Bitcoin 100x less secure than commonly believed

[Pheonike]

We are not paying $864,000/day to have that level of security. 

[Empirical1.2]

Conclusion from this is that the cost of attacking the network is the cost bribing / coercing 10 people and these 10 people could easily collude.

Thank goodness the BTS 2.0, 17 witness network can't be attacked by bribing/coercing 10 people   

[bytemaster]

Exactly, by paying the miners NOT to hash you remove them from the competition, then you PAY them to hash for you.       

So, you buy their hashing power... how is this not just paying for majority hash?

Assuming 5% profit margin:

All miners are currently paying an electric bill of  $6000 every 10 minutes and earning BTC worth $6300 for a net profit of $300.

It is commonly believed that an attacker would have to spend $6001 every 10 minutes to get 50.01% away from these miners.

Technically speaking the attacker only needs to pay the existing miners $1 more every 10 minutes and the miners could defect for a higher pay rate and the attacker gives them a long-term contract for $301 every 10 minutes for their hash power.  The long-term contract protects the miners against any volatility in BTC price as a result of the attack resulting in the attacker having total costs of $1 +  $300*PERCENT_DECLINE_IN_BTS_PRICE as a result of the attack.

Miners have a business model with ever-decreasing profit margins so their job positions have ever decreasing salaries.   Therefore there is no long-term upside to supporting BTC for miners and they would be foolish to not sell out to someone offering them a better long-term income.

Negative mining is just an approach to push pools out of business and concentrate power in the hands of large mining farms which you can then negotiate with.

A large mining farm would be foolish to do anything other than negative mining on the public pools.   Large public pools serve to allow more competition and thus lower overall margins.   

Hence if I owned 10% of all hashing power, I would use it entirely for negative mining until the pools collapsed and then switch to solo-mining.   This would maximize my long-term profits and secure my position of control.

[Pheonike]

Yes, this argument is very much a clone of Rune's old argument, and it falls down in exactly the same way, once you strip away all the complicated sounding wording:

* A mining pool is no different to a single, powerful bitcoin miner
* All the miners in bitcoin collectively spend 25 BTC per block on block production
* In order to turn a miner 'to the dark side', you must bribe them with more than their expected block reward
* In order to turn a majority of miners, you need to spend more than the entire network does every block

This is the 51% attack, nothing new.

You don't need to spend more than the entire network to pull this off.  An attacker only needs to spend enough to make mining unprofitable UNLESS you mine for them.

In other words, as profit margins decrease (due to free market competition) the cost of attacking the network decreases by a factor of X^2

If you have 5% profit margins, then I can make the network unprofitable for all pool miners for just $2000 per day.
If you have 1% profit margins, then I can make the network unprofitable for all pool miners for under $100 per day.

The only defense the network has is to eliminate the use of public pools where anyone can join.     Once you eliminate public pools you are left with at most 10 private pools because if you have pools smaller than 10% of the hash power then your variance will eat up any remaining profit margins and thus make it unprofitable.

Conclusion from this is that the cost of attacking the network is the cost bribing / coercing 10 people and these 10 people could easily collude.  Might as well have them simply SIGN the blocks rather than spend energy mining them.   After all they could easily double spend at will by arbitrarily reversing the bitcoin blockchain by simply stopping production on the real chain and producing a fork.   

You could use the analogy of,  "I don't have to run faster than the bear, I just need to run faster than you!"

[monsterer]

Exactly, by paying the miners NOT to hash you remove them from the competition, then you PAY them to hash for you.       

So, you buy their hashing power... how is this not just paying for majority hash?

[bytemaster]

You don't need to spend more than the entire network to pull this off.  An attacker only needs to spend enough to make mining unprofitable UNLESS you mine for them.

So, you pay miners to not hash - and guess what the price will be?

Exactly, by paying the miners NOT to hash you remove them from the competition, then you PAY them to hash for you.     

Effectively miners only have one choice, hash for you or go home.   If the price crashes as a result of such an attack then the attack just got cheaper because profit margins will disappear. 

Now if you execute this attack just after a reward halving then it is even easier.   When the mining reward falls in half margins get crushed.   

[monsterer]

You don't need to spend more than the entire network to pull this off.  An attacker only needs to spend enough to make mining unprofitable UNLESS you mine for them.

So, you pay miners to not hash - and guess what the price will be?

[bytemaster]

Yes, this argument is very much a clone of Rune's old argument, and it falls down in exactly the same way, once you strip away all the complicated sounding wording:

* A mining pool is no different to a single, powerful bitcoin miner
* All the miners in bitcoin collectively spend 25 BTC per block on block production
* In order to turn a miner 'to the dark side', you must bribe them with more than their expected block reward
* In order to turn a majority of miners, you need to spend more than the entire network does every block

This is the 51% attack, nothing new.

You don't need to spend more than the entire network to pull this off.  An attacker only needs to spend enough to make mining unprofitable UNLESS you mine for them.

In other words, as profit margins decrease (due to free market competition) the cost of attacking the network decreases by a factor of X^2

If you have 5% profit margins, then I can make the network unprofitable for all pool miners for just $2000 per day.
If you have 1% profit margins, then I can make the network unprofitable for all pool miners for under $100 per day.

The only defense the network has is to eliminate the use of public pools where anyone can join.     Once you eliminate public pools you are left with at most 10 private pools because if you have pools smaller than 10% of the hash power then your variance will eat up any remaining profit margins and thus make it unprofitable.

Conclusion from this is that the cost of attacking the network is the cost bribing / coercing 10 people and these 10 people could easily collude.  Might as well have them simply SIGN the blocks rather than spend energy mining them.   After all they could easily double spend at will by arbitrarily reversing the bitcoin blockchain by simply stopping production on the real chain and producing a fork.     

[monsterer]

Yes, this argument is very much a clone of Rune's old argument, and it falls down in exactly the same way, once you strip away all the complicated sounding wording:

* A mining pool is no different to a single, powerful bitcoin miner
* All the miners in bitcoin collectively spend 25 BTC per block on block production
* In order to turn a miner 'to the dark side', you must bribe them with more than their expected block reward
* In order to turn a majority of miners, you need to spend more than the entire network does every block

This is the 51% attack, nothing new.

[CLains]

Somehow, this thread makes me recall Rune's idea for a takeover bid.

Yes:
https://www.reddit.com/r/BitcoinUpgrade/comments/2mlkn5/how_and_what/

I recall this one: https://bitsharestalk.org/index.php?topic=7003.0

[Murderistic]

Somehow, this thread makes me recall Rune's idea for a takeover bid.

I was thinking the SAME thing as soon as I saw it.

[xeroc]

Somehow, this thread makes me recall Rune's idea for a takeover bid.

Yes:
https://www.reddit.com/r/BitcoinUpgrade/comments/2mlkn5/how_and_what/

[donkeypong]

Somehow, this thread makes me recall Rune's idea for a takeover bid.

[Troglodactyl]

Conclusion:  The Bitcoin network is only as secure as the profit margins on mining, not the cost of mining.   The lower the profit margins fall the cheaper it becomes to perform the negative mining attack.

Does "negative mining" ever become a profitable attack, in and of itself? I thought I recalled seeing a paper on that in the past months, describing how a pool could increase income by this method, allocating a portion of its hashing against an enemy pool.

Suppose mining profit margin is 5%
Suppose you have a mining pool with 20% of the hash power, you would normally produce 70 blocks per day and if you charge a 1.5% fee your pool profit would be 26.5 BTC per day and your pools revenue would be 1750 BTC
Suppose you direct 25% of your hash power (5%) of the total at all competing pools, you will now produce 52 blocks per day directly, and 17.1 blocks per day indirectly (from other pools) and your pools revenue would be 1727.5 a reduction in revenue of  22.5 BTC

a reduction in revenue of  22.5 BTC

What about a way to directly increase revenue by sharing in the target pool's revenues, while contributing nothing to the other miners in the enemy pool? That's what I thought I remembered, but it only works if the target is a huge pool. Anyone?

I guess I don't know exactly how rewards for not finding a block work. Why couldn't you negative mine against all pools, simultaneously, reusing the same hashpower? Just submit the same work to all the pools.

If negative mining is a losing proposition outside of explicit blockchain takeovers, or advertising your not-attacked-but-fee-charging pool, I can see why it hasn't caught on very much yet.

I think you're thinking of selfish mining, which is just delaying the release of a mined block to get a head start on the next one.

[Chronos]

Conclusion:  The Bitcoin network is only as secure as the profit margins on mining, not the cost of mining.   The lower the profit margins fall the cheaper it becomes to perform the negative mining attack.

Does "negative mining" ever become a profitable attack, in and of itself? I thought I recalled seeing a paper on that in the past months, describing how a pool could increase income by this method, allocating a portion of its hashing against an enemy pool.

Suppose mining profit margin is 5%
Suppose you have a mining pool with 20% of the hash power, you would normally produce 70 blocks per day and if you charge a 1.5% fee your pool profit would be 26.5 BTC per day and your pools revenue would be 1750 BTC
Suppose you direct 25% of your hash power (5%) of the total at all competing pools, you will now produce 52 blocks per day directly, and 17.1 blocks per day indirectly (from other pools) and your pools revenue would be 1727.5 a reduction in revenue of  22.5 BTC

a reduction in revenue of  22.5 BTC

What about a way to directly increase revenue by sharing in the target pool's revenues, while contributing nothing to the other miners in the enemy pool? That's what I thought I remembered, but it only works if the target is a huge pool. Anyone?

I guess I don't know exactly how rewards for not finding a block work. Why couldn't you negative mine against all pools, simultaneously, reusing the same hashpower? Just submit the same work to all the pools.

If negative mining is a losing proposition outside of explicit blockchain takeovers, or advertising your not-attacked-but-fee-charging pool, I can see why it hasn't caught on very much yet.