| To the contrary, we've been far more respectful and accommodating to the Bitcoin fringe than merited, and certainly far more than the other way around. After all, we took a fair amount of abuse for simply pointing out an objective weakness that is part of the protocol. This, despite the fact that we proposed a fix for it. Perhaps you've not read our final paper. It doesn't just footnote, but actually cites the prior discussion. And anyone who reads the previous discussion can see that our paper: * shows a more extensive attack than the one described there, one that works, * performs a full analysis of the revenue to be obtained from that attack, and characterizes that revenue as a function of attacking pool size and attacking pool's ability to control information flow in the network, * shows that Bitcoin is not incentive-compatible, * shows that, even under the best of circumstances (i.e. the attacker has terrible network connectivity, no Sybils, no control over information propagation and loses to the honest miners every single time), defending against the attacker requires at least 2/3rds of the network to be honest. Perhaps the biggest giveaway that we did something differently is that THE BITCOIN TALK FORUMS CONCLUDED THAT THEIR ATTACK WOULD NOT WORK, WHEREAS WE SHOWED THAT OURS WOULD. You're making things up when you imply that we're claiming that 51% is an "unsurvivable crisis." To the contrary, the article very clearly says that the Bitcoin economy remains unaffected, and that the Bitcoin price is also unaffected. We have been trying to improve the Bitcoin system since day 1. I realize that you're part of the original brigade, and that also explains your ad hominems here. I urge you to elevate the discussion. |
Every key aspect of selfish strategy is described there, from manipulating 'gamma' via network-tricks, to releasing the minimum number of 'secret' blocks, after each external-block, to maximize the cartel's expected return. ByteCoin's simulations show advantages, and breakeven thresholds with regard to 'override success' ('gamma'), very similar to your paper's calculations. That's why I credit your paper for rigorously describing the situation, under your specific assumptions, but not with the discovery of a previously-unknown less-than-51% attack.
Also, your final paper is simply lying when it says the thread "does not suggest a solution to the problem". It's almost as if your disdain of these 'fringe' Bitcoin fanatics has blinded you to the actual words of the thread.
Two commenters in the December 2010 thread (btchris and RHorning) suggest that preferencing accurate-seeming timestamps can disadvantage cartel-delayed blocks. That countermeasure is likely stronger than your paper's proposed random-choice-between-ties. (Randomization, by pushing gamma to 1/2, could make things worse if, on the real network, the effective gamma for late-releasers was already closer to 0. Preferring realistic timestamps, meanwhile, almost always helps 'honest' blocks, which don't have to guess a future time when they'll be released.)
Note that the last bullet of supposed novelty in your paper – "defending against the attacker requires at least 2/3rds of the network to be honest" – is the exact same best-case threshold as reported by ByteCoin in thread message #36, 2010-12-14. He states: "a cartel with no preferential network access can be profitable with 33% of the generating power"[5]. Same result, 3 years earlier. How can you allege ByteCoin was simulating some other strategy? Wouldn't the slightest difference in block-release-rules result in a different best-case threshold?
Finally, the Bitcoin Talk forums hadn't "CONCLUDED" anything. They're not a deliberative body. Some people were convinced, others weren't. The relevant actors – mining insiders – knew what they needed to know, to either try the attack, or detect it in orphan rates and weird timestamps... and to try countermeasures based on disadvantaging cartel blocks if ever necessary. Meni Rosenfeld also referred back to the matter as a known concern, in an answer on the Bitcoin StackExchange, in October 2011 [6]. So he knew it was an issue, and lots of people trust him about mining matters.
There's no "brigade" out to trash you led by some "failed academic" "Singaporean" "ringleader". Your critics are not the heads of some unified hydra, that you can disregard altogether as the "Bitcoin lunatic fringe" based on a few quotes from particular yahoos. You've made specific claims of novelty, or doom, that were either never true, or disproven by later events. These will be pointed out when you claim to enjoy a "we told you so" record of authoritative insights.
[1] http://arxiv.org/pdf/1311.0243v5.pdf
[2] http://www.cs.cornell.edu/~ie53/publications/btcProcArXiv.pd...
[3] http://fc14.ifca.ai/papers/fc14_submission_82.pdf
[4] https://bitcointalk.org/index.php?topic=2227.0;all
[5] https://bitcointalk.org/index.php?topic=2227.msg30138#msg301...
[6] http://bitcoin.stackexchange.com/questions/1475/can-someone-...