Hacker News new | ask | show | jobs
by supermatt 1663 days ago
> For PoW, you'd have to know the hash of the start of the chain (the "genesis block") in advance to verify you downloaded the correct chain.

Nope. You could fork the chain at a period of low difficulty and it would still stem from the genesis block. It would either be a short chain, or have clearly low difficulty though, so it wouldnt fool anyone knowledgeable. Im not sure how you would leverage that chain for fraud.
2 comments
rocqua 1663 days ago
A while ago bitcoin clients changed from facoring the 'longest' chain to favoring the chain with the most work done on it. (To prevent long chains with low difficulty)
link
somebodythere 1663 days ago
So... the consensus rules of the network changed, you need to make sure you have the correct client, and bitcoin is weakly subjective after all?
link
madacol 1662 days ago
Asking "what's the correct client?" will always be a subjective question

Bitcoin doesn't decide what is called bitcoin, we as a community do

link
rocqua 1661 days ago
In practice this was essentially a soft-fork. But yes the consensus rules of bitcoin software changed.
link
PeterisP 1662 days ago
The client can choose properly, but it needs to "call a friend" in order to get the options - if the client doesn't receive the proper chain but only fake ones, it will chose the fake one with the most work done on it.
link
neuroma 1663 days ago
Why fork at low difficulty?
link
mlyle 1663 days ago
You need to fork at low difficulty if you want to significantly lengthen the chain from that point, because creating a high difficulty, long chain that is valid is hard.

But-- there's nothing to preclude you making big steps up in difficulty at the end of the chain. It means that one evaluating the length of the chain for authenticity really needs to integrate the difficulty over the entire chain and not just look at the number of blocks.

link
xg15 1662 days ago
I was wondering about that bit actually.

Suppose I'm a new node and want to verify the blockchain. How do I verify that each block was mined with the correct difficulty?

I'd need some record about the actual real-world timestamps for each block. Then I could say something like "duration between block x and block x+1 was > 10 min, so the down-adjustment in block x+5 is justified".

But if those timestamps were stored on-chain, an attacker could simply lie about them and keep difficulty artificially low on its alternative chain.

On the other hand, if we had some un-forgeable record of block timestamps, wouldn't this solve the double-spend problem all on its own? Would we even need PoW at this point?

Edit:

Ok, sibling comment seems to suggest bitcoin has solved this problem differently: https://news.ycombinator.com/item?id=29368166

link
mlyle 1662 days ago
Yes, Bitcoin effectively integrates the difficulty over the entire chain.
link