1. 10
    1. 4

      There was one serious flaw in his argument, but before I touch on that I just want to point out:

      This person has a vested interest in discrediting bitcoin. He operates a proof-of-stake cryptocurrency variant called BitShares. There is a very clear conflict of interest here and as such this blog post should be taken with a grain of salt.

      That said, here is the flaw. His argument boils down to a game theoretic model in which users switch to the attacker’s mining pool when their current pool becomes unprofitable. In effect, the $420,000 number is then amortized across the profit-motivated miners joining the attacking pool (which he for some reason terms the ‘censoring’ pool; he seems more concerned about dropped transactions than double-spending). The proposed cost of executing an attack that would cause this shift in mining pools is about $5000 / day.

      However, there are some critical assumptions underlying this claim.

      1. Miners are entirely profit-motivated.
      2. Miners will prioritize short-term gains over long-term gains.
      3. All or a significant majority of miners satisfy (1) and (2).

      We could debate (1) (I have no doubt some altruistic “bitcoin is the future” miners are out there), but (2) and (3) are not solid in the least. This is very much a case of “don’t bite the hand that feeds you”. If a pool suddenly became unprofitable because of negative mining, it is unlikely that the solution would be “jump on the attacker’s pool, then all the bitcoin we’re mining at 0-1% commission will be worthless. Hurray!”. Joining the attacking pool would very clearly degrade the value of bitcoin. I’m hesitant to even call that “long-term”, because I’d expect it to take effect relatively quickly. This game theoretic attack depends on the players having the intellect of cockroaches. It isn’t even unclear what the optimal choice is, like the prisoner’s dilemma. While some bad eggs may try to take advantage of short-term gains in the way he proposes, anyone who is going to dedicate their expensive mining setup to a pool would seem likely to consider how that is going to impact the value of the “profit” they’re going to make.

      All in all, this article is utter shit. He (very poorly; it was hard to follow) goes through a nonsense game theoretic attack that rests on miners having literally no foresight, then launches into a sales pitch for his snake oil! (To be clear, I don’t know whether proof-of-stake is viable or not, but he is framing it as a solution to all of bitcoin’s woes in a way that very well places it in snake-oil territory)

      0/10 would not read again.

    2. 1

      I found the fixation on dollar amounts strange. Not to mention confusing. I can break Bitcoin for $1000? Sign me up! :) Who do I give my $1000 to?

      1. 3

        Well, I think that reflects how the author is going about their analysis:

        The reason proof of work is considered secure is because it is more profitable to join the honest network than to attempt to attack it.

        If you’re trying to determine at what point it becomes profitable, then you’re gonna have to talk about money.

        1. 2

          I got lost somewhere, because it looked like all that mattered were percentages. Turning that into dollars at the end would make sense, but less so all the way through. I’m also a little confused about what “cost” means. As in, I can spend that much? Or is that opportunity cost from not playing nicely?

          IIUC, I can spend (as in money flows out of my bank account) $5000 per day on electricity to conduct this attack. But doesn’t that require I have a state of the art mining rig to pour that $5k in electrons into? How much does 2000000 watts of ASIC hashing cost?

          1. 1

            Yeah, I mean, the prices are all volatile all the time, so it’s basically wrong as soon as it’s printed.

            My reading is basically the same as yours. No idea how much the ASICs would be.

          2. 1

            Maybe you could rent a bunch of GPU instances from Amazon instead?

            1. 2

              I don’t think GPUs are remotely competitive anymore.

              1. 1

                First you point out that ASIC mining isn’t a competitive way to carry out this attack because they have high up-front costs. I point out that there are places with GPU computation as a service. Then, you point out that the incremental cost of GPU computation is higher than that of ASIC mining. Yes, that’s true; maybe 2 megawatts of ASIC hashing would be 10 or 20 megawatts of GPU hashing: say, between 10,000 and 40,000 GPUs. The question is, what’s the cost of carrying out the hypothesized “negative mining” attack in this way? If you only have to carry out the attack for a little while, the lower upfront cost of GPU mining might matter more than the lower marginal per-hash cost of ASICs.

                1. 1

                  Oh, I see. According to bitcoin wiki, ASIC has about closer to 1000x advantage in efficiency, but say 200x. I assume Amazon charges 5x electricity cost. So 1000 x 5000, $5000000 per hour? Maybe you can negotiate a bulk discount…

                  1. 1

                    I didn’t realize the advantage was that big, but 200× seems about right — howeverrr…

                    …something’s a bit strange in that comparison. Non-specialized hardware comparison has the ATI Radeon HD 5850 more or less at the top, at 3.06 megahashes per joule. But the AMD card list on Wikipedia says that the 5850 came out in 2009! It’s almost equaled by the configuration with three 7970s (“7970x3”) at 2.6 megahashes per joule, and that’s a much faster card (1950 megahashes per second, or 650 per card, to the 5850’s 283 megahashes per second). But even the 7970 dates from 2012.

                    Of the ASICs, the top choice that looks like it isn’t fake was the BFL Monarch 700GH/s, at 1428 megahashes per joule. But wait! It is fake; Butterfly has removed the cited page from their website in the wake of being prosecuted for fraud. The AntMiner U3 is the next one down the list, and it actually does seem to exist, and it’s 1000 megahashes per joule, which is about 330 times more efficient than the ATI card.

                    But hold on, we’re comparing an ASIC from 2015 to a GPU from 2012. We should expect current GPUs to be a few times more efficient than GPUs from 2012. My guess is that it’s just that nobody has been bothering to benchmark them in the last few years. So maybe the ratio is 100× or 200×.

                    That’s still a lot higher than I expected! Thank you for the enlightenment. :)

                    1. 2

                      Also remember that EC2 uses NVidia cards, which are not nearly as well suited for mining, for whatever reason.