From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from sog-mx-4.v43.ch3.sourceforge.com ([172.29.43.194] helo=mx.sourceforge.net) by sfs-ml-4.v29.ch3.sourceforge.com with esmtp (Exim 4.76) (envelope-from ) id 1W1hAM-0008GI-KB for bitcoin-development@lists.sourceforge.net; Fri, 10 Jan 2014 18:50:46 +0000 Received: from mail-la0-f41.google.com ([209.85.215.41]) by sog-mx-4.v43.ch3.sourceforge.com with esmtps (TLSv1:RC4-SHA:128) (Exim 4.76) id 1W1hAJ-0007Zx-5e for bitcoin-development@lists.sourceforge.net; Fri, 10 Jan 2014 18:50:46 +0000 Received: by mail-la0-f41.google.com with SMTP id c6so3538836lan.0 for ; Fri, 10 Jan 2014 10:50:36 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type; bh=U5XHf13shsqSuXq68yUHhPKLbmACqyB5xygY/60G/xU=; b=mDuYX2kOnwZmJnLgHIQk9ktt+ZSGXuu2x0rmAKYrmBQFt77YNcsL3R5c69+7kEJLn8 ZJQKCASNXnIyES7FmLdKLbcli35fDMpncO8ME0Q3tSu1qMEMYJUn+64swsvtia7HQGPM tCuWLd2sGVdtc6GBV5E36ZW/Pgu9N8cbACLJbzAhZvVtVsa2uau1yVXLadj/70dwtHR4 WmVL7DteMt0Uc/mRpqvfM/lKZcRMnD45Mx6yUDjGsSC1HyCckupWWhu43Th+WhO2Rr7Y Lv1tx3xrXNfyYJ92ZN8YhtNMnkxLqvfNFT/10gX829c4Aii6O/hknEz0b/xTBsQYkEJ9 vx8Q== X-Gm-Message-State: ALoCoQlxErgOoPVdKNIvhffHB2LBBszdBp4jPVRsefROL/+Z9n16Q907/7Ddq5YOUk+6ziePz6m0 MIME-Version: 1.0 X-Received: by 10.152.21.3 with SMTP id r3mr4542434lae.15.1389379836264; Fri, 10 Jan 2014 10:50:36 -0800 (PST) Received: by 10.112.74.71 with HTTP; Fri, 10 Jan 2014 10:50:36 -0800 (PST) X-Originating-IP: [85.53.137.75] In-Reply-To: <20140110172205.GA11740@petertodd.org> References: <20131230232225.GA10594@tilt> <201312310114.05600.luke@dashjr.org> <20140101045342.GA7103@tilt> <20140103210139.GB30273@savin> <20140106154456.GA18449@savin> <20140110111128.GC25749@savin> <20140110172205.GA11740@petertodd.org> Date: Fri, 10 Jan 2014 19:50:36 +0100 Message-ID: From: =?ISO-8859-1?Q?Jorge_Tim=F3n?= To: Peter Todd Content-Type: text/plain; charset=ISO-8859-1 X-Spam-Score: 0.0 (/) X-Spam-Report: Spam Filtering performed by mx.sourceforge.net. See http://spamassassin.org/tag/ for more details. X-Headers-End: 1W1hAJ-0007Zx-5e Cc: bitcoin-development@lists.sourceforge.net Subject: Re: [Bitcoin-development] The insecurity of merge-mining X-BeenThere: bitcoin-development@lists.sourceforge.net X-Mailman-Version: 2.1.9 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 10 Jan 2014 18:50:46 -0000 On 1/10/14, Peter Todd wrote: > Because there aren't that many pools out there and Ixcoin (and devcoin) > appear to have been lucky enough to servive long enough to get the > support of a reasonably big one. Once you do that, the potential > attackers have PR to think about. (namecoin especially has a PR > advantage) None of this stuff is hard and fast rules after all. But shouldn't your reasoning apply here so that ixcoin would be destroyed by those who aren't even mining it. Because of the "supposedly obvious" harm it does to Bitcoin through competition? > Anyway, I'm starting to think you're reading too much into my statement > "merge mining is insecure", which, keep in mind, I said in relation to a > guy who was trying to recruit devs to implement some unknown "altcoin" > thing. That's precisely my worry. Most of those guys planning to implement random altcoins will conclude after reading you that what they need is not merged mining but yet another independent scrypt coin, or worse, yet another stupid PoW algorithm. > In that context I sure as heck would loudly yell "CAVE DIVING IS FUCKING > DANGEROUS, DON'T DO IT". Sure, that's not quite telling the whole story, > but the message is pretty close to the truth. The people that should be > in the sport are the ones that take a statement like that as a warning > to do their research; I have no reason to think the OP asking for > developers was one of those people. I'm approached many times with questions like "How much would it cost to create a new altcoin?" (Thanks, BlueMatt for creating coingen!!). I try to explain them that there's more currencies beyond p2p currencies and they probably don't need that. I talk them about local currencies, colored coins or open transactions as solution that probably fit their needs much better without the need to bootstrap and antire economy with a network of computer that consumes plenty of resources. If none of that fits them (say, for crazy experiments like datacoin or gridcoin), I recommend them merged mining because is more secure for them, more secure for bitcoin, and better for the environment and everyone in general. Still, for some reason a new non merged mined chain is the most popular choice. Less efficient, less secure, more popular. Why? I wonder if devs warning against merged mining or making stupid predictions like "bitcoin's PoW algorithm won't survive the year" have anything to do with that... >> > Without merge mining if the value to the participants in the new system >> > is greater than the harm done to the participants in the old system the >> > total work on the new system's chain will still be positive and it has >> > a >> > chance of surviving. >> >> No, the "harm to the old system participants" is distributed among all >> the participants, not only miners (assuming miners have any >> speculative position at all). >> I'm not denying that people do crazy and stupid things, but let's at >> least allow the "anti-competition attacker" be equally crazy in both >> cases. > > Distributing harm among n people just reduces the harm for each person > by a factor of n. That may or may not make that harm smaller than > whatever tiny reward mining the chain would be. The harm TO THE MINERS alone (again, assuming they have any position at all in the coins they're mining) is less than the "total harm" to the competing system, assuming that's quantifiable at all. Miners won't think about the "total harm", but only about their share of harm vs their share of just mining the competing system alongside with the old one. >> I have many other explanations for the few currencies that died with >> MM (can you remember any name?). At the beginning all altcoins were >> much smaller and easier to attack, all of them. Bitcoin mining pools >> didn't wanted to update to merged mining and didn't acted very >> rationally about it. >> Namecoin went through a really delicate situation just before >> hardforking to MM, but now is by far the most secure altcoin of them >> all, all thanks to MM. >> All rational bitcoin miners should also mine namecoin. Period. All > > You assume doing so has zero cost - it doesn't. Running namecoind > involves effort and bandwidth on my part. Yeah, true, they will only mine if all those costs are lower than the reward. Only the hashing is "for free". I'm assuming that those costs are very small compared to the reward, that is, that most of the reward pays for hashing and not validation. >> those who consider it competition with their current Bitcoin >> speculative position, should just "attack in the market" by selling >> the namecoins as soon as they get them. >> Providing security for a chain DOES NOT give it an utility or rise its >> demand. >> Operation COSTS DO NOT CAUSE VALUE. > > Lets rephrase that "A secure chain is no more useful than a less secure > chain. A secure chain will not be more valuable than a less secure > chain, all other things being equal." Not exactly, a less secure chain can become completely useless due to the lack of security. What I'm saying is that a useless chain is still useless no matter the security. > I don't think we're going to see eye to eye on this. It is possible. At least now we know each other position in MM. I'm not sure if the silence means that only Maaku and Luke-Jr agree with me on merged mining, that it is you who are more alone than me on this one, or if it's just that not many people had taken the time to think about this...