On Mon, Nov 4, 2013 at 3:58 AM, Michael Gronager <grona...@ceptacle.com> wrote:
> The suggested change is actually very simple (minutes of coding) and
> elegant and addresses precisely the identified problem. It is actually a
> mental shortcut in the assumption of how probability works when mining a
> chain. The paper simply corrects this error - nice work!

This isn't so.  Their solution creates a weaker form of the
vulnerability at all times, not just when the attacker has a
informational/positional advantage.

Normally delaying your blocks is negative expectation because you will
get orphaned by blocks that are announced before you most of the time
because miners extend the first seen. However, if you can position
yourself all over the network you can condition your announcements on
other blocks being announced and still win the race even if you

Eliminating the first seen rule means that a miner with enough
hashpower (including the largest pools existing today) could execute
this attack without positioning themselves all over the network, the
improvement is that a low hashrate attacker couldn't do as well, even
with positioning themselves all over the network.  I don't think this
can be described as "simply corrects the error".  The largest pool
would gain an advantage in delaying their blocks and would receive a
superliner share of mining income from doing so, something they can't
simply do today without attacking the network.

At the moment I believe we can improve the situation with propagation
advantage without the other changes, so we should do that first while
thinking carefully about this.

Simply relaying late blocks might be fine, if anything it would at
least make it easier to keep reliable orphan stats... though I'm
concerned with the bandwidth overhead and risk of flooding if its not
implemented carefully.

Android is increasing in popularity, but the open development platform that
developers love is also attractive to malware creators. Download this white
paper to learn more about secure code signing practices that can help keep
Android apps secure.
Bitcoin-development mailing list

Reply via email to