From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from sog-mx-2.v43.ch3.sourceforge.com ([172.29.43.192] helo=mx.sourceforge.net) by sfs-ml-3.v29.ch3.sourceforge.com with esmtp (Exim 4.76) (envelope-from ) id 1W0CMe-00031r-UA for bitcoin-development@lists.sourceforge.net; Mon, 06 Jan 2014 15:45:16 +0000 Received-SPF: pass (sog-mx-2.v43.ch3.sourceforge.com: domain of petertodd.org designates 62.13.148.99 as permitted sender) client-ip=62.13.148.99; envelope-from=pete@petertodd.org; helo=outmail148099.authsmtp.net; Received: from outmail148099.authsmtp.net ([62.13.148.99]) by sog-mx-2.v43.ch3.sourceforge.com with esmtp (Exim 4.76) id 1W0CMd-0003Xb-Ky for bitcoin-development@lists.sourceforge.net; Mon, 06 Jan 2014 15:45:16 +0000 Received: from mail-c237.authsmtp.com (mail-c237.authsmtp.com [62.13.128.237]) by punt18.authsmtp.com (8.14.2/8.14.2/) with ESMTP id s06Fj6ju053604; Mon, 6 Jan 2014 15:45:06 GMT Received: from savin (76-10-178-109.dsl.teksavvy.com [76.10.178.109]) (authenticated bits=128) by mail.authsmtp.com (8.14.2/8.14.2/) with ESMTP id s06Fiu1O039773 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-SHA bits=128 verify=NO); Mon, 6 Jan 2014 15:44:59 GMT Date: Mon, 6 Jan 2014 10:44:56 -0500 From: Peter Todd To: Jorge =?iso-8859-1?Q?Tim=F3n?= Message-ID: <20140106154456.GA18449@savin> References: <20131230232225.GA10594@tilt> <201312310114.05600.luke@dashjr.org> <20140101045342.GA7103@tilt> <20140103210139.GB30273@savin> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="0F1p//8PRICkK4MW" Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.5.21 (2010-09-15) X-Server-Quench: 802d3100-76e9-11e3-94fa-002590a135d3 X-AuthReport-Spam: If SPAM / abuse - report it at: http://www.authsmtp.com/abuse X-AuthRoute: OCd2Yg0TA1ZNQRgX IjsJECJaVQIpKltL GxAVKBZePFsRUQkR aQdMdgQUElQaAgsB AmIbWlFeVFh7WWM7 bAxPbAVDY01GQQRq WVdMSlVNFUsrARp3 X1sfLRlxfgJBezBy ZEVkXj5TXEYudkd9 QlNTEzgPeGZhPWMC WUQOJh5UcAFPdx8U a1N6AHBDAzANdhES HhM4ODE3eDlSNilR RRkIIFQOdA43HjN0 RhYZED4yB0wZVm00 IVQjJ0QTEQMUM0Mz N1RJ X-Authentic-SMTP: 61633532353630.1024:706 X-AuthFastPath: 0 (Was 255) X-AuthSMTP-Origin: 76.10.178.109/587 X-AuthVirus-Status: No virus detected - but ensure you scan with your own anti-virus system. X-Spam-Score: -1.5 (-) X-Spam-Report: Spam Filtering performed by mx.sourceforge.net. See http://spamassassin.org/tag/ for more details. -1.5 SPF_CHECK_PASS SPF reports sender host as permitted sender for sender-domain -0.0 SPF_PASS SPF: sender matches SPF record X-Headers-End: 1W0CMd-0003Xb-Ky Cc: bitcoin-development@lists.sourceforge.net Subject: Re: [Bitcoin-development] The insecurity of merge-mining X-BeenThere: bitcoin-development@lists.sourceforge.net X-Mailman-Version: 2.1.9 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 06 Jan 2014 15:45:17 -0000 --0F1p//8PRICkK4MW Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Sat, Jan 04, 2014 at 01:27:42AM +0100, Jorge Tim=F3n wrote: > > It's a thought experiment; read my original post on how to make a > > zerocoin alt-chain and it might make more sense: > > > > http://www.mail-archive.com/bitcoin-development@lists.sourceforge.net/m= sg02472.html > > > > Even better might be to use a merge-mined version of Mastercoin as an > > example, where the initial distribution of coins is fixed at genesis and > > forward from that is independent of the Bitcoin blockchain. >=20 > I've read it until the end this time, and I have many doubts about > proof of sacrifice as a security mechanism. Although it's certainly > not proof of stake, it smells similarly to me. I'll have to think more > about it. > I still think that link doesn't prove anything against merged mining secu= rity. It's not meant to prove anything - the proof-of-sacrificed-bitcoins mentioned(*) in it is secure only if Bitcoin itself is secure and functional. I referred you to it because understanding the system will help you understand my thinking behind merge-mining. *) It also mentions proof-of-sacrificed-zerocoins which *is* distinct because you're sacrificing the thing that the chain is about. Now that has some proof-of-stake tinges to it for sure - I myself am not convinced it is or isn't a viable scheme. > >> I think Namecoin has a lower reward for miners than litecoin and still > >> has much better security. I haven't run the numbers but, will you deny > >> it? > >> How many amazon VMs do you need to attack each one of them? > > > > I'll give you a hint: "marginal cost" >=20 > Please, don't give me clues and let's discuss the economics, that's > precisely what I want and where I think you're getting it wrong. > Since you refuse to try to prove that MM is less secure, I'll try > myself to prove the opposite. > Feel free to ask for corrections in the example if you think it needs the= m. > Feel free to bring your edge legal cases back, but please try to do it > on top of the example. You're argument is perfectly valid and correct, *if* the assumptions behind it hold. The problem is you're assuming miners act rationally and have equal opportunities - that's a very big assumption and I have strong doubts it holds, particularly for alts with a small amount of hashing power. You know, something that I haven't made clear in this discussion is that while I think merge-mining is insecure, in the sense of "should my new fancy alt-coin protocol widget use it?", I *also* don't think regular mining is much better. In some cases it will be worse due to social factors. (e.g. a bunch of big pools are going to merge-mine my scheme on launch day because it makes puppies cuter and kids smile) All I'm saying is that if you can afford the transaction fees stuffing your data into the Bitcoin blockchain has orders of magnitude better security. I'm not saying it'll be cheap - if miners start trying to block your protocol blacklists they can make it fairly expensive for your alt - but it will be just as secure against reorganization attack as Bitcoin itself. > PD I'm eager to read your post on BIP32-ish payment protocol, bloom > filters and prefix filters, so I hope I'm not distracting you too much > with this. Heh, my one line reply might have been a bit harsh because of that. :) --=20 'peter'[:-1]@petertodd.org 0000000000000000bf0a7634ebb2c909bada84ce0dce859e9298d3ac504db3c8 --0F1p//8PRICkK4MW Content-Type: application/pgp-signature; name="signature.asc" Content-Description: Digital signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQGrBAEBCACVBQJSys93XhSAAAAAABUAQGJsb2NraGFzaEBiaXRjb2luLm9yZzAw MDAwMDAwMDAwMDAwMDI4YWJmMmZjODY0NDE5MTE5NmJmZmZlNzg5ZjVjOTg1NGZm ZGM4N2Q0ZjczMWMxYTEvFIAAAAAAFQARcGthLWFkZHJlc3NAZ251cGcub3JncGV0 ZUBwZXRlcnRvZC5vcmcACgkQJIFAPaXwkfu8Tgf/epQkP+fwkX3Z+s93hWcGbMZR xYshWBgtd71g4E5YPQp77wdt1FzCIipWDyos4tqsNUpeCtWBDrm+mIMpJUQVFw/j ho7W6OJV13af0Csi/TnOSJLWmbFTySm+M670taXNO+Ft0X7w21kKc24UK5l/+FB+ +lrd/QzUcAYF9d7Gi2VKYhcYe6cr/QY4TZ6t+VZhwMA8omom3FRNQdxNNn/Q7aUA bsaOtvIVv0bgo3gjrhkav1kkonI1C3P2ln+mgV0bcP9xe3dIvwZpU2zYASAU8Kcr g+EGhvAjV2zXIRj2qiy4yZUxY+1rQ8NTSvZtAoqPpjjsh9t1AbhKQeOtfv3yXw== =TSTL -----END PGP SIGNATURE----- --0F1p//8PRICkK4MW--