PSA: Move your miners away from Eclipse Mining Pool! : Bitcoin
PSA: Move your miners away from Eclipse Mining Pool! : Bitcoin
Crypto Mining Pools 2019 : How To Choose The Best Pool
Eclipse Mining Consortium - Bitcoin Wiki
Eclipsemc.com - Eclipsemc: Bitcoin Mining Pool - Eclipse ...
Bitcoin Mining Pools Bitcoins In Ireland
[Discord Conv] Dynamic IOTA
Disclaimer: This is my editing, so there could be some misunderstandings. For the general view of 'what's going on?' of this dynamic ride... 2/16 dom어제 오전5:44 Just FYI: the team is now working on a plan on how to recover from this and get the network back into operations while also allowing anyone who might have been affected to safely transition.there are no guarantees just yet, but we will do our best to get this through ASAP. Hopefully we will have a concrete action plan tomorrow and will then communicate it. On the vulnerability side, all parties are notified and they are working with law enforcement and external auditors to fully understand how this happened.We will keep you guys posted. dom어제 오전5:47 needless to say,that the vulnerability itself was rather sophisticated and required access on multiple levels to be able to execute it on this scale. Hopefully we will be able to share more soon. [Did the vulnerability existed after or before the audit on trinity?] after the audit dom어제 오전5:51 Currently it looks likethis will only be for recent Trinity Desktop users dom어제 오전5:56 the entire Trinity team did an amazing job and there is not a single person to blame.The attack itself was very sophisticated and targeted at IOTA and Trinity itself. We are already working on v2 where none of this would be possible.We will share our learnings from this publicly and also share what kind of precautionary measures we are taking. dom어제 오전5:58 The community also did an amazing job in helping to guide us through and give assistance to other community members. dom어제 오전5:58 we actually were having discussions a few weeks ago to rename Trinity (because of the religious connotation) Jelle Millenaar [IF]어제 오전6:37 We didn't really have panic and chaos. We actually worked really well together. Jelle Millenaar [IF]어제 오전6:38 [IF members, do you get paid Over Time for all the awesome work or PURE DEDICATION?] nobody considers this overtime or anything. We just contribute because we know it is needed. dom어제 오전7:45 [If dependencies carry this risk, maybe they should've done an official CORE wallet and saved all the fluffy stuff for a third party app.] that's how the new Trinity will work.Sucks that it happened now especially after we wanted to put it into maintenance mode anyways dom어제 오전7:49 [How do we know if the hacker has our seeds?] this is related to a third party, unrelated to IF or IOTA dom어제 오전7:50 we know that this could have only been done through intrusion / collusion of an external source. [Dom are you fully confident to solve all those problems especially regarding the possibility of even more people getting scammed instantly after coo is back again?] yes, relatively sure. That is why we are taking the necessary time to plan accordingly. dom어제 오전7:55 We will provide more information on how this exploit was done soon. All the involved parties are aware of the situation dom어제 오전7:58 [Please give us some time before you start the coo information that we can move to new seed instantly] don't worry, we will get it all sorted out. dom어제 오전8:22 once life is a bit less "tumultuos" I still want to work on that Autonomous Bar concept powered by IOTA (access control, id verification, payment and a bunch of robots) Eric Hop [IF]어제 오후2:44 Pretty good. I'd be surprised if we find more theft bundles. Only found one more today, while building a timeline of the theft. Eric Hop [IF]어제 오후2:50 We have several separate teams. One is looking at how to resume. One is looking at how to be able to rescue the funds. Others are interacting with law enforcement and third parties. I'm part of DAFT. The Data Analysis Forensics Team.Haha Eric Hop [IF]어제 오후3:01 Some if the people in Coordicide team like Hans have been helping out.It was an all hands on deck situation. I actually loved it. We haven't had this much of a team spirit in quite a while.Usually everyone plays in their own sand box.But this time we all played together on the beach. It's such a joy working with so many extremely smart people. With so many eyes on the ball we did not miss much opportunities to figure things out. Eric Hop [IF]어제 오후3:07 And for me personally this was a great time. I am all about puzzle solving. And this was the greatest puzzle of all. With a built-in time limit.Haha Eric Hop [IF]어제 오후3:12 I'm not doing official statements. Butwe have a good overview of what happened and the extent of it. Right now we want to hammer down how to resume without risks and how to safeguard the stuck funds if possible.What is especially funny to me is that the coordinator that everyone was bitching about for years did exactly the thing it was meant to do. It allowed us to halt an exploit that otherwise would have cost everyone dearly. Eric Hop [IF]어제 오후3:15 It was meant as safeguard, training wheels, while we mature. And while we need to remove it due to it being a single point of failure and a bottle neck to scaling, I will be kind of sad to see it go. Yes, IF would have done the same to safeguard funds, if a third party wallet would have been the cause. Just because we can. Eric Hop [IF]어제 오후3:37 Yes it was a manual attack. The sophistication was in the exploit. But he seemed to be not too sophisticated iota-wise.Everyone has their specialties I guess. Eric Hop [IF]어제 오후3:41 And as an aside I wish people would fuck off about the whole iota not being decentralized because of coordinator,when every block chain token is centralized around a few mining pools that seriously disrupt any possibility for positive software development.They fucking hold back everything that influences their bottom line. Which is why Bitcoin and the rest have pretty much been stagnant for years while we move forward constantly. dom오늘 오전7:08 We will release a new Trinity version tomorrow with the fixes implemented.It's not yet the full transition tool, but it's the first step towards fully going back to operations. dom오늘 오전7:09 Just wait for the rest.It is important that we get this 100% right and we are still further investigating, so there is a lot of behind the scenes work happening right now. David Sønstebø오늘 오전8:52 So... Tangle EE Quite cool eh? It's so unfortunate that this asshole managed to distract everything away from one of the biggest steps towards global adoption Let's not give this fuckface further attention.The cause has been identified, law enforcement is involved and mitigation strategy is being worked on. There will be further official updates, but let's not halt the whole IOTA project due to one idiot. David Sønstebø오늘 오전8:56 [Is he identified?] Let's just say that there's a lot of traces. The attacker does not seem to have been too sophisticated. Official update on Monday will provide details. David Sønstebø오늘 오전9:03 [How will this situation affect iotas partners?] My best guess: further increasing our reputation as an organization that solves hard problems efficiently and doesn't shy away from difficulties.Every company in the world has had issues similar to this. Keep in mind that this does not at all affect the protocol/Tangle/IOTA. David Sønstebø오늘 오전9:08 We do have a bounty program. This/these individual/s were not interested in the greater good, pure greed and incompetence David Sønstebø오늘 오전9:10 [Any examples of use cases for DID on the tangle?] Virtually all use cases on Tangle requires a secure identifier and verifiable credentials.What I think will happen is that once Tangle EE ships the first version, all other companies using IOTA will start to implement it [One more question: How transparent will tangle EE be for the community?] 100%. This is why I/we consider Tangle EE to be such a significant milestone,it's not "just" IF, this is a coalition of major companies, start-ups and leading academic institutions building the solutions David Sønstebø오늘 오전9:11 [any ETA for the 1st Version?] That's another good thing, IF won't issue the ETAs, Tangle EE will : David Sønstebø오늘 오전9:12 [What does T(angle)EE do exactly?] It's a partnership and collaboration between several entities to develop and ship code and blueprints that are relevant for product developers and service providers That blog post is a good read to get better comprehension David Sønstebø오늘 오전9:13 It's incredibly important that IF's role slowly but surely decreases in importance. IOTA has to succeed independent of IF post-Coordicide and multiversial-slicing (advanced sharding equivalent) David Sønstebø오늘 오전9:14 I would say that it's an incredible important piece of the puzzle.Naturally Object Management Group (OMG) in Tangle EE will be key here as well, but IOTA is not married to "just" Eclipse. We also work closely with Linux Foundation. However, Tangle EE is very focused David Sønstebø오늘 오전9:22 I don't think IF will disappear, however, it will hopefully be purely R&D-driven in 10 years, whereas the other efforts are taken over by the ecosystem(companies, academia, start-ups and enthusiasts).Even post-Coordicide, we already now have theories on how to go way beyond even that.If we achieve our goal of IOTA being equivalent to TCP/IP, there will naturally be continuous development and research in the foreseeable future.I doubt we will reach complete satisfaction,especially now that smart contracts and oracles enter the equation: there's certainly more work to be done for IF, but my goal is for IF to "simply" be R&D David Sønstebø오늘 오전9:27 Definitely.This is why I coined the requirement for a "grandma on crack"; this is truly how simply using IOTA should be in 2-5 years. Just like very few even know wtf TCP/IP is David Sønstebø오늘 오전9:57 I agree 100% with your assessment, though as would Netflix do with Blockbuster's assessment when they declined to acquire Netflix. At the end of the day it's all about basic economic and human behavioural principles. Human nature does not change, but our environment does.Disruption will continue forever. Darwinian principles will forever remain true. A better option = adoption. It doesn't matter how hard the incumbents fight against it, they either adapt or go Kodak/Nokia/AOL
Cryptocurrency exchanges process over $20 billion in trade volume per day. Most of the transactions are going through centralized exchanges, where the users need to fully trust them for managing their assests and transactions. However, the risk of trusting these centralized exchanges has also been seen. For example, QuadrigaCX, which was the largest cryptocurrency exchange in Canada, lost $19 million of their customers' assets . Decentralized Exchanges (DEXes) have been introduced to address this problem -- they allow traders to purchase and sell cryptocurrencies in a peer-to-peer manner, so no involvement of any trusted party is required. Atomic Swap is one of the promising technology for implementing a DEX. While it enables pure peer to peer trading, it also introduces problems such as unfairness and long confirmation latency. While existing work  has provided a solution towards a fair atomic swap protocol, the issue of long confirmation latency is inherent. Another promising direction is leveraging liquidity pools. With liquidity pools, pairs of assets are reserved for trading. For any pair of assets supported by the liquidity pool, traders can exchange their assets without any third party. As traders can only perform the transactions if there are reserved assets, one core problem is how to attract liquidity providers to provide liquidity by reserving assets. It is not difficult to see that incentive [3,4], which has been a key component of all permissionless blockchains, can be equipped to incentivize liqudity providers. However, flawed incentive designs will lead to attacks and other concerns [5-13]. There are two main types of incentive designs, namely "trans-fee mining" and "liquidity mining". They are different from the Proof-of-X mining in blockchains for reaching consensus (a detailed analysis can be found in the survey ). Rather, they are used to incentivise users to join the ecosystem. "Trans-fee mining" was proposed by FCoin in 2018 . With FCoin, each time a transaction is created, 100% of its transaction fee will be returned in FCoin token to the payer as a reward. This is one incentive design to encourage traders to join the system. However, as FCoin may have no value to the trader, FCoin also introduces extra reward to all coin holders -- 80% of the transaction fee in its native currency (such as ETH) will be distributed to all coin holders. So, traders are incentivized to join the system, becoming a holder of FCoin token, and obtaining a share of the transaction fee of every transaction in the FCoin ecosystem. While this had successful attracted traders, it is not sustainable. Rather than charging a trader to perform transactions, FCoin rewards traders. Profit-driven traders will create transactions at full speed to earn FCoin token and the share as a token holder. Indeed, the trading volume of FCoin was the top one among all exchange services, and the daily reward can be as high as 6000 BTC . However, once all coins are minted, then the system would lose liveness as there is not enough supply to be distributed. "Liquidity mining" aims at giving reward to the liquidity providers rather than the traders. There are different ways to implement liquidity mining. Compound  is a famous example of protocols deploying liquidity mining. With Compound, users become a liquidity provider by supply assets to a pool and obtain interests for its contribution (similar to depositing money into a bank). Liquidity providers first reserve some assets in the pool and obtain "cToken" of Compound which entitles the owner to an increasing quantity of the underlying asset. Users can use their "cToken" to borrow different assets available on the Compound and pay some interests to Compund. The borrowers may have some quick gains through the financial games . Both borrowers and liquidity providers can withdraw their asset by trading them back with "cToken". Oners of "cToken" can also manage the business direction and decisions of Compound through weighted voting. The potential concern here is that rich users might be able to take over the control of the system. Uniswap  is another popular DEX deploying liquidity mining. Uniswap incentivizes liquidity providers by giving them a share of the earned transaction fees. In particular, Uniswap changes each transaction a 0.3% fee, where 0.25% will be distributed to the liquidity providers, and 0.05% will go to the Uniswap account. One issue is how to incentivize traders. With Uniswap, traders are incentivized by the potential profit it can gain through the price difference between Uniswap and other exchanges. Uniswap price oracle is based on a constant function market makers [20,21], where the product of the number of reserved tokens is a constant. For example, if Uniswap has a pair of X token A and Y token B, then when a user using X' token A to buy Y' token B, the product of the reserved number of tokens should remain the same, i.e., XY = (X+X')(Y-Y'). The price of Uniswap (V1) is also defined in this way. This allows traders to speculate in the exchange market as the asset price on Uniswap is changed dynamically and is different from other exchanges. This, on the other hand, may have a security risk as the price can be easily manipulated. Uniswap (V2) fixed this problem by taking an accumulated price over a period of time . However, as speculation/manipulation becomes harder, the trading volume may decrease. MiniSwap  introduces a hybrid model (a mixture of "trans-fee mining" and "liquidity mining") to address the above issues. MiniSwap provides three types of rewards. For each trade with transaction fee f ETH in MiniSwap, a number of MiniSwap tokens (called MINI) worth 2f ETH will be minted. A (parameterized) portion of the tokens are given to the trader, and the rest are distribued to the liqudity providers. The transaction fee (f ETH) is used to exchange MINI in the liquidity pool. 50% of the obtained MINI will be distributed to all MINI holders, and the other 50% will be destroyed. In this way, both traders and liquidity providers are incentivized to join the ecosystem. Recall that with FCoin, there is a problem when all coins are minted. MiniSwap has an upper bound (of 500,000 tokens) on the number of tokens can be created every day, and this limit reduces every month until a point where the limit (18,000 tokens) remains unchanged. This guarantees the sustainability of the system as the mining process can last for 100 years. The parameterized ratio of tokens as the reward to the trader and liquidity provider can also strengthen sustainability. It enables the system to dynamically balance the incentive of different parties in the system to make it more sustainable. Overall, the MiniSwap hybrid model has taken the benefit of both "trans-fee mining" model and "liquidity mining" model, while eliminated the potential concerns. Formally defining and analyzing these models, e.g. through the game-theoretic approach , would be an interesting direction. Reference  The Guardian, Cryptocurrency investors locked out of $190m after exchange founder dies, 2019.  Runchao Han, Haoyu Lin, Jiangshan Yu. On the optionality and fairness of Atomic Swaps, ACM Conference on Advances in Financial Technologies, 2019.  Satoshi Nakamoto. 2008. Bitcoin: a peer-to-peer electronic cash system  Jiangshan Yu, David Kozhaya, Jeremie Decouchant, and Paulo Verissimo. Repucoin: your reputation is your power. IEEE Transactions on Computers, 2019.  Joseph Bonneau. Why Buy When You Can Rent? - Bribery Attacks on Bitcoin-Style Consensus. Financial Cryptography and Data Security - International Workshops on BITCOIN, VOTING, and WAHC, 2016.  Yujin Kwon, Hyoungshick Kim, Jinwoo Shin, and Yongdae Kim. Bitcoin vs. Bitcoin Cash: Coexistence or Downfall of Bitcoin Cash, IEEE Symposium on Security and Privacy (SP), 2019.  Kevin Liao and Jonathan Katz. Incentivizing blockchain forks via whale transactions. International Conference on Financial Cryptography and Data Security, 2017.  Ayelet Sapirshtein, Yonatan Sompolinsky, and Aviv Zohar. Optimal Selfish Mining Strategies in Bitcoin. Financial Cryptography and Data Security, 2016.  Ittay Eyal and Emin Gün Sirer. Majority Is Not Enough: Bitcoin Mining Is Vulnerable. Financial Cryptography and Data Security, 2014.  Ittay Eyal. The Miner’s Dilemma. IEEE Symposium on Security and Privacy, 2015.  Miles Carlsten, Harry A. Kalodner, S. Matthew Weinberg, and Arvind Narayanan. On the Instability of Bitcoin Without the Block Reward. ACM SIGSAC Conference on Computer and Communications Security, 2016.  Kartik Nayak, Srijan Kumar, Andrew Miller, and Elaine Shi. Stubborn mining: generalizing selfish mining and combining with an eclipse attack. IEEE European Symposium on Security and Privacy, 2016.  Runchao Han, Zhimei Sui, Jiangshan Yu, Joseph K. Liu, Shiping Chen. Sucker punch makes you richer: Rethinking Proof-of-Work security model, IACR Cryptol. ePrint Arch, 2019.  Christopher Natoli, Jiangshan Yu, Vincent Gramoli, Paulo Jorge Esteves Veríssimo. Deconstructing Blockchains: A Comprehensive Survey on Consensus, Membership and Structure. CoRR abs/1908.08316, 2019.  FCoin, https://www.fcoin.pro  The Block Crypto. Cryptocurrency exchange Fcoin expects to default on as much as $125M of users' bitcoin, 2020.  Compound, https://compound.finance.  Philip Daian, Steven Goldfeder, Tyler Kell, Yunqi Li, Xueyuan Zhao, Iddo Bentov, Lorenz Breidenbach, Ari Juels. Flash Boys 2.0: Frontrunning, Transaction Reordering, and Consensus Instability in Decentralized Exchanges. IEEE Symposium on Security and Privacy, 2020.  Uniswap. https://uniswap.org  Bowen Liu, Pawel Szalachowski. A First Look into DeFi Oracles. CoRR abs/2005.04377, 2020.  Guillermo Angeris, Tarun Chitra. Improved Price Oracles: Constant Function Market Makers, CoRR abs/ 2003.10001, 2020.  Uniswap V2.0 whitepaper. https://uniswap.org/whitepaper.pdf  MiniSwap. https://www.miniswap.org  Ziyao Liu, Nguyen Cong Luong, Wenbo Wang, Dusit Niyato, Ping Wang, Ying-Chang Liang, Dong In Kim. A Survey on Blockchain: A Game Theoretical Perspective. IEEE Access, 2019.
Written by the CoinEx Institution, this series of jocular and easy to understand articles will show you everything you need to know about major cryptocurrencies, making you fully prepared before jumping into crypto! https://preview.redd.it/ryvcznqspe451.jpg?width=720&format=pjpg&auto=webp&s=5fa91e26288d7b0a624113ed21172cc9fd5624a3 Monero, or XMR for short, is an open-source cryptocurrency that is safe, reliable, private, and untraceable. It can run on Windows, Mac, Linux, and FreeBSD, and is known as one of the most private cryptocurrencies. In 2018, Monero already ranked 10th in terms of trading volume, with its market value beyond 1 billion US dollars, an evidence for its great fame in this field. By a special method in cryptography, Monero ensures that all transactions remain 100% irrelevant and untraceable. Perhaps after reading this article, you will understand why it is so special and popular in the increasingly transparent and traceable cryptocurrency circle (After all privacy comes first!). In fact, many large cryptocurrencies in the world are not anonymous. All transactions on Bitcoin and Ethereum are made public and traceable, which means that anyone can eavesdrop on transactions flowing into and out of the wallet. That has given rise to a new type of cryptocurrency called “privacy currency”! These “privacy currencies” hide encrypted transactions by adopting specific types of passwords. One typical example is Monero, one of the largest privacy cryptocurrencies in the world. Monero was created on April 18, 2014 under the name BitMonero, literally the combination of Bit (Bitcoin) and Monero (the “coin” in Esperanto). In five days, the community decided to change its name to Monero. Interestingly, Monero’s creators valued personal privacy and tried to behave in a low-key manner with pseudonyms instead of the real names. It is said that the Monero major contributor’s nickname is “thankful for today”, yet this guy has gradually disappeared from public view as Monero developed day by day. Unlike many cryptocurrencies derived from BTC, Monero is based on the CryptoNote protocol. It is also the first branch based on the Bytecoin of CryptoNote currency. Here is some information about Bytecoin: BCN, for short, is a decentralized cryptocurrency with a high degree of privacy; it has open-source codes that allow everyone to contribute to the development of the Bytecoin network; and the Bytecoin network provides global users with instant private transactions that are not traceable and at no additional cost. Yet, as a branch of BCN, Monero outshines its parent in reputation by being different in two ways. First, Monero’s target block time was reduced from 120 seconds to 60 seconds; second, the issuance speed was cut by 50% (which reverted to 120-second residence later, with the issuance time maintained and the reward for each new block doubled). By the way, during the fork, the Monero developers also found a lot of low-quality codes and then refactored them. (That is exactly what geeks will do) Monero’s modular code structure was also highly appreciated by Wladimir J. van der Laan, one of the core maintainers of Bitcoin. Monero values privacy, decentralization and scalability, and there are significant algorithm differences in blockchain fuzzification, which sets it apart from its peers. How private is it? Here are more details. 1. Safe and reliable For a decentralized cryptocurrency, decentralization means that its network is operated by users; transactions are confirmed by decentralized consensus and then recorded on the blockchain irrevocably. Monero needs no third party to guarantee the safety of funds; 2. Privacy protection Monero confuses all transaction sources, amounts, and recipients through ring signatures, ring confidential transactions, and invisible addresses. Apart from all the advantages of a decentralized cryptocurrency, it is by no means inferior in safeguarding privacy; 3. Unable to track The sender, the receiver and the transaction amount of all Monero transactions must be anonymous by default. The information on the Monero Blockchain cannot be matched with physical individuals or specific users, so there is no trace to track; 4. Scalable Everyone knows that Bitcoin’sability to process transactions has always been limited by the scalability issue; as we have mentioned before in the introduction of Bitcoin, the block size of 1MB makes things difficult. But Monero’s developers have created a system that allows the network to process more transactions when needed; what’s more, Monero does not have any “pre-set” restrictions on block size. Of course, this also means that some malicious miners may block the system with large blocks. To prevent this from happening, Monero has worked out countermeasures: the block reward penalty of the system. On October 18, 2018, Monero’s latest hard fork changed the consensus mechanism algorithm to CrypotoNight V8. In this hard fork, it introduced the BulletProff bulletproof protocol, which can also effectively reduce the transaction fee of miners without disclosing transactions It is said that Monero will issue about 18.4 million XMR in around 8 years. Moreover, it eclipses its counterparts in distribution — with no pre-mining or pre-sale, all block rewards will be left to miners by means of the POW mechanism. Here is the reward scheme of Monero in two stages:
Acceleration: mine 18132000 XMR before May 2022;
Deceleration: Deceleration starts right after 18132000 XMR are mined, and there will be a reward of 0.6XMR for each block mined afterwards. In this way, the overall supply will be kept on a small scale and decelerated.
Monero is also excellent in its development concept that is designed to be anti-ASIC from the very beginning. Here is a brief introduction to ASIC (Special Application Integrated Circuit). Due to the specificity of ASICs, specially designed ASICs can usually have much higher hashrate than general CPUs, GPUs, and even FPGAs — that makes hashrate excessively centralized and makes it vulnerable to the monopoly of single centralized institutions. Yet the cryptonight algorithm used by Monero allows most CPUs and even FPGAs to get involved and get mining rewards, instead of making GPU the only one that can efficiently mine. In other words, Monero’s core development team will modify the consensus mechanism algorithm and have a hard fork after some time to ensure its strength against ASIC and the monopoly of hashrate. However, although Monero has been designed against ASICs to avoid centralization, nearly 43% of its hashrate is still owned by 3 mining pools; in addition, it is not a BTC-based currency, making it even harder to introduce some elements. Of course, Monero is not that newbie-friendly, and thus has not been widely accepted. Yet each cryptocurrency has its own features. As long as Monero keeps improving its privacy, it will definitely attract increasing followers. If you are interested in Monero, welcome to CoinEx for exchange or trade.
As a global and professional cryptocurrency exchange service provider, CoinEx was founded in December 2017 with Bitmain-led investment and has obtained a legal license in Estonia. It is a subsidiary brand of the ViaBTC Group, which owns the fifth largest BTC mining pool, which is also the largest of BCH mining, in the world. CoinEx supports perpetual contract, spot, margin trading and other derivatives trading, and its service reaches global users in nearly 100 countries/regions with various languages available, such as Chinese, English, Korean and Russian. Website:https://www.coinex.com/ Twitter:https://twitter.com/coinexcom Telegram:https://t.me/CoinExOfficialENG Click hereto register on CoinEx!
In this short post I want to set out my case for the moral justifiability of 51% attacks against proof of work cryptocurrencies. In the past, a 51% attack was a theoretical construct that most people didn´t seem to think would be practically achievable or lucrative. This has now changed, as hashpower can be rented on sites like Nicehash and Mining Rig Rentals for a few hours at a time. The attack delivers the attacker two prominent opportunities: -You can orphan blocks of ¨legitimate¨ miners. This essentially means that whatever work was produced by legitimate miners during your attack became worthless. Mine a secret chain of two hours worth of blocks, release it and you orphaned 2 hours worth of blocks by your competitors. By the time most of the miners have noticed their blocks were orphaned in an attack, their nodes will have been automatically mining on your own chain for a while and it will be too late for them to do anything about it. The amount of money they lost would be equivalent to the amount you had to spend to produce your chain. Because mining is an industry with tight margins, the economic impact on these miners can be very big. The cost may be sufficient in case of a very long attack, to persuade them to quit their endeavor and get a real job. -The more important opportunity is that you´re able to double spend your coins. This is potentially, incredibly lucrative. How lucrative it is tends to depend primarily on the inflation rate of a cryptocurrency. A low inflation rate means relatively little ¨work¨ is done to maintain the security of the system. A high inflation rate on the other hand, turns the cryptocurrency into a very poor long-term investment. As a consequence, most cryptocurrencies face declining inflation rates, that delay the problem of their ultimately unsustainability into the future. The bank of international settlements explains this issue here. When it comes to the moral justification of a 51% attack, we first have to ask ourselves why proof of work is morally unjustifiable. There are two main reasons for this: -Proof of work has an enormous environmental impact, that ensures future generations will have to deal with the dramatic consequences of climate change. There is no proper justification for this environmental impact, as it delivers no clear benefits over existing payment systems other than the ability to carry out morally unjustifiable actions like blackmail. -Proof of work is fundamentally unsustainable, because of the economic burden it places on participants in cryptocurrency schemes. Cryptocurrencies can´t produce wealth out of thin air. The people who get rich from a cryptocurrency becomes rich, due to the fact that other people step in later. In this sense we´re dealing with a pyramid scheme, but the difference from regular pyramid schemes lies in the fact that huge sums of wealth are not merely redistributed, but destroyed, to sustain the scheme. The cost of the work to sustain the scheme is bigger than you might expect, because the reality is that relatively little money has entered bitcoin. JP Morgan claims that for the crypto assets at large, a fiat amplifier of 117.5 is present, as a purported $2 billion in net inflow pushed Bitcoin’s market capitalization from $15 billion to $250 billion. You have to consider that the Digiconomist estimates that $2.6 billion dollar leaves the Bitcoin scheme on an annual basis, in the form of mining costs to sustain Bitcoin. The vast majority of retail customers who entered this scheme ended up losing money from it. In some cases this lead to suicides. The fact that proof of work is morally unjustifiable doesn´t directly lead to a moral justification for a 51% attack. After all a sane society would use government intervention to eliminate the decentralized ponzi schemes that are cryptocurrencies. There are a few things that need to be considered however: -Governments have so far failed in their responsibility to address the cryptocurrency schemes. Instead you tend to see officials insist that proof of work might suck and most cryptocurrency is a scam, but ¨blockchain technology¨ will somehow change the world for the better. Most libertarians who saw these schemes emerge insisted that it´s stupid to participate in them because the government would eventually ban them and round up the people who participated in them. This didn´t happen because of the logistical difficulty of suppressing these schemes (anyone with an internet connection can set one up) as well as the fact that suppressing them would lend credence to the anti-government anarcho-capitalist ideology on which these schemes are based. Goverments might say ¨these schemes facilitate crime, ruin the environment and redistribute wealth from naive individuals to scammers¨, but anarcho-capitalists would insist that governments have grown so tyrannical that they want to ban you from exchanging numbers on computers. -Because cryptocurrency is fundamentally an online social arrangement, governments have very limited influence over the phenomenon. Binance seeks to become a stateless organization, not subject to the jurisdiction of any particular government. Just as with regular money laundering and tax evasion that hides in small nations that can earn huge sums of money by facilitating these practises, governments are dependent on the actions of individuals to address these practices. Whistleblowers released the panama papers and the tax evasion by German individuals through Swiss bank accounts. Through such individuals, the phenomenon could be properly addressed. In a similar manner, cryptocurrency schemes will need to be addressed through the actions of individuals who recognize the damage these schemes cause to the fabric of society. -The very nature of a 51% attack means that it primarily punishes those who set up and facilitate the cryptocurrency scheme in the first place. The miners who pollute our environment to satiate their own greed are bankrupted by the fact that their blocks are orphaned. The exchange operators are bankrupted due to double-spend attacks against the scams that they facilitate. When this happens, the cryptocurrency in question should lose value, which then destroys the incentive to devote huge sums of electricity to it. Finally, there´s the question of whether 51% attacks are viable as a response to cryptocurrency. There´s the obvious problem you run into, that the biggest and oldest scams are the most difficult to shut down. In addition, cryptocurrencies that fell victim to an attack tend to move towards a checkpoint system. However, there are a few things that need to be considered here: -51% attacks against small cryptocurrencies might not have a huge impact, but their benefit is nonetheless apparent. Most of the new scams don´t require participants to mine, instead the new schemes generally depend on ¨staking¨. If people had not engage in 51% attacks, the environmental impact would have been even bigger now. -51% attacks against currencies that implement checkpointing are not impossible, if the checkpoints are decentrally produced. What happens in that case is a chain split, as long as the hostile chain is released at the right time. This would mean that different exchanges may get stuck on different forks, which would still allow people to double spend their cryptocurrency. -There are other attacks that can be used against proof of work cryptocurrencies. The most important one is the block withholding attack. It´s possible for people who dislike a cryptocurrency to join a pool and to start mining. However, whenever the miner finds a valid solution that would produce a block, he fails to share the solution with the pool. This costs money for the pool operator, but it can be lucrative for the actor if he also operates a competing pool himself. In the best case it leads to miners moving to his pool, which then potentially allows him to execute a 51% attack against the cryptocurrency. -It´s possible to put up a 51% attack bounty, allowing others to do the work for you. This works as following. You make transaction A : 100 bitcoin to exchange X, for a fee of 0.001 BTC. Once this transaction has been included in a block, you immediately broadcast a conflicting transaction with another node: You´ŕe sending those 100 bitcoin to your own wallet, but you´re also including a 50 bitcoin fee for the miners. The miners now have a strong incentive to disregard the valid chain and to start mining a new chain on an older block that can still include your conflicting transaction. Provided that pool operators are rational economic agents, they should grab the opportunity. -Selfish mining in combination with a Sybil attack allows someone to eclipse the rest of the network, while controlling less than 51% of the hashrate. Your malicious nodes will simply refuse to propagante blocks of your competitors, thereby giving you more time to release your own block. Selfish mining will always be possible with 33% of the hashrate and as far as I can tell there are no pathways known currently to make the scheme impossible for people with 25% of the hashrate. This potentially makes a 51% attacks lucrative without having to carry out double-spend attacks against exchanges. Although double spending is a form of theft, it´s not clear to me whether a selfish mining attack would get you into legal trouble or not.
The dreaded 51% attack is a morally justifiable and potentially lucrative solution to the Nakamoto scheme.
tldr: CHINA my qualifications: i took a class on bitcoin in college (i dont remember much but it was a 400-level CS course). Ethereum and bitcoin are battling right now for who will be the official mainstream cryptocurrency. That is why prices are flying as people "bet" on who comes out on top (sorta). My problem is that chinese companies own over 50% of the mining power ("mining pools") so therefore control over 50% of the bitcoin. https://blockchain.info/pools Chinese govt is most likely: a) in control of these pools, and if not, it's state-run internet so they can just take it. This is bad because we're essentially investing in China for 0 gain b) using those services to launder their own money, or some type of other fraud (not a finance guy but something something fiat currencies) So my grand conspiracy is that China is gonna perform some eclipse attack* and fuck the entire bitcoin economy up. Not a big deal now, but food for thought on if you really trust the system in the future. *. Eclipse attack: https://www.usenix.org/node/190891, "Our attack allows an adversary controlling a sufficient number of IP addresses to monopolize all connections to and from a victim bitcoin node"
Abstract As the most successful cryptocurrency to date, Bitcoin constitutes a target of choice for attackers. While many attack vectors have already been uncovered, one important vector has been left out though: attacking the currency via the Internet routing infrastructure itself. Indeed, by manipulating routing advertisements (BGP hijacks) or by naturally intercepting traffic, Autonomous Systems (ASes) can intercept and manipulate a large fraction of Bitcoin traffic. This paper presents the first taxonomy of routing attacks and their impact on Bitcoin, considering both small-scale attacks, targeting individual nodes, and large-scale attacks, targeting the network as a whole. While challenging, we show that two key properties make routing attacks practical: (i) the efficiency of routing manipulation; and (ii) the significant centralization of Bitcoin in terms of mining and routing. Specifically, we find that any network attacker can hijack few (<100) BGP prefixes to isolate ~50% of the mining power---even when considering that mining pools are heavily multi-homed. We also show that on-path network attackers can considerably slow down block propagation by interfering with few key Bitcoin messages. We demonstrate the feasibility of each attack against the deployed Bitcoin software. We also quantify their effectiveness on the current Bitcoin topology using data collected from a Bitcoin supernode combined with BGP routing data. The potential damage to Bitcoin is worrying. By isolating parts of the network or delaying block propagation, attackers can cause a significant amount of mining power to be wasted, leading to revenue losses and enabling a wide range of exploits such as double spending. To prevent such effects in practice, we provide both short and long-term countermeasures, some of which can be deployed immediately. References  “A Next-Generation Smart Contract and Decentralized Application Platform ,” https://github.com/ethereum/wiki/wiki/White-Paper.  “Bitcoin Blockchain Statistics,” https://blockchain.info/.  “bitnodes,” https://bitnodes.21.co/.  “Bitnodes. Estimating the size of Bitcoin network,” https://bitnodes.21.co/.  “CAIDA Macroscopic Internet Topology Data Kit.” https://www.caida.org/data/internet-topology-data-kit/.  “Dyn Research. Pakistan hijacks YouTube.” http://research.dyn.com/2008/02/pakistan-hijacks-youtube-1/.  “FALCON,” http://www.falcon-net.org/.  “FIBRE,” http://bitcoinfibre.org/.  “Litecoin ,” https://litecoin.org.  “RIPE RIS Raw Data,” https://www.ripe.net/data-tools/stats/ris/ris-raw-data.  “Routeviews Prefix to AS mappings Dataset (pfx2as) for IPv4 and IPv6.” https://www.caida.org/data/routing/routeviews-prefix2as.xml.  “Scapy.” http://www.secdev.org/projects/scapy/.  “The Relay Network,” http://bitcoinrelaynetwork.org/.  “ZCash,” https://z.cash/.  A. M. Antonopoulos, “The bitcoin network,” in Mastering Bitcoin. O’Reilly Media, Inc., 2013, ch. 6.  H. Ballani, P. Francis, and X. Zhang, “A Study of Prefix Hijacking and Interception in the Internet,” ser. SIGCOMM ’07. New York, NY, USA: ACM, 2007, pp. 265–276.  A. Boldyreva and R. Lychev, “Provable Security of S-BGP and Other Path Vector Protocols: Model, Analysis and Extensions,” ser. CCS ’12. New York, NY, USA: ACM, 2012, pp. 541–552.  J. Bonneau, A. Miller, J. Clark, A. Narayanan, J. A. Kroll, and E. W. Felten, “Sok: Research perspectives and challenges for bitcoin and cryptocurrencies,” in Security and Privacy (SP), 2015 IEEE Symposium on. IEEE, 2015, pp. 104–121.  P. Bosshart, D. Daly, G. Gibb, M. Izzard, N. McKeown, J. Rexford, C. Schlesinger, D. Talayco, A. Vahdat, G. Varghese et al., “P4: Programming protocol-independent packet processors,” ACM SIGCOMM Computer Communication Review, vol. 44, no. 3, pp. 87–95, 2014.  C. Decker and R. Wattenhofer, “Information propagation in the bitcoin network,” in Peer-to-Peer Computing (P2P), 2013 IEEE Thirteenth International Conference on. IEEE, 2013, pp. 1–10.  ——, Bitcoin Transaction Malleability and MtGox. Cham: Springer International Publishing, 2014, pp. 313–326. [Online]. Available: http://dx.doi.org/10.1007/978-3-319-11212-1_18  M. Edman and P. Syverson, “As-awareness in tor path selection,” in Proceedings of the 16th ACM Conference on Computer and Communications Security, ser. CCS ’09, 2009.  I. Eyal, “The miner’s dilemma,” in 2015 IEEE Symposium on Security and Privacy. IEEE, 2015, pp. 89–103.  I. Eyal and E. G. Sirer, “Majority is not enough: Bitcoin mining is vulnerable,” in Financial Cryptography and Data Security. Springer, 2014, pp. 436–454.  N. Feamster and R. Dingledine, “Location diversity in anonymity networks,” in WPES, Washington, DC, USA, October 2004.  J. Garay, A. Kiayias, and N. Leonardos, “The bitcoin backbone protocol: Analysis and applications,” in Advances in Cryptology-EUROCRYPT 2015. Springer, 2015, pp. 281–310.  A. Gervais, G. O. Karama, V. Capkun, and S. Capkun, “Is bitcoin a decentralized currency?” IEEE security & privacy, vol. 12, no. 3, pp. 54–60, 2014.  A. Gervais, H. Ritzdorf, G. O. Karame, and S. Capkun, “Tampering with the delivery of blocks and transactions in bitcoin,” in Proceedings of the 22Nd ACM SIGSAC Conference on Computer and Communications Security, ser. CCS ’15. New York, NY, USA: ACM, 2015, pp. 692–705.  P. Gill, M. Schapira, and S. Goldberg, “Let the Market Drive Deployment: A Strategy for Transitioning to BGP Security,” ser. SIGCOMM ’11. New York, NY, USA: ACM, 2011, pp. 14–25.  S. Goldberg, M. Schapira, P. Hummon, and J. Rexford, “How Secure Are Secure Interdomain Routing Protocols,” in SIGCOMM, 2010.  E. Heilman, A. Kendler, A. Zohar, and S. Goldberg, “Eclipse attacks on bitcoin’s peer-to-peer network,” in 24th USENIX Security Symposium (USENIX Security 15), 2015, pp. 129–144.  Y.-C. Hu, A. Perrig, and M. Sirbu, “SPV: Secure Path Vector Routing for Securing BGP,” ser. SIGCOMM ’04. New York, NY, USA: ACM, 2004, pp. 179–192.  J. Karlin, S. Forrest, and J. Rexford, “Pretty Good BGP: Improving BGP by Cautiously Adopting Routes,” in Proceedings of the Proceedings of the 2006 IEEE International Conference on Network Protocols, ser. ICNP ’06. Washington, DC, USA: IEEE Computer Society, 2006, pp. 290–299.  E. K. Kogias, P. Jovanovic, N. Gailly, I. Khoffi, L. Gasser, and B. Ford, “Enhancing bitcoin security and performance with strong consistency via collective signing,” in 25th USENIX Security Symposium (USENIX Security 16). Austin, TX: USENIX Association, 2016, pp. 279–296.  J. A. Kroll, I. C. Davey, and E. W. Felten, “The economics of bitcoin mining, or bitcoin in the presence of adversaries.” Citeseer.  A. Miller, J. Litton, A. Pachulski, N. Gupta, D. Levin, N. Spring, and B. Bhattacharjee, “Discovering bitcoin’s public topology and influential nodes.”  S. J. Murdoch and P. Zielinski, “Sampled traffic analysis by Internet- ´ exchange-level adversaries,” in Privacy Enhancing Technologies: 7th International Symposium, PET 2007, N. Borisov and P. Golle, Eds. Springer-Verlag, LNCS 4776, 2007, pp. 167–183.  K. Nayak, S. Kumar, A. Miller, and E. Shi, “Stubborn mining: Generalizing selfish mining and combining with an eclipse attack,” IACR Cryptology ePrint Archive, vol. 2015, p. 796, 2015.  T. Neudecker, P. Andelfinger, and H. Hartenstein, “A simulation model for analysis of attacks on the bitcoin peer-to-peer network,” in IFIP/IEEE International Symposium on Internet Management. IEEE, 2015, pp. 1327–1332.  P. v. Oorschot, T. Wan, and E. Kranakis, “On interdomain routing security and pretty secure bgp (psbgp),” ACM Trans. Inf. Syst. Secur., vol. 10, no. 3, Jul. 2007.  A. Pilosov and T. Kapela, “Stealing The Internet. An Internet-Scale Man In The Middle Attack.” DEFCON 16.  Y. Rekhter and T. Li, A Border Gateway Protocol 4 (BGP-4), IETF, Mar. 1995, rFC 1771.  M. Rosenfeld, “Analysis of hashrate-based double spending,” arXiv preprint arXiv:1402.2009, 2014.  A. Sapirshtein, Y. Sompolinsky, and A. Zohar, “Optimal selfish mining strategies in bitcoin,” CoRR, vol. abs/1507.06183, 2015.  E. B. Sasson, A. Chiesa, C. Garman, M. Green, I. Miers, E. Tromer, and M. Virza, “Zerocash: Decentralized anonymous payments from bitcoin,” in 2014 IEEE Symposium on Security and Privacy. IEEE, 2014, pp. 459–474.  B. Schlinker, K. Zarifis, I. Cunha, N. Feamster, and E. Katz-Bassett, “Peering: An as for us,” in Proceedings of the 13th ACM Workshop on Hot Topics in Networks, ser. HotNets-XIII. New York, NY, USA: ACM, 2014, pp. 18:1–18:7.  J. Schnelli, “BIP 151: Peer-to-Peer Communication Encryption,” Mar. 2016, https://github.com/bitcoin/bips/blob/mastebip-0151.mediawiki.  X. Shi, Y. Xiang, Z. Wang, X. Yin, and J. Wu, “Detecting prefix hijackings in the Internet with Argus,” ser. IMC ’12. New York, NY, USA: ACM, 2012, pp. 15–28.  Y. Sompolinsky and A. Zohar, “Secure high-rate transaction processing in bitcoin,” in Financial Cryptography and Data Security. Springer, 2015, pp. 507–527.  Y. Sun, A. Edmundson, L. Vanbever, O. Li, J. Rexford, M. Chiang, and P. Mittal, “RAPTOR: Routing attacks on privacy in TOR.” in USENIX Security, 2015.  A. Tonk, “Large scale BGP hijack out of India,” 2015, http://www.bgpmon.net/large-scale-bgp-hijack-out-of-india/.  ——, “Massive route leak causes Internet slowdown,” 2015, http://www.bgpmon.net/massive-route-leak-cause-internet-slowdown/.  L. Vanbever, O. Li, J. Rexford, and P. Mittal, “Anonymity on quicksand: Using BGP to compromise TOR,” in ACM HotNets, 2014.  Z. Zhang, Y. Zhang, Y. C. Hu, and Z. M. Mao, “Practical defenses against BGP prefix hijacking,” ser. CoNEXT ’07. New York, NY, USA: ACM, 2007.  Z. Zhang, Y. Zhang, Y. C. Hu, Z. M. Mao, and R. Bush, “iSPY: Detecting IP prefix hijacking on my own,” IEEE/ACM Trans. Netw., vol. 18, no. 6, pp. 1815–1828, Dec. 2010.
Abstract Nakamoto's famous blockchain protocol enables achieving consensus in a so-called permissionless setting---anyone can join (or leave) the protocol execution, and the protocol instructions do not depend on the identities of the players. His ingenious protocol prevents ``sybil attacks'' (where an adversary spawns any number of new players) by relying on computational puzzles (a.k.a. ``moderately hard functions') introduced by Dwork and Naor (Crypto'92). Recent work by Garay et al (EuroCrypt'15) and Pass et al (manuscript, 2016) demonstrate that this protocol provably achieves consistency and liveness assuming a) honest players control a majority of the computational power in the network, b) the puzzle-hardness is appropriately set as a function of the maximum network delay and the total computational power of the network, and c) the computational puzzle is modeled as a random oracle. Assuming honest participation, however, is a strong assumption, especially in a setting where honest players are expected to perform a lot of work (to solve the computational puzzles). In Nakamoto's Bitcoin application of the blockchain protocol, players are incentivized to solve these puzzles by receiving rewards for every ``blocks'' (of transactions) they contribute to the blockchain. An elegant work by Eyal and Sirer (FinancialCrypt'14), strengthening and formalizing an earlier attack discussed on the Bitcoin forum, demonstrates that a coalition controlling even a minority fraction of the computational power in the network can gain (close to) 2 times its ``fair share'' of the rewards (and transation fees) by deviating from the protocol instructions. In contrast, in a fair protocol, one would expect that players controlling a ϕϕ fraction of the computational resources to reap a ϕϕ fraction of the rewards. In this work, we present a new blockchain protocol---the FruitChain protocol---which satisfies the same consistency and liveness properties as Nakamoto's protocol (assuming an honest majority of the computing power), and additionally is δδ-approximately fair: with overwhelming probability, any honest set of players controlling a ϕϕ fraction of computational power is guaranteed to get at least a fraction (1−δ)ϕ(1−δ)ϕ of the blocks (and thus rewards) in any Omega(κ/δ)Omega(κ/δ) length segment of the chain (where κκ is the security parameter). As a consequence, if this blockchain protocol is used as the ledger underlying a cryptocurrency system, where rewards and transaction fees are evenly distributed among the miners of blocks in a length kappa segment of the chain, no coalition controlling less than a majority of the computing power can gain more than a factor (1+3δ)(1+3δ) by deviating from the protocol (i.e., honest participation is an n/2n/2-coalition-safe 3δ3δ-Nash equilibrium). Finally, the fruit chain protocol enables decreasing the variance of mining rewards and as such significantly lessens (or even obliterates) the need for mining pools. References [sol] http://www.coinwarz.com/calculators/bitcoin-mining-calculator. [BCL+05] Boaz Barak, Ran Canetti, Yehuda Lindell, Rafael Pass, and Tal Rabin. Secure computation without authentication. In CRYPTO’05, 2005. [BHP+] Iddo Bentov, Yuncong Hu, Rafael Pass, Elaine Shi, and Siqiu Yao. Decentralized pooled mining: An implementation of fruitchain. Manuscript. [BPS16] Iddo Bentov, Rafael Pass, and Elaine Shi. Snow white: Provably secure proofs of stake. Cryptology ePrint Archive, Report 2016/919, 2016. http://eprint.iacr.org/2016/919. [CKWN16] Miles Carlsten, Harry A. Kalodner, S. Matthew Weinberg, and Arvind Narayanan. On the instability of bitcoin without the block reward. In Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, Vienna, Austria, October 24-28, 2016, pages 154–167, 2016. [DN92] Cynthia Dwork and Moni Naor. Pricing via processing or combatting junk mail. In CRYPTO’92, pages 139–147, 1992. [ES14] Ittay Eyal and Emin G¨un Sirer. Majority is not enough: Bitcoin mining is vulnerable. In Financial Cryptography and Data Security, pages 436–454. Springer, 2014. [GKL15] Juan Garay, Aggelos Kiayias, and Nikos Leonardos. The bitcoin backbone protocol: Analysis and applications. In Advances in Cryptology-EUROCRYPT 2015, pages 281–310. Springer, 2015. 25 [HP15] Joseph Y. Halpern and Rafael Pass. Algorithmic rationality: Game theory with costly computation. J. Economic Theory, 156:246–268, 2015. [KKKT16] Aggelos Kiayias, Elias Koutsoupias, Maria Kyropoulou, and Yiannis Tselekounis. Blockchain mining games. In Proceedings of the 2016 ACM Conference on Economics and Computation, EC ’16, pages 365–382, 2016. [KP15] Aggelos Kiayias and Giorgos Panagiotakos. Speed-security tradeoffs in blockchain protocols, 2015. [KP16] Aggelos Kiayias and Giorgos Panagiotakos. On trees, chains and fast transactions in the blockchain. IACR Cryptology ePrint Archive, 2016:545, 2016. [KRDO16] Aggelos Kiayias, Alexander Russell, Bernardo David, and Roman Oliynykov. Ouroboros: A provably secure proof-of-stake blockchain protocol. Cryptology ePrint Archive, Report 2016/889, 2016. http://eprint.iacr.org/2016/889. [LSZ15] Yoad Lewenberg, Yonatan Sompolinsky, and Aviv Zohar. Inclusive block chain protocols. In Financial Crypto’15, 2015. [mtg10] mtgox. https://bitcointalk.org/index.php?topic=2227.msg29606#msg29606, 2010. [Nak08] Satoshi Nakamoto. Bitcoin: A peer-to-peer electronic cash system, 2008. [NKMS16] Kartik Nayak, Srijan Kumar, Andrew Miller, and Elaine Shi. Stubborn mining: Generalizing selfish mining and combining with an eclipse attack. In IEEE European Symposium on Security and Privacy, EuroS&P 2016, Saarbr¨ucken, Germany, March 21-24, 2016, pages 305–320, 2016. [PSS17] Rafael Pass, Lior Seeman, and Abhi Shelat. Analysis of the blockchain protocol in asynchronous networks. In Eurocrypt, 2017. [PS16] Rafael Pass and Elaine Shi. Hybrid consensus. http://eprint.iacr.org/2016/917, 2016. [SSZ16] Ayelet Sapirshtein, Yonatan Sompolinsky, and Aviv Zohar. Optimal selfish mining strategies in bitcoin. In Financial Crypto’16, 2016. [SZ15] Yonatan Sompolinsky and Aviv Zohar. Secure high-rate transaction processing in bitcoin. In Financial Cryptography and Data Security - 19th International Conference, FC 2015, San Juan, Puerto Rico, January 26-30, 2015, Revised Selected Papers, pages 507–527, 2015.
Abstract The consensus protocol underlying Bitcoin (the blockchain) works remarkably well in practice. However proving its security in a formal setting has been an elusive goal. A recent analytical result by Pass, Seeman and shelat indicates that an idealized blockchain is indeed secure against attacks in an asynchronous network where messages are maliciously delayed by at most Δ≪1/npΔ≪1/np, with nn being the number of miners and pp the mining hardness. This paper improves upon the result by showing that if appropriate inconsistency tolerance is allowed the blockchain can withstand even more powerful external attacks in the honest miner setting. Specifically we prove that the blockchain is secure against long delay attacks with Δ≥1/npΔ≥1/np in an asynchronous network. References
Badertscher, C., Garay, J., Maurer, U., Tschudi, D., Zikas, V.: But why does it work? a rational protocol design treatment of bitcoin. In: Nielsen, J., Rijmen, V. (eds.) EUROCRYPT 2018. LNCS, vol. 10821, pp. 34–65. Springer, Cham (2018)
Ben-Sasson, E., Chiesa, A., Garman, C., Green, M., Miers, I., Tromer, E., Virza, M.: Zerocash: Decentralized anonymous payment from bitcoin. IEEE Symposium on Security and Privacy pp. 459–474 (2014)
Carlsten, M., Kalodner, H.A., Weinberg, S.M., Narayanan, A.: On the instability of bitcoin without the block reward. In: ACM CCS 2016. pp. 154–167. ACM Press, New York (2016)
Daian, P., Pass, R., Shi, E.: Snow white: Provably secure proofs of stake. IACR Cryptology ePrint Archive, Report 2016/919 (2016)
David, B., Gaˇzi, P., Kiayias, A., Russell, A.: Ouroboros Praos: An adaptivelysecure, semi-synchronous proof-of-stake protocol. In: Nielsen, J., Rijmen, V. (eds.) EUROCRYPT 2018. LNCS, vol. 10821, pp. 66–98. Springer, Cham (2018)
Decker, C., Wattenhofer, R.: Information propagation in the bitcoin network. In: 13th IEEE International Conference on Peer-to-Peer Computing. pp. 1–10. IEEE Computer Society Press (2013)
Dubhashi, D.P., Panconesi, A.: Concentration of measure for the analysis of randomized algorithms. Cambridge University Press (2009)
Eyal, I., Sirer, E.G.: Majority is not enough: Bitcoin mining is vulnerable. In: Christin, N., Safavi-Naini, R. (eds.) FC 2014. LNCS, vol. 8437, pp. 436–454. Springer, Berlin, Heidelberg (2014)
Eyal, I., Sirer, E.G.: The miner’s dilemma. In: 2015 IEEE Symposium on Security and Privacy. vol. 2015-7, pp. 89–103. IEEE Computer Society Press (2015)
Garay, J., Kiayias, A., Leonardos, N.: The bitcoin backbone protocol: Analysis and applications. In: Oswald, E., Fischlin, M. (eds.) EUROCRYPT 2015. LNCS, vol. 9057, pp. 281–310. Springer, Berlin, Heidelberg (2015)
Garay, J., Kiayias, A., Leonardos, N.: The bitcoin backbone protocol with chains of variable difficulty. In: Katz, J., Shacham, H. (eds.) CRYPTO 2017. LNCS, vol. 10401, pp. 291–323. Springer, Cham (2017)
Gervais, A., Karame, G.O., Wust, K., Glykantzis, V., Ritzdorf, H., Capkun, S.: On the security and performance of proof of work blockchains. In: ACM CCS 2016. pp. 3–16. ACM Press (2016)
Heilman, E., Kendler, A., Zohar, A., Goldberg, S.: Eclipse attacks on bitcoins peer-to-peer network. In: Jung, J. (ed.) 24th USENIX Security Symposium. pp. 129–144. USENIX Association (2015)
Kiayias, A., Koutsoupias, E., Kyropoulou, M., Tselekounis, Y.: Blockchain mining games. In: 2016 ACM Conference on Economics and Computation. pp. 365–382. ACM Press (2016)
Kiayias, A., Panagiotakos, G.: Speed-security tradeoffs in blockchain protocols. IACR Cryptology ePrint Archive: Report 2015/1019 (2016)
Kiayias, A., Russell, A., David, B., Oliynykov, R.: Ouroboros: A provably secure proof-of-stake blockchain protocol. In: Katz, J., Shacham, H. (eds.) CRYPTO 2017. LNCS, vol. 10401, pp. 357–388. Springer, Cham (2017) Security of the Blockchain against Long Delay Attack 23
Miller, A., LaViola, J.J.: Anonymous byzantine consensus from moderately-hard puzzles: A model of bitcoin. University of Central Florida. Tech Report, CS-TR14-01 (2014)
Nakamoto, S.: Bitcoin: A peer-to-peer electronic cash system (2008)
Natoli, C., Gramoli, V.: The balance attack against proof-of-work blockchains: The R3 testbed as an example. Computing Research Repository (2016), arXiv:1612.09426
Nayak, K., Kumar, S., Miller, A., Shi, E.: Stubborn mining: Generalizing selfish mining and combining with an eclipse attack. In: 2016 IEEE European Symposium on Security and Privacy. vol. 142, pp. 305–320. IEEE Computer Society Press (2016)
Pass, R., Seeman, L., abhi shelat: Analysis of the blockchain protocol in asynchronous networks. In: Coron, J., Nielsen, J. (eds.) Advances in Cryptology - EUROCRYPT 2017. LNCS, vol. 10211, pp. 643–673. Springer-Verlag, Cham (2017)
Pass, R., Shi, E.: Fruitchains: A fair blockchain. In: ACM Symposium on Principles of Distributed Computing. pp. 315–324. ACM Press (2017)
Pass, R., Shi, E.: The sleepy model of consensus. In: Takagi, T., Peyrin, T. (eds.) ASIACRYPT 2017. LNCS, vol. 10625, pp. 380–409. Springer, Cham (2017)
Pass, R., Shi, E.: Thunderella: Blockchains with optimistic instant confirmation. In: Nielsen., J., Rijmen, V. (eds.) EUROCRYPT 2018. vol. 10821, pp. 3–33. Springer (2018)
Rosenfeld, M.: Analysis of bitcoin pooled mining reward systems. arXiv preprint:1112.4980 (2011), arXiv:1112.4980
Sapirshtein, A., Sompolinsky, Y., Zohar, A.: Optimal selfish mining strategies in bitcoin. In: Grossklags, J., Preneel, B. (eds.) FC 2016. LNCS, vol. 9603, pp. 515–532. Springer, Berlin, Heidelberg (2016)
Schrijvers, O., Bonneau, J., Boneh, D., Roughgarden, T.: Incentive compatibility of bitcoin mining pool reward functions. In: Grossklags, J., Preneel, B. (eds.) FC 2016. LNCS, vol. 9603, pp. 477–498. Springer, Berlin, Heidelberg (2016)
Abstract Transaction throughput, confirmation latency and confirmation reliability are fundamental performance measures of any blockchain system in addition to its security. In a decentralized setting, these measures are limited by two underlying physical network attributes: communication capacity and speed-of-light propagation delay. Existing systems operate far away from these physical limits. In this work we introduce Prism, a new proof-of-work blockchain protocol, which can achieve 1) security against up to 50% adversarial hashing power; 2) optimal throughput up to the capacity C of the network; 3) confirmation latency for honest transactions proportional to the propagation delay D, with confirmation error probability exponentially small in CD ; 4) eventual total ordering of all transactions. Our approach to the design of this protocol is based on deconstructing the blockchain into its basic functionalities and systematically scaling up these functionalities to approach their physical limits. References
Alex de Vries. Bitcoin’s growing energy problem. Joule, 2(5):801–805, 2018.
C. Decker and R. Wattenhofer. Information propagation in the bitcoin network. In IEEE P2P 2013 Proceedings, pages 1–10, Sept 2013.
Ittay Eyal, Adem Efe Gencer, Emin G¨un Sirer, and Robbert Van Renesse. Bitcoinng: A scalable blockchain protocol. In NSDI, pages 45–59, 2016.
Ittay Eyal and Emin G¨un Sirer. Majority is not enough: Bitcoin mining is vulnerable. Communications of the ACM, 61(7):95–102, 2018.
Juan Garay, Aggelos Kiayias, and Nikos Leonardos. The bitcoin backbone protocol: Analysis and applications. In Annual International Conference on the Theory and Applications of Cryptographic Techniques, pages 281–310. Springer, 2015.
Dina Katabi, Mark Handley, and Charlie Rohrs. Congestion control for high bandwidth-delay product networks. ACM SIGCOMM computer communication review, 32(4):89–102, 2002.
Aggelos Kiayias, Alexander Russell, Bernardo David, and Roman Oliynykov. Ouroboros: A provably secure proof-of-stake blockchain protocol. In Annual International Cryptology Conference, pages 357–388. Springer, 2017.
Uri Klarman, Soumya Basu, Aleksandar Kuzmanovic, and Emin G¨un Sirer. bloxroute: A scalable trustless blockchain distribution network whitepaper.
Yoad Lewenberg, Yoram Bachrach, Yonatan Sompolinsky, Aviv Zohar, and Jeffrey S Rosenschein. Bitcoin mining pools: A cooperative game theoretic analysis. In Proceedings of the 2015 International Conference on Autonomous Agents and Multiagent Systems, pages 919–927. International Foundation for Autonomous Agents and Multiagent Systems, 2015.
Yoad Lewenberg, Yonatan Sompolinsky, and Aviv Zohar. Inclusive block chain protocols. In International Conference on Financial Cryptography and Data Security, pages 528–547. Springer, 2015.
Chenxing Li, Peilun Li, Wei Xu, Fan Long, and Andrew Chi-chih Yao. Scaling nakamoto consensus to thousands of transactions per second. arXiv preprint arXiv:1805.03870, 2018.
Wenting Li, S´ebastien Andreina, Jens-Matthias Bohli, and Ghassan Karame. Securing proof-of-stake blockchain protocols. In Data Privacy Management, Cryptocurrencies and Blockchain Technology, pages 297–315. Springer, 2017.
Satoshi Nakamoto. Bitcoin: A peer-to-peer electronic cash system. 2008.
Christopher Natoli and Vincent Gramoli. The balance attack against proof-of-work blockchains: The r3 testbed as an example. arXiv preprint arXiv:1612.09426, 2016.
Kartik Nayak, Srijan Kumar, Andrew Miller, and Elaine Shi. Stubborn mining: Generalizing selfish mining and combining with an eclipse attack. In Security and Privacy (EuroS&P), 2016 IEEE European Symposium on, pages 305–320. IEEE, 2016.
Rafael Pass, Lior Seeman, and Abhi Shelat. Analysis of the blockchain protocol in asynchronous networks. In Annual International Conference on the Theory and Applications of Cryptographic Techniques, pages 643–673. Springer, 2017.
Rafael Pass and Elaine Shi. Fruitchains: A fair blockchain. In Proceedings of the ACM Symposium on Principles of Distributed Computing. ACM, 2017.
Rafael Pass and Elaine Shi. Hybrid consensus: Efficient consensus in the permissionless model. In LIPIcs-Leibniz International Proceedings in Informatics, volume 91. Schloss Dagstuhl-Leibniz-Zentrum fuer Informatik, 2017.
Rafael Pass and Elaine Shi. Thunderella: Blockchains with optimistic instant confirmation. In Annual International Conference on the Theory and Applications of Cryptographic Techniques, pages 3–33. Springer, 2018.
Peter R Rizun. Subchains: A technique to scale bitcoin and improve the user experience. Ledger, 1:38–52, 2016.
Ayelet Sapirshtein, Yonatan Sompolinsky, and Aviv Zohar. Optimal selfish mining strategies in bitcoin. In International Conference on Financial Cryptography and Data Security, pages 515–532. Springer, 2016.
Y Sompolinsky and A Zohar. Phantom: A scalable blockdag protocol, 2018.
Yonatan Sompolinsky, Yoad Lewenberg, and Aviv Zohar. Spectre: A fast and scalable cryptocurrency protocol. IACR Cryptology ePrint Archive, 2016:1159, 2016.
Yonatan Sompolinsky and Aviv Zohar. Secure high-rate transaction processing in bitcoin. In International Conference on Financial Cryptography and Data Security, pages 507–527. Springer, 2015.
Abstract Merged mining refers to the concept of mining more than one cryptocurrency without necessitating additional proof-of-work effort. Although merged mining has been adopted by a number of cryptocurrencies already, to this date little is known about the effects and implications. We shed light on this topic area by performing a comprehensive analysis of merged mining in practice. As part of this analysis, we present a block attribution scheme for mining pools to assist in the evaluation of mining centralization. Our findings disclose that mining pools in merge-mined cryptocurrencies have operated at the edge of, and even beyond, the security guarantees offered by the underlying Nakamoto consensus for extended periods. We discuss the implications and security considerations for these cryptocurrencies and the mining ecosystem as a whole, and link our findings to the intended effects of merged mining. References
M. Ali, J. Nelson, R. Shea, and M. J. Freedman. Blockstack: A global naming and storage system secured by blockchains. In 2016 USENIX Annual Technical Conference (USENIX ATC 16), pages 181–194, Denver, CO, 2016. USENIX Association.
L. Anderson, R. Holz, A. Ponomarev, P. Rimba, and I. Weber. New kids on the block: an analysis of modern blockchains. http://arxiv.org/pdf/1606.06530.pdf, 2016. Accessed: 2016-11-10.
E. Androulaki, S. Capkun, and G. O. Karame. Two bitcoins at the price of one? doublespending attacks on fast payments in bitcoin. In CCS, 2012.
I. Eyal. The miner’s dilemma. In Security and Privacy (SP), 2015 IEEE Symposium on, pages 89–103. IEEE, 2015.
I. Eyal and E. G. Sirer. Majority is not enough: Bitcoin mining is vulnerable. In Financial Cryptography and Data Security, pages 436–454. Springer, 2014.
P. Franco. Understanding Bitcoin: Cryptography, engineering and economics. John Wiley & Sons, 2014.
A. Gervais, G. O. Karame, K. Wust, V. Glykantzis, H. Ritzdorf, and S. Capkun. On the ¨ security and performance of proof of work blockchains. In Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, CCS ’16, pages 3–16, New York, NY, USA, 2016. ACM.
E. Heilman, A. Kendler, A. Zohar, and S. Goldberg. Eclipse attacks on bitcoin’s peer-to-peer network. In 24th USENIX Security Symposium (USENIX Security 15), pages 129–144, 2015.
Y. Lewenberg, Y. Bachrach, Y. Sompolinsky, A. Zohar, and J. S. Rosenschein. Bitcoin mining pools: A cooperative game theoretic analysis. In Proceedings of the 2015 International Conference on Autonomous Agents and Multiagent Systems, pages 919–927. International Foundation for Autonomous Agents and Multiagent Systems, 2015.
O. Schrijvers, J. Bonneau, D. Boneh, and T. Roughgarden. Incentive compatibility of bitcoin mining pool reward functions. In FC ’16: Proceedings of the the 20th International Conference on Financial Cryptography, February 2016.
M. B. Taylor. Bitcoin and the age of bespoke silicon. In Proceedings of the 2013 International Conference on Compilers, Architectures and Synthesis for Embedded Systems, page 16. IEEE Press, 2013.
Abstract Merged mining refers to the concept of mining more than one cryptocurrency without necessitating additional proof-of-work effort. Merged mining was introduced in 2011 as a boostrapping mechanism for new cryptocurrencies and countermeasures against the fragmentation of mining power across competing systems. Although merged mining has already been adopted by a number of cryptocurrencies, to this date little is known about the effects and implications. In this thesis, we shed light on this topic area by performing a comprehensive analysis of merged mining in practice. As part of this analysis, we present a block attribution scheme for mining pools to assist in the evaluation of mining centralization. Our findings disclose that mining pools in merge-mined cryptocurrencies have operated at the edge of, and even beyond, the security guarantees offered by the underlying Nakamoto consensus for extended periods. We discuss the implications and security considerations for these cryptocurrencies and the mining ecosystem as a whole, and link our findings to the intended effects of merged mining. Bibliography  Coinmarketcap. http://coinmarketcap.com/. Accessed 2017-09-28.  P2pool. http://p2pool.org/. Accessed: 2017-05-10.  M. Ali, J. Nelson, R. Shea, and M. J. Freedman. Blockstack: Design and implementation of a global naming system with blockchains. http://www.the-blockchain.com/docs/BlockstackDesignandImplementationofaGlobalNamingSystem.pdf, 2016. Accessed: 2016-03-29.  G. Andersen. Comment in "faster blocks vs bigger blocks". https://bitcointalk.org/index.php?topic=673415.msg7658481#msg7658481, 2014. Accessed: 2017-05-10.  G. Andersen. [bitcoin-dev] weak block thoughts... https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2015-Septembe011157.html, 2015. Accessed: 2017-05-10.  L. Anderson, R. Holz, A. Ponomarev, P. Rimba, and I. Weber. New kids on the block: an analysis of modern blockchains. http://arxiv.org/pdf/1606.06530.pdf, 2016. Accessed: 2016-07-04.  E. Androulaki, S. Capkun, and G. O. Karame. Two bitcoins at the price of one? double-spending attacks on fast payments in bitcoin. In CCS, 2012.  A. Back, M. Corallo, L. Dashjr, M. Friedenbach, G. Maxwell, A. Miller, A. Poelstra, J. Timón, and P. Wuille. Enabling blockchain innovations with pegged sidechains. http://newspaper23.com/ripped/2014/11/http-_____-___-_www___-blockstream___-com__-_sidechains.pdf, 2014. Accessed: 2017-09-28.  A. Back et al. Hashcash - a denial of service counter-measure. http://www.hashcash.org/papers/hashcash.pdf, 2002. Accessed: 2017-09-28.  S. Barber, X. Boyen, E. Shi, and E. Uzun. Bitter to better - how to make bitcoin a better currency. In Financial cryptography and data security, pages 399–414. Springer, 2012.  J. Becker, D. Breuker, T. Heide, J. Holler, H. P. Rauer, and R. Böhme. Can we afford integrity by proof-of-work? scenarios inspired by the bitcoin currency. In WEIS. Springer, 2012.  I. Bentov, R. Pass, and E. Shi. Snow white: Provably secure proofs of stake. https://eprint.iacr.org/2016/919.pdf, 2016. Accessed: 2017-09-28.  Bitcoin Community. Bitcoin developer guide- transaction data. https://bitcoin.org/en/developer-guide#term-merkle-tree. Accessed: 2017-06-05.  Bitcoin Community. Bitcoin protocol documentation - merkle trees. https://en.bitcoin.it/wiki/Protocol_documentation#Merkle_Trees. Accessed: 2017-06-05.  Bitcoin community. Bitcoin protocol rules. https://en.bitcoin.it/wiki/Protocol_rules. Accessed: 2017-08-22.  V. Buterin. Chain interoperability. Technical report, Tech. rep. 1. R3CEV, 2016.  W. Dai. bmoney. http://www.weidai.com/bmoney.txt, 1998. Accessed: 2017-09-28.  C. Decker and R. Wattenhofer. Information propagation in the bitcoin network. In Peer-to-Peer Computing (P2P), 2013 IEEE Thirteenth International Conference on, pages 1–10. IEEE, 2013.  C. Decker and R. Wattenhofer. Bitcoin transaction malleability and mtgox. In Computer Security-ESORICS 2014, pages 313–326. Springer, 2014.  Dogecoin community. Dogecoin reference implementation. https://github.com/dogecoin/  A. Gervais, G. Karame, S. Capkun, and V. Capkun. Is bitcoin a decentralized currency? volume 12, pages 54–60, 2014.  A. Gervais, G. O. Karame, K. Wüst, V. Glykantzis, H. Ritzdorf, and S. Capkun. On the security and performance of proof of work blockchains. In Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, pages 3–16. ACM, 2016.  I. Giechaskiel, C. Cremers, and K. B. Rasmussen. On bitcoin security in the presence of broken cryptographic primitives. In European Symposium on Research in Computer Security (ESORICS), September 2016.  J. Göbel, H. P. Keeler, A. E. Krzesinski, and P. G. Taylor. Bitcoin blockchain dynamics: The selfish-mine strategy in the presence of propagation delay. Performance Evaluation, 104:23–41, 2016.  E. Heilman, A. Kendler, A. Zohar, and S. Goldberg. Eclipse attacks on bitcoin’s peer-to-peer network. In 24th USENIX Security Symposium (USENIX Security 15), pages 129–144, 2015.  Huntercoin developers. Huntercoin reference implementation. https://github.com/chronokings/huntercoin. Accessed: 2017-06-05.  B. Jakobsson and A. Juels. Proofs of work and bread pudding protocols, Apr. 8 2008. US Patent 7,356,696; Accessed: 2017-06-05.  M. Jakobsson and A. Juels. Proofs of work and bread pudding protocols. In Secure Information Networks, pages 258–272. Springer, 1999.  A. Judmayer, N. Stifter, K. Krombholz, and E. Weippl. Blocks and chains: Introduction to bitcoin, cryptocurrencies, and their consensus mechanisms. Synthesis Lectures on Information Security, Privacy, & Trust, 9(1):1–123, 2017.  A. Juels and J. G. Brainard. Client puzzles: A cryptographic countermeasure against connection depletion attacks. In NDSS, volume 99, pages 151–165, 1999.  A. Juels and B. S. Kaliski Jr. Pors: Proofs of retrievability for large files. In Proceedings of the 14th ACM conference on Computer and communications security, pages 584–597. Acm, 2007.  H. Kalodner, M. Carlsten, P. Ellenbogen, J. Bonneau, and A. Narayanan. An empirical study of namecoin and lessons for decentralized namespace design. In WEIS, 2015.  G. O. Karame, E. Androulaki, and S. Capkun. Double-spending fast payments in bitcoin. In Proceedings of the 2012 ACM conference on Computer and communications security, pages 906–917. ACM, 2012.  G. O. Karame, E. Androulaki, M. Roeschlin, A. Gervais, and S. Čapkun. Misbehavior in bitcoin: A study of double-spending and accountability. volume 18, page 2. ACM, 2015.  A. Kiayias, A. Russell, B. David, and R. Oliynykov. Ouroboros: A provably secure proof-of-stake blockchain protocol. In Annual International Cryptology Conference, pages 357–388. Springer, 2017.  S. King. Primecoin: Cryptocurrency with prime number proof-of-work. July 7th, 2013.  T. Kluyver, B. Ragan-Kelley, F. Pérez, B. E. Granger, M. Bussonnier, J. Frederic, K. Kelley, J. B. Hamrick, J. Grout, S. Corlay, et al. Jupyter notebooks-a publishing format for reproducible computational workflows. In ELPUB, pages 87–90, 2016.  Lerner, Sergio D. Rootstock plattform. http://www.the-blockchain.com/docs/Rootstock-WhitePaper-Overview.pdf. Accessed: 2017-06-05.  Y. Lewenberg, Y. Bachrach, Y. Sompolinsky, A. Zohar, and J. S. Rosenschein. Bitcoin mining pools: A cooperative game theoretic analysis. In Proceedings of the 2015 International Conference on Autonomous Agents and Multiagent Systems, pages 919–927. International Foundation for Autonomous Agents and Multiagent Systems, 2015.  Litecoin community. Litecoin reference implementation. https://github.com/litecoin-project/litecoin. Accessed: 2017-09-28.  I. Maven. Apache maven project, 2011.  G. Maxwell. Comment in "[bitcoin-dev] weak block thoughts...". https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2015-Septembe011198.html, 2016. Accessed: 2017-05-10.  S. Meiklejohn, M. Pomarole, G. Jordan, K. Levchenko, D. McCoy, G. M. Voelker, and S. Savage. A fistful of bitcoins: characterizing payments among men with no names. In Proceedings of the 2013 conference on Internet measurement conference, pages 127–140. ACM, 2013.  S. Micali. Algorand: The efficient and democratic ledger. http://arxiv.org/abs/1607.01341, 2016. Accessed: 2017-02-09.  A. Miller, A. Juels, E. Shi, B. Parno, and J. Katz. Permacoin: Repurposing bitcoin work for data preservation. In Security and Privacy (SP), 2014 IEEE Symposium on, pages 475–490. IEEE, 2014.  A. Miller, A. Kosba, J. Katz, and E. Shi. Nonoutsourceable scratch-off puzzles to discourage bitcoin mining coalitions. In Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security, pages 680–691. ACM, 2015.  B. Momjian. PostgreSQL: introduction and concepts, volume 192. Addison-Wesley New York, 2001.  Myriad core developers. Myriadcoin reference implementation. https://github.com/myriadcoin/myriadcoin. Accessed: 2017-06-05.  S. Nakamoto. Bitcoin: A peer-to-peer electronic cash system. https://bitcoin.org/bitcoin.pdf, Dec 2008. Accessed: 2017-09-28.  S. Nakamoto. Merged mining specification. https://en.bitcoin.it/wiki/Merged_mining_specification, Apr 2011. Accessed: 2017-09-28.  Namecoin Community. Merged mining. https://github.com/namecoin/wiki/blob/masteMerged-Mining.mediawiki#Goal_of_this_namecoin_change. Accessed: 2017-08-20.  Namecoin community. Namecoin reference implementation. https://github.com/namecoin/namecoin. Accessed: 2017-09-28.  A. Narayanan, J. Bonneau, E. Felten, A. Miller, and S. Goldfeder. Bitcoin and Cryptocurrency Technologies: A Comprehensive Introduction. Princeton University Press, 2016.  K. Nayak, S. Kumar, A. Miller, and E. Shi. Stubborn mining: Generalizing selfish mining and combining with an eclipse attack. In 1st IEEE European Symposium on Security and Privacy, 2016. IEEE, 2016.  K. J. O’Dwyer and D. Malone. Bitcoin mining and its energy footprint. 2014.  R. Pass, L. Seeman, and A. Shelat. Analysis of the blockchain protocol in asynchronous networks. In Annual International Conference on the Theory and Applications of Cryptographic Techniques, pages 643–673. Springer, 2017.  D. Pointcheval and J. Stern. Security arguments for digital signatures and blind signatures. Journal of cryptology, 13(3):361–396, 2000.  Pseudonymous("TierNolan"). Decoupling transactions and pow. https://bitcointalk.org/index.php?topic=179598.0, 2013. Accessed: 2017-05-10.  P. R. Rizun. Subchains: A technique to scale bitcoin and improve the user experience. Ledger, 1:38–52, 2016.  K. Rosenbaum. Weak blocks - the good and the bad. http://popeller.io/index.php/2016/01/19/weak-blocks-the-good-and-the-bad/, 2016. Accessed: 2017-05-10.  K. Rosenbaum and R. Russell. Iblt and weak block propagation performance. Scaling Bitcoin Hong Kong (6 December 2015), 2015.  M. Rosenfeld. Analysis of bitcoin pooled mining reward systems. arXiv preprint arXiv:1112.4980, 2011.  M. Rosenfeld. Analysis of hashrate-based double spending. http://arxiv.org/abs/1402.2009, 2014. Accessed: 2016-03-09.  R. Russel. Weak block simulator for bitcoin. https://github.com/rustyrussell/weak-blocks, 2014. Accessed: 2017-05-10.  A. Sapirshtein, Y. Sompolinsky, and A. Zohar. Optimal selfish mining strategies in bitcoin. In International Conference on Financial Cryptography and Data Security, pages 515–532. Springer, 2016.  Sathoshi Nakamoto. Comment in "bitdns and generalizing bitcoin" bitcointalk thread. https://bitcointalk.org/index.php?topic=1790.msg28696#msg28696. Accessed: 2017-06-05.  O. Schrijvers, J. Bonneau, D. Boneh, and T. Roughgarden. Incentive compatibility of bitcoin mining pool reward functions. In FC ’16: Proceedings of the the 20th International Conference on Financial Cryptography, February 2016.  B. Sengupta, S. Bag, S. Ruj, and K. Sakurai. Retricoin: Bitcoin based on compact proofs of retrievability. In Proceedings of the 17th International Conference on Distributed Computing and Networking, page 14. ACM, 2016.  N. Szabo. Bit gold. http://unenumerated.blogspot.co.at/2005/12/bit-gold.html, 2005. Accessed: 2017-09-28.  M. B. Taylor. Bitcoin and the age of bespoke silicon. In Proceedings of the 2013 International Conference on Compilers, Architectures and Synthesis for Embedded Systems, page 16. IEEE Press, 2013.  Unitus developers. Unitus reference implementation. https://github.com/unitusdev/unitus. Accessed: 2017-08-22.  M. Vukolić. The quest for scalable blockchain fabric: Proof-of-work vs. bft replication. In International Workshop on Open Problems in Network Security, pages 112–125. Springer, 2015.  P. Webb, D. Syer, J. Long, S. Nicoll, R. Winch, A. Wilkinson, M. Overdijk, C. Dupuis, and S. Deleuze. Spring boot reference guide. Technical report, 2013-2016.  A. Zamyatin. Name-squatting in namecoin. (unpublished BSc thesis, Vienna University of Technology), 2015.
Abstract The increasing number of cryptocurrencies, as well as the rising number of actors within each single cryptocurrency, inevitably leads to tensions between the respective communities. As with open source projects, (protocol) forks are often the result of broad disagreement. Usually, after a permanent fork both communities ``mine'' their own business and the conflict is resolved. But what if this is not the case? In this paper, we outline the possibility of malicious forking and consensus techniques that aim at destroying the other branch of a protocol fork. Thereby, we illustrate how merged mining can be used as an attack method against a permissionless PoW cryptocurrency, which itself involuntarily serves as the parent chain for an attacking merge mined branch of a hard fork. References
J. Bonneau. Why buy when you can rent? bribery attacks on bitcoin consensus. In BITCOIN ’16: Proceedings of the 3rd Workshop on Bitcoin and Blockchain Research, February 2016.
J. Bonneau. Hostile blockchain takeovers (short paper). In 5th Workshop on Bitcoin and Blockchain Research, Financial Cryptography and Data Security 18 (FC). Springer, 2018.
K. Croman, C. Decker, I. Eyal, A. E. Gencer, A. Juels, A. Kosba, A. Miller, P. Saxena, E. Shi, and E. G¨un. On scaling decentralized blockchains. In 3rd Workshop on Bitcoin and Blockchain Research, Financial Cryptography 16, 2016.
I. Eyal, A. E. Gencer, E. G. Sirer, and R. van Renesse. Bitcoin-ng: A scalable blockchain protocol. In 13th USENIX Security Symposium on Networked Systems Design and Implementation (NSDI’16). USENIX Association, Mar 2016.
I. Eyal and E. G. Sirer. Majority is not enough: Bitcoin mining is vulnerable. In Financial Cryptography and Data Security, pages 436–454. Springer, 2014.
A. Gervais, G. O. Karame, K. W¨ust, V. Glykantzis, H. Ritzdo rf, and S. Capkun. On the security and performance of proof of work blockchains. In Proceedings of the 2016 ACM SIGSAC, pages 3–16. ACM, 2016.
A. Judmayer, A. Zamyatin, N. Stifter, A. G. Voyiatzis, and E. Weippl. Merged mining: Curse or cure? In CBT’17: Proceedings of the International Workshop on Cryptocurrencies and Blockchain Technology, Sep 2017.
A. Kiayias, A. Miller, and D. Zindros. Non-interactive proofs of proof-of-work. Cryptology ePrint Archive, Report 2017/963, 2017. Accessed:2017-10-03.
J. A. Kroll, I. C. Davey, and E. W. Felten. The economics of bitcoin mining, or bitcoin in the presence of adversaries. In Proceedings of WEIS, volume 2013, page 11, 2013.
K. Liao and J. Katz. Incentivizing blockchain forks via whale transactions. In International Conference on Financial Cryptography and Data Security, pages 264–279. Springer, 2017.
P. McCorry, A. Hicks, and S. Meiklejohn. Smart contracts for bribing miners. In 5th Workshop on Bitcoin and Blockchain Research, Financial Cryptography and Data Security 18 (FC). Springer, 2018.
Narayanan, Arvind and Bonneau, Joseph and Felten, Edward and Miller, Andrew and Goldfeder, Steven. Bitcoin and cryptocurrency technologies. http://bitcoinbook.cs.princeton.edu/, 2016. Accessed: 2016-03-29.
K. Nayak, S. Kumar, A. Miller, and E. Shi. Stubborn mining: Generalizing selfish mining and combining with an eclipse attack. In 1st IEEE European Symposium on Security and Privacy, 2016. IEEE, 2016.
J. Teutsch, S. Jain, and P. Saxena. When cryptocurrencies mine their own business. In Financial Cryptography and Data Security (FC 2016), Feb 2016.
Y. Velner, J. Teutsch, and L. Luu. Smart contracts make bitcoin mining pools vulnerable. In International Conference on Financial Cryptography and Data Security, pages 298–316. Springer, 2017.
A. Zamyatin, N. Stifter, A. Judmayer, P. Schindler, E. Weippl, and W. J. Knottebelt. (Short Paper) A Wild Velvet Fork Appears! Inclusive Blockchain Protocol Changes in Practice. In 5th Workshop on Bitcoin and Blockchain Research, Financial Cryptography and Data Security 18 (FC). Springer, 2018.
This is why BTCP could be worth more than $1037 per coin...
At the time of writing, BTCP is the highest valued zkSNARKs enabled coin, ranked at #24 at Coinmarketcap. Trading volume is still low compared to other coins, but it has rapidly gone from ~$500,000 volume to $2,300,000 volume in just five days, and the trend in volume still points steeply upwards! :-)
Very nice to see all this. After a rough start and a rather depressing time post-fork, with Bears and FUD'ers all around, it's nice to see some life emerging in the crypto-world in general, and in Bitcoin Private in particular. Of course there will be backlashes, but why not enjoy this situation? Spring is in the air! :-)
BTC breaking out of its negative trend and Coinmarketcap getting their sh!t together regarding BTCP Circulating Supply happening at roughly the same time, what are the odds? The planets aligned... ;-)
At the time of writing, BTCP is about to overtake Bitcoin Gold. Only $20M in market cap to go. If it doesn't happen today, it will happen soon enough. But eclipsing Bitcoin Gold isn't the goal.
The goal is to create a coin with utility. A coin that can actually be used as money! This is where the true value will be, and what will bring longevity to the project. What will differ it from thousands of other coins that will sooner or later fade away.
Privacy is essential here. Let's make an analogy to plain, traditional cash! Coins and bills! What if it would be possible to track every coin, from the moment it left the coin foundry to the moment it ceased to exist. Every hand and pocket it visited during its entire existence; who received it, to whom it was passed along, and for what! Imagine it would be possible for everyone (including government and authorities, neighbors, your competitors, etc) to track and monitor every single purchase you make, every single sale you make! In a cash society, everyone would find this thought repulsive and completely unacceptable!
But this is how block chains work. They are open for everyone to see. Forever. Nothing is forgotten, nothing can be altered, it's all there for everyone to see.
Bitcoin, the original, had the vision to be used as digital cash money, which of course included privacy. And for a long time it was private. Kind of. By being anonymous. However, now it has become clear that similar tools that are used for analyzing social media flows, can be used to unveil a great deal of information from block chains. By cross-referencing information like time stamps, amounts, and other online activities between multiple relevant network logs and databases, it has been proven to be possible to identify people, their transactions, and what they have bought. Oops! :-O
There is no grey-scale in this area. Either it's private, or it's not. Being "kind of" private is utterly worthless. The analyzing tools will evolve. They will become better, more powerful, more specialized. New technology will be developed. And the block chains will be there forever, along with their entire and complete track record of everything that has happened in their entire existence. Information just sitting there, forever, just waiting for all those future fancy tools to dig in to.
There are some "privacy" coins that are actually used in online trade today. The most famous and the most used ones aren't really private since no data is encrypted. Instead they use "privacy by obfuscation", which even per design is less private compared to proper encryption. And as it turns out, Monero and Verge (and more?) weren't as "private" as people thought, it has been possible to connect people to their purchases by analyzing the block chains.
The proper privacy coins are the zkSNARKs ones. But they are small; they don't have the Bitcoin coin base. This is why Bitcoin Private totally eclipsed ZenCash, Zclassic, and as of today (may be different tomorrow, but still) overtook Zcash position as the highest valued zkSNARKs coin at a mere $54 compared to Zcash's whopping $278. And none of the others has the Bitcoin branding, indisputably the most famous and well-known cryptocurrency trademark. Even grandmothers knows about the "Bitcoin" brand.
So in privacy, the Bitcoin Private is kind of well positioned already (and rumors has it that many exciting development plans are still to be presented; "You'll be blown away").
But again, the aim is to truly be able to function as money. As Cash. Bitcoin. Cash. Now some of you may think: "Eeh, Bitcoin Cash?" ;-) Well, indeed that one was a fork meant to address some of the big problems with Bitcoin Original; that it wasn't possible anymore to use Bitcoin as a mean of payments due to very slow transactions and high fees (and extreme volatility, but that wasn't on BCH's agenda).
But the thing is, Bitcoin Cash is broken in this regard. Has been for a long time. It's slow and unreliable. Here is what Miningpoolhub writes about Bitcoin Cash on its pool-page:
Withdraw only. This pool is not for mining. Auto exchange to other coin would be impossible or too slow. If you want to exchange Bithcoin-Cash to other coin, withdraw and exchange manually. Coin withdrawal would be delayed due to slow block generation. https://blockchair.com/bitcoin-cash/blocks Thanks!
Have a look at the linked page. It could be 45 minutes between blocks. Besides this, it has no privacy which kind of disqualifies it from its original "Bitcoin Cash" purpose, doesn't it? Who wants a cash-coin with no privacy today?!
In every fundamental technical aspect, Bitcoin Private is a superior coin compared to Bitcoin Cash. So it should be worth more. Some say that Bitcoin Cash is valued ridiculously high, but it is what it is. It went from a $15 Billion market cap to the current $21 Billion market cap in just a few days. Looking at Bitcoin Private's coin supply through Bitcoin Cash's valuation ($21 167 792 068 / 20 403 830) gives a price of $1037 per BTCP. And a technically superior coin with more "real values" should be valued higher, right?
Bitcoin Private has assimilated Bitcoin Cash's main features and reasons to exist. Bitcoin Private has also assimilated Bitcoin Gold's main features and reasons to exist. It has the entire Bitcoin coin base, and many key Bitcoin features. It has the name. And it has proper privacy, which no other Bitcoin has.
Bitcoin Private is Bitcoin, done right!
And I don't know about the $1037 figure. A fantasy? Could become real? A long way to go, in any case. But one thing I definitely hold for certain is: Bitcoin Private is seriously undervalued today!
This bitcoin merged mining pool allows you to mine for bitcoin. The pool provides the Double Geometric Method at a 1.5% fee for the bitcoin portion of the reward. Transaction fees in mined blocks (minus the 1.5% pool fee) are awarded to the miner that found the block. Overview. Stratum protocol for mining mmpool.org:3333 or mmpool.org:3334 for high difficulty miners; DGM reward method; 1.5% ... According to BlockTrail, Bitfury is the third largest Bitcoin mining pool and mines about 11% of all blocks. The main difference between the Bitfury pool and other mining pools is that Bitfury is a private pool. Bitfury, the company, makes its own mining hardware and runs its own pool. So, unlike Slush or Antpool, Bitfury cannot be joined if you run mining hardware at home. Bitfury 16nm ASIC ... In a Mining Pool, multiple miners combine their Hashing Power and share all the rewards, but why is that? The answer is simple – to guarantee themselves constant income in short periods of time. The process of decoding a new block involves high levels of hash rate. This results from the pooled mining power of each gear participating. As I mentioned earlier, the mining of a certain coin tends ... As the FOI states, BFL have been using customers ASICs to mine at the Eclipse Mining Pool.... which is owned by BFL and was purchased in 2012 (Part 4, Page 3 of 7 at the bottom).. Move your ASICs away from BFL. It's the ethical thing to do (as well as makes a statement saying that we, the customers, will not accept or condone this kind of behaviour). A look at Eclipse Mining Consortium’s Mining Pool. Please note: This review is based on a relatively small amount of hashing, a few hundred ghs. The stats outlined in this review may not apply to larger miners. We hacked our antminer S1’s to mine nine pools concurrently, letting us run proportional power across a wide variety of mining pools. This review is part of our series of bitcoin ...
Bitcoin mining with your browser. https://get.cryptobrowser.site/9988457 How it works It’s a pretty simple, straightforward scheme: you get a personal referral link and invite people to download ... if you want real payment , you need to creat account by Below link : 👇👇👇👇👇👇👇👇👇👇👇👇👇 👉 http://bit.ly/10daysfreebtc ... How to Mine Bitcoin Cash & BTC Complete Mining Tutorial & Setup with Pool Configuration Guide using top industry ASIC from Bitmain. Bitcoin and Bitcoin Cash ... How to choose a Bitcoin mining pool - Duration: 6:02. bitcoin master 50,887 views. 6:02. The Gold Mine In The Clouds Super Structures Spark - Duration: 51:41. Spark Recommended for you. 51:41 ... Bitcoin Mining Pool 🎓 BitClub Network Akademie Deutsch 🇩🇪 - Duration: 10:05. Ronald Steimel 26,615 views. 10:05. USB Miner mit Pool verbinden - emarks minen - bitcoin mining tutorial ...