I don't see this as an issue. If the chain is important enough, it will continue on from usage. If it's not useful enough to keep alive, then why bother with keeping it alive as a mean of archiving it?

Because there's a certain critical mass during the descent where 51% attacks are possible, but coinholders still have value to lose.

Part of the attraction and frustration of blockchains has been their obedience to the laws of mathematics.

The answer to the stage of a blockchain you mention would seem to be, "If the blockchain isn't distributed and scaled enough to be resistant to a 51% attack, is there really any value remaining in it?"

At the point where 51% attacks are happening, it's fair that coinholders lose value. The alternative is that they are able to offload their bags onto some other greater fool who will lose the value instead.

why does this have to be during the descent? 51% attacks are possible at value point.

I think mathgeek is talking about descent in use not descent in price.

Indeed, [1] shows inherent issues with coins that rely purely on transaction fees for eventual security.

[1] On the Instability of Bitcoin Without the Block Reward http://randomwalker.info/publications/mining_CCS.pdf

And more recently, [2], which curiously only considers abandoning PoW in order to deal with issues caused by dwindling block rewards.

[2] Beyond the doomsday economics of “proof-ofwork” in cryptocurrencies https://www.bis.org/publ/work765.pdf

If the market were perfect the coin should become valueless if 51% attacks are happening?

Historical interest.

You wouldn't think today's newspaper is interesting, but to someone doing research, the newspaper of a hundred years ago is interesting.

You wouldn't think someone's Geocities site was interesting, but when that shut down, the Internet Archive spent a lot of energy saving what they could, and that's already interesting for someone researching what the Internet was like a mere twenty years ago.

Blockchains get sold as these wonderful systems for storing data and also coincidentally making money off of ICOs. If they're going to actually be used to store real, useful data, then even if there stops being am immediate use for it, future historians may find one.

If you just want an archive, you can simply download a copy of the blockchain and store it. You only need a network for updating a chain.

I totally agree, there is some historical importance to this whole blockchain hype. I remember the "ICO hype", where seemingly 1000s of ICO projects emerged out of the blue. All projects had websites, "whitepapers" and the like. There was a lot of attention, money and scams involved (at least from a personal perspective).

Nowadays many of these ICO projects are vanished: websites are down, "whitepapers" are gone, team members are in jail... Somebody in the future might want to reason about this phenomenon. As this was mostly an internet thing all data and information lived on the internet only. I think even today it might already be difficult to research about this, as lot of information is already gone.

Cryptocurrencies of interest leave long trails of discussion on bitcointalk.org and reddit, and project websites tend to leave traces on the internet archive.

A majority of coins either launch on networks like Ethereum or are a copy of Bitcoin. I do still realize that archiving old blockchains may still be important. I think archive.org would be a good place for that to happen.

You mention importance and usefulness, but TBH it's not about those, it's about economic value - that is, can miners earn money from crunching the numbers. I think once a cryptocurrency has dropped below feasibility, miners will abandon it for more profitable ones and open it up to a 51% attack.

I remember when I thought FlappyCoin was going to be as big as Dogecoin. Nope! I wonder what happens with a devalued Altcoin. I read through the article and the gist seems to be that a 51% attack is possible. I wonder if this has been pulled off with any that were at one time popular. If I were a flappycoin millionaire it would bother me if someone had taken my coins even if they had no monetary value. I imagine some others would be more annoyed than I would be.

People have pulled off 51% attacks on altcoins that were arguably popular at the time, most notably Bitcoin Gold. However, note that a successful 51% attack doesn't allow the attacker to steal arbitrary balances. What it mainly allows them to do is to undo their own spending, which they can exploit to commit fraud on exchanges in the short term.

This is the correct threat of a 51% attack, although if the currency is unpopular enough, had little use and everybody stopped mining, you could theoretically fork from the genesis block and replace the whole chain as soon as your fork becomes longer than the original chain.

There is little to gain from attacking a system _that_ unpopular, but you could "take" everybody's coins in that scenario.

That's beyond a 51% attack, though. You'd have to have much higher hash rate than that to catch up to the chaintip from scratch as you mine.

That's a good point, I never thought about it that way.

This isn't a shutdown problem. That's getting the directionality confused.

This is actually the failure mode of most altcoins in the wild. They get attacked because the consensus was never reliable.

There are still tons out there (easily more than 50% by number) that could be smashed into oblivion by anyone with a decent amount of money tomorrow.

Have N self-appointed archivists publish a timestamped record of the blockchain. Any query can then be based on N of these archivists.

I'd imagine such a record to be: the final block header, and a Merkle tree root hash of every block using a more time-resistant hashing function. The Merkle tree root hash prevents rewriting the chain later through brute force. The actual consensus mechanism has prevented wrong writes.

Timestamping could be done by publishing in newspapers, or in other blockchains.

The biggest issue comes at the moment 'archiving' is announced. History-rewrite attacks then suddenly become a lot more valuable, so you'd probably need to say 'We are archiving the chain as of 100 blocks ago'. This prevents anyone from mucking with the end of the chain, but comes at the cost of discarding the last 100 blocks.

Seems like every blockchain should have a baked in “genesis” procedure and “felling” procedure (yep, a logging term since you’re “severing” the Merkle tree) to tie up all sources of new transactions and stumping or “tarring” the blockchain. Sureley there’s fantastic logging vernacular to draw from to name the period between the start of a “felling” and the resultant stump.

1) you could just post the last block ID to an active blockchain or centralized data store if you must, then anyone can download the blockchain via a torrent for example and verify the entire chain; this just requires some trusted data store. If you don’t have one, then you are screwed anyhow and probably shouldn’t have shut down that blockchain.

2) if there is utility in the blockchain, chances are it won’t shut down.

By consensus?

> 2. The elements of the sequence are data blocks that are chained together via digital signatures.

This is incorrect. Digital signatures are used when (S) signing a transaction which must refer some precious transaction with a receiver address corresponding to the public key which verifies signature S.

Blocks are chained by their headers hashes. There are no keys nor digital signatures involved here..

The generally accepted theoretical / abstract term for a winning block hash is 'dynamic membership multi-party signature'

To call the solution to a block a 'signature' is not incorrect.

Thank you, I wasn't aware that they used the term "signature". Before I have only seen this term as "digital signature" from pub-key cryptography, so I think it's confusing to repeat the term for different things (unless there's some hidden relation that I didn't catch). I mean, it was confusing for me, at least.

(personal opinion): On the other hand, I don't understand why it's called a "signature". Pub-key signs are used to prove integrity of some information and some form of authenticity related to the priv-keys. Block header hashes are related to integrity of immutable info, but are not related, in any way, to authenticity. So I still don't find it obvious, nor that it's appropriate, that it's a "signature".

A signature basically says 'someone qualified authorizes this to be valid'.

In the case of a block, the signature happens to prove the authority/qualification without needing to be connected to a specific identity.