Satoshi wrote this in the original Bitcoin paper, which logic I think still holds today:
If a greedy attacker is able to assemble more CPU power than
all the honest nodes, he would have to choose between using it
to defraud people by stealing back his payments, or using it to generate
new coins. He ought to find it more profitable to play by the rules, such
rules that favour him with more new coins than everyone else combined, than
to undermine the system and the validity of his own wealth.
The whole Game Theory element the bitcoiners keep throwing around surprises me the most. It's not as in you can apply game theory like that in practice. It also assumes rational players. People are anything but rational. Game theory works in numbers, but not on an individual level like that. Besides, there are plenty of profitable avenues if you control 51%.
All models are wrong, but some are useful. What is the chance that there is an irrational player that spends a lot of money only to destroy bitcoin? This kind of player has to be politically motivated, not just simply irrational.
> Besides, there are plenty of profitable avenues if you control 51%
Like what? Basically you can do a few things:
1) Mine all the current coins
2) Double-spend
3) Not confirm any transactions
All of them are harmful to the network. However, given that it is not an actual single entity that controls 51%, I wouldn't be worried much about anything except 1)
Game theory is not even a useful model here. There are plenty of rational players who would desire the downfall of Bitcoin.
The game theorists assume at the outset that everyone involved's primary financial interest is in a valid working Bitcoin network. However, banks and Western Union would not desire competitors for international currency transfer. Governments may not want currencies they can't control. The Russian mafia may want to exploit it for short-term gain or launder money. And now that there's a single pool with >51% of the CPU power, the difficulty of a hostile takeover just went way, way down.
Before, a group would have to set up a massive amount of computing power in order to take it over, but now, taking over or disrupting Bitcoin is within the reach of non-technical entities like criminal organizations and the CIA. E.g., all the CIA has to do is threaten a few people and say "Insert this code so we can freeze the transactions of $VILLAIN_OF_THE_MONTH at any time." There's many more possibilities now.
> There are plenty of rational players who would desire the downfall of Bitcoin.
Then game theory is pretty useful model. Players are rational, after all. Thats what's game theory is about.
> Governments may not want currencies they can't control.
Makes perfect sense. But we're discussing 51% attack. Would a miner with 51% of hashrate willingly help a government(and why would he)?
Or, would a government simply try to legislate bitcoin out of existence? I would say that the latter is more likely than the former.
> And now that there's a single pool with >51% of the CPU power, the difficulty of a hostile takeover just went way, way down.
Remember, it is not a single entity. It is a pool. And, in fact, ghash.io share is down to 39%.
> all the CIA has to do is threaten a few people and say
I do agree with this point. One of the strongest points of bitcoin is decentralization. We should keep bitcoin as decentralized as possible. But I would say ghash.io having 51% is a minor obstacle.
> Then game theory is pretty useful model. Players are rational, after all. Thats what's game theory is about.
Sorry, I wasn't clear enough. My argument is that the people citing game theory as a reason Bitcoin players had an incentive to avoid a 51%+ scenario kept assuming that all players wanted Bitcoin to succeed.
(However, as a former cognitive neuroscientist, I think it's mistaken to assume that people always act rationally. Check out the literature on the ultimatum game or anchoring effects in prospect theory (for which Kahneman got the Nobel prize) to see examples of people acting irrationally in a sytematic, biased way.)
> Would a miner with 51% of hashrate willingly help a government(and why would he)?
Who said anything about being willing? My example suggested threats, which is way more likely than cooperation.
> Remember, it is not a single entity. It is a pool. And, in fact, ghash.io share is down to 39%.
Yes, but the people running the pool have the keys to the kingdom as long the pool members don't know. So, more subtle perversion has a good chance of lasting a while, while gross manipulation is more likely to cause pool members to switch.
>What is the chance that there is an irrational player that spends a lot of money only to destroy bitcoin? This kind of player has to be politically motivated, not just simply irrational.
Irrational in this context (game theory) means self-defeating, but only in the confines of Bitcoin. It doesn't mean insane in the common sense.
So you can very well be "politically motivated" and irrational in this regard.
I agree. I think one problem is that things like "enjoyment" aren't as easy to measure as income or profit. It's possible to say that hobbies are rational by arguing that the enjoyment of the hobby outweighs the cost. But then it's also possible to say that people are willing to game the system (and take a financial loss) because they get enjoyment out of gumming up the works, and that enjoyment is worth the loss.
exactly, another profitable avenue might be to sell out to the government to make bitcoin unstable. what's puzzled me most about bitcoin proponents is they think the US gov would sit idly by and just give up centralized control of the most powerful thing on earth.
There's obvious cases where this is clearly false, such as where the greedy attacker has a greater reward outside of and negatively impacted by the bitcoin ecosystem. Capturing most of the rewards of the bitcoin ecosystem may then be worth less than preventing the bitcoin ecosystem from damaging the actors other interests.
"Because some men aren't looking for anything logical, like money. They can't be bought, bullied, reasoned, or negotiated with. Some men just want to watch the world burn."
Although this is the weirdest, most out-of-place comment I have seen in a while, my life has taught me that "it's all about money" is the safest position to take in almost any scenario. That is potentially a product of our cultural and economic structure, but I have observed it to be true worldwide; I don't think we are wrong in general.
I feel sorry for you then. First, you can't understand what I meant, and, second, the basic life lesson is that money can't make you happy and feel accomplished (unless you're too primitive), but the lack of it, agreed, can definitely make you unhappy, so, it's not about hoarding as much dollar signs as possible, but it's about having enough not get unhappy and I think most of us here don't have the issue that most people around the globe have nowadays - I'm sure we're in the top 5% globally in terms of income. The whole vicious circle of greed never has a happy ending. In most cases, the inability to be happy is a mental problem, which separates the miserable mass from the blissful few. Don't get me wrong, I have this condition as well, but I've acknowledged my issues and I'm working to address them. All the wisdom of the ages can be compressed in just two words: "memento mori" or in the more accessible form for the masses: "carpe diem". Anyway, outside of the basic well-being, real happiness is helping our civilization advance a step ahead. An Instagram can make you more money than SpaceX, for example, but launching which will make you happier and more accomplished? Which one will put your name in the history books and leave no doubt that your life was meaningful.
I think that it's a correct position now, but probably temporary in some sense. We didn't start with a cash system, and we may not end up with one, but for this moment in time it's a useful way to measure value/wealth.
Ideally one would think "it's all about happiness" would be the goal, not a measure of asset worth, but rather contentedness perhaps? It doesn't take much thinking to imagine why we can't function in that way, however.
People can decide to do an attack on Bitcoin for reasons other than money: fun, fame, politics, cyberterrorism, etc. Although money is everything today, it won't be tomorrow if we really want to be something meaningful happening in this civilization. The current order does not foster higher values that have no economical value.
Often people don't like the truth in their face. :) I'm sure most of the richest techies didn't have money as their primary driver. Money always comes as a bonus for a job well done.
"...if every bank vault in the world had a vulnerability that you (and only you) could exploit, possibly without detection (or at least with a degree of deniability)... what would you do?"
Most people wouldn't immediately do the (irrational) thing and abuse that power on a large scale because obviously, the global instability/problems would outweigh the rewards.
"Sooner or later, if given the opportunity to take unfair advantage of the system day after day, month after month, I think a lot of otherwise "trustworthy" people/organizations will end up giving in, albeit in subtle ways at first. Most people left to their own devices wouldn't flip a switch (for a reward) to immediately contaminate all of the world's fresh water at once, but if given a million switches each of which contaminates just 1 millionth of the world's fresh water for a substantial reward... I think there'd be some serious switch-flipping going on."
The problem with Bitcoin (as described in the original Bitcoin paper) is that Satoshi apparently didn't account for the very real likelihood of pools gaining substantial amounts of power.
"If a greedy attacker is able to assemble more CPU power than all the honest nodes..." sounds like a very remote possibility in the context of a world where every miner operates independently, and if pools didn't exist, it probably would be very unlikely. If every miner truly controlled his or her own mining power, I doubt we'd ever run into this problem.
"...if every bank vault in the world had a vulnerability that you (and only you) could exploit, possibly without detection (or at least with a degree of deniability)... what would you do?"
I think this completely ignores the fact that messing with the block chain would seriously screw over all the miners that are choosing this network for monetary reasons. Your analogy is flawed. Basically, it's more like "if every bank vault in the world had a vulnerability that you (and only you) could exploit, and you spent tons of money to get that vulnerability, and exploiting it would make all your money worthless, what would you do?" That's more like the actual situation here.
... except we should remember the fact that exploiting this power is not an all-or-nothing choice. Some have shown that double spends and other abuses of this kind of power have already happened, yet Bitcoin survives. As long as someone can exploit this in small ways and get away with it (without causing total collapse), they will have an incentive to continue. And the short-term gains (converted to value that doesn't depend on Bitcoin's future) for that person/entity may be much more attractive than the threat of eventual collapse when their little game is up (and the masses start jumping the Bitcoin ship).
Also, the pool operators (who have the ability to exploit this power) have not really spent large sums of money themselves. They have power because ignorant minors are essentially handing over their vote to the pool operators in exchange for convenience and low variance.
>There's no evidence the anonymous operators of GHash exercised any of those abilities.
Which means it didn't happen. It would be blatantly obvious to watch whenever GHash was mining on the 'wrong' chain to try to make it win. Even if GHash had 80% of the mining power, about one in 25 blocks would see non-GHash miners win twice in a row and unarguably expose this behavior as GHash ignored them.
And when it does happen? (It's a when, not an if.)
I don't think people will like their financial system unfairly tampered with.
People say, "Why would Ghash do that? They profit from the system they'd be manipulating." Well, so did Mt. Gox, and it didn't stop them from manipulating it anyway.
Also even if another pool won twice in a row it wouldn't matter. Over the next few blocks ghash's blockchain would become longer and all bitcoin clients would accept it.
Oh well 0 confirmation has a lot of issues. But thanks for the info.
What I'm saying with the double-win is that it blatantly exposes GHash's ignoring of blocks they don't like, not that they would actually lose over time.
So what's an individual miner's incentive here to continue mining with a pool that has 51%? If he wants more security in his own mined bitcoins, then surely he has an incentive to switch to another pool?
Tragedy of the commons. It may be bad for bitcoin as a whole but it's beneficial for that single miner because bigger pool means less variation of miner's income.
In addition there's also the less rosy issue that if G.Hash becomes more powerful than the other pools and starts doing small-scale theft or other activities, it's safer for your money to "pick the winning team".
Well, for the sake of theory, it's a good thing to think about what the most powerful person in the bitcoin ecosystem could do bad.
But please, don't stop here. What the most powerful political leader in your country could do bad ? What the most powerful economical leader in your country could do bad ?
"Power" as a concept is something that would need deeper inspection by everyone, and should probably be dissolved as much as possible (that's the point of democracy). If 51% attack scares you, push your reasoning to its ultimate point.
I don't believe democracy is about decentralizing power, so much as decentralizing the means of potentially taking and exploiting power. Or maybe only in practice, versus theory.
That seems to be one of the fundamental paradoxes in the anarchistic ideal of Bitcoin - that implicitly, collective action to centralize and exploit the system is a perfectly legitimate act within its framework, if you can get away with it.
> That seems to be one of the fundamental paradoxes in the anarchistic ideal of Bitcoin - that implicitly, collective action to centralize and exploit the system is a perfectly legitimate act within its framework, if you can get away with it.
I'd say it's more a libertarian ideal. You'd have the same idea in an actual anarchy of course, except that rolling up all the communes by force wouldn't be considered legitimate just because you're able to do it.
Some people believe, wrongly, that being with the bigger pool reduces their earnings variance and increases their earnings.
Someone on reddit went and did a Monte Carlo simulation to show them that that really wasn't true so long as the pool had at least a few percent of over all hashing power and that any risk to the BTC price from the negative perception of a 51% attack was far costlier than the couple tenths of a percent you might get by going with the largest pool.
Wait, it's wrong to correlate pool size with steady income, but the simulation correlated pool size with steady income? If you need a few percent to guarantee steady income the base assertion is not wrong.
People were trying to say that there was a big difference between mining with a large pool vs the largest pool and what that guy showed is that once a pool is big enough 3%+ any variance due to the size difference is negligible compared to other considerations.
"So-called 51 per centers, for instance, have the ability to spend the same coins twice, reject competing miners' transactions, or extort higher fees from people with large holdings."
The blockchain with the most blocks in it becomes the consensus blockchain. If you build a blockchain higher than the existing blockchain without building off of it, the One True Bitcoin Client will anoint your chain as the true chain. Only the true chain happened, from the perspective of the bitcoin client. Non-consensus chains mean nothing.
A chain losing consensus can happen retroactively (and by design does, frequently), but shouldn't after about 6+ confirmations (~1 hour of work by the network) unless you control a lot of power and are willing to secretly build a competing chain starting from a point in the past and build past the existing consensus chain. If you are willing and capable of outrunning the network for sustained periods of time, you can rollback the history believed by the network and replace it with a history which includes only those transactions which you think should have happened.
For example: did you pay your rent an hour ago? Did your landlord accept your payment after an hour and send it to Bitstamp, thereby getting money? Did Bitstamp then allow people to withdraw it? Psych. You remember that happening, but the Bitcoin consensus now says that the Bitcoin half of all those transactions never happened.
You could, for example, announce "Apropos of nothing: we find that transactions with 1% fees [paid to the miner of the block] are pleasing to the Bitcoin gods and are only willing to include them in our blocks. BTW, we will also rollback history periodically for the hell of it. If you want your transactions to survive rollbacks, take note."
The thing that surprises me the most is that people were seemingly ok with a player having any large percentage of the network power.
The new development seems to be that one player is verifiably controlling 51% of the market. This doesn't mean that two pools who each had 30% couldn't have colluded outside of the network to control it beforehand. I've seen people trying to persuade people not to join the most popular pool but this seems like a more fundamental problem.
Distributed trust systems ought to work because we love the idea, but there is always the chance we shall find that anonymity is not such a good thing for trust.
I see no particular reason why bitcoin addresses should remain anonymous in the future, making the impact of this power less, but still a fix to the protocol or a lot more miners will be preferable.
I would love to know if this is because the GHash pool has grown (through presumably investing 2012/13-bitcoin profits into hardware) or if it's because others stopped hashing.
So basically any government or any wealthy individual (or maybe even anyone with a botnet) could easily muster enough computing power to destroy Bitcoin?
I thought by this point the amount of computing power required to do that was supposed to be ungodly...
Compare the sort of user hardware that a botnet will typically control, vs the hardware that specialist miners run, and you'll see why botnets don't have much chance of upsetting the network. You might earn a few coins, but you'll never take 51%:
It's worth noting that for much of yesterday the parent of Ghash, cex.io, was DDoS'ed. Is this a good thing? Maybe it makes Bitcoin seem more self-policing, or maybe it makes it the currency of scary hackers.
I can't really think of a scenario when DDOSing would be responsible policing. If that kind of tactic becomes common it can set up the exact type of aggressive struggle we don't want a 51%er in.
This could be argued is a side-effect of the anarchic, decentralized nature of Bitcoin. If you have a problem with another operator, you may not have any legal, civilized means of achieving redress, so (virtual) "violence" may be your only practical recourse. There may be a moral in here about the nature of voluntaryism. I'm a bitcoin booster but these are real issues that need to be thought about.
> If you have a problem with another operator, you may not have any legal, civilized means of achieving redress, so (virtual) "violence" may be your only practical recourse.
It would be less depressing if these real issues were novel; but they were written about by authors as far back in time as Hobbes.
