's more important to me. About the new proposal, I don't have a firm opinion yet. I'm sorry but I have to understand it better and think about it in more depth.