📅 Original date posted:2015-05-11
📝 Original message:On Monday, May 11, 2015 7:03:29 AM Sergio Lerner wrote:
> 1. It will encourage centralization, because participants of mining
> pools will loose more money because of excessive initial block template
> latency, which leads to higher stale shares
>
> When a new block is solved, that information needs to propagate
> throughout the Bitcoin network up to the mining pool operator nodes,
> then a new block header candidate is created, and this header must be
> propagated to all the mining pool users, ether by a push or a pull
> model. Generally the mining server pushes new work units to the
> individual miners. If done other way around, the server would need to
> handle a high load of continuous work requests that would be difficult
> to distinguish from a DDoS attack. So if the server pushes new block
> header candidates to clients, then the problem boils down to increasing
> bandwidth of the servers to achieve a tenfold increase in work
> distribution. Or distributing the servers geographically to achieve a
> lower latency. Propagating blocks does not require additional CPU
> resources, so mining pools administrators would need to increase
> moderately their investment in the server infrastructure to achieve
> lower latency and higher bandwidth, but I guess the investment would be
> low.
1. Latency is what matters here, not bandwidth so much. And latency reduction
is either expensive or impossible.
2. Mining pools are mostly run at a loss (with exception to only the most
centralised pools), and have nothing to invest in increasing infrastructure.
> 3, It will reduce the security of the network
>
> The security of the network is based on two facts:
> A- The miners are incentivized to extend the best chain
> B- The probability of a reversal based on a long block competition
> decreases as more confirmation blocks are appended.
> C- Renting or buying hardware to perform a 51% attack is costly.
>
> A still holds. B holds for the same amount of confirmation blocks, so 6
> confirmation blocks in a 10-minute block-chain is approximately
> equivalent to 6 confirmation blocks in a 1-minute block-chain.
> Only C changes, as renting the hashing power for 6 minutes is ten times
> less expensive as renting it for 1 hour. However, there is no shop where
> one can find 51% of the hashing power to rent right now, nor probably
> will ever be if Bitcoin succeeds. Last, you can still have a 1 hour
> confirmation (60 1-minute blocks) if you wish for high-valued payments,
> so the security decreases only if participant wish to decrease it.
You're overlooking at least:
1. The real network has to suffer wasted work as a result of the stale blocks,
while an attacker does not. If 20% of blocks are stale, the attacker only
needs 40% of the legitimate hashrate to achieve 50%-in-practice.
2. Since blocks are individually weaker, it becomes cheaper to DoS nodes with
invalid blocks. (not sure if this is a real concern, but it ought to be
considered and addressed)
> 4. Reducing the block propagation time on the average case is good, but
> what happen in the worse case?
>
> Most methods proposed to reduce the block propagation delay do it only
> on the average case. Any kind of block compression relies on both
> parties sharing some previous information. In the worse case it's true
> that a miner can create and try to broadcast a block that takes too much
> time to verify or bandwidth to transmit. This is currently true on the
> Bitcoin network. Nevertheless there is no such incentive for miners,
> since they will be shooting on their own foots. Peter Todd has argued
> that the best strategy for miners is actually to reach 51% of the
> network, but not more. In other words, to exclude the slowest 49%
> percent. But this strategy of creating bloated blocks is too risky in
> practice, and surely doomed to fail, as network conditions dynamically
> change. Also it would be perceived as an attack to the network, and the
> miner (if it is a public mining pool) would be probably blacklisted.
One can probably overcome changing network conditions merely by trying to
reach 75% and exclude the slowest 25%. Also, there is no way to identify or
blacklist miners.
> 5. Thousands of SPV wallets running in mobile devices would need to be
> upgraded (thanks Mike).
>
> That depends on the current upgrade rate for SPV wallets like Bitcoin
> Wallet and BreadWallet. Suppose that the upgrade rate is 80%/year: we
> develop the source code for the change now and apply the change in Q2
> 2016, then most of the nodes will already be upgraded by when the
> hardfork takes place. Also a public notice telling people to upgrade in
> web pages, bitcointalk, SPV wallets warnings, coindesk, one year in
> advance will give plenty of time to SPV wallet users to upgrade.
I agree this shouldn't be a real concern. SPV wallets are also more likely and
less risky (globally) to be auto-updated.
> 6. If there are 10x more blocks, then there are 10x more block headers,
> and that increases the amount of bandwidth SPV wallets need to catch up
> with the chain
>
> A standard smartphone with average cellular downstream speed downloads
> 2.6 headers per second (1600 kbits/sec) [3], so if synchronization were
> to be done only at night when the phone is connected to the power line,
> then it would take 9 minutes to synchronize with 1440 headers/day. If a
> person should accept a payment, and the smart-phone is 1 day
> out-of-synch, then it takes less time to download all the missing
> headers than to wait for a 10-minute one block confirmation. Obviously
> all smartphones with 3G have a downstream bandwidth much higher,
> averaging 1 Mbps. So the whole synchronization will be done less than a
> 1-minute block confirmation.
Uh, I think you need to be using at least median speeds. As an example, I can
only sustain (over 3G) about 40 kbps, with a peak of around 400 kbps. 3G has
worse range/coverage than 2G. No doubt the *average* is skewed so high because
of densely populated areas like San Francisco having 400+ Mbps cellular data.
It's not reasonable to assume sync only at night: most payments will be during
the day, on battery - so increased power use must also be considered.
> According to CISCO mobile bandwidth connection speed increases 20% every
> year.
Only in small densely populated areas of first-world countries.
Luke
Luke Dashjr [ARCHIVE] /
npub1tf…rfq0n
2023-06-07 15:34:40
in reply to nevent1q…l6yh
Author Public Key
npub1tfk373zg9dnmtvxnpnq7s2dkdgj37rwfj3yrwld7830qltmv8qps8rfq0nPublished at
2023-06-07 15:34:40Event JSON
{
"id": "af948158f6f1e5f06ba7e8c319ef0b14bff6fa8cb96ec5245e9e02a7dc124b77",
"pubkey": "5a6d1f44482b67b5b0d30cc1e829b66a251f0dc99448377dbe3c5e0faf6c3803",
"created_at": 1686152080,
"kind": 1,
"tags": [
[
"e",
"94c939015842f61df2dc30f3a313a8b9830ba760a8155e60b0e804778d86edc0",
"",
"root"
],
[
"e",
"9122154142c1d29fc1f7e617259a4c913a1b1ba68ed5d0d7626eb735ff13d306",
"",
"reply"
],
[
"p",
"72cd40332ec782dd0a7f63acb03e3b6fdafa6d91bd1b6125cd8b7117a1bb8057"
]
],
"content": "📅 Original date posted:2015-05-11\n📝 Original message:On Monday, May 11, 2015 7:03:29 AM Sergio Lerner wrote:\n\u003e 1. It will encourage centralization, because participants of mining\n\u003e pools will loose more money because of excessive initial block template\n\u003e latency, which leads to higher stale shares\n\u003e \n\u003e When a new block is solved, that information needs to propagate\n\u003e throughout the Bitcoin network up to the mining pool operator nodes,\n\u003e then a new block header candidate is created, and this header must be\n\u003e propagated to all the mining pool users, ether by a push or a pull\n\u003e model. Generally the mining server pushes new work units to the\n\u003e individual miners. If done other way around, the server would need to\n\u003e handle a high load of continuous work requests that would be difficult\n\u003e to distinguish from a DDoS attack. So if the server pushes new block\n\u003e header candidates to clients, then the problem boils down to increasing\n\u003e bandwidth of the servers to achieve a tenfold increase in work\n\u003e distribution. Or distributing the servers geographically to achieve a\n\u003e lower latency. Propagating blocks does not require additional CPU\n\u003e resources, so mining pools administrators would need to increase\n\u003e moderately their investment in the server infrastructure to achieve\n\u003e lower latency and higher bandwidth, but I guess the investment would be\n\u003e low.\n\n1. Latency is what matters here, not bandwidth so much. And latency reduction \nis either expensive or impossible.\n2. Mining pools are mostly run at a loss (with exception to only the most \ncentralised pools), and have nothing to invest in increasing infrastructure.\n\n\u003e 3, It will reduce the security of the network\n\u003e \n\u003e The security of the network is based on two facts:\n\u003e A- The miners are incentivized to extend the best chain\n\u003e B- The probability of a reversal based on a long block competition\n\u003e decreases as more confirmation blocks are appended.\n\u003e C- Renting or buying hardware to perform a 51% attack is costly.\n\u003e \n\u003e A still holds. B holds for the same amount of confirmation blocks, so 6\n\u003e confirmation blocks in a 10-minute block-chain is approximately\n\u003e equivalent to 6 confirmation blocks in a 1-minute block-chain.\n\u003e Only C changes, as renting the hashing power for 6 minutes is ten times\n\u003e less expensive as renting it for 1 hour. However, there is no shop where\n\u003e one can find 51% of the hashing power to rent right now, nor probably\n\u003e will ever be if Bitcoin succeeds. Last, you can still have a 1 hour\n\u003e confirmation (60 1-minute blocks) if you wish for high-valued payments,\n\u003e so the security decreases only if participant wish to decrease it.\n\nYou're overlooking at least:\n1. The real network has to suffer wasted work as a result of the stale blocks, \nwhile an attacker does not. If 20% of blocks are stale, the attacker only \nneeds 40% of the legitimate hashrate to achieve 50%-in-practice.\n2. Since blocks are individually weaker, it becomes cheaper to DoS nodes with \ninvalid blocks. (not sure if this is a real concern, but it ought to be \nconsidered and addressed)\n\n\u003e 4. Reducing the block propagation time on the average case is good, but\n\u003e what happen in the worse case?\n\u003e \n\u003e Most methods proposed to reduce the block propagation delay do it only\n\u003e on the average case. Any kind of block compression relies on both\n\u003e parties sharing some previous information. In the worse case it's true\n\u003e that a miner can create and try to broadcast a block that takes too much\n\u003e time to verify or bandwidth to transmit. This is currently true on the\n\u003e Bitcoin network. Nevertheless there is no such incentive for miners,\n\u003e since they will be shooting on their own foots. Peter Todd has argued\n\u003e that the best strategy for miners is actually to reach 51% of the\n\u003e network, but not more. In other words, to exclude the slowest 49%\n\u003e percent. But this strategy of creating bloated blocks is too risky in\n\u003e practice, and surely doomed to fail, as network conditions dynamically\n\u003e change. Also it would be perceived as an attack to the network, and the\n\u003e miner (if it is a public mining pool) would be probably blacklisted.\n\nOne can probably overcome changing network conditions merely by trying to \nreach 75% and exclude the slowest 25%. Also, there is no way to identify or \nblacklist miners.\n\n\u003e 5. Thousands of SPV wallets running in mobile devices would need to be\n\u003e upgraded (thanks Mike).\n\u003e \n\u003e That depends on the current upgrade rate for SPV wallets like Bitcoin\n\u003e Wallet and BreadWallet. Suppose that the upgrade rate is 80%/year: we\n\u003e develop the source code for the change now and apply the change in Q2\n\u003e 2016, then most of the nodes will already be upgraded by when the\n\u003e hardfork takes place. Also a public notice telling people to upgrade in\n\u003e web pages, bitcointalk, SPV wallets warnings, coindesk, one year in\n\u003e advance will give plenty of time to SPV wallet users to upgrade.\n\nI agree this shouldn't be a real concern. SPV wallets are also more likely and \nless risky (globally) to be auto-updated.\n\n\u003e 6. If there are 10x more blocks, then there are 10x more block headers,\n\u003e and that increases the amount of bandwidth SPV wallets need to catch up\n\u003e with the chain\n\u003e \n\u003e A standard smartphone with average cellular downstream speed downloads\n\u003e 2.6 headers per second (1600 kbits/sec) [3], so if synchronization were\n\u003e to be done only at night when the phone is connected to the power line,\n\u003e then it would take 9 minutes to synchronize with 1440 headers/day. If a\n\u003e person should accept a payment, and the smart-phone is 1 day\n\u003e out-of-synch, then it takes less time to download all the missing\n\u003e headers than to wait for a 10-minute one block confirmation. Obviously\n\u003e all smartphones with 3G have a downstream bandwidth much higher,\n\u003e averaging 1 Mbps. So the whole synchronization will be done less than a\n\u003e 1-minute block confirmation.\n\nUh, I think you need to be using at least median speeds. As an example, I can \nonly sustain (over 3G) about 40 kbps, with a peak of around 400 kbps. 3G has \nworse range/coverage than 2G. No doubt the *average* is skewed so high because \nof densely populated areas like San Francisco having 400+ Mbps cellular data. \nIt's not reasonable to assume sync only at night: most payments will be during \nthe day, on battery - so increased power use must also be considered.\n\n\u003e According to CISCO mobile bandwidth connection speed increases 20% every\n\u003e year.\n\nOnly in small densely populated areas of first-world countries.\n\nLuke",
"sig": "59080cb60d4d2c81afc391ab80267ab12bed67b3f83f31a84fbf4984f9ee72795c5742cf973d3ec2d33206446f8aab06eb3aac4114104f43a94743c65f7fb998"
}