Received-SPF: pass (sog-mx-4.v43.ch3.sourceforge.com: domain of gmail.com
	designates 74.125.82.176 as permitted sender)
	client-ip=74.125.82.176; envelope-from=alex.mizrahi@gmail.com;
	helo=mail-we0-f176.google.com; 
MIME-Version: 1.0
In-Reply-To: <CANEZrP2uVT_UqJbzyQcEbiS78T68Jj2cH7OGXv5QtYiCwArDdA@mail.gmail.com>
References: <20150212064719.GA6563@savin.petertodd.org>
	<CANEZrP2uVT_UqJbzyQcEbiS78T68Jj2cH7OGXv5QtYiCwArDdA@mail.gmail.com>
Date: Thu, 12 Feb 2015 14:52:59 +0200
Message-ID: <CAE28kUQ87jWhq1p6RK1eKEuEP1ERxN_P2SS0=YsFEGAqRyMPLA@mail.gmail.com>
From: Alex Mizrahi <alex.mizrahi@gmail.com>
To: Bitcoin Dev <bitcoin-development@lists.sourceforge.net>
Content-Type: multipart/alternative; boundary=047d7ba976c485bc81050ee399e9
Subject: Re: [Bitcoin-development] replace-by-fee v0.10.0rc4
Precedence: list

--047d7ba976c485bc81050ee399e9
Content-Type: text/plain; charset=UTF-8

> Miners are *not* incentivised to earn the most money in the next block
> possible. They are incentivised to maximise their return on investment.
>

This would be right if you assume that all Bitcoin miners act as a single
entity. In that case it is true that that entity's goal is to maximize
overall ROI.

But each miner makes decisions on his own. Are you familiar with a concept
of Nash equilibrium, prisoner's dilemma, etc?

The fact that nobody is using this kind of a behavior right now doesn't
mean that we can rely on it.

For example, Peercoin was horribly broken in 6 months after its release
(e.g. people reported that they are able to generate 50 consecutive blocks
simply by bringing a cold wallet online) and yet nobody bothered to exploit
it, and it managed to acquire non-negligible "market cap".

So we have an empiric evidence that proof-of-stake miners are motivated to
keep network secure. So, maybe, we should switch to proof-of-stake, if it
was demonstrated that it is secure?

There are good reasons to not switch to proof-of-stake. Particularly, the
kind which is used in Peercoin is not game-theoretically sound. So even if
it works right now, it can fail in a big way once attackers will really get
around to it. An attack requires significant knowledge, effort and,
possibly, capital, so it might be only feasible on a certain scale.

So, well, anyway, suppose Peter Todd is the only person interested in
maintaining replace-by-fee patches right now, and you can talk him into
abandoning them.
OK, perhaps zero-confirmation payments will be de-facto secure for a couple
of years. And thus a lot of merchants will rely on zero-confirmation
payments protected by nothing but a belief in honest miners, as it is damn
convenient.

But, let's say, 5 years from now, some faction of miners who own
soon-to-be-obsolete equipment will decide to boost their profits with a
replace-by-fee pool and a corresponding wallet. They can market it as "1 of
10 hamburgers are free" if they have 10% of the total hashpower.

So would you take a responsibility for pushing the approach which isn't
game-theoretically sound?

--047d7ba976c485bc81050ee399e9
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr"><div class=3D"gmail_extra"><div class=3D"gmail_quote"><div=
>=C2=A0</div><blockquote class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;b=
order-left:1px #ccc solid;padding-left:1ex"><div dir=3D"ltr"><div class=3D"=
gmail_extra">Miners are <b>not</b>=C2=A0incentivised to earn the most money=
 in the next block possible. They are incentivised to maximise their return=
 on investment. </div></div></blockquote><div><br></div><div>This would be =
right if you assume that all Bitcoin miners act as a single entity. In that=
 case it is true that that entity&#39;s goal is to maximize overall ROI.</d=
iv><div><br></div><div>But each miner makes decisions on his own. Are you f=
amiliar with a concept of Nash equilibrium, prisoner&#39;s dilemma, etc?</d=
iv><div><br></div><div>The fact that nobody is using this kind of a behavio=
r right now doesn&#39;t mean that we can rely on it.</div><div><br></div><d=
iv>For example, Peercoin was horribly broken in 6 months after its release =
(e.g. people reported that they are able to generate 50 consecutive blocks =
simply by bringing a cold wallet online) and yet nobody bothered to exploit=
 it, and it managed to acquire non-negligible &quot;market cap&quot;.</div>=
<div><br></div><div>So we have an empiric evidence that proof-of-stake mine=
rs are motivated to keep network secure. So, maybe, we should switch to pro=
of-of-stake, if it was demonstrated that it is secure?</div><div><br></div>=
<div>There are good reasons to not switch to proof-of-stake. Particularly, =
the kind which is used in Peercoin is not game-theoretically sound. So even=
 if it works right now, it can fail in a big way once attackers will really=
 get around to it. An attack requires significant knowledge, effort and, po=
ssibly, capital, so it might be only feasible on a certain scale.</div><div=
><br></div><div>So, well, anyway, suppose Peter Todd is the only person int=
erested in maintaining replace-by-fee patches right now, and you can talk h=
im into abandoning them.</div><div>OK, perhaps zero-confirmation payments w=
ill be de-facto secure for a couple of years. And thus a lot of merchants w=
ill rely on zero-confirmation payments protected by nothing but a belief in=
 honest miners, as it is damn convenient.</div><div><br></div><div>But, let=
&#39;s say, 5 years from now, some faction of miners who own soon-to-be-obs=
olete equipment will decide to boost their profits with a replace-by-fee po=
ol and a corresponding wallet. They can market it as &quot;1 of 10 hamburge=
rs are free&quot; if they have 10% of the total hashpower.</div><div><br></=
div><div>So would you take a responsibility for pushing the approach which =
isn&#39;t game-theoretically sound?</div><div><br></div><div>=C2=A0</div></=
div></div></div>

--047d7ba976c485bc81050ee399e9--