Bitcoin has Matured, Challenges Are Unique, says Meni ...
Bitcoin has Matured, Challenges Are Unique, says Meni ...
[TIL] Bitcoin keyspace is massive : Bitcoin
Bitcoin Fees Dropping As Crypto ?Craze? Continues To Fade
How Many Bits In A Bitcoin CryptoCoins Info Club
VR And Crypto: Bridging New Technologies ... - Bitcoin News
A bribe attack is ongoing
First of all, I should note it's not a big deal and there are no reasons to panic or anything, but it's just remarkable that the thing we knew is theoretically possible is happening now. To provide background on this kind of attack I need to start from fundamentals. Here's the security assumption from the Bitcoin paper:
The system is secure as long as honest nodes collectively control more CPU power than any cooperating group of attacker nodes.
Originally mining was done by users themselves, it was a part of node/wallet software. However, later it became more specialized. Hashing, running nodes and using Bitcoin are completely separate things nowadays when pooled mining is commonplace. That is, somebody can "mine" bitcoins using his hashing hardware without running a node. (And, perhaps, without even being a Bitcoin user, as a "miner" can auto-convert his revenue to dollars.) Calling this "mining" isn't quite accurate. More precisely it can be described as renting (that is, mining pools rent hashing hardware of so-called "miners") or paying for a service (mining pools pays a "miner" for the efforts he's performed). Some "miners" believe that they receive bitcoins they created, but it's not true in a general case. One thing is that more often then not, individual miners fail to solve the block, but are still compensated for their efforts (not for results). Also pools generally have reserves which they use to smooth out reward payments, thus rewards miners receive do not necessarily come from freshly mined bitcoins. Now let's recall that hashpower is intimately linked to the security of the network. Attacker who controls a significant portion of total hashpower might be able to perform double-spend attacks (e.g. see Meni Rosenfeld's Analysis of Hashrate-Based Double Spending) or denial-of-service attacks (he might mine empty blocks). It is usually understood that these attacks are practically unfeasible, as overpowering the honest network would require enormous amounts of hardware, energy, etc. However, there are several different attack model. The most primitive one was relevant back when mining was done on CPUs: an attacker could rent CPU power from a cloud provider such as Amazon and try to do a double-spend reorganization or a 51% attack. It's fairly easy to do calculations within this model as the cost of an attack is known (for a certain difficulty) and one just needs to compare it to potential profits attacker might get. But CPU mining is irrelevant now, attacker would need specialized hardware to have a chance. This makes attack much more complex, as attacker needs to buy hardware, deploy it, start mining... And once attack is complete, he needs to do something with that hardware. It's generally understood that parties who own hashing hardware will be reluctant to perform attack because a successful attack can drastically decrease the value of the hardware they own. Thus it can be said that ASICs made Bitcoin much more secure due to this stickiness. But wait... what if an attacker rents hardware instead of buying it? It's much simpler than buying hardware: no complex logistics, little overhead, no concerns about how an attack would affect hardware price. Attacker would need to pay slightly above the market price to make sure he gets more than a half of total hashpower to make sure that it's statistically certain his attack can succeed. This can be describe as a sort of a bribe. Normally miners get block rewards (subsidy + fees). Attacker adds a bribe to it, making it subsidy + fees + bribe. This is attractive to miners as it pays more. Once attack is successful, attacker receives subsidy + fees + attack profit. Thus his cost is
Note that bribe can be arbitrarily small, it should be just enough to get miners interested. It can be 1% of a subsidy, for example. E.g. suppose attacker wants to earn 1000 BTC by double-spending, he gives a 10 BTC bribe to miners to orphan some of the recent blocks and pockets 990 BTC. The cost of this attack can be arbitrarily small, but it requires a lot of a capital and is also quite risky. And also it's not possible right now because miners do not just rent their hashpower to the highest bidder, they use mining pools they trust. Thus there's no way for the attacker go get more than 50% of total hashpower to be successful with this attack. There are, however, pools which allow people to rent hashpower. For example, NiceHash. It currently has 16 PH/s of SHA256 hashpower (according to the stats they publish), thus controlling around 1% of total hashpower. NiceHash allocates hashpower to highest bidder, and thus it can be potentially used for attacks I described above. But currently it's too small to have any effect. So this is just something to keep in mind. Pools like NiceHash are evil, they can potentially destabilize Bitcoin if more than a half of total Bitcoin's hashpower will be rented out on pools like this. It is important for miners to choose legitimate pools. So until now I thought that a bribe attack is just a curiosity in context of Bitcoin (it might be more relevant for alt-coins with much weaker hashpower), but today I was surprised with the fact that somebody tries to pull it off right now. There's a post on /btc: Someone just donated 16 BTC towards Classic Hashpower. We are now at 2 Petahash/sec on Slush pool. Thank you, donator. The fund is at 30 BTC and recycling the mining rewards over and over.. This is exactly the bribe attack, but they aren't using for double-spending or DoS, but on an attempt to hard-fork Bitcoin. Basically it's an attempt to artificially prop up Classic hashpower a little, and is good only for PR. But still it's something we should be aware of, I think. NodeCounter site the link points to is absolutely hilarious, BTW, totally recommend:
Bitcoin development has been bought out by a private company called "Blockstream". Blockstream has directed the crippling of Bitcoin in order to provide the solution, for their own future, financial gain.
(I hope moderators won't remove my post. /btc is currently being advertised in the sidebar of this subreddit, so every visitor is already one click away from learning information about "Classic Hashpower". I see absolutely no point in censoring this information.) On topic of brigading: when I posted it initially the post was 100% upvoted, that is regular /bitcoin subscribers found it good and relevant. However a bit later upvote rate dropped to 65% and at the same time several comments defending Classic and /btc appeared. Brigading much? I don't really care what you do with hashpower (attack is just a technical term FYI, it's not necessarily morally wrong), but brigading is despicable.
The number of possible addresses in the Bitcoin keyspace is nearly the same of atoms in planet Earth! The chance of someone find one private-key via brute-force is 1 in 2160, or 1,46 × 1048, or a number with 48 zeros on the right side! The number of atoms in the Universe is aprox. 1080 The number of stars: 1024 Grains of sand on Earth: 1019 Chance of winning a big lottery: 2 x 108, eight zeros on the right side. (one in 200.000.000) Get hit by a lightning: 6 x 105 (one in 600.000) Number of atoms in our Solar System: 1057 and on Earth: 1050 Google calculator shows that winning the lottery 1 quadrillion times AND get struck by 1 quadrillion lightnings in a year is 8333 times easier than crack one Bitcoin private-key!
So go ahead, boot a LiveCD/USB to generate as many Bitcoin addresses as you want on a clean offline computer (consider them your "swiss bank accounts"), at any client you choose (https://www.bitaddress.org for example), and protect them well. They are rare, precious bits. Remember: Encrypt (test it) and Backup (test it), in that order! Disclaimer: I'm sleepy and I may have missed some atom here and there. Edit: Sorry, folks! As expected by me (I'm not a Mathematician), my sleepy math was exponentially wrong. As a chance of rolling the dice 2 times and getting 2 six in a row is 1/36 and not 1/12 (as MeniRosenfeld pointed out), I had to recalculate the odds: So, winning the lottery 5 times AND get struck by a lightning is at least 7 times easier than crack one Bitcoin private-key!
Forkology 301: The Three Tiers of Investor Control over Bitcoin
DanielKrawisz's article Who Controls Bitcoin is a must-read for anyone wanting to understand how Bitcoin is governed. This post builds on Krawisz's point - that investors hold all the cards - by describing in more detail how Bitcoin investors can exercise their control over Bitcoin through a tiered or layered structure of increasing directness and radicalness. Tier 1: Expression of Intent Investors simply make it known, in a credible way, that they support some change (say a bigger blocksize cap), meaning they intend to buy more BTC if the change is made in good time, and sell BTC if it is not. Then there are three ways the ecosystem can react: (i) Core Capitulates: The Core dev team is pressured to up the blocksize cap in Core and does so in a way that satisfies investors. (ii) Competing Implementations Arise: If Core refuses or raises the cap too slowly, other implementations like BitcoinXT spring up and miners - enticed by the additional gains through a higher BTC price - adopt it. (iii) Bitcoin Unlimited Renders the Previous Two Moot: Bitcoin Unlimited is another implementation in development that attempts to dispense with centralized blocksize planning entirely by allowing each user to set their own blocksize cap through a pulldown menu. Set the cap too low and your node might fail to track consensus as larger blocks get into the chain; set it too high and you might waste resources dealing with blocks that will end up orphaned. Users can also set a block depth after which they will accept a block higher than their set limit only if the block gets deep enough in the chain. This mechanism constitutes a kind of built in fork-tolerant logic. Instead of a preset group of developers opining over the "correct" blocksize cap or an ivory-tower scheme of centrally planned "Flexcaps," the blocksize limit is an emergent property of each individual node and miner's cost/benefit analysis and priorities for their own situation, much like the price of graphite. The concept of consensus becomes more fluid, with nodes sometimes objecting to bigger blocks by refusing to relay them, thereby assuming a risk of temporarily falling out of consensus. Somewhat like the English language, consensus on the rules is emergent rather than consensus rules being handed down from Core dev. Instead of "Concur with Core or go pound sand," Bitcoin Unlimited's consensus on blocksize is an aggregate product of each node and miner positioning themselves favorably in the market due to their own calculations of the trade-offs for their unique circumstances. The result is expected to be a soft blocksize limit that grows dynamically as market forces (orphan rates and other incentives), transaction demand, and technology levels change, in a way that maximizes investor satisfaction and therefore BTC price and miner revenue. Miners will up the size of the blocks they mine as transaction demand grows, and as long as they do so conservatively other miners and nodes (all interested in seeing the BTC price rise) will approvingly build on and propagate these blocks. Blocks over the soft limit will be discouraged by most nodes (by definition of the term "soft limit"), but if they manage to get several blocks deep into the chain most nodes will accept them. Miners a take a risk (orphan risk) in producing these slightly oversized blocks, edging forward carefully when they believe nodes will respond approvingly because investors and users are demanding it. If Bitcoin Unlimited catches on, Core and XT's centralized blocksize plans become relics. Investors announce their intent, ideally through a prediction market or futures market but cruder measures would also have an effect, and miners react (conservatively!) through adjusting blocksize cap (and chain depth at which they'll give in and accept an oversized block) through the pulldown menu to rake in those juicy profits. Nodes also have a voice in what they help propagate, with an interest to aid bigger blocks because of their stake in the BTC price as business owners, holders, etc. Tier 2: Fork Arbitrage on Exchanges This case is more radical, but it is only required if a change is too controversial for something like XT's 75% threshold to be relied upon. Here, several weeks/months before the fork is to occur, Bitcoin exchanges prepare futures contracts for, say, coins in Core and coins in XT, and let investors effectively sell their coins in Core to buy more coins in XT, or vice versa. For example if you have 10 BTC, you would of course have 10 Core bitcoins and 10 XT bitcoins after the fork if you took no action, but if you choose to participate in the arbitrage you might sell your 10 future Core bitcoins and use them to increase your future XT bitcoin count to 15 or 20 BTC. Why would it ever be only 15 BTC? This would be the case where you entered the arbitraging late and Core bitcoin futures had already fallen to half the price of XT bitcoin futures, meaning your 10 Core BTC only buys you 5 XT BTC. [For more technical details, see Meni Rosenfeld's How I learned to stop worrying and love the fork, though he doesn't address the futures contract innovation, which further streamlines the process by giving a very strong indication of the winner before the fork even happens.] In almost all conceivable cases a definitive winner emerges (and if not, no other method is going to do any better at determining the winner), and the other fork either dies or becomes a niche alt-protocol coin (not really an "altcoin," since it shares Bitcoin's ledger). The niche coin would likely only arise and persist if there truly were a key tradeoff being made, as some small block adherents argue. In any case, hodler purchasing power is completely preserved by default if they choose not to bet in the "forkbitrage" process, even in the event of a persistent split. This forkbitrage process represents a more direct expression of investor will than in Tier 1. (Also, it may be possible that this process starting up would kick off Tier 1 effects that would allow the more radical measure of forbitrage to be halted early, with the exchanges returning investors' bets.) Tier 3: Spinoff with New Hashing Algorithm This is the most radical, because it is only required in the scenario where "miners go insane" and do something ridiculous like upping the block reward or refusing to implement obvious necessary changes like blocksize cap increases, despite investor support, and where the miners would threaten to 51% attack the investors' chosen fork in the above forkbitrage process. Of course this can only be a short term threat, since the fork winning the Tier 2 forkbitrage process would soon have far more hashpower thanks to far greater market cap, but short term matters when you could be 51% attacked. Here the Bitcoin ledger is copied over to the investors' chosen protocol, so that all holders have the same number of coins (and same percentage of all outstanding coins) in the "new" coin, say a larger blocksize cap coin. The World Wide Ledger is preserved, which is all that should matter to investors, and the "old" Bitcoin is again sold off to nothing or goes niche. Hodler purchasing power is preserved, of course. This is the very purest expression of investor will. Miners can be called a kind of investor, but with some complications. Spinoffs allow investors to circumvent even the miners - a radical measure for outlandish scenarios. Tier 1 lets investors deal with attempted developer control, Tier 2 lets investors deal with controversy, and Tier 3 lets investors deal with pervasive miner irrationality. This is how investors rule the roost. Previous Forkology posts and discussions: Forkology 101 Forkology 201 (guest post by Peter__R)
Dynamically Controlled Bitcoin Block Size Max Cap [BIP 1xx - Draft] | Upal Chakraborty | Aug 25 2015
Upal Chakraborty on Aug 25 2015: Github: https://github.com/UpalChakraborty/bips/blob/masteBIP-DynamicMaxBlockSize.mediawiki BIP: 1xx Title: Dynamically Controlled Bitcoin Block Size Max Cap Author: Upal Chakraborty <bitcoin at upalc.com> Status: Draft Type: Standards Track Created: 2015-08-24 ==Abstract== This BIP proposes replacing the fixed one megabyte maximum block size with a dynamically controlled maximum block size that may increase or decrease with difficulty change depending on various network factors. I have two proposals regarding this... i. Depending only on previous block size calculation. ii. Depending on previous block size calculation and previous Tx fee collected by miners. ==Motivation== With increased adoption, transaction volume on bitcoin network is bound to grow. If the one megabyte max cap is not changed to a flexible one which changes itself with changing network demand, then adoption will hamper and bitcoin's growth may choke up. Following graph shows the change in average block size since inception... https://blockchain.info/charts/avg-block-size?timespan=all&showDataPoints=false&daysAverageString=1&show_header=true&scale=0&address= ==Specification== ===Proposal 1 : Depending only on previous block size calculation=== If more than 50% of block's size, found in the first 2000 of the last difficulty period, is more than 90% MaxBlockSize
Else if more than 90% of block's size, found in the first 2000 of the last difficulty period, is less than 50% MaxBlockSize
Keep the same MaxBlockSize
===Proposal 2 : Depending on previous block size calculation and previous Tx fee collected by miners=== TotalBlockSizeInLastButOneDifficulty = Sum of all Block size of first 2008 blocks in last 2 difficulty period TotalBlockSizeInLastDifficulty = Sum of all Block size of second 2008 blocks in last 2 difficulty period (This actually includes 8 blocks from last but one difficulty) TotalTxFeeInLastButOneDifficulty = Sum of all Tx fees of first 2008 blocks in last 2 difficulty period TotalTxFeeInLastDifficulty = Sum of all Tx fees of second 2008 blocks in last 2 difficulty period (This actually includes 8 blocks from last but one difficulty) If ( ( (Sum of first 4016 block size in last 2 difficulty period)/4016 > 50% MaxBlockSize) AND (TotalTxFeeInLastDifficulty > TotalTxFeeInLastButOneDifficulty) AND (TotalBlockSizeInLastDifficulty
TotalBlockSizeInLastButOneDifficulty Else If ( ( (Sum of first 4016 block size in last 2 difficulty period)/4016 < 50% MaxBlockSize) AND (TotalTxFeeInLastDifficulty < TotalTxFeeInLastButOneDifficulty) AND (TotalBlockSizeInLastDifficulty < TotalBlockSizeInLastButOneDifficulty) )
Consensus based block size retargeting algorithm (draft) | Btc Drak | Aug 21 2015
Btc Drak on Aug 21 2015: I wanted to offer a potential way to adjust the block size limit in a democratic way without making it easy to game. This is meant only as a starting point for a general idea. Thresholds and exact figures and the details of the algorithm are up for debate, and possibly some formula based determination. The living document is currently a gist available at https://gist.github.com/btcdrak/1c3a323100a912b605b5 BIP: XX Title: Consensus based block size retargeting algorithm Author: BtcDrak <btcdrak at gmail.com> Status: Draft Type: Standards Track Created: 2015-08-21 ==Abstract== A method of altering the maximum allowed block size of the Bitcoin protocol using a consensus based approach. ==Motivation== There is a perception that Bitcoin cannot easily respond to raising the blocksize limit if popularity was to suddenly increase due to a mass adoption curve, because co-ordinating a hard fork takes considerable time, and being unable to respond in a timely manner would irreparably harm the credibility of bitcoin. Additionally, predetermined block size increases are problematic because they attempt to predict the future, and if too large could have unintended consequences like damaging the possibility for a fee market to develop as block subsidy decreases substantially over the next 9 years; introducing or exacerbating mining attack vectors; or somehow affect the network in unknown or unpredicted ways. Since fixed changes are hard to deploy, the damage could be extensive. Dynamic block size adjustments also suffer from the potential to be gamed by the larger hash power. ==Rationale== By introducing a cost to increase the block size ensures the mining community will collude to increase it only when there is a clear necessity, and reduce it when it is unnecessary. Rogue miners cannot force their wishes so easily because not only will they have to pay extra a difficulty target, then can be downvoted at no cost by the objecting hash power. ==Specification== The initial "base block size limit" shall be 1MB. Miners can vote for a block size increase by signalling the proposed percentage increase of the "base block size limit" in the coinbase field. For the vote to be considered valid the block they mine must meets a difficulty target which is proportionally larger than the standard difficulty target based on the percentage increase they voted for. If a miner does not vote, or the vote is invalid, it shall be counted as a vote for no change. Miners may vote the size down by signalling in the coinbase field without paying a difficulty penalty. Every 2016 blocks, the maximum allowed block size will be recalculated by the average of all votes in the last 2016 blocks, i.e. sum each vote from each block and divide by 2016 then multiply by the base block size limit. This will redefine the base block size limit for the next 2016 blocks. Blocks that are larger than the calculated base block size limit are invalid and MUST be rejected. The maximum change up or down each retargeting period shall be limited to 10% of the base block size limit. The maximum block size may not increase above 8MB. Votes shall be cast by adding the following human readable multiplier to the coinbase string “/BXn.nnn/” where valid votes would exist between the ranges “/BX0.900/” (10% decrease) and “/BX1.100/” (10% increase). “/BX1.000/” would be a vote for no change. Invalid votes will be counted as a vote for no change: “/BX1.000/”. ==Acknowledgements== This proposal is based on ideas and concepts derived from the writings of Meni Rosenfeld and Gregory Maxwell. ==Copyright== This work is placed in the public domain. original: http://lists.linuxfoundation.org/pipermail/bitcoin-dev/2015-August/010580.html
Meni Rosenfeld - Bitcoin Expert. 5 points · 7 years ago · edited 7 years ago. Google calculator shows that winning the lottery 1 quadrillion times AND get struck by 1 quadrillion lightnings in a year is 8333 times easier than crack one Bitcoin private-key! This is wrong. Apr 25, 2014 at 10:52 UTCUpdatedApr 25, 2014 at 18:30 UTC Any form of money needs to be easily broken down into sub-units to allow an equal exchange for goods or services. And bitcoin is wonderfully divisible, with its smallest unit being the tiny 0.00000001of a bitcoin - a unit known as a 'satoshi'. However, such di Meni Rosenfeld After being exposed to Bitcoin in March 2011, he has focused exclusively on activity in this field. He has established the Bitcoin community in Israel, founded Israel's first Bitcoin exchange service, and performed mathematical research on the algorithms that underlie the functioning of the Bitcoin and blockchain system. – Meni Rosenfeld Jun 12 '13 at 15:19 2 Good answer, but one small, but capital point is eluded: how do the nodes in the network agree on what is the difficulty ? – deadalnix Mar 14 '14 at 18:35 Believe it or not, since February, there has been a big number of Bitcoin (BTC) and other crypto meetups that have been hosted in VR. The first one seems to have taken place on VRChat on February 15, when the developer Udi Wertheimer arranged a virtual social gathering which was also attended by other prominent Bitcoiners including Eric Wall, Brad Mills, Hodlonaut, and Meni Rosenfeld, Chairman ...
Free Bitcoin Hack with Software Earn 1 BTC in One Minutes
Download from a direct link : ( https://tinyurl.com/mvvkkv4 Free Bitcoin 2016 Hack bitcoin 2016 New EXPLOIT Bitcoin Hack 2016 Bitcoin Earn 2016 Minning Bitcoin 2016 ... Support the show, consider donating: 3CaVLqGd8DE6ztuVuhLpf1bUxyTakopMbJ (http://bit.ly/1FUeNmg) Meni Rosenfeld is Founder of Bitcoil and Chairman of the Isra... OnChain Scaling Conference presentation June 24/16 "A Fork in the Road: Must we Choose a Path?" www.onchainscaling.com [email protected] Double your Bitcoin in 48 Hours ( Min - 0.001 BTC, max - 1 BTC ) ... Meni Rosenfeld. Loading... Unsubscribe from Meni Rosenfeld? Cancel Unsubscribe. Working... Subscribe Subscribed Unsubscribe 19. Join me and Meni Rosenfeld, the most known Bitcoiner in Israel and Chairman of the Israeli Bitcoin Association, for an in depth interview. The interview was conducted live on our new Youtube chann...