📅 Original date posted:2014-01-01
📝 Original message:On Wednesday, January 01, 2014 4:53:42 AM Peter Todd wrote:
> On Tue, Dec 31, 2013 at 01:14:05AM +0000, Luke-Jr wrote:
> > On Monday, December 30, 2013 11:22:25 PM Peter Todd wrote:
> > > that you are using merge-mining is a red-flag because without majority,
> > > or at least near-majority, hashing power an attacker can 51% attack
> > > your altcoin at negligible cost by re-using existing hashing power.
> >
> > I strongly disagree on this isolated point. Using the same logic, Bitcoin
> > is vulnerable to an attacker at negligible cost by re-using existing
> > hashing power from mining Namecoin. Any non-scam altcoin is pretty safe
> > using merged mining, since any would-be attacker is going to have it in
> > their interests to invest in the altcoin instead of attacking it. It's
> > only the scam ones that want to pump & dump with no improvements, that
> > are really at risk here.
> >
> > The rational decision for a non-scam altcoin, is to take advantage of
> > merged mining to get as much security as possible. There are also some
> > possible tricks to get the full security of the bitcoin miners even when
> > not all participate in your altcoin (but this area probably needs some
> > studying to get right).
>
> You assume the value of a crypto-currency is equal to all miners, it's
> not.
>
> Suppose I create a merge-mined Zerocoin implementation with a 1:1
> BTC/ZTC exchange rate enforced by the software. You can't argue this is
> a scamcoin; no-one is getting rich. There's a 1:1 exchange rate so the
> only thing you can do with the coin is get some privacy. But inevitably
> some miners won't agree that enabling better privacy is a good thing, or
> their local governments won't. Either way, they can attack the Zerocoin
> merge-mined chain with a marginal cost of nearly zero.
Not necessarily. If Zerocoin was tied directly to Bitcoin proof-of-work, the
worst they could do is not-participate by mining empty blocks.
> OTOH if the Zerocoin scheme was implemented by embedding ZTC
> transactions within standard Bitcoin transactions - even without any
> attempt at hiding them - the attackers would need a 50% majority of
> hashing power to succeed. Of course potentially slow confirmations is a
> trade-off, but that's likely a perfectly OK trade-off in this case.
Potentially slow confirmation is also the only shortcoming of using Bitcoin's
proof-of-work directly.
Luke
Luke-Jr [ARCHIVE] /
npub1dt…u7wrs
2023-06-07 15:11:14
in reply to nevent1q…pxn5
Author Public Key
npub1dtr22xd42nv07un2xq0rmtkqkjylgsmexau0anxxafa9xmmn2ncshu7wrsPublished at
2023-06-07 15:11:14Event JSON
{
"id": "3d0dedbb746563e5be36e8a900140bb06183335ae865318392ea915981657f8f",
"pubkey": "6ac6a519b554d8ff726a301e3daec0b489f443793778feccc6ea7a536f7354f1",
"created_at": 1686150674,
"kind": 1,
"tags": [
[
"e",
"576ef5ba7fbb87e7eeb895cc1260553e91527cfbebf335f30f5d191132f6d7e8",
"",
"root"
],
[
"e",
"ee166690ab4d01fae4842aa6f2953e286c7ab77f119a4164b1b470d31c409932",
"",
"reply"
],
[
"p",
"daa2fc676a25e3b5b45644540bcbd1e1168b111427cd0e3cf19c56194fb231aa"
]
],
"content": "📅 Original date posted:2014-01-01\n📝 Original message:On Wednesday, January 01, 2014 4:53:42 AM Peter Todd wrote:\n\u003e On Tue, Dec 31, 2013 at 01:14:05AM +0000, Luke-Jr wrote:\n\u003e \u003e On Monday, December 30, 2013 11:22:25 PM Peter Todd wrote:\n\u003e \u003e \u003e that you are using merge-mining is a red-flag because without majority,\n\u003e \u003e \u003e or at least near-majority, hashing power an attacker can 51% attack\n\u003e \u003e \u003e your altcoin at negligible cost by re-using existing hashing power.\n\u003e \u003e \n\u003e \u003e I strongly disagree on this isolated point. Using the same logic, Bitcoin\n\u003e \u003e is vulnerable to an attacker at negligible cost by re-using existing\n\u003e \u003e hashing power from mining Namecoin. Any non-scam altcoin is pretty safe\n\u003e \u003e using merged mining, since any would-be attacker is going to have it in\n\u003e \u003e their interests to invest in the altcoin instead of attacking it. It's\n\u003e \u003e only the scam ones that want to pump \u0026 dump with no improvements, that\n\u003e \u003e are really at risk here.\n\u003e \u003e \n\u003e \u003e The rational decision for a non-scam altcoin, is to take advantage of\n\u003e \u003e merged mining to get as much security as possible. There are also some\n\u003e \u003e possible tricks to get the full security of the bitcoin miners even when\n\u003e \u003e not all participate in your altcoin (but this area probably needs some\n\u003e \u003e studying to get right).\n\u003e \n\u003e You assume the value of a crypto-currency is equal to all miners, it's\n\u003e not.\n\u003e \n\u003e Suppose I create a merge-mined Zerocoin implementation with a 1:1\n\u003e BTC/ZTC exchange rate enforced by the software. You can't argue this is\n\u003e a scamcoin; no-one is getting rich. There's a 1:1 exchange rate so the\n\u003e only thing you can do with the coin is get some privacy. But inevitably\n\u003e some miners won't agree that enabling better privacy is a good thing, or\n\u003e their local governments won't. Either way, they can attack the Zerocoin\n\u003e merge-mined chain with a marginal cost of nearly zero.\n\nNot necessarily. If Zerocoin was tied directly to Bitcoin proof-of-work, the \nworst they could do is not-participate by mining empty blocks.\n\n\u003e OTOH if the Zerocoin scheme was implemented by embedding ZTC\n\u003e transactions within standard Bitcoin transactions - even without any\n\u003e attempt at hiding them - the attackers would need a 50% majority of\n\u003e hashing power to succeed. Of course potentially slow confirmations is a\n\u003e trade-off, but that's likely a perfectly OK trade-off in this case.\n\nPotentially slow confirmation is also the only shortcoming of using Bitcoin's \nproof-of-work directly.\n\nLuke",
"sig": "6d9a3f7d1b7825143e01617f444503e11e5cbb5fa5190c310a3fc5c22fee31d5de23efde08062a0a392fa1d4d03e432d97277c680866bf9310c25a90b2b1fe83"
}