1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
|
Received: from sog-mx-1.v43.ch3.sourceforge.com ([172.29.43.191]
helo=mx.sourceforge.net)
by sfs-ml-4.v29.ch3.sourceforge.com with esmtp (Exim 4.76)
(envelope-from <jtimon@monetize.io>) id 1W1JGF-0004BQ-B3
for bitcoin-development@lists.sourceforge.net;
Thu, 09 Jan 2014 17:19:15 +0000
Received: from mail-lb0-f170.google.com ([209.85.217.170])
by sog-mx-1.v43.ch3.sourceforge.com with esmtps (TLSv1:RC4-SHA:128)
(Exim 4.76) id 1W1JGC-00004y-VC
for bitcoin-development@lists.sourceforge.net;
Thu, 09 Jan 2014 17:19:15 +0000
Received: by mail-lb0-f170.google.com with SMTP id c11so2560029lbj.29
for <bitcoin-development@lists.sourceforge.net>;
Thu, 09 Jan 2014 09:19:04 -0800 (PST)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20130820;
h=x-gm-message-state:mime-version:in-reply-to:references:date
:message-id:subject:from:to:cc:content-type
:content-transfer-encoding;
bh=mDHD8HZkTREmfquH2hPPiYOA8IPI/IPUbcF/qq2+F48=;
b=Q8+LN1eAcTPFA+tp3tlDp0tET/yyDFkGdpgaJlIe6JUZ2Ubyp7BcDxSKpRXx9Hzhnq
zBYfSoRzce1XgK0et/PTDw70UNCPtnIij5PKCJAIhD2VRdz5sg31zBFKS/dSRFukAY+a
MGf7NWxhM6pyhlfu3yViGHI4S8mD74GI0ep0lo0GZMHuOPBQ+swziauKUkd0uHdo/9kM
/a6gdltlvFJLyV72lGHI4fdeWPrnTInWq6aQkwNObSWaSkh+H7x6YQGAMN5AsZdeuhXU
izdh7J9KgCQo4lNHzE2aPPofjVUxDjLiq94M9qqdcBPxFgmUvMqd9iunbUsoW6jBxiNY
Tl6A==
X-Gm-Message-State: ALoCoQml9rDPJkBjSxXdrUvCz3gdqooGfhiT31JSVp7lIZdOpHQ06cBjEzz7kgbAGTYFwLKpp+bh
MIME-Version: 1.0
X-Received: by 10.112.151.74 with SMTP id uo10mr1688629lbb.45.1389287944147;
Thu, 09 Jan 2014 09:19:04 -0800 (PST)
Received: by 10.112.74.71 with HTTP; Thu, 9 Jan 2014 09:19:04 -0800 (PST)
X-Originating-IP: [85.53.148.187]
In-Reply-To: <20140106154456.GA18449@savin>
References: <CAMkFLsSwKEiEtV1OaAsGPiU8iAWbb77fDNJDmRwbgKnZ_kjG6Q@mail.gmail.com>
<20131230232225.GA10594@tilt> <201312310114.05600.luke@dashjr.org>
<20140101045342.GA7103@tilt>
<CAC1+kJPTYzvU4ngFspvULDMvQK4ckkM719Y+_hx272PCU3amyg@mail.gmail.com>
<20140103210139.GB30273@savin>
<CAC1+kJNM=67Yw0Rde9y7H0v0x07MsWmh6oK++hDtsKEmLtqcNg@mail.gmail.com>
<20140106154456.GA18449@savin>
Date: Thu, 9 Jan 2014 18:19:04 +0100
Message-ID: <CAC1+kJPjj1N59PbAKyymwcF3DC6x4Ra+z8LKdzae4oUvmpERCA@mail.gmail.com>
From: =?ISO-8859-1?Q?Jorge_Tim=F3n?= <jtimon@monetize.io>
To: Peter Todd <pete@petertodd.org>
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
X-Spam-Score: 0.0 (/)
X-Spam-Report: Spam Filtering performed by mx.sourceforge.net.
See http://spamassassin.org/tag/ for more details.
X-Headers-End: 1W1JGC-00004y-VC
Cc: bitcoin-development@lists.sourceforge.net
Subject: Re: [Bitcoin-development] The insecurity of merge-mining
X-BeenThere: bitcoin-development@lists.sourceforge.net
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: <bitcoin-development.lists.sourceforge.net>
List-Unsubscribe: <https://lists.sourceforge.net/lists/listinfo/bitcoin-development>,
<mailto:bitcoin-development-request@lists.sourceforge.net?subject=unsubscribe>
List-Archive: <http://sourceforge.net/mailarchive/forum.php?forum_name=bitcoin-development>
List-Post: <mailto:bitcoin-development@lists.sourceforge.net>
List-Help: <mailto:bitcoin-development-request@lists.sourceforge.net?subject=help>
List-Subscribe: <https://lists.sourceforge.net/lists/listinfo/bitcoin-development>,
<mailto:bitcoin-development-request@lists.sourceforge.net?subject=subscribe>
X-List-Received-Date: Thu, 09 Jan 2014 17:19:15 -0000
On 1/6/14, Peter Todd <pete@petertodd.org> wrote:
> On Sat, Jan 04, 2014 at 01:27:42AM +0100, Jorge Tim=F3n wrote:
> It's not meant to prove anything - the proof-of-sacrificed-bitcoins
> mentioned(*) in it is secure only if Bitcoin itself is secure and
> functional. I referred you to it because understanding the system will
> help you understand my thinking behind merge-mining.
>
> *) It also mentions proof-of-sacrificed-zerocoins which *is* distinct
> because you're sacrificing the thing that the chain is about. Now that
> has some proof-of-stake tinges to it for sure - I myself am not
> convinced it is or isn't a viable scheme.
I'm not sure I understand all the differences between
proof-of-sacrificed-bitcoins and proof-of-sacrificed-newcoins, but I'm
still convinced this doesn't have anything to do with MM PoW vs PoW.
The idea looks very interesting and I will ask you and adam to
understand it better on IRC, but take into account that when you say
"merged mining is insecure" some people hear "merged mined altcoins
are less secure than non-MM altcoins" (which is false) and somehow
conclude "scrypt altchains are more secure than SHA256 altchains".
Whether we like it or not, many people believe that scrypt, quark or
primecoin PoW algorithms are somehow more secure than SHA256, and
claims that "merged mining is insecure" from core bitcoin developers
contribute to spread those beliefs and that no new altcoin has been
created with the intend of being merged mined for quite a while.
I'm not trying to make you or anyone here responsible for the mistakes
other people make.
But rephrasing your claims as "We're exploring new ideas for altchains
that could be more secure than MM..." sounds very different from "MM
is insecure, by the way look at this new idea..."
>> Feel free to ask for corrections in the example if you think it needs
>> them.
>> Feel free to bring your edge legal cases back, but please try to do it
>> on top of the example.
>
> You're argument is perfectly valid and correct, *if* the assumptions
> behind it hold. The problem is you're assuming miners act rationally and
> have equal opportunities - that's a very big assumption and I have
> strong doubts it holds, particularly for alts with a small amount of
> hashing power.
That's why I made the offer above.
What you point out is the reason why freicoin started without merged
mining, to grow its own independent security first, before starting to
be merged mined.
> You know, something that I haven't made clear in this discussion is that
> while I think merge-mining is insecure, in the sense of "should my new
> fancy alt-coin protocol widget use it?", I *also* don't think regular
> mining is much better. In some cases it will be worse due to social
> factors. (e.g. a bunch of big pools are going to merge-mine my scheme on
> launch day because it makes puppies cuter and kids smile)
Fair enough.
Do you see any case where an independently pow validated altcoin is
more secure than a merged mined one?
The reason why I participated in the discussion was that I believe
that merged mined PoW is more secure than
completely-independent-from-bitcoin pow.
And I thought that that was the general understanding in the Bitcoin
development community.
If that's the case, we agree on what's more important to me.
About the new proposal, I don't have a firm opinion yet. I'm sorry but
I have to understand it better and think about it in more depth.
|
