| The subtext of the DARPA funding makes me think the purpose of this paper is to analyze whether governments can disrupt, block, or compromise cryptocurrencies. The conclusions make some more sense in that light. Still, I think they fail to address several mitigating factors for each of the issues, which weakens the overall message: (1) Mining pools are not even remotely static. In fact, they gain/lose marketshare very quickly, and when problems are discovered, miners actually move. Therefore, it would have to be shown that these pools can be disrupted clandestinely, otherwise an attempted takeover/51% attack would just cause a rebalancing of the pools. To better understand this, it's good to visualize it; here's a graph of changes to miner pool distribution over time: [0] (2) 51% attacks permit double-spend, but many guarantees persist in the light of 51% attacks - nobody can invent coins they don't have with a 51% attack; they can just undo transactions that were assumed to be settled [1]. (3) Software centralization and the implied lack of immutability is subject to the voting influences of node operators; maintainers can't just do whatever they want (in other words, backdoors would probably need to be bugdoors, else they would not be deployed and therefore de facto rejected). Taking Bitcoin as an example, many BIPs have been withdrawn or rejected, either early in the development process or later by the community refusing to adopt releases they don't support: [2]. And you can see this process at work in the block size debates and ultimate resolution [3]. ISP centrality and the vulnerability of the network to malicious Tor exit nodes is the most interesting point to me. Miners can go switch pools, and node operators can band together & refuse to update to new software that does things they disagree with. But can node operators/miners switch ISPs quickly and easily? Not really. There's virtually no free market competition among ISPs, so people can't freely switch ISPs if theirs starts inserting arbitrary latency into Bitcoin traffic. We probably need some ways to operate nodes/miners that are less sensitive to corrupt ISP disruption. Encrypting BTC P2P traffic and developing strategies for operating nodes/miners behind anti-censorship software like ShadowSocks should be high-priority. [0]: https://public.flourish.studio/visualisation/2879848/ [1]: "Even a 51% attacker cannot propose a block that takes away your ETH, because such a block would violate the protocol rules and so it would get rejected by the network. Even if 99% of the hashpower or stake wants to take away your ETH, everyone running a node would just follow the chain with the remaining 1%, because only its blocks follow the protocol rules. More generally, if you have an application on Ethereum, then a 51% attack could censor or revert it for some time, but what comes out at the end is a consistent state." - Vitalik, https://old.reddit.com/r/ethereum/comments/rwojtk/ama_we_are... [2]: https://en.wikipedia.org/wiki/Bitcoin_Improvement_Proposals#... [3]: https://en.bitcoin.it/wiki/Block_size_limit_controversy |