On Thu, Jan 09, 2014 at 06:19:04PM +0100, Jorge Timón wrote:
> On 1/6/14, Peter Todd <p...@petertodd.org> wrote:
> > On Sat, Jan 04, 2014 at 01:27:42AM +0100, Jorge Timón wrote:
> > It's not meant to prove anything - the proof-of-sacrificed-bitcoins
> > mentioned(*) in it is secure only if Bitcoin itself is secure and
> > functional. I referred you to it because understanding the system will
> > help you understand my thinking behind merge-mining.
> >
> > *) It also mentions proof-of-sacrificed-zerocoins which *is* distinct
> > because you're sacrificing the thing that the chain is about. Now that
> > has some proof-of-stake tinges to it for sure - I myself am not
> > convinced it is or isn't a viable scheme.
> I'm not sure I understand all the differences between
> proof-of-sacrificed-bitcoins and proof-of-sacrificed-newcoins, but I'm
> still convinced this doesn't have anything to do with MM PoW vs PoW.

Proof-of-sacrified-bitcoins is always a true sacrifice - provided
Bitcoin itself maintains consensus the proof is a guarantee that
something of value was given up.

Proof-of-sacrificed-"newcoins" means that within some consensus system I
created a signed statement that *within the system* means I lose
something of value. However that sacrifice is only valid if the
consensus of the system includes that sacrifice within the consensus,
and if the mechanism by which that consensus is maintained has anything
to do with those sacrifices you quickly find yourself on pretty shakey

> > You know, something that I haven't made clear in this discussion is that
> > while I think merge-mining is insecure, in the sense of "should my new
> > fancy alt-coin protocol widget use it?", I *also* don't think regular
> > mining is much better. In some cases it will be worse due to social
> > factors. (e.g. a bunch of big pools are going to merge-mine my scheme on
> > launch day because it makes puppies cuter and kids smile)
> Fair enough.
> Do you see any case where an independently pow validated altcoin is
> more secure than a merged mined one?

Situations where decentralized consensus systems are competing for
market share in some domain certainely apply. For instance if I were to
create a competitor to Namecoin, perhaps because I thought the existing
allocation of names was unfair, and/or I had technical improvements like
SPV, it's easy to imagine Namecoin miners deciding to attack my
competitor to preserve the value of their namecoins and domain names
registered in Namecoin.

The problem here is that my new system has a substantial *negative*
value to those existing Namecoin holders - if it catches on the value of
their Namecoin investment in the form of coins and domain names may go
down. Thus for them doing nothing has a negative return, attacking my
coin has a positive return minus costs, and with merge-mining the costs
are zero.

Without merge mining if the value to the participants in the new system
is greater than the harm done to the participants in the old system the
total work on the new system's chain will still be positive and it has a
chance of surviving.

Of course, this is what Luke-Jr was getting at when he was talking about
scam-coins and merge mining: if you're alt-currency is a currency, and
it catches on, then it dilutes the value of your existing coins and
people who own those coins have an incentive to attack the competitor.
That's why merge-mined alt-coins that are currencies get often get
attacked very quickly.


Attachment: signature.asc
Description: Digital signature

CenturyLink Cloud: The Leader in Enterprise Cloud Services.
Learn Why More Businesses Are Choosing CenturyLink Cloud For
Critical Workloads, Development Environments & Everything In Between.
Get a Quote or Start a Free Trial Today. 
Bitcoin-development mailing list

Reply via email to