Bitcoin in Israel: Interview with Meni Rosenfeld and Ron ...

Most alt-coins are NOT secure enough, they exist only for entertainment and speculation

(I believe this needs to be posted to /bitcoin as Bitcoin users/enthusiasts need to know the difference between Bitcoin and other cryptocurrencies. About author: I'm subscribed to /bitcoin since 2011, and have been involved in cryptocurrency security research for several years.)
Let's talk about security aspect of cryptocurrencies. I'm afraid an average user knows very little about this topic: he might know that hashrate is needed to protect the blockchain, and that higher hashrate is better, as it implies that attacker needs to spend more to get control of the blockchain.
But there is a plenty of other kinds of attacks (or, rather, economic models of attacks), some of which have much higher practical significance.
Let's start with something simple: there is a straightforward and rigorous model of double-spending attack under condition that attacker has a fraction of total network's hashrate. I highly recommend Meni Rosenfeld's Analysis of hashrate-based double-spending paper (PDF).
The main takeaway from this paper is that "maximal safe transaction value" is directly proportional to block reward (i.e. amount of coins miners get for each block). It is easy to understand this intuitively: bigger reward means that miners get more money from normal mining, so they will be reluctant to try double-spending attacks. On the other hand, if block reward was negligible, double-spending could be a lucrative source of revenue.
Let's look at numbers: if attacker controls 26% of hashrate and number of confirmations is 6, maximal safe transaction value is 1113 BTC when block reward is 25 BTC. This is pretty cool: you only need to wait 1 hour to make sure you irreversibly received half million USD worth of bitcoins (I assume exchange rate of $450 for 1 Bitcoin).
However, situation is pretty different for alt-coins which have much less valuable block rewards. For example, imagine there is a Foocoin with exchange rate of $1 for 1 Foocoin. If Foocoin's block reward is also 25 foocoins, then max save transaction value for 6 confirmations is only $1113 USD worth of Foocoins. It doesn't look like Foocoin is suitable for commerce, does it?
One could say that Foocoin simply requires larger number of confirmations for larger transactions. But that's wrong: higher number of confirmations helps only under condition that attacker is unable to obtain more than 50% of total hashrate, but for most alt-coins it isn't true.
First of all, let's note that so-called miners simply rent their equipment to "mining pool operators" and are paid in crypto-currency for it. In many cases they don't even care what cryptocurrency they mine as long as they are being paid. See Middlecoin:
This pool automatically mines the most profitable scrypt coin, automatically exchanges those coins for bitcoins, and pays out entirely in bitcoins.
So, miners who mine using Middlecoin do not know if their equipment is being used to mine Litecoins or Dogecoins or something else. And they wouldn't care if it is used for attacks on alt-coins, as they are being paid in bitcoins.
Let's consider a scenario where Middlecoin-like pool has higher hashrate than Foocoin, e.g. Middlecoin (not Middlecoin specifically, but any pool like that) has 20 GH/s, while Foocoin has 10 GH/s. Here's how one can profit from it:
  1. Buy $1M worth of Foocoins, get them into your wallet.
  2. Make an agreement with Middlecoin: you rent they hashrate for a couple of hours, paying them in bitcoin, slightly above what most profitable alt-coin yields.
  3. Send your foocoins to exchange Bar.
  4. Start mining a private chain which has a double-spend transaction which sends coins to exchange Baz.
  5. After your transaction gets 10 confirmations on the normal chain, convert foocoins to bitcoins on Bar and withdraw them immediately.
  6. After withdrawal transaction is confirmed on Bitcoin network (and thus cannot be reversed), you release the private chain you have mined, causing reorganization. You should have mined 20 blocks by then under if Middlecoin has hashrate which is twice higher than normal Foocoin's hashrate.
  7. Your deposit to exchange Baz is now confirmed, converl your foocoins to bitcoins again, and withdraw immediately.
  8. A day later 20 blocks you have mined will get mature, and you'll be able to sell them too.
If Foocoin price doesn't change in process, you can get approximately $1M profit on this attack, as cost of renting a mining pool is approximately equal to value of mined blocks.
In practice, you'll lose some money due to lack of liquidity on exchanges, so profit will be less than $1M.
The conclusion we get from this analysis is that alt-coins which have only a small fraction of total hashrate for a certain mining algorithm are extremely non-secure. And they cannot grow big: as soon as exchanges will have enough liquidity, it will be possible to perform the attack I described, which will result in the price drop.
So almost all alt-coins are simply not suitable for any kind of "real economy" applications. They are doomed to have high volatility, shallow markets, low "max safe transaction value".
One can't deny the fact that it is possible to make money on alt-coins. But that's just gambling. And people who create new alt-coins are in same position as people who build casinos. It is a business, but it is the entertainment sector, not in 'real economy' or 'financial' sectors as some people are trying to pretend.
Bitcoin is one of few cryptocurrencies which are actually serious. It isn't perfect, but attacking Bitcoin is very hard, so transactions worth millions of dollars can be confirmed in matter of hours. Same cannot be said about alt-coins, and this situation won't change unless new cryptocurrency designs will be found.
If there is an alt-coin which is more-or-less secure, it is probably Litecoin. Its hashrate is a significant fraction of total scrypt hashrate, so attacking Litecoin is hard. Interestingly, at some point Dogecoin's hashrate was higher than Litecoin's but it dropped after block reward have dropped. So, again, block reward is important for security.
This has dire implications for alt-coins which have short block reward schedules. If all coins will be mined in two years, this mean that alt-coin will be dead in two years.
(It's worth noting that same problem might affect Bitcoin in future, like in 10 years or so.)
Now there is a question: Is there a way to make multiple currencies all of which will be secure?
Probably. There are several approaches:
  1. Merged mining: The idea is that Bitcoin's proof-of-work can be re-used to mine alt-chains. This makes attacks harder, but hashrate-based double-spending considerations are still applicable, so safety can't be guaranteed... They will be safe only if miners are benevolent.
  2. Side-chains: This needs more research, but it looks like high degree of security is possible as long as you don't care about SPV.
  3. Proof-of-stake and PoW/PoS hybrid: Needs more research, there is some hope. Note that Peercoin's PoS is pretty bad.
  4. Multiple cryptocurrencies in the same blockchain (e.g. colored coins, Mastercoin, Counterparty, Ethereum, Ripple, etc.) will all be equally secure, so I believe this is what we should do instead of spawning a shitload of alt-coins.
submitted by killerstorm to Bitcoin [link] [comments]

A bribe attack is ongoing

First of all, I should note it's not a big deal and there are no reasons to panic or anything, but it's just remarkable that the thing we knew is theoretically possible is happening now.
To provide background on this kind of attack I need to start from fundamentals. Here's the security assumption from the Bitcoin paper:
The system is secure as long as honest nodes collectively control more CPU power than any cooperating group of attacker nodes.
Originally mining was done by users themselves, it was a part of node/wallet software. However, later it became more specialized.
Hashing, running nodes and using Bitcoin are completely separate things nowadays when pooled mining is commonplace. That is, somebody can "mine" bitcoins using his hashing hardware without running a node. (And, perhaps, without even being a Bitcoin user, as a "miner" can auto-convert his revenue to dollars.)
Calling this "mining" isn't quite accurate. More precisely it can be described as renting (that is, mining pools rent hashing hardware of so-called "miners") or paying for a service (mining pools pays a "miner" for the efforts he's performed).
Some "miners" believe that they receive bitcoins they created, but it's not true in a general case. One thing is that more often then not, individual miners fail to solve the block, but are still compensated for their efforts (not for results). Also pools generally have reserves which they use to smooth out reward payments, thus rewards miners receive do not necessarily come from freshly mined bitcoins.
Now let's recall that hashpower is intimately linked to the security of the network. Attacker who controls a significant portion of total hashpower might be able to perform double-spend attacks (e.g. see Meni Rosenfeld's Analysis of Hashrate-Based Double Spending) or denial-of-service attacks (he might mine empty blocks).
It is usually understood that these attacks are practically unfeasible, as overpowering the honest network would require enormous amounts of hardware, energy, etc. However, there are several different attack model.
The most primitive one was relevant back when mining was done on CPUs: an attacker could rent CPU power from a cloud provider such as Amazon and try to do a double-spend reorganization or a 51% attack. It's fairly easy to do calculations within this model as the cost of an attack is known (for a certain difficulty) and one just needs to compare it to potential profits attacker might get.
But CPU mining is irrelevant now, attacker would need specialized hardware to have a chance. This makes attack much more complex, as attacker needs to buy hardware, deploy it, start mining... And once attack is complete, he needs to do something with that hardware. It's generally understood that parties who own hashing hardware will be reluctant to perform attack because a successful attack can drastically decrease the value of the hardware they own. Thus it can be said that ASICs made Bitcoin much more secure due to this stickiness.
But wait... what if an attacker rents hardware instead of buying it? It's much simpler than buying hardware: no complex logistics, little overhead, no concerns about how an attack would affect hardware price. Attacker would need to pay slightly above the market price to make sure he gets more than a half of total hashpower to make sure that it's statistically certain his attack can succeed.
This can be describe as a sort of a bribe. Normally miners get block rewards (subsidy + fees). Attacker adds a bribe to it, making it subsidy + fees + bribe. This is attractive to miners as it pays more. Once attack is successful, attacker receives subsidy + fees + attack profit. Thus his cost is
(subsidy + fees + attack profit) - (subsidy + fees + bribe) = attack profit - bribe 
Note that bribe can be arbitrarily small, it should be just enough to get miners interested. It can be 1% of a subsidy, for example. E.g. suppose attacker wants to earn 1000 BTC by double-spending, he gives a 10 BTC bribe to miners to orphan some of the recent blocks and pockets 990 BTC.
The cost of this attack can be arbitrarily small, but it requires a lot of a capital and is also quite risky. And also it's not possible right now because miners do not just rent their hashpower to the highest bidder, they use mining pools they trust. Thus there's no way for the attacker go get more than 50% of total hashpower to be successful with this attack.
There are, however, pools which allow people to rent hashpower. For example, NiceHash. It currently has 16 PH/s of SHA256 hashpower (according to the stats they publish), thus controlling around 1% of total hashpower. NiceHash allocates hashpower to highest bidder, and thus it can be potentially used for attacks I described above. But currently it's too small to have any effect.
So this is just something to keep in mind. Pools like NiceHash are evil, they can potentially destabilize Bitcoin if more than a half of total Bitcoin's hashpower will be rented out on pools like this. It is important for miners to choose legitimate pools.
So until now I thought that a bribe attack is just a curiosity in context of Bitcoin (it might be more relevant for alt-coins with much weaker hashpower), but today I was surprised with the fact that somebody tries to pull it off right now.
There's a post on /btc: Someone just donated 16 BTC towards Classic Hashpower. We are now at 2 Petahash/sec on Slush pool. Thank you, donator. The fund is at 30 BTC and recycling the mining rewards over and over..
This is exactly the bribe attack, but they aren't using for double-spending or DoS, but on an attempt to hard-fork Bitcoin. Basically it's an attempt to artificially prop up Classic hashpower a little, and is good only for PR. But still it's something we should be aware of, I think.
NodeCounter site the link points to is absolutely hilarious, BTW, totally recommend:
Bitcoin development has been bought out by a private company called "Blockstream". Blockstream has directed the crippling of Bitcoin in order to provide the solution, for their own future, financial gain.
(I hope moderators won't remove my post. /btc is currently being advertised in the sidebar of this subreddit, so every visitor is already one click away from learning information about "Classic Hashpower". I see absolutely no point in censoring this information.)
On topic of brigading: when I posted it initially the post was 100% upvoted, that is regular /bitcoin subscribers found it good and relevant. However a bit later upvote rate dropped to 65% and at the same time several comments defending Classic and /btc appeared. Brigading much? I don't really care what you do with hashpower (attack is just a technical term FYI, it's not necessarily morally wrong), but brigading is despicable.
submitted by killerstorm to Bitcoin [link] [comments]

Reflections on Bitcoin's problems over the years (can we get a sticky or sidebar link with some Lightning Network content?)

In the days before we had the luxury of worrying about Bitcoin's scaling, we focused endlessly on other problems and imperfections of the protocol. Back then, we'd talk about confirmation times. Ten minutes was far too long for much of commerce and as Meni Rosenfeld showed, the oft-repeated "I'd rather have one 10 minute block's security than five 2-minute blocks" was exactly wrong.
You learn a little more, and you realize that bitcoin's security is really all-or-nothing. Unconfirmed transactions, properly understood, are not transactions at all. Miners have no obligation to "drop" them after a few days, so the coins can disappear from your wallet even if your node has forgotten. Furthermore, the "safety" of 0-conf was widely misunderstood--the policy of honoring the first-seen transaction wasn't a consensus one, so miners have always been able to collude with double-spenders if they wanted to.
Fungibility and anonymity were other major concerns. Every single coin has a unique history and is "tainted" by it. If governments want, they can easily blacklist particular Bitcoins, be they stolen, used in the drug trade, or simply suspect. We worried about Mike Hearn's possible connections to similar "redlisting" of coins and had endless discussions about the anti-anonymous nature of the bitcoin network.
Personally, I've followed threads and topics such as this which relate to the equilibrium transaction fee when the block reward ends or reduces in value. In short, if there's no transaction backlog (and assuming competitive markets, etc), users have no incentive to pay anything more than 1 Satoshi per transaction, because larger blocks don't take more work to mine. Zero marginal cost means zero price. The Bitcoin Cash community denies this. I can provide more references if people are curious.
Over time, it's become clear to us who have been following bitcoin closely for years, and even to many of you newbies, that blockchains cannot scale through on-chain transactions (without sacrificing decentralization, which is the point: e.g. if you can't run your own node, you simply can't know if there are still only 21,000,000 bitcoins, or that you have any of them).
It turns out, all of these problems are addressed or hugely mitigated by the LN. It is such a remarkable fact that it suggests that Bitcoin is meant to be used as a fundamental settlement layer for LN transactions. Luke Dashjr seems to think so. With a little thought, it makes some sense: scaling Bitcoin is hard because you're telling the entire world to perpetually store and propagate your transactions--this also creates a public graph that can be analyzed by hackers, governments, or snoops. Almost all LN transactions are not stored, are only communicated between sender and receiver, and are onion-routed so traffic analysis is impossible. That they are communicated only between sender and receiver also means that Bitcoin's blockchain isn't needed to synchronize their transaction--thus, instant "confirmation" with no chance of double spends.
Lastly, this isn't vaporware. Right now, The (yes, The) Lightning Network is a protocol with multiple fully interoperable implementations (so all LN nodes can participate in a single network). This is the fully-realized version of what had been theorized for at least 5 years and is the solution to problems we've been complaining about for almost all of Bitcoin's existence.
For a basic intro to the LN, please read What is the Lightning Network and how can it help Bitcoin scale? and the links inside, check out Lightning Protocol 1.0: Compatibility Achieved and other info suggested by the commenters below.
submitted by joseph_miller to Bitcoin [link] [comments]

Decred - An Overview

Decred is an open, progressive, and self-funding cryptocurrency with a system of community-based governance integrated into its blockchain. At its core is a hybridized proof-of-work proof-of-stake (PoW/PoS) consensus system that aims to strike a balance between PoW miners and PoS voters to create a more robust notion of consensus. The project is a result of the theoretical proposals brought by proof-of-activity (PoA) and MC2 in 2013. Decred development started in April, 2014 with a single developer and expanded to include developers from btcsuite shortly thereafter.
Decred is built in the spirit of open participation and we have provided below a full disclosure of the technical features of the system, wallets and mining, initial funding and distribution, project governance and development, and a group contribution timeline. We hope to launch mainnet on January 18th, 2016, and will provide additional details in this thread. Everyone is welcome to participate, and you are certainly welcome to join the development and project groups if you have interest in contributing to our efforts!
i. Technical Features
The features below are implemented in Decred and will be available in full at launch. For a deeper description, please consult the Decred Technical Brief (DTB001).
•Novel hybridized proof-of-work/proof-of-stake (PoW/PoS) consensus system - A decentralized lottery is used to select PoS miners to vote on PoW blocks. The PoW and PoS subsidies account for 60% and 30% of each total block subsidy, respectively. This system is based on that of MC2, which is very similar to, but developed independently from, Proof-of-Activity (PoA) by Iddo Bentov, Charles Lee, Alex Mizrahi and Meni Rosenfeld. •Cold staking and decentralized stake pooling - The ability to generate new coins without the risk of having your coins online when PoS mining. The PoS mining system has also been engineered with distributed, decentralized stake pooling in mind, so that even those with small amounts of stake can participate in network validation. •Internal voting system for the addition of new features and hard or soft fork selection - Both PoW and PoS miners can vote for features and issues through bit flags, providing a sensible mechanism for resolving disputes about the features of the blockchain. •Immutable transaction hashes ("transaction IDs") by separating transaction signatures from the rest of the transaction data - A permanent fix for transaction hash malleability has been implemented that prevents mutability of the transaction hash by separating it from its input signatures. This allows more efficient SPV validation. Fraud proofs have also been added. •Elliptic curve cryptography over secp256k1 with optional Curve25519 support - The Bitcoin scripting system has been modified to allow for simple, drop-in addition of new elliptical curve digital signature algorithms. •Schnorr signatures with threshold n-of-n support - In addition to supporting Schnorr signatures, groups of signers can now jointly sign transactions off-chain in constant size signatures, ensuring higher privacy and less blockchain bloat. •Script enhancements and new OP codes - New OP codes have been added to the existing Bitcoin scripting engine, and extensions for the plug-in use of future scripting engines have been added. •PoW mining using BLAKE256 hash algorithm - Inspired by Bernstein's Chacha stream cipher, SHA3 finalist BLAKE256 offers speed as well as high security. •Compatibility with Bitcoin transaction scripting system - Decred's scripting system has been derived from Bitcoin's with care in ensuring that all future updates to the Bitcoin transaction script will be easily extensible to Decred. Further, any newly created functionalities will also be devised with backwards compatibility with Bitcoin in mind. •Modularized, easy-to-use Golang btcsuite codebase - Thanks the to the codebase inherited from btcsuite, adding new features to the daemon or wallet will be facile. Decred will episodically sync updates from btcsuite, so that it benefits from the latest developments in Bitcoin. •Hierarchical deterministic (HD) wallets - Wallets use a seed to deterministically generate addresses, so your wallet can be restored from a single BIP0032 seed. •Transaction expiration - Transactions have a new expiration field to prevent inclusion into the blockchain after a certain height. •Patches for intrinsic Bitcoin bugs - Extra push for multisignature scripts has been removed, SIGHASH_SINGLE behavior has been corrected. •Approximately 21 million coins - Exponential decay in subsidy or the number of coins generated per year. •Self-funded development via block subsidy - In order to have an ongoing source of funding for development work, a consensus rule has been added to allocate 10% of each block subsidy to a development organization. This entity is transparent and responsible for funding development work performed by current and new developers so that the project remains sustainable without a funding dependence on outside forces in the future. Decred therefore improves with growth in a sustainable way and is accountable only to its users.
ii. Wallets and Mining
•Web wallet service - In order for users to have access to a GUI on all platforms, we have created a web wallet service forked from BitPay's Copay wallet and its dependencies. This wallet allows users to access all the basics with Decred: sending and receiving coins, multisig transactions. •Command-line wallet - For more advanced users, we have a command-line wallet, dcrwallet. dcrwallet allows users to mine PoS and collect rewards by participating in the PoW/PoS consensus system. •Simple GPU miner - A simple AMD GPU miner that connects to a local daemon will be available before launch. In the future, proper getblocktemplate functionality will be enabled and pool software will be made available.
iii. Initial Funding and Airdrop
Decred opted for a different funding model in an attempt to shift the risk carried by supporters to the developers of the project. Instead of asking interested parties to fund the development of the software, the developers decided to pool funds together and carry the project to completion before making it public. The consensus was that this is an ethical path given the realities of funding software development, due to the fact that the developers alone carry the risk of the project failing, whereas in the past potential users were expected to pay for coins before any code was written. We felt this was unjust.
The development of Decred was funded by Company 0 and from the pockets of its developers individually. The cost of developing the project, in terms of developer pay, totals to approximately USD 250,000, which Company 0 paid to developers. An additional amount of approximately USD 165,000 has been allocated for unpaid work and individual purchases by developers. We felt that the most equitable way to handle compensation for these expenses was to perform a small premine as part of the project launch. The model is unusual in that no developer received any amount of coins for free - all coins owned by developers will either be purchased at a rate of USD 0.49 per coin from their own pockets or exchanged for work performed at the same rate.
The premine consists of 8% of the total supply of 21 million coins, meaning the premine consists of 1.68 million coins. Rather than allocating the entire premine to the bring-up costs, we decided to split the premine equally between compensation for bring-up and an "airdrop", where we freely give an equal amount of coins to a number of airdrop participants. This means Company 0 and its developers will have put roughly USD 415,000 into the bring-up since April, 2014 and receive 4% of the total supply, 840,000 coins (at USD 0.49 per coin). The remaining 4% will be spread evenly across a list of airdrop participants as part of an effort to build the Decred network and decentralize its distribution. Coins held by Company 0 will be used to fund its ongoing work on open-source projects, such as Decred and btcsuite.
Giving away these coins in an airdrop allows us to accomplish several things at once for the project: enlarge the Decred network, further help decentralize the distribution of coins, and allow us to get coins into the hands of people who are interested in participating in the project. Decred is fundamentally about technological progress, so the airdrop will target individuals that have made contributions to advance technology in its various forms. The maximum number of airdrop participants is capped at 5,000 individuals, so we recommend registering sooner rather than later. These coins will be given away unconditionally and there is zero expectation of Decred receiving anything from you in return for these coins.
Sign up for the airdrop is currently open, but the airdrop registration will commence on January 4th, 2016. People who have been selected to participate in the airdrop will receive an email that contains a link to a web registration form. This form will require airdrop participants to enter an address to which their coins can be sent. Binaries and source code will be made available so that you can generate a wallet seed and an address for your airdrop coins. Once you have entered your receiving address into the airdrop webform and submitted it, you will receive your coins on the projected launch date of January, 18th, 2016.
iv. Project Governance and Development
In addition to the technical features that make up the technology, Decred as a project introduces several development and governance features and proposals to ensure and steer long-term growth. We encourage participants to discuss these topics earnestly, as we want to ensure the system of development and governance is built on a solid foundation.
•A multi-stakeholder development ecosystem that welcomes and empowers participants who want to build new functionality and improve on existing features. •Any party can submit feature proposals and developers are paid for work to fulfill requirements. This is done in full view of the community in a system designed to fight against ingroup-outgroup dynamics. •The initial contributors are the developers responsible for btcsuite (est. early 2013 - present). •A proposal for a layered form of transparent meritocratic governance that extends beyond proof-of-work and proof-of-stake mechanisms to bring forward and represent insider and outsider voices in the community. •A proposal for bottom-up decision-making through the Decred Assembly, an evolving and inclusive list of community members who make non-financial contributions to the project through their work and effort. •The project is bound by the Decred Constitution on the core principles of finite issuance, privacy, security, fungibility, inclusivity, and progressive development of the technology that keeps these principles together.
v. Group Contribution Timeline
Below are key points of free and open-source contributions made by the Decred developers to the digital currency ecosystem since 2013. The largest of which is the btcsuite package, which comprises a suite of packages and tools for working with Bitcoin in Golang, and includes btcd, a full node, mining capable, Bitcoin implementation. To date, the total contribution across btcsuite represents 98,046 lines of code, 44,576 of which are test coverage.
vi. Additional Information
Website: https://decred.org Forum: https://forum.decred.org Wiki: https://wiki.decred.org Reddit: https://reddit.com/decred Twitter: https://twitter.com/decredproject IRC: #decred on irc.freenode.net
submitted by ocnios to decred [link] [comments]

Most alt-coins are NOT secure enough, they exist only for entertainment and speculation (Taken from /r/Bitcoin)

TL;DR IMO this guy hates alt-coins.
OP: http://www.reddit.com/Bitcoin/comments/22aw8c/most_altcoins_are_not_secure_enough_they_exist/
(I believe this needs to be posted to /bitcoin[1] as Bitcoin users/enthusiasts need to know the difference between Bitcoin and other cryptocurrencies. About author: I'm subscribed to /bitcoin[2] since 2011, and have been involved in cryptocurrency security research for several years.)
Let's talk about security aspect of cryptocurrencies. I'm afraid an average user knows very little about this topic: he might know that hashrate is needed to protect the blockchain, and that higher hashrate is better, as it implies that attacker needs to spend more to get control of the blockchain.
But there is a plenty of other kinds of attacks (or, rather, economic models of attacks), some of which have much higher practical significance.
Let's start with something simple: there is a straightforward and rigorous model of double-spending attack under condition that attacker has a fraction of total network's hashrate. I highly recommend Meni Rosenfeld's Analysis of hashrate-based double-spending paper (PDF[3] ).
The main takeaway from this paper is that "maximal safe transaction value" is directly proportional to block reward (i.e. amount of coins miners get for each block). It is easy to understand this intuitively: bigger reward means that miners get more money from normal mining, so they will be reluctant to try double-spending attacks. On the other hand, if block reward was negligible, double-spending could be a lucrative source of revenue.
Let's look at numbers: if attacker controls 26% of hashrate and number of confirmations is 6, maximal safe transaction value is 1113 BTC when block reward is 25 BTC. This is pretty cool: you only need to wait 1 hour to make sure you irreversibly received half million USD worth of bitcoins (I assume exchange rate of $450 (Ɖ960k) for 1 Bitcoin).
However, situation is pretty different for alt-coins which have much less valuable block rewards. For example, imagine there is a Foocoin with exchange rate of $1 (Ɖ2.1k) for 1 Foocoin. If Foocoin's block reward is also 25 foocoins, then max save transaction value for 6 confirmations is only $1113 (Ɖ2.4M) USD worth of Foocoins. It doesn't look like Foocoin is suitable for commerce, does it? One could say that Foocoin simply requires larger number of confirmations for larger transactions. But that's wrong: higher number of confirmations helps only under condition that attacker is unable to obtain more than 50% of total hashrate, but for most alt-coins it isn't true.
First of all, let's note that so-called miners simply rent their equipment to "mining pool operators" and are paid in crypto-currency for it. In many cases they don't even care what cryptocurrency they mine as long as they are being paid. See Middlecoin[4] : This pool automatically mines the most profitable scrypt coin, automatically exchanges those coins for bitcoins, and pays out entirely in bitcoins.
So, miners who mine using Middlecoin do not know if their equipment is being used to mine Litecoins or Dogecoins or something else. And they wouldn't care if it is used for attacks on alt-coins, as they are being paid in bitcoins. Let's consider a scenario where Middlecoin-like pool has higher hashrate than Foocoin, e.g. Middlecoin (not Middlecoin specifically, but any pool like that) has 20 GH/s, while Foocoin has 10 GH/s. Here's how one can profit from it:
  1. Buy $1M worth of Foocoins, get them into your wallet.
  2. Make an agreement with Middlecoin: you rent they hashrate for a couple of hours, paying them in bitcoin, slightly above what most profitable alt-coin yields.
  3. Send your foocoins to exchange Bar.
  4. Start mining a private chain which has a double-spend transaction which sends coins to exchange Baz.
  5. After your transaction gets 10 confirmations on the normal chain, convert foocoins to bitcoins on Bar and withdraw them immediately.
  6. After withdrawal transaction is confirmed on Bitcoin network (and thus cannot be reversed), you release the private chain you have mined, causing reorganization. You should have mined 20 blocks by then under if Middlecoin has hashrate which is twice higher than normal Foocoin's hashrate.
  7. Your deposit to exchange Baz is now confirmed, converl your foocoins to bitcoins again, and withdraw immediately. A day later 20 blocks you have mined will get mature, and you'll be able to sell them too.
If Foocoin price doesn't change in process, you can get approximately $1M profit on this attack, as cost of renting a mining pool is approximately equal to value of mined blocks.
In practice, you'll lose some money due to lack of liquidity on exchanges, so profit will be less than $1M.
The conclusion we get from this analysis is that alt-coins which have only a small fraction of total hashrate for a certain mining algorithm are extremely non-secure. And they cannot grow big: as soon as exchanges will have enough liquidity, it will be possible to perform the attack I described, which will result in the price drop.
So almost all alt-coins are simply not suitable for any kind of "real economy" applications. They are doomed to have high volatility, shallow markets, low "max safe transaction value".
One can't deny the fact that it is possible to make money on alt-coins. But that's just gambling. And people who create new alt-coins are in same position as people who build casinos. It is a business, but it is the entertainment sector, not in 'real economy' or 'financial' sectors as some people are trying to pretend.
Bitcoin is one of few cryptocurrencies which are actually serious. It isn't perfect, but attacking Bitcoin is very hard, so transactions worth millions of dollars can be confirmed in matter of hours. Same cannot be said about alt-coins, and this situation won't change unless new cryptocurrency designs will be found.
If there is an alt-coin which is more-or-less secure, it is probably Litecoin. Its hashrate is a significant fraction of total scrypt hashrate, so attacking Litecoin is hard. Interestingly, at some point Dogecoin's hashrate was higher than Litecoin's but it dropped after block reward have dropped. So, again, block reward is important for security.
This has dire implications for alt-coins which have short block reward schedules. If all coins will be mined in two years, this mean that alt-coin will be dead in two years.
(It's worth noting that same problem might affect Bitcoin in future, like in 10 years or so.) Now there is a question: Is there a way to make multiple currencies all of which will be secure? Probably. There are several approaches:
submitted by ijmolder93 to dogecoin [link] [comments]

LessWrong - Bitcoin, Chess AI and the Solstice (Hebrew, 19.12.2017) Mining Pool Reward Methods Meni Rosenfeld Technion Cyber and Computer Security Summer School EB49 – Meni Rosenfeld: Mining Pool Reward Systems, Bitcoin Economics, Bitcoin in Israel Bitcoin TLV `14, #33 - Meni Rosenfeld - Multi-PPS Double your Bitcoin in 48 Hours  ( Min - 0.001 BTC, max - 1 BTC )

The conference took place on 28 March 2018. Sixteen countries have previously hosted the Blockchain & Bitcoin Conferences since Smile-Expo began hosting them in 2014. The post “Bitcoin Has Matured”: Meni Rosenfeld On Bitcoin In Israel appeared first on BitcoinNews.com. Bitcoin Transaction Scriptsig - Bitcoin developer Meni Rosenfeld doesn’t think so either; Bitcoin Transaction Scriptsig. Height, Age, Transactions, Total Sent, Total Fees, Block Size (in bytes). 6 Jan 2016 [bitcoin-dev] Confidential Transactions as a soft fork (using segwit).Alle Transaktionen und Bitcoins, die erzeugt wurden, können transparent durch jeden in Echtzeit überprüft werden ... The theoretical background behind the idea was developed with the help of Meni Rosenfeld, an Israeli mathematician who has also been a main organizer of the Israeli Bitcoin community for the last two and a half years. The furthest developed implementation of the project today, Webcoinx, was written mostly by Ukrainian developer Alex Mizrahi, but was funded by eToro, a popular “social ... Meni Rosenfeld is a mathematics M.Sc. graduate of the Weizmann Institute of Science, specializing in machine learning. After being exposed to Bitcoin in March 2011, he has focused exclusively on activity in this field. He has established the Bitcoin community in Israel, founded Israel's first Bitcoin exchange service, and performed mathematical research on the algorithms that underlie the ... Bitcoin is digital Ownership of bitcoins is digital information Typically used with a computer and the internet Based on cryptography 30/7/2013 Written by Meni Rosenfeld 3

[index] [26901] [8970] [2528] [1034] [37489] [23054] [19573] [47402] [5551] [26999]

LessWrong - Bitcoin, Chess AI and the Solstice (Hebrew, 19.12.2017)

Follow this channel for in-depth live interviews with various influencers in Bitcoin, crypto & blockchain. Email me at [email protected] for any feedback, ... Mining Pool Reward Methods by Meni Rosenfeld, Chairman of Israel Bitcoin Association. The lecture was presented at the 6th Technion Summer School on Cyber and Computer Security held Sept. 10 ... 00:00 - Opening words and intro to LessWrong (Joshua Fox) 02:40 - Prehistory and governance of Bitcoin (Meni Rosenfeld) 37:07 - How traditional Chess engines work (Meni Rosenfeld) 1:33:39 - Notes ... The lecture took place in the Inside Bitcoins Tel Aviv 2014 conference, organized by the Israeli Bitcoin Association and Buzz Productions, on October 19-20, 2014. Slides (for the entire conference ... Meni Rosenfeld is Founder of Bitcoil and Chairman of the Israeli Bitcoin Association. Having organized several meetups and conferences in Israel, he is a very active member of the Israeli Bitcoin ...

#