(not sure if you meant this to go to the list, my apologies if not) On Mon, Nov 04, 2013 at 10:50:25AM -0500, Ittay wrote: > On Mon, Nov 4, 2013 at 10:46 AM, Peter Todd <p...@petertodd.org> wrote: > > > On Mon, Nov 04, 2013 at 10:25:19AM -0500, Ittay wrote: > > > Peter - how can you guarantee that the majority mines on the non-selfish > > > block? > > > > Of course, it may be the case that competing near-block headers are > > found, but no matter: as long as miners switch to the block with the > > most hashing power, this forms a feedback effect that quickly brings > > everyone to consensus. With everyone mining to extend the same block, > > there's nothing the selfish miner can do; there's no disagreement to > > exploit. > > > > This is not the exploit! The majority you create might just as well follow > the previously-private block, so we're back in square one.
Right, but the thing is, if all miners quickly come to consensus and are all mining on the same block, there's nothing the attacker can exploit in the first place. Suppose Alice the attacker is 100 blocks ahead of the main network somehow. We'll say the other miners are working to extend block n, and she's in posession of 100 blocks extending that. She also has just under 50% of the hashing power. Now when the main network finds a block n+1, Alice can do one of two things: she can publish her own n+1 block, or she can do nothing. If she does nothing, the main network will find block n+2 faster than she finds n+101, so eventually she loses. Thus she has to publish. In your attack she publishes to a subset of nodes strategicly, splitting the hashing power between nodes working to extend her n+1, and the other n+1 found. However, with near-target headers, very quickly all hashing power will come to consensus and all work to extend the same block, either theirs or Alice's. Given that they have the majority, they will find another block faster on average than Alice can extend her lead, and thus eventually Alice will lose. Now there is still a slight advantage for Alice in that it takes some time for the whole network to come to consensus, but this is a much slimmer margin, maybe a few percentage points, so at best Alice might need, say, 45% of the total hashing power. -- 'peter'[:-1]@petertodd.org 0000000000000004b8381fe97338c8b710cb662160f08e391820f30a375bb9b9
Description: Digital signature
------------------------------------------------------------------------------ Android is increasing in popularity, but the open development platform that developers love is also attractive to malware creators. Download this white paper to learn more about secure code signing practices that can help keep Android apps secure. http://pubads.g.doubleclick.net/gampad/clk?id=65839951&iu=/4140/ostg.clktrk
_______________________________________________ Bitcoin-development mailing list Bitcoinfirstname.lastname@example.org https://lists.sourceforge.net/lists/listinfo/bitcoin-development