[HN Gopher] BTC Endgame ___________________________________________________________________ BTC Endgame Author : jbegley Score : 125 points Date : 2021-02-19 21:23 UTC (1 hours ago) (HTM) web link (github.com) (TXT) w3m dump (github.com) | nostrademons wrote: | You don't need a DoS attack under the assumptions of this | project. It's already assumed that you control ~80% of hash rate, | so you execute a 51% attack that mass double-spends coins and | destroy all confidence in the integrity of the currency. Poof, | nobody uses it. | | Note that China already controls ~65% of Bitcoin hash rate, so if | they wanted to execute this right now, they probably could. | | That they haven't is one reason I'm bullish on cryptocurrency, | and specifically Ethereum and Stellar, and it's entirely separate | from why many other Bitcoin bulls are bullish on cryptocurrency. | _You don 't need proof-of-work to secure a blockchain._ You only | need game theory: as long as each participant has more to gain | from allowing Bitcoin's continued existence than destroying it | (and they can't subvert or destroy it in a way that will be | invisible to other market participants), it will continue to | exist. China gains no benefit from destroying Bitcoin; they can | just continue to let it exist and tax all the Bitcoin miners in | China, generating revenue for themselves and their citizens and | continuing to be a thorn in the side of dollar hegemony. | | This also implies that proof-of-stake (if done right) is just as | good as proof-of-work, which'll solve the energy issues | associated with Bitcoin. And it means that cryptocurrency | adoption, if it happens, isn't going to be because it's | particularly good: rather, it'll be because the U.S. has | destroyed the dollar. There's value in cryptocurrency simply in | it being an alternative that's readily available, so that | civilization doesn't stop if the U.S. does end up miscalculating | and hyperinflating the dollar. | hertzrat wrote: | Will Bitcoin even be that decentralized in 50 years? The miners | control the network, and most mining is done by big companies | now and their data centres. If it's like other companies, won't | they gradually acquire one another until there is only 1-2 | companies controlling almost the entire future crypto economy? | The scale of the computing power we are talking about is not | something that individuals can compete with | mrits wrote: | I've posted here before about it. I'm of the opinion that it | currently is not decentralized. There is such a shortage of | hardware that can be competitive right now and there are only | a few organizations that can get their hands on them. I think | this problem is just going to get worse when the manufactures | start to realize it doesn't make sense to sell any of their | miners at all. | swader999 wrote: | Agree, the electricity for the mining is even more | centralised. That really is the point of control on this | whole thing. | AffableSpatula wrote: | I'm not so sure. If you don't need proof of work to secure a | blockchain, then why is the free market of Bitcoin consensus | continuing to expend huge amounts of capital to stick with it | as its sybil resistance mechanism? If it wasn't considered a | value destroying move, the transition away from PoW would've | happened already no? | nostrademons wrote: | It has, in _new_ cryptocurrencies. Virtually all | cryptocurrencies launched since 2017 are proof-of-stake: | Cardano, EOS, Stellar, Polkadot, Tezos, TRON. Ethereum is in | the process of a very expensive and painful transition from | proof-of-work to proof-of-stake. | | The reason you haven't seen this in the global cryptocurrency | industry is because of network effects and adoption curves. | Most programmers would probably agree that C++ is archaic and | that the software industry has moved on to newer languages | like Rust, Go, Kotlin, ES6, etc. Why then do Microsoft, | Amazon, Apple, Google, etc. all rely on large quantities of | C++ code? Because they were founded in the last millennia, | when C++ was basically the only alternative for what they | were trying to do, and have deeply enmeshed ecosystems and | value chains that are all dependent on their existing C++ | codebase. Throw it out and you throw out the $5T+ in value | they've built. They couldn't have built that up without the | 20 year head start they have, but if you're founding a tech | company _now_ , you're pretty dumb to use C++. | | Similarly, Bitcoin has built a whole ecosystem of miners, | speculators, traders, exchanges, payment systems, wallets, | etc. Throw proof-of-work out and you throw all that out, and | along with it your advantage over Ethereum, Cardano, Stellar, | etc. | hertzrat wrote: | > if you're founding a tech company now, you're pretty dumb | to use C++ | | All us unreal engine using indie developers must be pretty | dumb then. It's true that programming in c# in unity is | easier, but the end result of the c++ is a prettier game | with more things happening at once at a higher frame rate. | More grass, more characters, more animations, more AI | nuance, more physics interactions, etc | DSMan195276 wrote: | > If it wasn't considered a value destroying move, the | transition away from PoW would've happened already no? | | I think there's a conflict of interest issue here that would | prevent such a move even if it would be worth it - the miners | clearly have an incentive to keep the current PoW mechanism, | as without it they're left holding a bunch of expensive | useless tech. And without the miners willing to go along with | a move from PoW to PoS, at best you're going to get a split | between the PoW and PoS chains rather than a clean shift from | one to the other and just create a mess, which isn't ideal | for anyone. | AffableSpatula wrote: | The attack scenario is an adversarial nation state who is | not motivated economically and is intent on sabotage of the | network. | DSMan195276 wrote: | I don't understand what you're getting at, I was pointing | out why Bitcoin hasn't moved to PoS even if it may | actually be better. | AffableSpatula wrote: | You're right, I totally misread what you said. | | I think the answer to what you actually said is; miners | don't control consensus on the network - it's not up to | them, it's up to fullnodes/users who can change the | ruleset whenever they want. | nugget wrote: | Given China's political structure, wouldn't it just take one | participant (President Xi) to wake up and decide "party over" | if it became politically favorable to do so? | WJW wrote: | > China gains no benefit from destroying Bitcoin; | | Citation needed on this one I'm afraid. If nothing else, a | currency that the Party cannot control would be A Problem. | China did not have much economic benefit in halting the ANT | IPO, yet it did not go through all the same. There _might_ be a | benefit in allowing bitcoin to continue to exist of course, if | they think it advances their cause more than it hurts it. But | as soon as that calculus changes, it seems quite likely that | the big mining corps (with as you say at the moment of speaking | about 65% of total hash rate) will receive some "friendly | invitations" (from unfriendly people with guns) to stop their | business operations. | kajumix wrote: | If they executed a 51% attack, it will most likely result in | a hard fork. Every full node would be able to tell where | China branched off. We'll have BTC and BTC-China, with their | individual markets. Keep in mind that while China has the | bulk of miners, the majority of reachable full nodes are in | North America. | tshaddox wrote: | Why haven't they destroyed it then? | bsder wrote: | They may be using it to track people attempting to move | money out of the country. | | Cryptocurrencies aren't very anonymous. | fanciestManimal wrote: | It's not inconceivable (to me at least) that at some point | in the future it would be politically or personally | beneficial for the leadership of a totalitarian government | to do something that is economically costly to it's | citizens (in this case we're talking about damaging | bitcoin, but it could be anything). | WJW wrote: | In an elegant tautological argument: because at the moment | it does not advance their causes to do so (yet). | PragmaticPulp wrote: | Frankly, because it's not as much of a threat as the | popular narrative suggests. They may actually benefit from | being able to use cryptocurrency for their own ends, either | by using it directly or using the public ledger nature | combined with their surveillance powers to get insight into | transactions. | | Regardless, the attacks described here require large | concentrations of mining power. In theory, the best way to | attack it would be to wait for (or even | encourage/subsidize) your country to become the | geographical leader in mining operations. | | Or even better: Wait for companies in competing countries | to start holding BTC on their balance sheets and consumers | to put their investments in BTC. Now you have a kill switch | for part of the balance sheets of competing countries. | | I personally doubt this is happening, but I'm sure it's | being considered as an attack scenario. | AffableSpatula wrote: | This is the Turkey Fallacy. | tshaddox wrote: | No, I'm actually asking for ideas for why they haven't | destroyed it yet. | TrainedMonkey wrote: | I think at least part of the reason is because they own it. | Per https://www.statista.com/statistics/1200477/bitcoin- | mining-b... 65% of all bitcoin mining is in China, this | means majority of newly minted coins are in China, but also | they can launch 51% attack at any time. | thatfrenchguy wrote: | Better stuff to do ? | pvarangot wrote: | > Note that China already controls ~65% of Bitcoin hash rate, | so if they wanted to execute this right now, they probably | could. | | When you say "China" do you mean like an actor that can make | coordinated decisions? Or just a geographic region? I'm asking | out of curiosity because yeah there's a lot of miners in China | across many geographic regions but I never saw any evidence | that they even talking to each other, even less coordinated | enough to agree on making a decision as drastic at attacking | the Bitcoin blockchain. | MattGaiser wrote: | We are talking about China. There is a supreme actor who gets | to make coordinated decisions if they so choose. | flatline wrote: | I think the concern is that the authoritarian Chinese | government can exercise an awful lot of influence when they | are inclined. For a supposedly decentralized system it's an | awfully big risk. | nine_k wrote: | The question is whether CCP has sufficient control over them. | If it does not yet, it might consider working on that. OTOH I | like the game-theoretic argument: they don't need to. | Fnoord wrote: | A better question to ask is: 'is the effort worth the | gain?' | hinkley wrote: | Is the theater of starting the process worth the | concessions I can win? | | It's not bluffing if you're willing to do it. But it's a | lot cheaper if you don't have to follow through. | | China is scary because of the big risks they're willing | to take. Like giant earthquakes or drowning Shanghai if | their hydro power system has the failure that western | civil engineers have predicted. | generalizations wrote: | I'd make a wild guess that when parent is talking about | 'control', they mean that if a miner is located within China, | the Chinese government has the ability to put a gun to that | miners head and tell them what to do. | worker767424 wrote: | No need to bother with a gun. Just threaten to take 100 | points off their social credit score or ban them from | WeChat. | gavrif wrote: | With that kind of control, they could just put a gun to | anyone's head and ask them to start mining bitcoin and do | it the way they want them to. It wouldn't have to depend on | how many bitcoin miners are in China at the moment. | dontreact wrote: | Fortunately, it is immensely more difficult for the | Chinese state to exercise its monopoly on force outside | of Chinese borders. | nostrademons wrote: | It's a lot easier to point a gun to someone's head and | say "Switch your equipment over to the network pipe that | we give you" rather than point a gun to someone's head | and say "Build a datacenter, secure an extremely large | source of power, buy a few thousand Bitcoin mining | boards, hook them all up in this extremely technical way, | and then switch it over to the network pipe we give you." | | The gun in the head strategy works best when you're only | asking your populace to do simple things. For complex, | technical tasks, the usual response is "Oops, I can't | concentrate while you've got a gun against my head", and | then you can shoot them but that's not going to help your | task get accomplished any quicker. (This is also why | working conditions at say Google or Apple tend to be | pretty good, and why Soviet scientists were treated | relatively well even if the rest of the population | wasn't.) | [deleted] | swader999 wrote: | I'd wager the way China would exert control on miners | there would be to regulate their access to electricity. | dingus9 wrote: | China would benefit more by confiscating all hashrate & | hoarding all of the BTC for themselves before announcing | that BTC is their national currency and driving BTC price | to millions per-coin. | | It's just as farfetched and unlikely, but anti-Bitcoiners | just keep theorizing about a hostile China takeover | crashing BTC price as if it's feasible, without considering | the inverse. | throwaway1777 wrote: | Because China has already announced DCEP as their | national crypto. So the chance of them making btc their | currency is basically none while China has already | cracked down on btc in various ways in the past. They | could in theory use btc as some kind of reserve or | exchange currency, but not sure why they would need to | when everyone has to bend to their will to trade with | them. | justicezyx wrote: | Same thing that a lot Chinese people thinking of the West. | Like anything is coordinated behind thing, led by US, and | followed up by the developed countries. | | Thanks for calling out this mental bias. | PragmaticPulp wrote: | > rather, it'll be because the U.S. has destroyed the dollar. | There's value in cryptocurrency simply in it being an | alternative that's readily available, so that civilization | doesn't stop if the U.S. does end up miscalculating and | hyperinflating the dollar. | | Even before Bitcoin, we had plenty of other alternative | currencies that could have replaced the dollar. I've been | reading headlines speculating about the dollar being replaced | by other currencies as long as I can remember, before Bitcoin | existed. | | To your point: If Bitcoin somehow did become an alternative | world currency and USD was out of the running, wouldn't that | create great incentive for China to crash Bitcoin prices and | drive everyone to use their national currency? | | I'm not happy with the current rate of inflation, but I think | it's also clear that true hyperinflationary scenarios aren't | likely in modern countries. As much as we like to criticize | governments (often rightfully so), it takes orders of magnitude | more incompetence and malice for a government to enter | hyperinflation. It's not something that is stumbled upon by | accident. | fny wrote: | US monetary dominance is up for grabs. This doesn't mean the | US is necessarily supplanted as the world reserve currency, | but it does mean lots of trade may dedollarize to some | extent. My bet is there will be two major currency zones. | Dollar/Euro in the West + Middle East + India, Renmimbi in | the East + Australia + Africa. | | Given the explosion of debt to GDP in the west vs the east, I | see no way the Renmimbi will not continue to appreciate | against the dollar, and I fully expect Chinese monetary | dominance to increase with the government's continued | annexation of Hong Kong. | | BTC will probably dominate in countries were currency value | is routinely destroyed (developing nations, Russia, the US | and Europe to some extent) but as only as a back channel | currency: I doubt any major commodity market or trade is ever | going to be priced in BTC. | nostrademons wrote: | "If Bitcoin somehow did become an alternative world currency | and USD was out of the running, wouldn't that create great | incentive for China to crash Bitcoin prices and drive | everyone to use their national currency?" | | It would, but there's no guarantee that if people left | Bitcoin they would end up in RMB. More likely they'd jump to | _another_ cryptocurrency, or to Euros. People tend to | distrust the last party that fucked them over. | | I could see a dangerous situation if China let Bitcoin thrive | for a generation, let all the other currencies wither on the | vine through normal market mechanisms, and _then_ decided to | exercise their national control over Bitcoin. That 's | basically the Amazon strategy - make your product so | appealing that all the other retailers go bankrupt, and | _then_ jack up prices once there 's no alternative and a | whole generation assumes you're the normal way to buy things. | (Come to think of it, that's kinda the U.S. dollar strategy | now.) But that's a generation off, so naturally I'm not | thinking of it, and I doubt very many others outside of HN | are either. | gge wrote: | > Stellar | | kek | Laforet wrote: | How would a hyperinflation on the US dollar cause civilization | to stop? | | In any case, crypto trading since 2017 has been nothing but | people buying and selling imaginary ticker symbols on | unregulated exchanges. | | For example, XVG and ETC has been subject to successful 51% | attacks more than once and every time the price was hardly | affected. And each time the "solution" to deep chain reorg | involved the exchanges freezing all trading while developers | rushed to add a hardcoded checkpoint. Once the "correct" | version of history has been manually restored, everybody sing | kumbaya and goes back to paying real cash for monopoly money. | | Crypto need no proof of anything (PoS is still vaporware - | debate me if you want), other than a shared delusion of value | headed by the bucket shops. | swinglock wrote: | > PoS is still vaporware | | Why is that? Aren't Cardano and Polkadot PoS as they claim or | doesn't it work? | Laforet wrote: | No PoS algorithm has yet managed to solve the Nothing-at- | stake problem, nor are they any more resistant to the | abovementioned kind of hostile takeover by the nation state | player compared to PoW. | | I can't speak for every PoS coin out there but | Cardano/Ouroborous explicitly assumes partial synchrony | which is arguably never a good idea for a supposedly | permissionless blockchain. | ericb wrote: | > PoS is still vaporware - debate me if you want | | Tezos has a fully working Proof of stake system, and there | are others. Feel free to share whatever you're on about, but | I have a feeling "the debate" will be an exercise in goalpost | moving. | Laforet wrote: | Baseless accusations aside, please see my reply elsewhere | in this thread for a response. | shadowgovt wrote: | > How would a hyperinflation on the US dollar cause | civilization to stop? | | The dollar is the value used to denominate world debt via the | IMF. It's also (partially related to this fact) the "mattress | currency" of a lot of nations... Nations hoard US dollars to | back-stop their own economies, since if their currency starts | to tank, they can use dollars to pay their international | debts. | | A worthless US dollar would have wide-ranging international | currency disruption. | afavour wrote: | > China gains no benefit from destroying Bitcoin | | Right now they don't, no. But to my mind Bitcoin being subject | to the whims of a major world power is a big knock against it, | given that it aims to be a currency alternative. I don't want | such an alternative to subject to any kind of geopolitical | mood. | core-questions wrote: | Yes. Much like mutually-assured-destruction with WMDs, we | need to try to keep China to <50% of the mining pool, | otherwise they can do as they wish with it. | | Maybe the US government doesn't mind that? Maybe they hope it | will die, and send everyone flocking back to the dollar? | fanciestManimal wrote: | Yea I can't see a power like China controlling bitcoin to be | a good thing. I also can't see myself maintaining a | substantial fraction of my wealth in a unit of value subject | to the whim of a totalitarian government. | | It's not inconceivable (to me at least) that leaders could | decide it's personally beneficial to them (or politically | beneficial) to damage Bitcoin, even if it cost a ton of their | tax payers money. | Udik wrote: | No power controlling Bitcoin is a good thing (at least for | Bitcoin). That's true for China, who could force its miners | to do what it wants, as it is for the US, which could make | it arbitrarily hard to transact or hold BTC (and which also | has the habit if imposing sanctions on other states' | entities). | thatfrenchguy wrote: | > China gains no benefit from destroying Bitcoin; they can just | continue to let it exist and tax all the Bitcoin miners in | China, generating revenue for themselves and their citizens and | continuing to be a thorn in the side of dollar hegemony | | CO2 emissions is probably why I'd do it if I were the Chinese | government frankly. | throwaway1777 wrote: | Environmental virtue signaling compared to other co2 emission | sources in China. | unyttigfjelltol wrote: | The entire multi-billion BTC ecosystem is built on software that | still hasn't reached "Version 1.0"? Bitcoin Core 0.21? A | development beta? LOL. | xiphias2 wrote: | It may be 0.21 but it is one of the best reviewed software in | tbe worls for security issues. Also there's a trillion dollar | bounty especially on the public signature infrastructure. | davidw wrote: | > via a wargame | | Oh, I know, I know! "The only winning move is not to play" | stale2002 wrote: | Ehh, this blog posts focuses way too much on technical tricks | that are, in reality, not really the main risks to the bitcoin | network. | | For example, the blog posts focuses on things like 51% attacks to | either reorg the chain, or prevent transactions from being | published. This is not really as big of a deal. When 51% attacks | happen, it certain disrupts crypto networks in the short term. | But the defenders always have the nuclear option in their back | pocket, which is to change the proof of work algorithm, and force | the attackers to spend a bunch of money building their attack | infrastructure up again. | | Threats to change the POW algorithm, were thrown around during | the 2017 blocksize debate, when things got really heated, and | parties involved were threatened what amounted to 51% attacks. So | it is already established that this is something that devs | consider doing. | | The only real avenue of attack against crypto networks, is simply | the social one. You simply arrest anyone who does anything at all | related to crypto, and hope the threat of government violence is | enough to make it so most people dont use crypto. | | Those social attacks would be the most likely to succeed, IMO, | but they also have the problem of being difficult to implement. | You know, because we living in a society, with a court system, | and elections, and people that care about not living in a | totalitarian hellscape, so any attempt by the government to | simply arrest everyone, will likely be punished politically. | | So sure. The blog post is correct that if the government simply | arrests or kills everyone who has anything to do with bitcoin, | then they could stop crypto. But the counter argument to that, is | such recommendations are completely out there, and extreme, and | society wouldn't let that happen and would punish the people | doing that. | | The actual attack vectors that matter, are not some fantasy land | conspiracy, of every world government becoming a dictatorship. | Instead, the attack vectors that matter would instead be every | day bad actors, that seek to defraud people, in secret, and are | not willing or able to kill/arrest everyone in the world who | opposed it. | AffableSpatula wrote: | I don't think China being a dictatorship is much of a | conspiracy. That's where a lot of ASICs are deployed, as well | as the majority of the fabrication of the hardware itself. | stale2002 wrote: | > I don't think China being a dictatorship is much of a | conspiracy. | | But china enacting authoritarian measures isn't good enough. | The blog post did not suggest that the attack vector to worry | about was a single country banning crypto. | | Instead, the blog post said that the attacks would only | happen if every major country in the world colluded together, | to all being authoritarian, and banning crypto everywhere. | | If only China decides to take over crypto, the solution is | relatively simple. The developers of bitcoin/whatever simply | change the proof of world algorithm, and turn all of china's | ASICs into space heaters. | | That would be disruptive to crypto, sure. But lots of | disruptive things have happened in the space. People would | move on. And if china spent another X billion dollars | building even more asics, then the algorithm could be changed | again. | AffableSpatula wrote: | Changing the hash function doesn't solve the problem. The | mining game doesn't remonitise becuase everyone knows where | it ends (denial of service and collapse, rendering mining | hardware valueless). | stale2002 wrote: | > (denial of service and collapse, rendering mining | hardware valueless). | | No, actually. China being able to DDOS every internet | service that it does not like is already something that | they provably are unable to do in the current day world. | | There are lots of things that China would like to DDOS | off the internet, right now, and yet they aren't able to | succeed at doing that. | | A crypto service isn't any different than anything else | that China is attempting to, and failing at, DDOSing off | of the internet right now. | | What is china going to do? Take out cloudfare and aws and | any other major web hosting platform in the world? C'mon. | Lets enter back into the real world. If the US is | refusing to cooperate with china, then there are many | ways of defending against something as simple as a DDOS | attack. | paulgb wrote: | The linked Medium posts have a bit more content | https://joekelly100.medium.com/how-to-kill-bitcoin-part-1-is... | | Note that this is from last July, when the price of BTC was | significantly lower and thus the price of the attack is likely | higher now. That said, this becomes more feasible in the long-run | when mining is purely funded by transaction fees. | | Something I don't see talked about much is the fact that, | although Bitcoin is intended to be non-inflationary in the long | run, the mining network that keeps it secure is currently 80-90% | subsidized by inflation. | WJW wrote: | I always wondered about that and perhaps someone here can | explain. After bitcoin reaches its "full" volume, mining | rewards will go away and the only way miner income can stay the | same is if transaction fees rise to match. Since the | competition of miners basically converges to "block reward is | equal to electricity cost equivalent", this would mean | transaction costs increase to an insanely huge amount. Not | paying the larger transaction costs would lead to the less | efficient miners being squeezed out of the pool of miners, | leading to less hashing power overall and thus an increased | vulnerability to attack. | | How does the system intend to keep up miner income after all | bitcoins have been mined? | gfody wrote: | > basically converges to "block reward is equal to | electricity cost equivalent" | | the electricity cost falls significantly with the difficulty, | see: https://en.bitcoin.it/wiki/Difficulty | | ..and: https://breakermag.com/difficulty-adjustment-is-why- | bitcoin-... | pitaj wrote: | BCH addresses this by increasing the number of transactions | per block. This decreases the fee per transaction. | cloudhead wrote: | There are a couple answers to this question, but the truth is | we have ~100 years to figure this out, and the world will be | a very different place then. | fanciestManimal wrote: | It's an unsolved problem, and all solutions would require a | majority of the mining pool to get on board. | | You could periodically increase the block size, splitting the | transaction fee among more transactions. Although larger | blocks make it more difficult to produce hashes, so more | power would be consumed, thus increasing the transaction fees | further. | | You could change the block reward such that there's a larger | block reward or even some kind of sustained rate of | inflation. The cap of 21 million bitcoin isn't a fundamental | unit, it can be changed if a majority of the mining pool | decides to. | | You could switch to Proof of Work, which doesn't use nearly | as much electricity. Given how long this has taken Ethereum, | this would probably be a multi year effort. | | If the Lightning network were to take off, it might also help | with this for day to day users. I'm not super confident about | that though. I don't think a Layman is going to deal with the | Lightning network, personally. Especially with the current | narrative of bitcoin being a "store of value" rather than a | currency. Bitcoin proponents don't seem to be advocating | using it as a day to day payment tool. | | Of course, there could also just never be any consensus on | the direction to take, the network could be attacked, people | could bail on bitcoin for other cryptocurrencies or just | abandon cryptocurrencies all together and it could become a | relic of history. | AffableSpatula wrote: | Hey, author here - I think you're absolutely right that there | is a risk that demand for blockspace doens't generate | sufficient block reward to provide useful security guarantees. | If that is the case, it could cause the price of BTC to fall | which could create a negative feedback loop. This would, at | best, create an end of the 21m cap and at worst trigger a | collapse of the game entirely. | jpsalm wrote: | Yea that's what I don't understand either. | | Is the plan to secure a fully-mined chain just rampant value- | inflation in a way that is completely detached from supply | and demand? Today my 1e-1000 bitcoin is worth 10 carrots, | tomorrow it is worth 20 everything else held equal? How does | that even work in practice? | | Alternatively you need transactions to pay entirely for the | security of the chain. This doesn't seem feasible when chain | security costs rise everyday as the cost of energy deceases. | And if transaction fees increase to compensate and people | transact less the whole thing blows up. | janandonly wrote: | A very simple way to increase block rewards is making blocks | SMALLER. | | It is game theory: If you really want your transaction to be | on-chain, you pay for it. And smaller blocks means less | transactions will fit in one block. So fees will need to go | up. | AffableSpatula wrote: | In theory... but demand has elasticity. If the market has | no way to equilibrate at a state that produces sufficient | returns, there's no constraining of supply that can produce | the returns needed. And that is the risk/unknown. | treve wrote: | You probably mean deflation, right? In inflation the cost of | goods and services are higher, because the currency is losing | value. | rspeele wrote: | The reward paid to miners is mostly newly minted BTC. | | Presently 6.25 BTC newly created with each block, about 1-2 | BTC in fees. Mining has been paid for by increasing the BTC | supply, for all of Bitcoin's history so far. Eventually that | will have to change as the reward keeps halving. At some | point there is no block reward and it's all fees. Will people | pay enough in fees to sustain mining at a rate that's | impossible for a large actor to 51%? | WJW wrote: | No he means inflation. New coins are being mined all the | time, causing existing coins to lose value. This does not | really matter yet since total demand for bitcoins has been | increasing faster than the total supply, leading to an | increase in price. | paulgb wrote: | Thanks, but I mean inflation: miners were paid a subsidy in | new Bitcoin for their contribution to the network. This has | an inflationary effect on Bitcoin, although it was | overshadowed by increased demand over the same period. | FabHK wrote: | GP might be referring to the fact that currently, 80-90% of | the miners' reward is "coinbase", ie newly minted coins | (which expand the money supply and could be considered | inflationary), while only 10-20% of the mining reward is from | fees, ie cut on the transactions. | mumblemumble wrote: | I would assume that the author meant to mean "growth in the | supply of bitcoin." Which seems like a reasonable error to | make, because printing money typically has an inflationary | effect, even if it isn't technically synonymous with | inflation. | | Maybe dilution is a better term? If all other factors could | be held equal, then the real value of the ~6BTC reward for | mining a block would, in effect, come from a tiny reduction | in the real value of everyone else's BTC assets that would | result from the supply of BTC having increased. | | It creates an interesting situation. Right now, the cost of | actually operating the BTC network is largely supported by | every single person who owns BTC, proportionally to how much | BTC they actually have. As the mining reward continues to | taper off, that is going to shift toward the cost primarily | being covered by transaction processing fees. That will | change something fundamental about the economics of Bitcoin, | although I'm not sure exactly how. | flyGuyOnTheSly wrote: | >There is currently no defense for this attack in Bitcoin, as the | simulation demonstrates. | | The entire Bitcoin miner reward model is the defense for this | attack. | | Nation states have powerful computers... but nowhere near as | powerful as the decentralized Bitcoin mining network combined. | | Even if they did currently, the endgame for Bitcoin as envisioned | by Satoshi Nakamoto was for everyone on the planet to be mining | Bitcoin at the same time. | | If a Nation State could ever become more powerful than every | single private processor on the planet combined... I think it | would be game over for a lot more than just Bitcoin. | PragmaticPulp wrote: | I don't think the realistic attack vectors include nation | states trying to out-compete the network on hash rate by | building a competing network. If China wanted to make this a | priority, for example, they'd just use military force to seize | existing mining operations which are heavily centralized and | easy to find. | | A more realistic attack angle would be a large mining | corporation recognizing a financial opportunity to undermine | Bitcoin. If some organization could position themselves as a | superior alternative to Bitcoin, crashing the Bitcoin network | with periodic mining attacks could be worth the cost. | Alternatively, if an entity could amass a large enough short | position on Bitcoin, attacking the network to drive down the | price might be attractive. We'd have to run the math on the | scenarios, which is the point of projects like this. | | > Even if they did currently, the endgame for Bitcoin as | envisioned by Satoshi Nakamoto was for everyone on the planet | to be mining Bitcoin at the same time. | | The amount of wasted energy would be insane if everyone on the | planet was mining Bitcoin. | | Currently, it looks like we're on a trajectory where large | mining operations will centralize a lot of the eventually | custom mining hardware. Individuals will have less and less | incentive to mine Bitcoin as the reward decreases. | onlyrealcuzzo wrote: | Who needs processors when you've got big guns? | | They don't need the processors - they can simply change the | laws. | dingus9 wrote: | Right. The protections against this are already baked into the | protocol. | | 51% attacks don't make sense because you're hurting yourself | 51% and hurting everyone else 49%. | | And for this theoretical attack you'd probably need to sustain | 90%+ hash power for a long time. | | Your first hurdle will be producing enough ASICs to surpass | current hashrate by nearly 10x. Solve that problem and you'll | need a massive amount of energy and you'll have to set up huge | mining facilities in various locations to prevent crippling | local power grids. | | This would take years to plan & execute. A lot of people would | have to be involved. Good luck keeping it a secret. Network | hash rate will continue to increase while you're building this | infrastructure. | | If by some miracle you've pulled this off, Bitcoin users will | switch to a fork of Bitcoin that uses a different mining | algorithm and your entire investment is now completely | worthless. | AffableSpatula wrote: | The protections aren't baked into the protocol because they | don't account for external real world motives of nations | states which could incent them to act in a "non-economic" way | according to the internal rules of the Bitcoin game. | AffableSpatula wrote: | This isn't a temporary speeedbump, it's a permanent end to | proof of work mining as an investable activity (and viable | sybil resistance mechanism for bitcoin). | dingus9 wrote: | Remember UASF? If incentives align amongst users, nodes, | merchants and exchanges Bitcoin absolutely will switch to | another mining algorithm and now the attacker has to | start from 0. | | If the attacker attempts to keep up the game of cat-and- | mouse long enough they will eventually go bankrupt and | will no longer be able to participate. | | And this theoretical discussion completely dismisses the | fact that it's nearly impossible to execute an attack | like this at this stage in the game anyway. | AffableSpatula wrote: | UASF effectively became a negotiation between honest | miners and fullnodes. Honest miners are incentivised to | close off conflicts because it risks devaluing their | future rewards. In this scenario the attacking miner is | acting "non-economically" so it's nothing like UASF. | dingus9 wrote: | It's baked into the incentivization structure, if you | prefer it worded that way. Investing hundreds of billions | of dollars and years of work to place a temporary speed | bump in front of Bitcoin's growth doesn't make sense. | AffableSpatula wrote: | ASIC chip fabrication is centralised in China. The government | could seize the means of production, as well as the centralised | mining operations that they've attracted by subsidising | electricity. | reitzensteinm wrote: | If a handful of governments that control fabs agree Bitcoin | has to go, the efficiency of ASIC mining becomes a big | threat. | | Governments can purchase large runs of ASICs while other | mining will revert to GPU. Controlling 51% of the hash rate | in this manner isn't as outlandish. | | Further, you're not limited to double spend attacks. If | you're the government with a decent advantage, you just treat | your own chain as true and never accept blocks from other | miners. The reward for mining will collapse, since even if | you produce a valid block it'll not be on the longest chain | once government miners catch up. | | And once the reward for mining collapses you can probably | even power down some of the ASICs. | | There are counter measures, but combined with attacking the | financial onramps and making possession criminal, it's hard | for me to believe that BTC would survive an attack like this. | | But of course, it's predicated on large governments agreeing | it's worth seriously attacking. I don't know how likely that | is. | flixic wrote: | Nation state wouldn't need to become more powerful than all | miners if most miners (more accurately, vast majority of hash | power) were located in one, authoritarian country with a | penchant of controlling "private" businesses. | xur17 wrote: | I also imagine that after a few days of the network being | jammed up, getting social consensus to fork the network to use | a different hashing function would be fairly viable. | dingus9 wrote: | Right. And now this theoretical actor that controls 10x the | hashrate of the rest of the world has lost 10x the amount of | capital invested compared to the rest of the mining world. | | It's the equivalent of shooting a bullet through your chest | to shoot your enemy in the finger. | AffableSpatula wrote: | The purpose of this project is to have people be specific | about what ruleset they would fork to which could prevent | this kind of attack. | playingchanges wrote: | Right, it seems like there would be plenty of gamers more than | willing to replace those ASICS given the opportunity. | trevelyan wrote: | Distributed Proof-of-Work is not vulnerable to this: | | https://org.saito.tech/eliminating-51-attacks-in-proof-of-wo... | | The community of users simply attaches harder cryptographic | proofs to their transactions, forcing up the cost of producing | empty blocks. The approach is capable of bankrupting nation- | states as a side-effect of eliminating 51% attacks. | nine_k wrote: | Why won't it make transactions prohibitively expensive? Each | transaction needs a trustless agreement of many, many nodes. | darig wrote: | I never understood why empty blocks is allowed... you can start | immediately and get a head start over other mining pools. Granted | it is just the time to load in transactions from the mempool and | hash the result of appending them to the blockchain, but still... | if you're in a race, why not take any advantage you can get? | | I've monitored the chain for years, and empty blocks are very | very common. I know there is a civil war of people that want to | make the block size larger vs keep it the same... I think at this | point it they would both agree that every block should at least | be 90%+ full before it is accepted. That seems like a simple fix. | | The attackers would then like just fill up the blocks passing a | tiny amount of bitcoin between all their wallets, but at that | point they might as well just use the mempool. | | In the end, if you have mining dominance, you win. No point | denying that. If you want to "ban" miners, or rewrite history, | bitcoin is no longer decentralized. | Geee wrote: | The defense is that there are thousands of other cryptocurrencies | that would take Bitcoin's place. So the attackers wouldn't gain | anything in the end. | atemerev wrote: | What a great idea. The attack described there is plausible, and | experimenting in the means of defence before it happens is | crucial for the continuity of cryptocurrncies. | yrral wrote: | I think under these circumstances, the economic majority of | bitcoin users will fork to use, eg a new hash algorithm, | rendering the seized mining farms useless. Remember, bitcoin is a | collective trusted network based on agreement between users, | miners and developers. If the miners turn, just switch to a set | of new miners. | | You mention that this wouldn't work in your article. Can you | explain why? | pjfin123 wrote: | Yeah it seems like the real defense of an obvious attack is | "This Ethereum proof of stake chain with all of the wallets | from right before the attack is the new Bitcoin". | AffableSpatula wrote: | In order for change in hash function to work, it would require | remonitising to a significant hash rate. Why would anyone | invest in mining equipment on that new hash function if they | already know how the game ends? (ie. their equipment being | written off) | [deleted] | yrral wrote: | Theres no need to start at a huge hash rate. You can fork and | then reset/reduce the difficulty, or adjust the difficulty in | the way BCH does. You can also use POW algorithms that can be | done only on commodity hardware like GPUs or CPUs so that the | community can do it in a more distributed way. | AffableSpatula wrote: | If the difficulty is low then re-attacking the forked chain | is inexpensive so you have exactly the same problem. | Additionally, reducing the hashrate reduces the settlement | assurances increasing the number of confirmations required | to be sure your transaction is finalised. | nostrademons wrote: | Human beings already know how our game ends (we die), and yet | we do all sorts of things on this earth in the ~80 years | before that, even knowing that everything we do for ourselves | becomes meaningless once we're gone. | | Time preferences are a thing. Lots of folks do things with a | time horizon much lower than their equipment being written | off. Whole companies are destroyed for quarterly earnings, | relationships are destroyed for a promo that lasts only for | the ~2-5 years that you've got remaining at the company, | people get married even knowing that 50% of them end in | divorce, parents birth children knowing that they'll leave | the nest and develop their own opinions and say they don't | love you and eventually die. | doggosphere wrote: | The same reason they got into it in the first place; you can | make money by doing it. | esotericn wrote: | In the general case I don't think that majority miner attacks can | be defended against without changing the hash algorithm. | | Specific cases like "empty blocks" could be addressed via a hard | fork. | | But there's nothing stopping miners from faking transactions in | blocks, sending amounts to themselves, filling the block with | OP_RETURNs, or just doing the minimum possible to get around your | "fix". | | PoW absolutely relies on >50% of miners being honest, always has | done. | safog wrote: | Can't you do worse things if you have >50% hash power? It seems | like DoS is pretty mild all things considered. | esotericn wrote: | It depends how rationally the market responds, I guess. | | A reorg attack and a DoS are equivalent in my mind - anyone | who's capable of pulling off a lengthy DoS is also capable of | performing a reorg attack, whether they actually do or not is | kind of irrelevant. | AffableSpatula wrote: | The purpose of this project is to challenge people to be | specific about the details of that hard fork. Currently there | are no theoretical proposals, or concrete BIPs to address. | muttantt wrote: | My prediction is that Bitcoin will crash 50-80% in the next 12 | months due to insider/rogue employee hack at Coinbase, and/or | some other event that will render wallets irrecoverable or the | company insolvent. | thysultan wrote: | For the first attack listed you'd need to be the 99% of mining | power at which point the 1% could also just fork and leave you to | your endeavours. | AffableSpatula wrote: | The purpose of the project is to encourage people to be | concrete in what their proposed ruleset changes are to defend | the attack. | mullingitover wrote: | There's a much simpler endgame: China starts enacting export | controls on ASICs. | latchkey wrote: | Good thing Global Foundries, Samsung and TSMC have their fabs | in many countries. I'd worry about them before I'd worry about | a single country. ___________________________________________________________________ (page generated 2021-02-19 23:00 UTC)