[bitcoin-dev] Centralizing mining by force

Discussion:

Robert Taylor via bitcoin-dev

2017-11-07 03:55:59 UTC

Forgive me if this has been asked elsewhere before, but I am trying to
understand a potential failure mode of Bitcoin mining.

A majority of miners can decide which valid blocks extend the chain. But
what would happen if a majority of miners, in the form of a cartel decided
to validly orphan any blocks made by miners outside of their group? For
example, they could soft fork a new rule where the block number is signed
by set of keys known only to the cartel, and that signature placed in the
coinbase. Miners outside of the cartel would not be able to extend the
chain.

It would be immediately obvious but still valid under the consensus rules.
What are the disincentives for such behavior and what countermeasures could
be done to stop it and ensure mining remained permissionless? I think this
is a valid concern because while it may not be feasible for one actor to
gain a majority of hash alone, it is certainly possible with collusion.

Robert

Marc Bevand via bitcoin-dev

2017-11-08 05:04:07 UTC

Permalink

What you describe is an example of a majority attack ("51% attack"). No
technical mechanism in Bitcoin prevents this. However in practice, miners
are not incentivized to perform this attack as it would destroy confidence
in Bitcoin, and would ultimately impact their revenues.

-Marc

On Mon, Nov 6, 2017, 22:32 Robert Taylor via bitcoin-dev <

Post by Robert Taylor via bitcoin-dev
Forgive me if this has been asked elsewhere before, but I am trying to
understand a potential failure mode of Bitcoin mining.
A majority of miners can decide which valid blocks extend the chain. But
what would happen if a majority of miners, in the form of a cartel decided
to validly orphan any blocks made by miners outside of their group? For
example, they could soft fork a new rule where the block number is signed
by set of keys known only to the cartel, and that signature placed in the
coinbase. Miners outside of the cartel would not be able to extend the
chain.
It would be immediately obvious but still valid under the consensus rules.
What are the disincentives for such behavior and what countermeasures could
be done to stop it and ensure mining remained permissionless? I think this
is a valid concern because while it may not be feasible for one actor to
gain a majority of hash alone, it is certainly possible with collusion.
Robert
_______________________________________________
bitcoin-dev mailing list
https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev

Eric Voskuil via bitcoin-dev

2017-11-09 18:18:17 UTC

Permalink

It is not the case in practice that there exists no incentive to disrupt the market for transaction confirmation. Statism is profitable, and a primary source of revenue is seigniorage. Given Bitcoin's threat to that privilege, its destruction presents a hefty incentive.

The security model of Bitcoin is not based on balancing power between miners (those who confirm) and merchants (those who validate). It is based on these parties defending their mutually-beneficial market from the state.

Neither technology nor incentives resolve this conflict. People must be willing to defend their mines and their economic nodes. This requires personal risk. The risk to each individual is mitigated by broad decentralization, but remains nonetheless.

Even in a highly-decentralized system, overpowering taxpayer-funded disruption of the confirmation market will require that merchants pay aggregate fees exceeding the mining subsidy expended by the taxpayer to disrupt it. Who prevails in that tug of war is unclear, but working on Bitcoin implies one believes it is possible for individuals to do so.

e

What you describe is an example of a majority attack ("51% attack"). No technical mechanism in Bitcoin prevents this. However in practice, miners are not incentivized to perform this attack as it would destroy confidence in Bitcoin, and would ultimately impact their revenues.
-Marc

Forgive me if this has been asked elsewhere before, but I am trying to understand a potential failure mode of Bitcoin mining.
A majority of miners can decide which valid blocks extend the chain. But what would happen if a majority of miners, in the form of a cartel decided to validly orphan any blocks made by miners outside of their group? For example, they could soft fork a new rule where the block number is signed by set of keys known only to the cartel, and that signature placed in the coinbase. Miners outside of the cartel would not be able to extend the chain.
It would be immediately obvious but still valid under the consensus rules. What are the disincentives for such behavior and what countermeasures could be done to stop it and ensure mining remained permissionless? I think this is a valid concern because while it may not be feasible for one actor to gain a majority of hash alone, it is certainly possible with collusion.
Robert
_______________________________________________
bitcoin-dev mailing list
https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev

_______________________________________________
bitcoin-dev mailing list
https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev

ZmnSCPxj via bitcoin-dev

2017-11-08 05:37:39 UTC

Permalink

Good morning Robert,

What you describe is precisely one possible result of a 51% attack.

At below the 50% threshold, miners outside the cartel will on average outrace miners inside the cartel, so fullnodes which do not follow cartel rules will reject them as per Nakamoto Consensus. At some point, the chain split becomes permanent, with miners outside the cartel pulling above the cartel miners.

However, above the 50% threshold, miners outside the cartel will be unable to keep up with the cartel and be unable to build on top of the cartel chain (as presumably they are not valid signatories). Outside-cartel miners, however, may institute an opposing cartel, or an anti-cartel (blocks must have a fixed, invalid with high probability, 00000 signature).

In the end, what matters is what fullnodes accept. If fullnodes do not care, then the group of miners that is larger wins. If fullnodes do check one or the other set of rules, then that set of rules will win.

Given current politics, it is likely that fullnodes will institute an anti-cartel rule in this case, and reject the cartel and suffer low hashrate. Eventually, the cartel will be betrayed by one of its members mining the anti-cartel chain in return for fees and valuable block rewards.

Regards,
ZmnSCPxj

Sent with [ProtonMail](https://protonmail.com) Secure Email.

-------- Original Message --------
Subject: [bitcoin-dev] Centralizing mining by force
Local Time: November 7, 2017 11:55 AM
UTC Time: November 7, 2017 3:55 AM
Forgive me if this has been asked elsewhere before, but I am trying to understand a potential failure mode of Bitcoin mining.
A majority of miners can decide which valid blocks extend the chain. But what would happen if a majority of miners, in the form of a cartel decided to validly orphan any blocks made by miners outside of their group? For example, they could soft fork a new rule where the block number is signed by set of keys known only to the cartel, and that signature placed in the coinbase. Miners outside of the cartel would not be able to extend the chain.
It would be immediately obvious but still valid under the consensus rules. What are the disincentives for such behavior and what countermeasures could be done to stop it and ensure mining remained permissionless? I think this is a valid concern because while it may not be feasible for one actor to gain a majority of hash alone, it is certainly possible with collusion.
Robert