00:18:24Eliel_:hmmh... I just realized that a 51% attacker who orphans other miners' blocks can be made to prove he's doing so (at least if he includes other people's transactions). Basically, when a miner finds a block, he can simultaneously create a transaction that has a stealth reference to the block and broadcast it. If someone else then orphans his block with a block that nevertheless includes the transaction, he can then broadcast a secret code that co
00:20:39kazcw:putting into a transaction a blinded reference to a block in the other chain just proves the other chain existed when the attacker mined their block, not that the attacker -knew about- the other chain's existence
00:21:16Eliel_:I don't think that's a very important distinction.
00:24:24kazcw:what could be done in response to a proof-of-competing-chain?
00:26:36Eliel_:one option is to orphan the attackers block and treat the prior block as the real one.
00:26:54Eliel_:that opens another attack
00:27:02Eliel_:so perhaps that's too heavy
00:31:30Eliel_:any transactions confirmed in the orphaned block could be considered confirmed though. I don't think that's abuseable.
00:33:33Eliel_:the biggest trouble is probably that the transaction only does Proof of Existence, not Proof of Publication.
01:57:45super3:oh looks like i wasn't paying attention at the best time
01:58:35jps_:jps_ is now known as jps
01:59:46super3:well my solution currently is to have node A challenge node B
02:00:06super3:node a publishes the merkle root of its hash challenges
02:00:17super3:via blockchain or some other public source
02:01:36super3:node a can pay node b for correct hash challenges, via microtransactions
02:02:23super3:if there is a failed challenge or dispute the blockchain has enough information to mediate
02:03:03super3:as per gmaxwell's spec node a is an "autonomous agent" via a decentralized and distributed application we call Metadisk
02:33:50asoltys_:asoltys_ is now known as asoltys
04:22:47justanotheruser:Why couldn't nothing at stake be fixed by allowing users to mine with old stake? Then their old stake would be profitable and they would have something at stake.
04:23:09justanotheruser:They wouldn't necessarily have currency at stake, but they would have potential profits at stake.
04:38:29kanzure_:justanotheruser: double spending
04:39:18justanotheruser:kanzure_: how does that allow double spending?
04:40:02kanzure_:each chain ends up with different payments
04:40:32justanotheruser:kanzure_: why are there multiple chains now?
04:41:09kanzure_:nothing at stake refers to the lack of incentives to maintain only a single chain
04:42:45justanotheruser:yes, but there is something at stake if you can use old outputs to profit
04:42:57justanotheruser:at least as far as I can understand right now
04:52:16justanotheruser:Owning old stake seems like it would be equivalent to owning mining gear. One problem is that old stake profitability approaches zero as the chain grows. As that old stake profitablitiy approaches zero, you will probably end up selling that stake and someone will be able to use that to make a fork from that point.
05:00:43phantomcircuit: The average time to generate a block at 0.3 Mhps, given difficulty of 17336316978.5, is 7870375 years, 37 weeks, 4 days, 8 hours, 21 minutes, and 28 seconds
05:00:54phantomcircuit:i guess i need to copy someone elses cpu mining code...
05:01:18phantomcircuit: ;;gentime 0.3 1
05:01:18phantomcircuit: The average time to generate a block at 0.3 Mhps, given difficulty of 1.0, is 3 hours, 58 minutes, and 36 seconds
05:01:21phantomcircuit:well maybe not
15:40:32jgarzik:jgarzik is now known as home_jg
17:50:24Guyver2:Guyver2 has left #bitcoin-wizards
18:12:20rodarmor:rodarmor has left #bitcoin-wizards
18:36:37gmaxwell:gmaxwell is now known as Guest36970
20:23:11Guest36970:Guest36970 is now known as gmaxwell
20:48:00Dizzle__:Dizzle__ is now known as Dizzle