[romaniv]

I'm curious about this as well. No one seem to be talking about specific attacks mitigated by blockchains as opposed to authorities signing current state.

The definition implies that if someone says "I'm on block 1000" they cannot create altered version of history without touching all the blocks after the change.

But how is this useful? If there is a disagreement about the last block, majority wins, right? So couldn't majority simply have the most up-to-date version of the database with a single signature?

[decentralised]

The attacks that blockchain can protect against are:

- Fraud

- DDoS

- Censorship

The usefulness of a consensus protocol is that no one party can be trusted to have the most up-to-date AND valid blockchain. Every node has the incentive to cheat and the consensus rules define a method of evaluating the proposed chain of blocks and determine it's "trustworthiness". In PoW this is often an algorithm like Greedy Heaviest Observed Sub-Tree (GHOST) which favours the fork with the highest accumulated work.

This is why it's important that mining is an expensive activity, to discourage attackers from wasting thousands of euros in electricity and then losing the block reward payment.

[romaniv]

>The usefulness of a consensus protocol is that no one party can be trusted to have the most up-to-date AND valid blockchain.

Consensus protocols do not require mining. You can simply poll X random nodes and compare what they tell you. I don't understand what mining adds to the equation. Okay, instead of "I need to control 50% of all nodes" it becomes "I need to control 50% of all mining capacity". Is that the point of mining? To make inserting hordes of cheap lying nodes impossible?

[decentralised]

I didn't say that consensus protocols needed mining, only PoW which is a consensus protocol uses it.

You can poll multiple nodes and each one will give you a different answer because of message propagation times.

Mining fulfils two roles:

- identity management: To identify who is a trustworthy block producer in an anonymous and trustless network, mining introduces a cost to the block generation process and we use a game theory assumption that it serves as a barrier for attackers. This doesn't mean there aren't validation checks performed by other nodes in the network and the consensus forming rules themselves of course.

- consensus formation: In a distributed network, nodes are bound to disagree on which is the canonical chain out of two or more competing forks. The most common algorithm calculates the accumulated computational effort of each chain of blocks and picks the "heaviest" one, ie the one with the most work done on it. This has the nice side effect of ensuring economic finality for the transactions in those blocks.

[qnmaster]

>Is that the point of mining? To make inserting hordes of cheap lying nodes impossible?

That's called a Sybil attack, and yes that's one of the reasons.

Mining also makes creating blocks have a real world energy cost. So rewriting history quickly becomes almost impossible as blocks are added. An attacker would have to have more than 50% of all mining power for a sustained period of time.

I suggest reading the Bitcoin whitepaper, it's short and sweet.

https://bitcoin.org/bitcoin.pdf

[qnmaster]

>as opposed to authorities signing current state

That's what it solves. It removes the need for trust and dependence in a central authority. There's no central actor to hack, or that can abuse the system, or be compelled to censor.

Consider Paypal. They're obligated to follow the regulations of every single government whose citizens they serve. Paypal themselves can also make value judgements. That severely limits who can use the system, for what purposes, in what quantities, and how frequently.

[thedancollins]

FWIW, if a single actor could take command of more than 50% of a chain's hashrate then yes, they could take over and rewrite history. The theory was that this would be far too expensive in power and time for any such attack to succeed and if it did - the chain would simply fork at time pervious to the attack and the person that had taken the now defunct chain over would be the only person operating on that blockchain.