1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
|
Received: from sog-mx-1.v43.ch3.sourceforge.com ([172.29.43.191]
helo=mx.sourceforge.net)
by sfs-ml-1.v29.ch3.sourceforge.com with esmtp (Exim 4.76)
(envelope-from <pete@petertodd.org>) id 1VzBsS-0003KP-EP
for bitcoin-development@lists.sourceforge.net;
Fri, 03 Jan 2014 21:01:56 +0000
Received-SPF: pass (sog-mx-1.v43.ch3.sourceforge.com: domain of petertodd.org
designates 62.13.149.84 as permitted sender)
client-ip=62.13.149.84; envelope-from=pete@petertodd.org;
helo=outmail149084.authsmtp.net;
Received: from outmail149084.authsmtp.net ([62.13.149.84])
by sog-mx-1.v43.ch3.sourceforge.com with esmtp (Exim 4.76)
id 1VzBsQ-0002eH-Vr for bitcoin-development@lists.sourceforge.net;
Fri, 03 Jan 2014 21:01:56 +0000
Received: from mail-c235.authsmtp.com (mail-c235.authsmtp.com [62.13.128.235])
by punt18.authsmtp.com (8.14.2/8.14.2/) with ESMTP id s03L1kwl012011;
Fri, 3 Jan 2014 21:01:46 GMT
Received: from savin (76-10-178-109.dsl.teksavvy.com [76.10.178.109])
(authenticated bits=128)
by mail.authsmtp.com (8.14.2/8.14.2/) with ESMTP id s03L1d2I026870
(version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-SHA bits=128 verify=NO);
Fri, 3 Jan 2014 21:01:42 GMT
Date: Fri, 3 Jan 2014 16:01:39 -0500
From: Peter Todd <pete@petertodd.org>
To: Jorge =?iso-8859-1?Q?Tim=F3n?= <jtimon@monetize.io>
Message-ID: <20140103210139.GB30273@savin>
References: <CAMkFLsSwKEiEtV1OaAsGPiU8iAWbb77fDNJDmRwbgKnZ_kjG6Q@mail.gmail.com>
<20131230232225.GA10594@tilt> <201312310114.05600.luke@dashjr.org>
<20140101045342.GA7103@tilt>
<CAC1+kJPTYzvU4ngFspvULDMvQK4ckkM719Y+_hx272PCU3amyg@mail.gmail.com>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha256;
protocol="application/pgp-signature"; boundary="OwLcNYc0lM97+oe1"
Content-Disposition: inline
In-Reply-To: <CAC1+kJPTYzvU4ngFspvULDMvQK4ckkM719Y+_hx272PCU3amyg@mail.gmail.com>
User-Agent: Mutt/1.5.21 (2010-09-15)
X-Server-Quench: 3f8e6339-74ba-11e3-b802-002590a15da7
X-AuthReport-Spam: If SPAM / abuse - report it at:
http://www.authsmtp.com/abuse
X-AuthRoute: OCd2Yg0TA1ZNQRgX IjsJECJaVQIpKltL GxAVKBZePFsRUQkR
aQdMdgEUElQaAgsB AmIbWVVeUFx7XWA7 bAxPbAVDY01GQQRq
WVdMSlVNFUsrAR99 B0ocKxlwcQ1BeDBy YENmWj5YCkwvc0V+
S1NTET9XeGZhPWMC AkhYdR5UcAFPdx8U a1UrBXRDAzANdhES
HhM4ODE3eDlSNilR RRkIIFQOdA43HjN0 RhYZED4yB0wZVm00
IVQjJ0QTEQMUM0Mz N1RJ
X-Authentic-SMTP: 61633532353630.1023:706
X-AuthFastPath: 0 (Was 255)
X-AuthSMTP-Origin: 76.10.178.109/587
X-AuthVirus-Status: No virus detected - but ensure you scan with your own
anti-virus system.
X-Spam-Score: -1.5 (-)
X-Spam-Report: Spam Filtering performed by mx.sourceforge.net.
See http://spamassassin.org/tag/ for more details.
-1.5 SPF_CHECK_PASS SPF reports sender host as permitted sender for
sender-domain
-0.0 SPF_PASS SPF: sender matches SPF record
X-Headers-End: 1VzBsQ-0002eH-Vr
Cc: bitcoin-development@lists.sourceforge.net
Subject: Re: [Bitcoin-development] The insecurity of merge-mining
X-BeenThere: bitcoin-development@lists.sourceforge.net
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: <bitcoin-development.lists.sourceforge.net>
List-Unsubscribe: <https://lists.sourceforge.net/lists/listinfo/bitcoin-development>,
<mailto:bitcoin-development-request@lists.sourceforge.net?subject=unsubscribe>
List-Archive: <http://sourceforge.net/mailarchive/forum.php?forum_name=bitcoin-development>
List-Post: <mailto:bitcoin-development@lists.sourceforge.net>
List-Help: <mailto:bitcoin-development-request@lists.sourceforge.net?subject=help>
List-Subscribe: <https://lists.sourceforge.net/lists/listinfo/bitcoin-development>,
<mailto:bitcoin-development-request@lists.sourceforge.net?subject=subscribe>
X-List-Received-Date: Fri, 03 Jan 2014 21:01:56 -0000
--OwLcNYc0lM97+oe1
Content-Type: text/plain; charset=iso-8859-1
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
On Fri, Jan 03, 2014 at 08:14:25PM +0100, Jorge Tim=F3n wrote:
> > You assume the value of a crypto-currency is equal to all miners, it's
> > not.
>=20
> They should be able to sell the reward at similar prices in the market.
> Attackers are losing the opportunity cost of mining the currency by
> attacking it, just like with Bitcoin.
As I showed with my zerocoin example, often that is not the case, e.g. I
do not support anonymity, or *can't* support it because of the local
laws.
Or for that matter, really boring examples like there's two competing
implementations of some basic idea and we'd rather the winner be picked
on technical merits rather than "I have a grudge and a small pool so
I'll this upstart at birth"
> > Suppose I create a merge-mined Zerocoin implementation with a 1:1
> > BTC/ZTC exchange rate enforced by the software. You can't argue this is
> > a scamcoin; no-one is getting rich. There's a 1:1 exchange rate so the
> > only thing you can do with the coin is get some privacy.
>=20
> The idea of sacrificing something external and make bitcoins appear
> still sounds crazy to me.
> I don't see how this pegging contributes in anything to a technical
> argument against merged mining, just looks like a moral argument
> against altcoin in general.
It's a thought experiment; read my original post on how to make a
zerocoin alt-chain and it might make more sense:
http://www.mail-archive.com/bitcoin-development@lists.sourceforge.net/msg02=
472.html
Even better might be to use a merge-mined version of Mastercoin as an
example, where the initial distribution of coins is fixed at genesis and
forward from that is independent of the Bitcoin blockchain.
> > But inevitably
> > some miners won't agree that enabling better privacy is a good thing, or
> > their local governments won't. Either way, they can attack the Zerocoin
> > merge-mined chain with a marginal cost of nearly zero.
>=20
> Ok, so either we assume that the external-pegging hardfork wasn't a
> consensus or we just forget about the pegging and go back to talk
> about merged mining in general.
> Your argument is still "for some reason some miners don't like the MM
> altcoin and prefer to attack it than to be profitable miners".
>=20
> If I mine BTC + NMC and you only mine BTC, it will be harder for you
> to compete against me: I can afford higher costs than you for the same
> BTC reward, since I'm also getting NMC.
>=20
> What you're saying is that Litecoin is more secure than Namecoin
> because while Litecoin can only be attacked by external attackers and
> current miners of other scrypt coins, Namecoin can also be attacked
> the Bitcoin miners that aren't currently mining Namecoin.
> This doesn't sound very reasonable to me.
> I think Namecoin is more secure than Litecoin and new coins should be
> created with SHA256 and merged mining in mind. At least merged mine
> with Litecoin if the still believe scrypt is so "anti-ASIC" and
> "centralization-resistant" (in fact Litecoin is more centralized than
> bitcoin with their shorter block intervals since better connections
> are favored, but that's another story).
>=20
> Merged mining is not only about not competing for proof of work like
> Satoshi defended.
> It is also about wasting resources: the more mining subsidies to
> different chains, the more wasted resources.
> By criticizing merged mining you're also indirectly legitimizing the
> same scamcoin madness you criticize.
> If you don't plan to merge mine, having SHA256 doesn't make sense
> because that makes you more fragile to potential bitcoin miners
> attacks and chainhopers.
> I don't think we would have this many alts living right now if all
> proof of work was SHA256.
>=20
> So if the "anti-asic PoW" myth and the absurd emerging morals of
> "GPU-mining as an universal right" weren't enough, you want to add an
> equally false "merged mining is insecure" to the collection of
> arguments supporting the search of the more absurd possible PoW holy
> grail.
>=20
> Please try to prove that MM is insecure and I'll try to prove your
> wrong. But we don't need zerocoin or an artificial pegging to discuss
> about this.
>=20
> I think Namecoin has a lower reward for miners than litecoin and still
> has much better security. I haven't run the numbers but, will you deny
> it?
> How many amazon VMs do you need to attack each one of them?
I'll give you a hint: "marginal cost"
You're rant has rather little to do with my argument.
--=20
'peter'[:-1]@petertodd.org
0000000000000003065f32da26de1deda93eb722bf1dc4a1b787e7d68d282dbc
--OwLcNYc0lM97+oe1
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iQGrBAEBCACVBQJSxyUzXhSAAAAAABUAQGJsb2NraGFzaEBiaXRjb2luLm9yZzAw
MDAwMDAwMDAwMDAwMDI1MWQ4YzZiYjRmNzNkMmY2OGUzNTlmZTE0M2RmZDM2NDUz
NzRhNGQyNmQwOTM4OGMvFIAAAAAAFQARcGthLWFkZHJlc3NAZ251cGcub3JncGV0
ZUBwZXRlcnRvZC5vcmcACgkQJIFAPaXwkfsvrAf/d1gyCwTleHGZ7kmOfz6+TShx
QDPu+oooPmDCXSYAP+/nyE4PYrBEbVa6/I3j8kvhgYiEQTpgiKYfh4fq9ppQUA3N
DUHTHZI/r37n4+DcZ3lCGoG4fARGa2zlPfgoqzM2Wj34ut6lT5BH3LZJrD6tGOyy
VfluzkzBxg8TwDf7SQdpguPv0o4m5uD3AwsdStv/rTsdpwzLK913goim6eR+zavn
2KnqzeBWV7tPNGMl2GObXoAI0YBRbPyQfGERCIklGnYja2xmJUMnB/BvSOwsvz/7
+UvYbSPRGA0xhwLJ+w2KNuv5enzIQRfHMopCbVN1AvJu/lAvtuq4F5XiCSCgSg==
=omt8
-----END PGP SIGNATURE-----
--OwLcNYc0lM97+oe1--
|