[riptheworld]

> What would happen in practice? People would notice. A fork will be decided.

There's nothing in the Bitcoin protocol that explicitly prevents a longer and valid chain from being accepted. Forks happen every day where miners are competing to construct the longest accepted chain on the network (it's part of the protocol).

However, the difficulty in maliciously changing previous blocks in the Bitcoin blockchain is explicitly parameterized by the security level of the PoW mechanism. There are undergrad CS courses where this analysis is probably a homework problem.

In PoS, immutability is baked into the protocol since the block selection algorithm doesn't explicitly cause forking as it does in PoW based blockchains.

Decentralization creates trust that newly added blocks contain valid transactions, not to ensure that previous blocks don’t change. This is why the finality times of Bitcoin are strictly worse than the finality times of Algorand, or other PoS blockchains. Not because one network is more decentralized than the other, but because Bitcoin’s immutability property is hamstringed by the PoW security level.

EDIT: Anticipating your response requesting citations - here are the lecture notes from the "Foundations of Blockchain Systems" course at the University of Washington, Seattle [1]. From section 3.2, I quote:

"One property of the blockchain is immutability. This means that the chain cannot be changed given the last block in the chain. This is because it is difficult to find a hash of x that is equal to hash of y in computationally feasible time (collision-resistance). We add the qualifier “given the last block” because if we disagree on which is the last block, we may have problems. With distributed mining, there is a possibility of simultaneous mining, however these ties should be resolved quickly with proper tuning of parameters. Therefore, although we may not agree on the last block all of the time, all blocks will lead back to the genesis, starting block, and the large majority of the chain will be in agreement."

[1] https://ece595uwseattle.github.io/Scribe_notes_Lecture_3.pdf

[p4bl0]

Your citations proves my point, not yours.

> This is because it is difficult to find a hash of x that is equal to hash of y in computationally feasible time (collision-resistance).

This is exactly what I was explaining.

[riptheworld]

This is literally proof of work. I don’t know what else I can do to explain that Bitcoin’s immutability property is directly parametrized by the security level in the PoW mechanism.

You are arguing that decentralization creates immutability. Decentralization has nothing to do with hashing.

[p4bl0]

I'm sorry, it seems you really don't understand neither what I'm saying nor the citation you used.

Collision and proof of work are really not the same thing.

Here are some Python code that compares the two. If you're not convinced, I suggest you try using it to time what is actually harder and what makes a blockchain immutable. Then come back here when you found a collision :).

    import hashlib
    def h (d): return hashlib.sha256(d).hexdigest()
    
    def mine_for_PoW (d):
        nonce = 0
        while True:
            blk = f"{d}{nonce}".encode()
            sha = h(blk)
            if sha[0:6] == '000000':   ## PoW
                return sha, nonce
            nonce += 1
    
    def find_collision (d, original):
        nonce = 0
        while True:
            blk = f"{d}{nonce}".encode()
            sha = h(blk)
            if sha == original:        ## collision
                return nonce
            nonce += 1

[riptheworld]

No one is arguing that collision resistance and proof-of-work are the same things? The security of a PoW relies on collision resistance. Do you see the difference? It's subtle. Changing a block in the blockchain explicitly requires exploiting the collision-resistance property of a cryptographic hash. Why? BECAUSE YOU NEED TO PRODUCE VALID PROOFS OF WORK FROM INVALID TRANSACTIONS.

[p4bl0]

I really don't have a problem with people being wrong or not understanding something. I can take time to explain. But this level of stupidity paired with so much dishonesty is appalling.

> No one is arguing that collision resistance and proof-of-work are the same things.

You really just did that.

> The security of a PoW relies on collision resistance.

No. The security in the sense of immutability of a blockchain relies on collision resistance, PoW has only one goal: it is a mean of achieving distributed consensus.

> Changing a block in the blockchain explicitly requires exploiting the collision-resistance property of a cryptographic hash.

Yes! This is it! So you finally understand? It has nothing to do with proof of work: what counts is that each block contains the hash of the previous one. Just like in a Git commit log for example (a commit's hash depend among other thing on the hash of its parent commit). If you want to modify a given commit in a git log you can, but all subsequent commit will have new different hashes. If you want to be able to do that without being noticed by those who already have a copy of the repository, then you need to find collision for each commits: this is impossible.

> Why? Because you need to produce valid proofs of work from invalid transactions. (I allowed myself to modify your aggressive capitalization)

No. I just explained (maybe for the third times) why.

Finding a valid proof of work for an "invalid" transaction (why "invalid"? "different" is enough) does not require to find a collision. It is much less expansive. But if you want to edit a blockchain discreetly, what you need to do is not only to find valid proofs of work, what you need to do is to find collisions. As we just said: this is 1- a lot more expensive, and 2- not a property of proof of work but of the fact that each block's hash depends on that block's content and on the hash of the previous block. This, again, can be true without PoW (see the Git example above).

Now please actually take some time to think before you reply. You would just continue to make a fool of yourself otherwise.