📅 Original date posted:2015-10-07
📝 Original message:On 7 October 2015 at 18:26, Jonathan Toomim (Toomim Bros) via
bitcoin-dev <bitcoin-dev at lists.linuxfoundation.org> wrote:
> On Oct 7, 2015, at 9:02 AM, Eric Lombrozo <elombrozo at gmail.com> wrote:
> If you had a 99% hashpower supermajority on the new version, an attacker
> would still be able to perform this attack once per day.
[ie wait for a non-upgraded miner to win a block]
I dont think that is something strong and new to focus on or worry
about, because in Bitcoin's game theory there are lets say 3 types of
miners we're in aggregate trying to get security from:
a) honest (following protocol) bolstered by financial incentive to
remain honest of subsidy & fees
b) agnostic / lazy (just run software, upgrade when they lose money
and/or get shouted at)
c) dishonest
Bitcoin remains secure with various combinations of percentages. For
sure you wont have a good time if you assume < 1% are dishonest.
Therefore this attack can already happen, and in fact has. Users of
bitcoin must behave accordingly with confirmations.
Bitcoin direct is not super secure for unconfirmed (so-called
0-confirm) transactions, or even for 1-confirm transactions. See also
Finney attack.
That does not prevent people using unconfirmed transactions with risk
scoring, or in high trust settings, or high margin businesses selling
digital artefacts or physical with nominal incremental cost.
But it does mean that one has to keep that in mind. And it also
motivates lightning network or payment channels (lightning with one
intermediate node vs a network of nodes) - they can provide basically
instant 0-confirm securely, and that seems like the future.
In my opinion anyone relying on unconfirmed transactions needs to
monitor for problems, and have some plan B or workaround if the fraud
rates shoot up (if someone tries to attack it in an organised way),
and also a plan C mid-term plan to do something more robust. Some
people are less charitable and want to kill unconfirmed transactions
immediately. The message is the same ultimately.
Adam
Adam Back [ARCHIVE] /
npub1ac…lswfj
2023-06-07 17:43:03
in reply to nevent1q…vvac
Author Public Key
npub1ac86vemj7ce5z8jyxt39rna3tvwql6xd30ha3vxcd6esysp23d9qrlswfjPublished at
2023-06-07 17:43:03Event JSON
{
"id": "3234073f97755836655ebec5e58a50a8166cb36be3edbf370648cba57d691a39",
"pubkey": "ee0fa66772f633411e4432e251cfb15b1c0fe8cd8befd8b0d86eb302402a8b4a",
"created_at": 1686159783,
"kind": 1,
"tags": [
[
"e",
"9bff9a33633386f0ed5a397194a638b3873153162e4e2f8361d36c22d400ca5d",
"",
"reply"
],
[
"p",
"a23dbf6c6cc83e14cc3df4e56cc71845f611908084cfe620e83e40c06ccdd3d0"
]
],
"content": "📅 Original date posted:2015-10-07\n📝 Original message:On 7 October 2015 at 18:26, Jonathan Toomim (Toomim Bros) via\nbitcoin-dev \u003cbitcoin-dev at lists.linuxfoundation.org\u003e wrote:\n\u003e On Oct 7, 2015, at 9:02 AM, Eric Lombrozo \u003celombrozo at gmail.com\u003e wrote:\n\u003e If you had a 99% hashpower supermajority on the new version, an attacker\n\u003e would still be able to perform this attack once per day.\n\n[ie wait for a non-upgraded miner to win a block]\n\nI dont think that is something strong and new to focus on or worry\nabout, because in Bitcoin's game theory there are lets say 3 types of\nminers we're in aggregate trying to get security from:\n\na) honest (following protocol) bolstered by financial incentive to\nremain honest of subsidy \u0026 fees\nb) agnostic / lazy (just run software, upgrade when they lose money\nand/or get shouted at)\nc) dishonest\n\nBitcoin remains secure with various combinations of percentages. For\nsure you wont have a good time if you assume \u003c 1% are dishonest.\n\nTherefore this attack can already happen, and in fact has. Users of\nbitcoin must behave accordingly with confirmations.\n\nBitcoin direct is not super secure for unconfirmed (so-called\n0-confirm) transactions, or even for 1-confirm transactions. See also\nFinney attack.\n\nThat does not prevent people using unconfirmed transactions with risk\nscoring, or in high trust settings, or high margin businesses selling\ndigital artefacts or physical with nominal incremental cost.\n\nBut it does mean that one has to keep that in mind. And it also\nmotivates lightning network or payment channels (lightning with one\nintermediate node vs a network of nodes) - they can provide basically\ninstant 0-confirm securely, and that seems like the future.\n\nIn my opinion anyone relying on unconfirmed transactions needs to\nmonitor for problems, and have some plan B or workaround if the fraud\nrates shoot up (if someone tries to attack it in an organised way),\nand also a plan C mid-term plan to do something more robust. Some\npeople are less charitable and want to kill unconfirmed transactions\nimmediately. The message is the same ultimately.\n\nAdam",
"sig": "f2c684eb832adbf26a47bc115585a02dc660e7ad2561dd79649629d6739ba821b1b25d854231e12c3b61849a66f619c6782842458402a5c52a282e251a378d8f"
}