1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
|
Received: from sog-mx-2.v43.ch3.sourceforge.com ([172.29.43.192]
helo=mx.sourceforge.net)
by sfs-ml-2.v29.ch3.sourceforge.com with esmtp (Exim 4.76)
(envelope-from <pete@petertodd.org>) id 1W1a09-0001fi-53
for bitcoin-development@lists.sourceforge.net;
Fri, 10 Jan 2014 11:11:45 +0000
Received-SPF: pass (sog-mx-2.v43.ch3.sourceforge.com: domain of petertodd.org
designates 62.13.148.102 as permitted sender)
client-ip=62.13.148.102; envelope-from=pete@petertodd.org;
helo=outmail148102.authsmtp.net;
Received: from outmail148102.authsmtp.net ([62.13.148.102])
by sog-mx-2.v43.ch3.sourceforge.com with esmtp (Exim 4.76)
id 1W1a07-0000qp-Vg for bitcoin-development@lists.sourceforge.net;
Fri, 10 Jan 2014 11:11:45 +0000
Received: from mail-c235.authsmtp.com (mail-c235.authsmtp.com [62.13.128.235])
by punt14.authsmtp.com (8.14.2/8.14.2) with ESMTP id s0ABBZ6i063475;
Fri, 10 Jan 2014 11:11:35 GMT
Received: from savin (76-10-178-109.dsl.teksavvy.com [76.10.178.109])
(authenticated bits=128)
by mail.authsmtp.com (8.14.2/8.14.2/) with ESMTP id s0ABBSnr001889
(version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-SHA bits=128 verify=NO);
Fri, 10 Jan 2014 11:11:30 GMT
Date: Fri, 10 Jan 2014 06:11:28 -0500
From: Peter Todd <pete@petertodd.org>
To: Jorge =?iso-8859-1?Q?Tim=F3n?= <jtimon@monetize.io>
Message-ID: <20140110111128.GC25749@savin>
References: <CAMkFLsSwKEiEtV1OaAsGPiU8iAWbb77fDNJDmRwbgKnZ_kjG6Q@mail.gmail.com>
<20131230232225.GA10594@tilt> <201312310114.05600.luke@dashjr.org>
<20140101045342.GA7103@tilt>
<CAC1+kJPTYzvU4ngFspvULDMvQK4ckkM719Y+_hx272PCU3amyg@mail.gmail.com>
<20140103210139.GB30273@savin>
<CAC1+kJNM=67Yw0Rde9y7H0v0x07MsWmh6oK++hDtsKEmLtqcNg@mail.gmail.com>
<20140106154456.GA18449@savin>
<CAC1+kJPjj1N59PbAKyymwcF3DC6x4Ra+z8LKdzae4oUvmpERCA@mail.gmail.com>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha256;
protocol="application/pgp-signature"; boundary="3siQDZowHQqNOShm"
Content-Disposition: inline
In-Reply-To: <CAC1+kJPjj1N59PbAKyymwcF3DC6x4Ra+z8LKdzae4oUvmpERCA@mail.gmail.com>
User-Agent: Mutt/1.5.21 (2010-09-15)
X-Server-Quench: f59d7679-79e7-11e3-b802-002590a15da7
X-AuthReport-Spam: If SPAM / abuse - report it at:
http://www.authsmtp.com/abuse
X-AuthRoute: OCd2Yg0TA1ZNQRgX IjsJECJaVQIpKltL GxAVKBZePFsRUQkR
aQdMdwIUElQaAgsB AmIbWlVeUVx7WmI7 bAxPbAVDY01GQQRq
WVdMSlVNFUsrAW1z dH1AEBlydg1OcTBy Z0JqVj4NWU0uckB6
S1NTHDgBeGZhPWMC AkhYdR5UcAFPdx8U a1UrBXRDAzANdhES
HhM4ODE3eDlSNilR RRkIIFQOdA43HjN0 RhYZED4yB0wZVm00
IVQjJ0QTEQMUM0Mz N1RJ
X-Authentic-SMTP: 61633532353630.1023:706
X-AuthFastPath: 0 (Was 255)
X-AuthSMTP-Origin: 76.10.178.109/587
X-AuthVirus-Status: No virus detected - but ensure you scan with your own
anti-virus system.
X-Spam-Score: -1.5 (-)
X-Spam-Report: Spam Filtering performed by mx.sourceforge.net.
See http://spamassassin.org/tag/ for more details.
-1.5 SPF_CHECK_PASS SPF reports sender host as permitted sender for
sender-domain
-0.0 SPF_PASS SPF: sender matches SPF record
X-Headers-End: 1W1a07-0000qp-Vg
Cc: bitcoin-development@lists.sourceforge.net
Subject: Re: [Bitcoin-development] The insecurity of merge-mining
X-BeenThere: bitcoin-development@lists.sourceforge.net
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: <bitcoin-development.lists.sourceforge.net>
List-Unsubscribe: <https://lists.sourceforge.net/lists/listinfo/bitcoin-development>,
<mailto:bitcoin-development-request@lists.sourceforge.net?subject=unsubscribe>
List-Archive: <http://sourceforge.net/mailarchive/forum.php?forum_name=bitcoin-development>
List-Post: <mailto:bitcoin-development@lists.sourceforge.net>
List-Help: <mailto:bitcoin-development-request@lists.sourceforge.net?subject=help>
List-Subscribe: <https://lists.sourceforge.net/lists/listinfo/bitcoin-development>,
<mailto:bitcoin-development-request@lists.sourceforge.net?subject=subscribe>
X-List-Received-Date: Fri, 10 Jan 2014 11:11:45 -0000
--3siQDZowHQqNOShm
Content-Type: text/plain; charset=iso-8859-1
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
On Thu, Jan 09, 2014 at 06:19:04PM +0100, Jorge Tim=F3n wrote:
> On 1/6/14, Peter Todd <pete@petertodd.org> wrote:
> > On Sat, Jan 04, 2014 at 01:27:42AM +0100, Jorge Tim=F3n wrote:
> > It's not meant to prove anything - the proof-of-sacrificed-bitcoins
> > mentioned(*) in it is secure only if Bitcoin itself is secure and
> > functional. I referred you to it because understanding the system will
> > help you understand my thinking behind merge-mining.
> >
> > *) It also mentions proof-of-sacrificed-zerocoins which *is* distinct
> > because you're sacrificing the thing that the chain is about. Now that
> > has some proof-of-stake tinges to it for sure - I myself am not
> > convinced it is or isn't a viable scheme.
>=20
> I'm not sure I understand all the differences between
> proof-of-sacrificed-bitcoins and proof-of-sacrificed-newcoins, but I'm
> still convinced this doesn't have anything to do with MM PoW vs PoW.
Proof-of-sacrified-bitcoins is always a true sacrifice - provided
Bitcoin itself maintains consensus the proof is a guarantee that
something of value was given up.
Proof-of-sacrificed-"newcoins" means that within some consensus system I
created a signed statement that *within the system* means I lose
something of value. However that sacrifice is only valid if the
consensus of the system includes that sacrifice within the consensus,
and if the mechanism by which that consensus is maintained has anything
to do with those sacrifices you quickly find yourself on pretty shakey
ground.
> > You know, something that I haven't made clear in this discussion is that
> > while I think merge-mining is insecure, in the sense of "should my new
> > fancy alt-coin protocol widget use it?", I *also* don't think regular
> > mining is much better. In some cases it will be worse due to social
> > factors. (e.g. a bunch of big pools are going to merge-mine my scheme on
> > launch day because it makes puppies cuter and kids smile)
>=20
> Fair enough.
> Do you see any case where an independently pow validated altcoin is
> more secure than a merged mined one?
Situations where decentralized consensus systems are competing for
market share in some domain certainely apply. For instance if I were to
create a competitor to Namecoin, perhaps because I thought the existing
allocation of names was unfair, and/or I had technical improvements like
SPV, it's easy to imagine Namecoin miners deciding to attack my
competitor to preserve the value of their namecoins and domain names
registered in Namecoin.
The problem here is that my new system has a substantial *negative*
value to those existing Namecoin holders - if it catches on the value of
their Namecoin investment in the form of coins and domain names may go
down. Thus for them doing nothing has a negative return, attacking my
coin has a positive return minus costs, and with merge-mining the costs
are zero.
Without merge mining if the value to the participants in the new system
is greater than the harm done to the participants in the old system the
total work on the new system's chain will still be positive and it has a
chance of surviving.
Of course, this is what Luke-Jr was getting at when he was talking about
scam-coins and merge mining: if you're alt-currency is a currency, and
it catches on, then it dilutes the value of your existing coins and
people who own those coins have an incentive to attack the competitor.
That's why merge-mined alt-coins that are currencies get often get
attacked very quickly.
--=20
'peter'[:-1]@petertodd.org
00000000000000028a5c9edabc9697fe96405f667be1d6d558d1db21d49b8857
--3siQDZowHQqNOShm
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iQGrBAEBCACVBQJSz9VfXhSAAAAAABUAQGJsb2NraGFzaEBiaXRjb2luLm9yZzAw
MDAwMDAwMDAwMDAwMDI4YTVjOWVkYWJjOTY5N2ZlOTY0MDVmNjY3YmUxZDZkNTU4
ZDFkYjIxZDQ5Yjg4NTcvFIAAAAAAFQARcGthLWFkZHJlc3NAZ251cGcub3JncGV0
ZUBwZXRlcnRvZC5vcmcACgkQJIFAPaXwkfuoSAf/XdUjwBqxp8YETm/+27H3gscJ
7FIA0BqSFJ6lOk3NUjGH34nSczTO6g4LZozm/GeSpehDMmd/UE9vnq3dAavfaM7j
+BMjSu7U+OzJB9gt3hBrlzRQrG5bjo8Sh242FwhTY37jpYjcI6nUXjy71gcZRTJP
8Un8zEQhj7xXjR2o2IwE8fOg7R8FYqZdFlhK9vSnm7lTKQO855sSBpRoplzrwq8m
kTxbxpIy/GizsNyj++W+YTaICEOLNmNCCp/LNd8c0HV5WBlPjM8NyDM4W6Y8zhPA
zo/Uf/kGICM8nH4fGxhtLWZYPyHBF4akdMH2ADNqXF0vYVV7Tj5EvPzAVfcIbw==
=P6fo
-----END PGP SIGNATURE-----
--3siQDZowHQqNOShm--
|