--- Log opened Thu Jun 20 00:00:50 2013 13:29 < jgarzik> petertodd, Seen this? "The Economics of Bitcoin Mining 13:29 < jgarzik> or, Bitcoin in the Presence of Adversaries" http://www.weis2013.econinfosec.org/papers/KrollDaveyFeltenWEIS2013.pdf 13:30 < petertodd> interesting! 13:31 < petertodd> IMO we're really going to need some sort of proof-of-stake system in the long run, but it'll inevitably involve a somewhat different security model 13:32 < jgarzik> Edward Felten is pretty well known author 13:32 < jgarzik> never heard of the others 13:33 < petertodd> funny, I'm not sure the authors realize the blockspace is a limited resource 13:35 < petertodd> the authors also don't grasp how difficult it is for SPV nodes to do anything other than put all their faith in PoW, or trust some central authority 13:47 < petertodd> their analysis of transaction fees also doesn't take into account that adding a transaction increases your chance of an orphaned block - IE there is a very real cost, albeit one that varies dramatically and has weird technological and size variables 13:48 < petertodd> re: orphans, given that higher hash rates == lower orphan rates, everything else equal, it implies the right strategy is pool consolidation to allow you to spend less on hardware to lower orphan rates 13:51 < gmaxwell> I'm not convinced that higher hashrate == lower orphans in any meaningful sense until you're at a consolidation level thats already invalidating the security assumptions. (e.g. one party with a third of the hash power) 14:11 < jgarzik> petertodd, The authors seem to think there is a fee market right now, missing the fact that most fees are paid due to hardcoded anti-spam limits 14:18 < jgarzik> "The only way to preserve the system?s health will be to change the rules, most likely either by maintaining mining rewards at a level higher than origi- nally envisioned, or making transaction fees mandatory." 14:18 * jgarzik rolls eyes 14:18 < gmaxwell> 0_o 14:18 < gmaxwell> well petertodd said they didn't sound like they knew that blockspace was a limited resource? 14:19 < jgarzik> gmaxwell, indeed, though I haven't reached that point yet 14:25 < gmaxwell> I can't resist giggling at "making transaction fees mandatory", but if you discard blockspace as a limited resource then I don't know that I could draw any better ones. 14:37 < jgarzik> When reading papers like this, I'm torn between the urge to thank academics for looking at bitcoin? or to flame them for inaccuracies 14:43 < amiller_> this paper gets the wrong euqilibrium analysis 14:43 < amiller_> mine is better 14:43 < amiller_> they basically ignore transaction fees altogether 14:46 < amiller_> rather than looking at how the presence of transactions with fees alters the equilibrium 14:46 < petertodd> well, what I did get from the paper was some math notation to use when I write a better one... :P 14:46 < petertodd> amiller_: link to yours? 14:47 < petertodd> I suspect the overall trust of the idea that security costs money is a good point though - an attacker will spend less than the value they are destroying 14:47 < amiller_> https://gist.github.com/amiller/cf9af3fbc23a629d3084 14:47 < amiller_> this is by far the best paper i've seen on bitcoin analysis imo 14:48 < amiller_> they get more 'right' than anyone else so fa 14:48 < amiller_> r 14:48 < amiller_> for example focusing on a rational rather than honest model 14:48 < amiller_> looking at mining and competition rather than just, e.g., user anonymity 14:48 < petertodd> yeah, it's a 51% majority of rational nodes, not honest ones 14:49 < amiller_> it's still a sort of weak paper 14:49 < jgarzik> amiller_, it's full of hand-waving 14:49 < jgarzik> several statements along the lines of "this must be changed" without supporting evidence 14:49 < amiller_> really nothing they've said is terribly well supported 14:50 < amiller_> it's just a workshop paper 14:50 < amiller_> that's basically the equivalent of a forum post 14:50 < gmaxwell> It's still an example of the peer review model failing. 14:51 < gmaxwell> There are some pretty obvious derpy things that any of us could have said "uh, you at least should talk to Y" 14:52 < amiller_> academia moves really slowly 14:52 < amiller_> it's a good sign if a bunch of goofy grad students start writing papers on related things eventually better ones will come out 14:52 < petertodd> They could have said they are analyzing a cryptocurrency with a given set of properties, rather than talking about Bitcoin specifically... which is what they've done really. 14:52 < petertodd> We need common terminology for different models of cryptocurrencies for instance. 14:53 < petertodd> Their analysis is valid for something almost, but not quite, like Bitcoin. 14:55 < petertodd> gmaxwell: re orphans, but we're already seeing pools with such a high hash rate that they are kinda invalidating the security model, modulo the fact that their users can in theory switch pools (weak I know) 14:57 < gmaxwell> yea, okay sure, I'll grant that.. but thats busted. I assume it'll change eventually. If nothing else sooner or later one of the pool compromises will do something unkind with the hashpower and it'll get cleaned up after the panic. 14:58 < Luke-Jr> I have my doubts 14:59 < petertodd> lets suppose though that, say, pooled-solo mode and auditing becomes popular or whatever: you'll wind up with the same centralization for higher profitability, without the obvious risks --- Log closed Fri Jun 21 00:00:05 2013