From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from sog-mx-4.v43.ch3.sourceforge.com ([172.29.43.194] helo=mx.sourceforge.net) by sfs-ml-3.v29.ch3.sourceforge.com with esmtp (Exim 4.76) (envelope-from ) id 1Vxtpv-0006tj-Ab for bitcoin-development@lists.sourceforge.net; Tue, 31 Dec 2013 07:33:59 +0000 Received-SPF: pass (sog-mx-4.v43.ch3.sourceforge.com: domain of taplink.co designates 50.117.27.232 as permitted sender) client-ip=50.117.27.232; envelope-from=jeremy@taplink.co; helo=mail.taplink.co; Received: from mail.taplink.co ([50.117.27.232]) by sog-mx-4.v43.ch3.sourceforge.com with smtp (Exim 4.76) id 1Vxtpu-0002bG-Dl for bitcoin-development@lists.sourceforge.net; Tue, 31 Dec 2013 07:33:59 +0000 Received: from laptop-air.hsd1.ca.comcast.net ([192.168.168.135]) by mail.taplink.co ; Mon, 30 Dec 2013 23:32:12 -0800 Content-Type: text/plain; charset=iso-8859-15; format=flowed; delsp=yes To: bitcoin-development@lists.sourceforge.net, Luke-Jr References: <20131230232225.GA10594@tilt> <201312310114.05600.luke@dashjr.org> Date: Mon, 30 Dec 2013 23:28:10 -0800 MIME-Version: 1.0 Content-Transfer-Encoding: 7bit From: "Jeremy Spilman" Organization: TapLink Message-ID: In-Reply-To: <201312310114.05600.luke@dashjr.org> User-Agent: Opera Mail/1.0 (Win32) oclient: 192.168.168.135#jeremy@taplink.co#465 X-Spam-Score: -1.7 (-) X-Spam-Report: Spam Filtering performed by mx.sourceforge.net. See http://spamassassin.org/tag/ for more details. -1.5 SPF_CHECK_PASS SPF reports sender host as permitted sender for sender-domain -0.0 SPF_PASS SPF: sender matches SPF record -0.1 RP_MATCHES_RCVD Envelope sender domain matches handover relay domain 0.0 URIBL_BLOCKED ADMINISTRATOR NOTICE: The query to URIBL was blocked. See http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block for more information. [URIs: taplink.co] -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature X-Headers-End: 1Vxtpu-0002bG-Dl Subject: [Bitcoin-development] Merge mining X-BeenThere: bitcoin-development@lists.sourceforge.net X-Mailman-Version: 2.1.9 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 31 Dec 2013 07:33:59 -0000 Merge mining lets Bitcoin miners support or attack an alt-coin without any additional cost for their proof-of-work. Since bitcoin miners have to install software to build and claim blocks in the alt-coin, the percentage of bitcoin hashing power reflected toward the alt-coin will follow some adoption curve based on convincing bitcoin miners to opt-in. Depending on where you are on that adoption curve or 'participation rate', you need [a lot] less than 51% of of total Bitcoin hashing power in order to 51% attack the alt-coin. But there's so much 'dry powder' out there (GPUs), I wonder if *not* supporting merge-mining is any better? At least the attacker has to do some unique PoW, so you hope it's costing them something. Relatively large amounts of hashing can definitely be deployed on target with zero startup cost, and perhaps very little runtime cost (botnets). I think the absolute cost of the PoW is very likely *not* the determining factor in preventing a 51% attack on all but one or two blockchains currently in existence. Do I understand correctly, the question here is mostly a matter a game theory? On Mon, 30 Dec 2013 17:14:05 -0800, Luke-Jr wrote: > On Monday, December 30, 2013 11:22:25 PM Peter Todd wrote: >> that you are using merge-mining is a red-flag because without majority, >> or >> at least near-majority, hashing power an attacker can 51% attack your >> altcoin at negligible cost by re-using existing hashing power. > > I strongly disagree on this isolated point. Using the same logic, > Bitcoin is > vulnerable to an attacker at negligible cost by re-using existing hashing > power from mining Namecoin. Any non-scam altcoin is pretty safe using > merged > mining, since any would-be attacker is going to have it in their > interests to > invest in the altcoin instead of attacking it. It's only the scam ones > that want to pump & dump with no improvements, that are really at risk > here. > > The rational decision for a non-scam altcoin, is to take advantage of > merged mining to get as much security as possible. There are also some > possible > tricks to get the full security of the bitcoin miners even when not all > participate in your altcoin (but this area probably needs some studying > to get right). > > Luke >