public inbox for bitcoindev@googlegroups.com
 help / color / mirror / Atom feed
From: "Rune Kjær Svendsen" <runesvend@gmail.com>
To: Justus Ranvier <justus@openbitcoinprivacyproject.org>
Cc: bitcoin-dev@lists.linuxfoundation.org
Subject: Re: [bitcoin-dev] Hash of UTXO set as consensus-critical
Date: Sat, 19 Sep 2015 17:45:49 +0200	[thread overview]
Message-ID: <4424FA4D-C84F-43DD-BA7F-BAC2D570A373@gmail.com> (raw)
In-Reply-To: <55FCC8B5.9070906@openbitcoinprivacyproject.org>

We need to distinguish between two different things here:

1) A 51% attack, where the majority of mining power is *malicious* (hence “attack”)

and

2) A fork that exists because of a disagreement in the network, with total mining power split in two camps, each camp mining peacefully on their own chain

These are two very different scenarios.

Some claim that including the UTXO set hash in the block creates a vulnerability where miners can include the wrong UTXO hash, and mine on that, but this is only possible if a 51% attack is in effect. And if a 51% attack is in effect, it’s a moot point, because Bitcoin is useless anyway, because that 51% malicious mining power could just as well be used for mining empty blocks on top of the official chain. Or blocks containing randomly generated transactions, without confirming any legitimate transactions. This is why we say that a majority of honest miners is a hard requirement for Bitcoin. A majority of dishonest miners can only be circumvented through centralisation, and then we don’t have Bitcoin any longer.

Scenario 2 is unproblematic regardless of whether we include the UTXO hash in the block (and make it consensus-critical) or not, since the majority mining power on either chain isn’t malicious.

It is correct that if you’re a full node, and a 51% attack is in effect, you are able to verify that miners are honest (ie. you know whether a 51% attack is in effect or not). But this doesn’t change the fact that the Bitcoin network is unreliable, at best, when a majority of mining power is used for malicious purposes.



/Rune


> On 19 Sep 2015, at 04:30, Justus Ranvier via bitcoin-dev <bitcoin-dev@lists.linuxfoundation.org> wrote:
> 
> On 18/09/15 15:17, Rune Kjær Svendsen via bitcoin-dev wrote:
>> Bitcoin does not function if the majority of mining power is dishonest. There is no way around that. It’s how proof-of-work functions.
> 
> 
> None of those statements are true.
> 
> If a majority of Bitcoin miners are mining invalid blocks, then they
> aren't Bitcoin miners any more and are no longer relevant to the Bitcoin
> consensus.
> 
> There does exist a problem that light clients aren't always able to tell
> the difference between chains that are valid and chains that are not
> valid, but it's is possible to create simple proofs that would do so:
> 
> https://gist.github.com/justusranvier/451616fa4697b5f25f60
> 
> 
> If those changes would be implemented, then any node that knew a chain
> was invalid could produce a compact proof that anyone else in the
> network could verify, regardless of how much proof of work was used to
> create the invalid chain.
> 
> Committed UTXO sets would need safe to rely upon if a similar set of
> proofs that a particular set was invalid existed.
> 
> -- 
> Justus Ranvier
> Open Bitcoin Privacy Project
> http://www.openbitcoinprivacyproject.org/
> justus@openbitcoinprivacyproject.org
> E7AD 8215 8497 3673 6D9E 61C4 2A5F DA70 EAD9 E623
> <0xEAD9E623.asc>_______________________________________________
> bitcoin-dev mailing list
> bitcoin-dev@lists.linuxfoundation.org
> https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev



  reply	other threads:[~2015-09-19 15:45 UTC|newest]

Thread overview: 14+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2015-09-18 19:05 [bitcoin-dev] Hash of UTXO set as consensus-critical Rune Kjær Svendsen
2015-09-18 19:43 ` Patrick Strateman
2015-09-18 20:07   ` Alex Morcos
2015-09-18 20:11     ` Matt Corallo
2015-09-18 20:17   ` Rune Kjær Svendsen
2015-09-18 20:37     ` Jorge Timón
2015-09-18 20:38       ` Jorge Timón
2015-09-18 22:22         ` Vincent Truong
2015-09-19  2:30     ` Justus Ranvier
2015-09-19 15:45       ` Rune Kjær Svendsen [this message]
2015-09-19 17:19         ` Justus Ranvier
2015-09-19 20:11           ` Rune K. Svendsen
2015-09-20  0:48             ` Dave Scotese
2015-09-21 17:15             ` Justus Ranvier

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=4424FA4D-C84F-43DD-BA7F-BAC2D570A373@gmail.com \
    --to=runesvend@gmail.com \
    --cc=bitcoin-dev@lists.linuxfoundation.org \
    --cc=justus@openbitcoinprivacyproject.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox