π
Original date posted:2011-11-23
ποΈ Summary of this message: A proposal to create a "hardest chain" by forking the blockchain and creating simpler blocks on top of an old block, which could allow the revocation of all transactions and claim all the mined coins since the forked block. The difficulty of invalidating a chain is not reduced with a time window approach, as hashes are hashes, and a higher difficulty beats a lower difficulty, making the chain more secure.
π Original message:On 2011 November 23 Wednesday, Christian Decker wrote:
> Just brainstorming here, no idea if this would work:
>
> - Pick any old block
> - Create a chain fork by creating simpler blocks on top of your chosen
> one
> - The chain will not be accepted by others
> - At some point you might find an incredibly hard block that makes your
> forked chain the hardest one in the network
> - Suddenly all your blocks are valid and you force people to switch to
> your forked chain
>
> If this is possible it would allow you to revoke all transactions and claim
> all the mined coins since you forked. My point is that the notion of
> hardest chain is not so simple.
The above is a problem in either system (mine or current). If I can make a
"hardest chain", then I have indeed reverted all the existing transactions.
Look at CBlock::AddToBlockIndex(),
if (pindexNew->bnChainWork > bnBestChainWork)
if (!SetBestChain(txdb, pindexNew))
return false;
If the received block has higher total chain work than the current best chain
work; then the new block becomes the head of the best chain. The chain work
being calculated like this (I've abbreviated for the email):
pindexNew->bnChainWork = pprev->bnChainWork + pindexNew->GetBlockWork()
I'm not entirely convinced that this method of totalling chain work is the
best (it's a sum of exponentials I think); but that's a different issue.
> The difficulty of invalidating a chain is dramatically reduced with your
> time window approach, by not requiring a given difficulty, and relying on
> synchronized time windows.
I don't see that it is reduced; it is the same. Hashes are hashes. A given
difficulty isn't required, but a higher difficulty beats a lower difficulty.
So whatever the hashing power of the network at that moment, it's used. That
makes the chain more secure, not less.
Andy
--
Dr Andy Parkins
andyparkins at gmail.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: This is a digitally signed message part.
URL: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/attachments/20111123/270594a5/attachment.sig>;
Andy Parkins [ARCHIVE] /
npub1nxβ¦7wjrv
2023-06-07 02:41:33
in reply to nevent1qβ¦nam7
Author Public Key
npub1nxlvf9mj3jzgue25n5d9y47s3h5hvg0ded9hwpejdxj9mtrs34vs97wjrvSeen on
wss://relay.nostr.bandPublished at
2023-06-07 02:41:33Event JSON
{
"id": "ad4b554f869da420c368282b25270fc94ea5379ca619a186e8712f8d8795ecc6",
"pubkey": "99bec497728c848e65549d1a5257d08de97621edcb4b77073269a45dac708d59",
"created_at": 1686105693,
"kind": 1,
"tags": [
[
"e",
"2046d4dc725b4ce8920d2c47249dd7dad0c6e38daddd7a5e99f03e9b24dd8e66",
"",
"root"
],
[
"e",
"e5de203f3c6d057924d0171899aa9dcfd72c74d855b5b01a8e778e019425af80",
"",
"reply"
],
[
"p",
"d52a1b72551bba47beb14639a1b6f5e6cd98603ecbaaa6ab02031708d9cc4473"
]
],
"content": "π
Original date posted:2011-11-23\nποΈ Summary of this message: A proposal to create a \"hardest chain\" by forking the blockchain and creating simpler blocks on top of an old block, which could allow the revocation of all transactions and claim all the mined coins since the forked block. The difficulty of invalidating a chain is not reduced with a time window approach, as hashes are hashes, and a higher difficulty beats a lower difficulty, making the chain more secure.\nπ Original message:On 2011 November 23 Wednesday, Christian Decker wrote:\n\u003e Just brainstorming here, no idea if this would work:\n\u003e \n\u003e - Pick any old block\n\u003e - Create a chain fork by creating simpler blocks on top of your chosen\n\u003e one\n\u003e - The chain will not be accepted by others\n\u003e - At some point you might find an incredibly hard block that makes your\n\u003e forked chain the hardest one in the network\n\u003e - Suddenly all your blocks are valid and you force people to switch to\n\u003e your forked chain\n\u003e \n\u003e If this is possible it would allow you to revoke all transactions and claim\n\u003e all the mined coins since you forked. My point is that the notion of\n\u003e hardest chain is not so simple.\n\nThe above is a problem in either system (mine or current). If I can make a \n\"hardest chain\", then I have indeed reverted all the existing transactions. \n\nLook at CBlock::AddToBlockIndex(), \n\n if (pindexNew-\u003ebnChainWork \u003e bnBestChainWork)\n if (!SetBestChain(txdb, pindexNew))\n return false;\n\nIf the received block has higher total chain work than the current best chain \nwork; then the new block becomes the head of the best chain. The chain work \nbeing calculated like this (I've abbreviated for the email):\n\n pindexNew-\u003ebnChainWork = pprev-\u003ebnChainWork + pindexNew-\u003eGetBlockWork()\n\nI'm not entirely convinced that this method of totalling chain work is the \nbest (it's a sum of exponentials I think); but that's a different issue.\n\n\u003e The difficulty of invalidating a chain is dramatically reduced with your\n\u003e time window approach, by not requiring a given difficulty, and relying on\n\u003e synchronized time windows.\n\nI don't see that it is reduced; it is the same. Hashes are hashes. A given \ndifficulty isn't required, but a higher difficulty beats a lower difficulty. \nSo whatever the hashing power of the network at that moment, it's used. That \nmakes the chain more secure, not less.\n\n\n\nAndy\n\n-- \nDr Andy Parkins\nandyparkins at gmail.com\n-------------- next part --------------\nA non-text attachment was scrubbed...\nName: signature.asc\nType: application/pgp-signature\nSize: 198 bytes\nDesc: This is a digitally signed message part.\nURL: \u003chttp://lists.linuxfoundation.org/pipermail/bitcoin-dev/attachments/20111123/270594a5/attachment.sig\u003e",
"sig": "d2ff6c6d5e8cf42f3a055e9d9d1ac832f080dcd8e80c2f591da3d0330c839a57344ffc2b4caae6ef8a99e03edf8142a69752f0a28b69a75477be1314ac3e5544"
}