[manytree]

Honestly there’s a lot of valid points to be made here but the actual report reads as if their intention was to prove blockchains are insecure and centralized.

That is true for a lot of them, but true Nakamoto consensus is not quite as fragile as they suggest it is.

They don’t provide an analysis of the true cost of launching a 51% attack.

Their assertions about the security risk of “altering the software that nodes run” fail to mention how this is a voluntary process which all node operators choose to undergo. If a consensus emerges on the network or a subset of the network that the changes are problematic, these dissenting node operators can choose to hard fork. There will be few supporters of an obviously malicious attack in the network, so it would be unable to gain traction.

Their point about the number of entities in control of Bitcoin is technically correct, because of the way that pooling works in Bitcoin: many nodes send any propfs they find to one node, and that one node writes to the blockchain. So, there is a definite concentration of power. There are some in depth game theoretical analyses of why this is unlikely to become a problem but in general it is easy to imagine that, for instance, the US treasury would not want to destroy trust in the USD.

Interestingly, Chia, a new proof of work blockchain which launched a year ago, developed by Bram Cohen, has a unique and innovative solution to pooling which does not result in concentration of power: individual node operators submit proofs to the network, not to the pool, and the pool receives a fraction of the reward for minting a new block. Chia also has more full nodes than any oher blockchain, including Bitcoin. At this point it’s relatively unknown however.

[latchkey]

> They don’t provide an analysis of the true cost of launching a 51% attack.

Andreas Antonopoulos has done this many times already.

https://www.youtube.com/watch?v=ncPyMUfNyVM (one of my favorites and only a couple minutes long)

https://www.youtube.com/watch?v=-ZTGmTjqXEU

https://www.youtube.com/watch?v=N-La8gyNVCI

https://www.youtube.com/watch?v=JDZVW4hri2g

[ntbnt]

From the first link: "Bitcoin has achieved a level of comput[ational power] that no single nation state can overthrow it through computation alone. The effort to do so would require a massive covert operation of chip fabrication. Then, the coordinated assault would give them over the next block for 10 minutes, until we kick those bastards off the network... they would be revealed, they would have lost billions of dollars doing this, and all they would have got was a double spend"

[ahtihn]

How are you going to "kick them off the network"? There's no way to tell where the hashpower is coming from.

[manytree]

Yeah it’s a pretty glib answer. Not clear at all how you kick them off the network.

Perhaps he’s conflating some kind of protocol exploit that could be patched against with a 51% attack.

[vngzs]

The subtext of the DARPA funding makes me think the purpose of this paper is to analyze whether governments can disrupt, block, or compromise cryptocurrencies. The conclusions make some more sense in that light. Still, I think they fail to address several mitigating factors for each of the issues, which weakens the overall message:

(1) Mining pools are not even remotely static. In fact, they gain/lose marketshare very quickly, and when problems are discovered, miners actually move. Therefore, it would have to be shown that these pools can be disrupted clandestinely, otherwise an attempted takeover/51% attack would just cause a rebalancing of the pools. To better understand this, it's good to visualize it; here's a graph of changes to miner pool distribution over time: [0]

(2) 51% attacks permit double-spend, but many guarantees persist in the light of 51% attacks - nobody can invent coins they don't have with a 51% attack; they can just undo transactions that were assumed to be settled [1].

(3) Software centralization and the implied lack of immutability is subject to the voting influences of node operators; maintainers can't just do whatever they want (in other words, backdoors would probably need to be bugdoors, else they would not be deployed and therefore de facto rejected). Taking Bitcoin as an example, many BIPs have been withdrawn or rejected, either early in the development process or later by the community refusing to adopt releases they don't support: [2]. And you can see this process at work in the block size debates and ultimate resolution [3].

ISP centrality and the vulnerability of the network to malicious Tor exit nodes is the most interesting point to me. Miners can go switch pools, and node operators can band together & refuse to update to new software that does things they disagree with. But can node operators/miners switch ISPs quickly and easily? Not really. There's virtually no free market competition among ISPs, so people can't freely switch ISPs if theirs starts inserting arbitrary latency into Bitcoin traffic. We probably need some ways to operate nodes/miners that are less sensitive to corrupt ISP disruption.

Encrypting BTC P2P traffic and developing strategies for operating nodes/miners behind anti-censorship software like ShadowSocks should be high-priority.

[0]: https://public.flourish.studio/visualisation/2879848/

[1]: "Even a 51% attacker cannot propose a block that takes away your ETH, because such a block would violate the protocol rules and so it would get rejected by the network. Even if 99% of the hashpower or stake wants to take away your ETH, everyone running a node would just follow the chain with the remaining 1%, because only its blocks follow the protocol rules. More generally, if you have an application on Ethereum, then a 51% attack could censor or revert it for some time, but what comes out at the end is a consistent state." - Vitalik, https://old.reddit.com/r/ethereum/comments/rwojtk/ama_we_are...

[2]: https://en.wikipedia.org/wiki/Bitcoin_Improvement_Proposals#...

[3]: https://en.bitcoin.it/wiki/Block_size_limit_controversy

[Melatonic]

I think this is the answer - everyone is saying that DARPA is biased and government funded and thus trying to steer people away from Crypto - but I think this is a good read. If a few big ISP control a huge portion of the traffic (normally big competing entities) and we know that many (maybe most) big ISP's are subservient to the governments they run under then it follows that a government could potentially majorly disrupt/control cryptocurrencies.