Received: from sog-mx-4.v43.ch3.sourceforge.com ([172.29.43.194]
	helo=mx.sourceforge.net)
	by sfs-ml-3.v29.ch3.sourceforge.com with esmtp (Exim 4.76)
	(envelope-from <jeremy@taplink.co>) id 1Vxtpv-0006tj-Ab
	for bitcoin-development@lists.sourceforge.net;
	Tue, 31 Dec 2013 07:33:59 +0000
Received-SPF: pass (sog-mx-4.v43.ch3.sourceforge.com: domain of taplink.co
	designates 50.117.27.232 as permitted sender)
	client-ip=50.117.27.232; envelope-from=jeremy@taplink.co;
	helo=mail.taplink.co; 
Received: from mail.taplink.co ([50.117.27.232])
	by sog-mx-4.v43.ch3.sourceforge.com with smtp (Exim 4.76)
	id 1Vxtpu-0002bG-Dl for bitcoin-development@lists.sourceforge.net;
	Tue, 31 Dec 2013 07:33:59 +0000
Received: from laptop-air.hsd1.ca.comcast.net ([192.168.168.135]) by
	mail.taplink.co ; Mon, 30 Dec 2013 23:32:12 -0800
Content-Type: text/plain; charset=iso-8859-15; format=flowed; delsp=yes
To: bitcoin-development@lists.sourceforge.net, Luke-Jr <luke@dashjr.org>
References: <CAMkFLsSwKEiEtV1OaAsGPiU8iAWbb77fDNJDmRwbgKnZ_kjG6Q@mail.gmail.com>
	<20131230232225.GA10594@tilt> <201312310114.05600.luke@dashjr.org>
Date: Mon, 30 Dec 2013 23:28:10 -0800
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
From: "Jeremy Spilman" <jeremy@taplink.co>
Organization: TapLink
Message-ID: <op.w8x4c8vbyldrnw@laptop-air.hsd1.ca.comcast.net>
In-Reply-To: <201312310114.05600.luke@dashjr.org>
User-Agent: Opera Mail/1.0 (Win32)
oclient: 192.168.168.135#jeremy@taplink.co#465
X-Spam-Score: -1.7 (-)
X-Spam-Report: Spam Filtering performed by mx.sourceforge.net.
	See http://spamassassin.org/tag/ for more details.
	-1.5 SPF_CHECK_PASS SPF reports sender host as permitted sender for
	sender-domain
	-0.0 SPF_PASS               SPF: sender matches SPF record
	-0.1 RP_MATCHES_RCVD Envelope sender domain matches handover relay
	domain
	0.0 URIBL_BLOCKED ADMINISTRATOR NOTICE: The query to URIBL was blocked.
	See
	http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block
	for more information. [URIs: taplink.co]
	-0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from
	author's domain
	0.1 DKIM_SIGNED            Message has a DKIM or DK signature,
	not necessarily valid
	-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature
X-Headers-End: 1Vxtpu-0002bG-Dl
Subject: [Bitcoin-development] Merge mining
X-BeenThere: bitcoin-development@lists.sourceforge.net
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: <bitcoin-development.lists.sourceforge.net>
List-Unsubscribe: <https://lists.sourceforge.net/lists/listinfo/bitcoin-development>,
	<mailto:bitcoin-development-request@lists.sourceforge.net?subject=unsubscribe>
List-Archive: <http://sourceforge.net/mailarchive/forum.php?forum_name=bitcoin-development>
List-Post: <mailto:bitcoin-development@lists.sourceforge.net>
List-Help: <mailto:bitcoin-development-request@lists.sourceforge.net?subject=help>
List-Subscribe: <https://lists.sourceforge.net/lists/listinfo/bitcoin-development>,
	<mailto:bitcoin-development-request@lists.sourceforge.net?subject=subscribe>
X-List-Received-Date: Tue, 31 Dec 2013 07:33:59 -0000

Merge mining lets Bitcoin miners support or attack an alt-coin without any  
additional cost for their proof-of-work.

Since bitcoin miners have to install software to build and claim blocks in  
the alt-coin, the percentage of bitcoin hashing power reflected toward the  
alt-coin will follow some adoption curve based on convincing bitcoin  
miners to opt-in.

Depending on where you are on that adoption curve or 'participation rate',  
you need [a lot] less than 51% of of total Bitcoin hashing power in order  
to 51% attack the alt-coin.

But there's so much 'dry powder' out there (GPUs), I wonder if *not*  
supporting merge-mining is any better? At least the attacker has to do  
some unique PoW, so you hope it's costing them something. Relatively large  
amounts of hashing can definitely be deployed on target with zero startup  
cost, and perhaps very little runtime cost (botnets).

I think the absolute cost of the PoW is very likely *not* the determining  
factor in preventing a 51% attack on all but one or two blockchains  
currently in existence.

Do I understand correctly, the question here is mostly a matter a game  
theory?

On Mon, 30 Dec 2013 17:14:05 -0800, Luke-Jr <luke@dashjr.org> wrote:

> On Monday, December 30, 2013 11:22:25 PM Peter Todd wrote:
>> that you are using merge-mining is a red-flag because without majority,  
>> or
>> at least near-majority, hashing power an attacker can 51% attack your
>> altcoin at negligible cost by re-using existing hashing power.
>
> I strongly disagree on this isolated point. Using the same logic,  
> Bitcoin is
> vulnerable to an attacker at negligible cost by re-using existing hashing
> power from mining Namecoin. Any non-scam altcoin is pretty safe using  
> merged
> mining, since any would-be attacker is going to have it in their  
> interests to
> invest in the altcoin instead of attacking it. It's only the scam ones  
> that want to pump & dump with no improvements, that are really at risk  
> here.
>
> The rational decision for a non-scam altcoin, is to take advantage of  
> merged mining to get as much security as possible. There are also some  
> possible
> tricks to get the full security of the bitcoin miners even when not all
> participate in your altcoin (but this area probably needs some studying  
> to get right).
>
> Luke
>