On Mon, Nov 4, 2013 at 3:58 AM, Michael Gronager <grona...@ceptacle.com> wrote: > The suggested change is actually very simple (minutes of coding) and > elegant and addresses precisely the identified problem. It is actually a > mental shortcut in the assumption of how probability works when mining a > chain. The paper simply corrects this error - nice work!
This isn't so. Their solution creates a weaker form of the vulnerability at all times, not just when the attacker has a informational/positional advantage. Normally delaying your blocks is negative expectation because you will get orphaned by blocks that are announced before you most of the time because miners extend the first seen. However, if you can position yourself all over the network you can condition your announcements on other blocks being announced and still win the race even if you delayed. Eliminating the first seen rule means that a miner with enough hashpower (including the largest pools existing today) could execute this attack without positioning themselves all over the network, the improvement is that a low hashrate attacker couldn't do as well, even with positioning themselves all over the network. I don't think this can be described as "simply corrects the error". The largest pool would gain an advantage in delaying their blocks and would receive a superliner share of mining income from doing so, something they can't simply do today without attacking the network. At the moment I believe we can improve the situation with propagation advantage without the other changes, so we should do that first while thinking carefully about this. Simply relaying late blocks might be fine, if anything it would at least make it easier to keep reliable orphan stats... though I'm concerned with the bandwidth overhead and risk of flooding if its not implemented carefully. ------------------------------------------------------------------------------ Android is increasing in popularity, but the open development platform that developers love is also attractive to malware creators. Download this white paper to learn more about secure code signing practices that can help keep Android apps secure. http://pubads.g.doubleclick.net/gampad/clk?id=65839951&iu=/4140/ostg.clktrk _______________________________________________ Bitcoin-development mailing list Bitcoin-development@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/bitcoin-development
