š
Original date posted:2013-11-05
š Original message:On Tue, Nov 05, 2013 at 11:56:53AM -0500, Ittay wrote:
> Hello,
>
> Please see below our BIP for raising the selfish mining threshold.
> Looking forward to your comments.
<snip>
> 2. No new vulnerabilities introduced:
> Currently the choice among equal-length chains is done arbitrarily,
> depending on network topology. This arbitrariness is a source of
> vulnerability. We replace it with explicit randomness, which is at the
> control of the protocol. The change does not introduce executions that were
> not possible with the old protocol.
Credit goes to Gregory Maxwell for pointing this out, but the random
choice solution does in fact introduce a vulnerability in that it
creates incentives for pools over a certain size to withhold blocks
rather than immediately broadcasting all blocks found.
The problem is that when the pool eventually choses to reveal the block
they mined, 50% of the hashing power switches, thus splitting the
network. Like the original attack this can be to their benefit. For
pools over a certain size this strategy is profitable even without
investing in a low-latency network; Maxwell or someone else can chime in
with the details for deriving that threshold.
I won't get a chance to for a few hours, but someone should do the
analysis on a deterministic switching scheme.
--
'peter'[:-1]@petertodd.org
0000000000000005e25ca9b9fe62bdd6e8a2b4527ad61753dd2113c268bec707
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 490 bytes
Desc: Digital signature
URL: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/attachments/20131105/78930d87/attachment.sig>;
Peter Todd [ARCHIVE] /
npub1m2ā¦a2np2
2023-06-07 15:08:49
in reply to nevent1qā¦x955
Author Public Key
npub1m230cem2yh3mtdzkg32qhj73uytgkyg5ylxsu083n3tpjnajxx4qqa2np2Published at
2023-06-07 15:08:49Event JSON
{
"id": "1bfd11971583be5dd81f9127d34ef3e79e319e8fe14c475ebf18c530b5ccfda0",
"pubkey": "daa2fc676a25e3b5b45644540bcbd1e1168b111427cd0e3cf19c56194fb231aa",
"created_at": 1686150529,
"kind": 1,
"tags": [
[
"e",
"6d3f2b033dee2609b17c739a2c08a8dad9f58ca1e382056f88a3fdcc51c33a75",
"",
"root"
],
[
"e",
"c59f1f6e2a549d90e71ec47fa71a5558b8057d763f4d754307db6ffacc2cb0a0",
"",
"reply"
],
[
"p",
"99c8b0a6b21759bf5fe55d05687329c239cd5a291b04b00315b230db39bc0660"
]
],
"content": "š
Original date posted:2013-11-05\nš Original message:On Tue, Nov 05, 2013 at 11:56:53AM -0500, Ittay wrote:\n\u003e Hello,\n\u003e \n\u003e Please see below our BIP for raising the selfish mining threshold.\n\u003e Looking forward to your comments.\n\n\u003csnip\u003e\n\n\u003e 2. No new vulnerabilities introduced:\n\u003e Currently the choice among equal-length chains is done arbitrarily,\n\u003e depending on network topology. This arbitrariness is a source of\n\u003e vulnerability. We replace it with explicit randomness, which is at the\n\u003e control of the protocol. The change does not introduce executions that were\n\u003e not possible with the old protocol.\n\nCredit goes to Gregory Maxwell for pointing this out, but the random\nchoice solution does in fact introduce a vulnerability in that it\ncreates incentives for pools over a certain size to withhold blocks\nrather than immediately broadcasting all blocks found.\n\nThe problem is that when the pool eventually choses to reveal the block\nthey mined, 50% of the hashing power switches, thus splitting the\nnetwork. Like the original attack this can be to their benefit. For\npools over a certain size this strategy is profitable even without\ninvesting in a low-latency network; Maxwell or someone else can chime in\nwith the details for deriving that threshold.\n\nI won't get a chance to for a few hours, but someone should do the\nanalysis on a deterministic switching scheme.\n\n-- \n'peter'[:-1]@petertodd.org\n0000000000000005e25ca9b9fe62bdd6e8a2b4527ad61753dd2113c268bec707\n-------------- next part --------------\nA non-text attachment was scrubbed...\nName: signature.asc\nType: application/pgp-signature\nSize: 490 bytes\nDesc: Digital signature\nURL: \u003chttp://lists.linuxfoundation.org/pipermail/bitcoin-dev/attachments/20131105/78930d87/attachment.sig\u003e",
"sig": "106ba94b6ec8f4f9f236168da75671d4f130d2f06c6d65f55aa9f522a22c90735b83f69fdb44d95ef1d2bbcc6cfbbfc60a800dfda37c6420f036515fa98810de"
}