1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
|
Received: from sog-mx-4.v43.ch3.sourceforge.com ([172.29.43.194]
helo=mx.sourceforge.net)
by sfs-ml-3.v29.ch3.sourceforge.com with esmtp (Exim 4.76)
(envelope-from <jeremy@taplink.co>) id 1Vxtpv-0006tj-Ab
for bitcoin-development@lists.sourceforge.net;
Tue, 31 Dec 2013 07:33:59 +0000
Received-SPF: pass (sog-mx-4.v43.ch3.sourceforge.com: domain of taplink.co
designates 50.117.27.232 as permitted sender)
client-ip=50.117.27.232; envelope-from=jeremy@taplink.co;
helo=mail.taplink.co;
Received: from mail.taplink.co ([50.117.27.232])
by sog-mx-4.v43.ch3.sourceforge.com with smtp (Exim 4.76)
id 1Vxtpu-0002bG-Dl for bitcoin-development@lists.sourceforge.net;
Tue, 31 Dec 2013 07:33:59 +0000
Received: from laptop-air.hsd1.ca.comcast.net ([192.168.168.135]) by
mail.taplink.co ; Mon, 30 Dec 2013 23:32:12 -0800
Content-Type: text/plain; charset=iso-8859-15; format=flowed; delsp=yes
To: bitcoin-development@lists.sourceforge.net, Luke-Jr <luke@dashjr.org>
References: <CAMkFLsSwKEiEtV1OaAsGPiU8iAWbb77fDNJDmRwbgKnZ_kjG6Q@mail.gmail.com>
<20131230232225.GA10594@tilt> <201312310114.05600.luke@dashjr.org>
Date: Mon, 30 Dec 2013 23:28:10 -0800
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
From: "Jeremy Spilman" <jeremy@taplink.co>
Organization: TapLink
Message-ID: <op.w8x4c8vbyldrnw@laptop-air.hsd1.ca.comcast.net>
In-Reply-To: <201312310114.05600.luke@dashjr.org>
User-Agent: Opera Mail/1.0 (Win32)
oclient: 192.168.168.135#jeremy@taplink.co#465
X-Spam-Score: -1.7 (-)
X-Spam-Report: Spam Filtering performed by mx.sourceforge.net.
See http://spamassassin.org/tag/ for more details.
-1.5 SPF_CHECK_PASS SPF reports sender host as permitted sender for
sender-domain
-0.0 SPF_PASS SPF: sender matches SPF record
-0.1 RP_MATCHES_RCVD Envelope sender domain matches handover relay
domain
0.0 URIBL_BLOCKED ADMINISTRATOR NOTICE: The query to URIBL was blocked.
See
http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block
for more information. [URIs: taplink.co]
-0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from
author's domain
0.1 DKIM_SIGNED Message has a DKIM or DK signature,
not necessarily valid
-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature
X-Headers-End: 1Vxtpu-0002bG-Dl
Subject: [Bitcoin-development] Merge mining
X-BeenThere: bitcoin-development@lists.sourceforge.net
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: <bitcoin-development.lists.sourceforge.net>
List-Unsubscribe: <https://lists.sourceforge.net/lists/listinfo/bitcoin-development>,
<mailto:bitcoin-development-request@lists.sourceforge.net?subject=unsubscribe>
List-Archive: <http://sourceforge.net/mailarchive/forum.php?forum_name=bitcoin-development>
List-Post: <mailto:bitcoin-development@lists.sourceforge.net>
List-Help: <mailto:bitcoin-development-request@lists.sourceforge.net?subject=help>
List-Subscribe: <https://lists.sourceforge.net/lists/listinfo/bitcoin-development>,
<mailto:bitcoin-development-request@lists.sourceforge.net?subject=subscribe>
X-List-Received-Date: Tue, 31 Dec 2013 07:33:59 -0000
Merge mining lets Bitcoin miners support or attack an alt-coin without any
additional cost for their proof-of-work.
Since bitcoin miners have to install software to build and claim blocks in
the alt-coin, the percentage of bitcoin hashing power reflected toward the
alt-coin will follow some adoption curve based on convincing bitcoin
miners to opt-in.
Depending on where you are on that adoption curve or 'participation rate',
you need [a lot] less than 51% of of total Bitcoin hashing power in order
to 51% attack the alt-coin.
But there's so much 'dry powder' out there (GPUs), I wonder if *not*
supporting merge-mining is any better? At least the attacker has to do
some unique PoW, so you hope it's costing them something. Relatively large
amounts of hashing can definitely be deployed on target with zero startup
cost, and perhaps very little runtime cost (botnets).
I think the absolute cost of the PoW is very likely *not* the determining
factor in preventing a 51% attack on all but one or two blockchains
currently in existence.
Do I understand correctly, the question here is mostly a matter a game
theory?
On Mon, 30 Dec 2013 17:14:05 -0800, Luke-Jr <luke@dashjr.org> wrote:
> On Monday, December 30, 2013 11:22:25 PM Peter Todd wrote:
>> that you are using merge-mining is a red-flag because without majority,
>> or
>> at least near-majority, hashing power an attacker can 51% attack your
>> altcoin at negligible cost by re-using existing hashing power.
>
> I strongly disagree on this isolated point. Using the same logic,
> Bitcoin is
> vulnerable to an attacker at negligible cost by re-using existing hashing
> power from mining Namecoin. Any non-scam altcoin is pretty safe using
> merged
> mining, since any would-be attacker is going to have it in their
> interests to
> invest in the altcoin instead of attacking it. It's only the scam ones
> that want to pump & dump with no improvements, that are really at risk
> here.
>
> The rational decision for a non-scam altcoin, is to take advantage of
> merged mining to get as much security as possible. There are also some
> possible
> tricks to get the full security of the bitcoin miners even when not all
> participate in your altcoin (but this area probably needs some studying
> to get right).
>
> Luke
>
|