Received: from sog-mx-3.v43.ch3.sourceforge.com ([172.29.43.193] helo=mx.sourceforge.net) by sfs-ml-1.v29.ch3.sourceforge.com with esmtp (Exim 4.76) (envelope-from ) id 1YLvky-0001JX-Q0 for bitcoin-development@lists.sourceforge.net; Thu, 12 Feb 2015 15:32:44 +0000 Received-SPF: pass (sog-mx-3.v43.ch3.sourceforge.com: domain of gmail.com designates 74.125.82.52 as permitted sender) client-ip=74.125.82.52; envelope-from=natanael.l@gmail.com; helo=mail-wg0-f52.google.com; Received: from mail-wg0-f52.google.com ([74.125.82.52]) by sog-mx-3.v43.ch3.sourceforge.com with esmtps (TLSv1:RC4-SHA:128) (Exim 4.76) id 1YLvkx-0003eo-OA for bitcoin-development@lists.sourceforge.net; Thu, 12 Feb 2015 15:32:44 +0000 Received: by mail-wg0-f52.google.com with SMTP id x12so988565wgg.11 for ; Thu, 12 Feb 2015 07:32:37 -0800 (PST) MIME-Version: 1.0 X-Received: by 10.180.211.101 with SMTP id nb5mr6921334wic.37.1423755157678; Thu, 12 Feb 2015 07:32:37 -0800 (PST) Received: by 10.194.28.170 with HTTP; Thu, 12 Feb 2015 07:32:37 -0800 (PST) Received: by 10.194.28.170 with HTTP; Thu, 12 Feb 2015 07:32:37 -0800 (PST) In-Reply-To: References: <20150212064719.GA6563@savin.petertodd.org> Date: Thu, 12 Feb 2015 16:32:37 +0100 Message-ID: From: Natanael To: Mike Hearn Content-Type: multipart/alternative; boundary=001a11c37cc66bb22d050ee5d44a X-Spam-Score: -0.6 (/) X-Spam-Report: Spam Filtering performed by mx.sourceforge.net. See http://spamassassin.org/tag/ for more details. -1.5 SPF_CHECK_PASS SPF reports sender host as permitted sender for sender-domain 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider (natanael.l[at]gmail.com) -0.0 SPF_PASS SPF: sender matches SPF record 1.0 HTML_MESSAGE BODY: HTML included in message -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature X-Headers-End: 1YLvkx-0003eo-OA Cc: bitcoin-development@lists.sourceforge.net Subject: Re: [Bitcoin-development] replace-by-fee v0.10.0rc4 X-BeenThere: bitcoin-development@lists.sourceforge.net X-Mailman-Version: 2.1.9 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 12 Feb 2015 15:32:44 -0000 --001a11c37cc66bb22d050ee5d44a Content-Type: text/plain; charset=UTF-8 Den 12 feb 2015 16:15 skrev "Mike Hearn" : > > The first is that this setup means miners can steal arbitrary payments if they work together with the sender of the money. The model assumes this collaboration won't happen, but it will. Because no existing wallet has a "double spend this" button, to make the scheme work the dishonest miners must create and distribute such a wallet that implements the whole scorched-earth protocol. At that point it's easy for miners to reward the payment fraudster with some of the stolen money the merchant lost, meaning it now makes sense for the fraudster to always do this. The situation isn't stable at all. > > The second is that it incentivises competitors to engage in payment fraud against each other. A big rich coffee shop chain that is facing competition from a small, scrappy newcomer can simply walk into the new shop and buy things, then trigger the "scorched earth". Even with no miner collaboration, this means the big company is down the cost of the product but so is the little company who lost everything. Whoever can outspend the other wins. > > We don't really need game theory to tell us that this plan is a bad idea. Just imagine trying to explain it to an actual shop keeper. They would think you were crazy. Bitcoin is already a hard enough concept to understand without throwing into the mix "anyone can burn the money they gave you after walking out of the shop". I see no fundamental difference in outcome from miner collusion in scorched-fee (which isn't guaranteed to pay the "right" pool!) and miner collusion in knowingly mining a doublespend transaction. Both outcomes pay the miner and thief equally when successful. The merchant loses in both. Zero-conf needs something else for security. A guarantee it can not be doublespent in the relevant time frame. --001a11c37cc66bb22d050ee5d44a Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable


Den 12 feb 2015 16:15 skrev "Mike Hearn" <mike@plan99.net>:
>
> The first is that this setup means miners can steal arbitrary payments= if they work together with the sender of the money. The model assumes this= collaboration won't happen, but it will. Because no existing wallet ha= s a "double spend this" button, to make the scheme work the disho= nest miners must create and distribute such a wallet that implements the wh= ole scorched-earth protocol. At that point it's easy for miners to rewa= rd the payment fraudster with some of the stolen money the merchant lost, m= eaning it now makes sense for the fraudster to always do this. The situatio= n isn't stable at all.
>
> The second is that it incentivises competitors to engage in payment fr= aud against each other. A big rich coffee shop chain that is facing competi= tion from a small, scrappy newcomer can simply walk into the new shop and b= uy things, then trigger the "scorched earth". Even with no miner = collaboration, this means the big company is down the cost of the product b= ut=C2=A0so is the little company who lost everything. Whoever can outspend = the other wins.
>
> We don't really need game theory to tell us that this plan is a ba= d idea. Just imagine trying to explain it to an actual shop keeper. They wo= uld think you were crazy. Bitcoin is already a hard enough concept to under= stand without throwing into the mix "anyone can burn the money they ga= ve you after walking out of the shop".

I see no fundamental difference in outcome from miner collus= ion in scorched-fee (which isn't guaranteed to pay the "right"= ; pool!) and miner collusion in knowingly mining a doublespend transaction.=

Both outcomes pay the miner and thief equally when successfu= l. The merchant loses in both.

Zero-conf needs something else for security. A guarantee it = can not be doublespent in the relevant time frame.

--001a11c37cc66bb22d050ee5d44a--