[Cryptography] DNSNMC deprecates Certificate Authorities and fixes HTTPS security

Greg greg at kinostudios.com
Mon Dec 16 16:33:06 EST 2013


Hey Ben,

On Dec 15, 2013, at 6:21 AM, Ben Laurie <ben at links.org> wrote:

> As I pointed out elsewhere, Bitcoin (and hence Namecoin) is not
> decentralised: http://www.links.org/files/decentralised-currencies.pdf.


Thank you for the link to this paper.

I needed to find the time to actually read this and get back to you. I've now done this.

You've posted this reply to a number of lists that we're both subscribed to, so I'm going to send this reply to each one:

My reply can be summarized (mostly) by Vladimir's response to your paper here:

https://bitcointalk.org/index.php?topic=25760.msg372591#msg372591

For the list's sake, here are the salient points Sir Vladimir makes:

Than, first of all, he is trying to solve a non-problem and fails to see that issue he is trying to solve is not a bug but a feature.

This is in reference to your criticism of proof-of-work. Here's the rest of his comment on that particular point:

There is no problem with energy consumption, it is a very low price to
pay for getting rid of all the middlemen leaching a few percent from
every money transfer. Moreover, energy spent by miners on securing the
bloc chain is rather negligible in comparison to energy spent on other
ways to do money, when you consider, for example energy, required to
haul all the cash and gold in armoured trucks, smelting gold bullions,
coining coins, smelting metal for the bank vaults and so on...

Second criticism of your paper is as follows (again, I'll just copy Vlad's comments here):

Second of all, his "efficient solution" is very weak. Essentially, he
is proposing to replace voting weighted by pure computational power
(surely not very energy efficient way) to voting weighted by a number
of clients plugged into the network, without proposing any viable way
(since it is impossible) to ensure that this number of clients is not
faked. Therefore, he is effectively shifting proof-of-work concept
from doing lots of sha-256 calculations to opening lots of ports on
lots of IP's simultaneously. This could solve a problem of quick
propagations and wide distribution of information, but surely not a
problem of "double spending". Total epic fail!

Somehow, you seem to have completely missed the point of Bitcoin's proof-of-work. It's right there in the original paper:

The proof-of-work also solves the problem of determining representation in majority decision making. If the majority were based on one-IP-address-one-vote, it could be subverted by anyone able to allocate many IPs. Proof-of-work is essentially one-CPU-one-vote.

Vladimir made one final comment (not too important though, but I'll include it anyway):

He also has completely missed economic part of the system where
initial bitcoin inflation serves the purpose of subsidy to enable
quick growth of the network and making it secure from 50% attacks.

However, all of these points made by Vladimir do not destroy the point your paper makes entirely. They just badly bruise it.

IMO, the only legitimate criticism of Bitcoin contained in your paper is the following:

If, for example, 1% of the total power available7 is used to produce Bitcoins at present (in fact, the amount is far less than that), then at any point someone could come along with a further 1.1% of the total power and use this to define their own consensus8 , thus invalidating all the work, and all the money, of the initial group, and instead take possession of the entire currency for themselves.

This is referring to (or at least should be referring to) the idea of an attacker making their own "fake fork" that they control through superior-CPU power.

The strength of your argument (IMO) rests on this one issue: Whether or not there exists an attacker with the computational power necessary to take over the network.

This is a legitimate question, and combined with the observations made by Vladimir, it implies two takeaway points:

1. Your suggestion for an "efficient alternative" to Bitcoin appears to be inferior to Bitcoin because it appears to be based on one-IP-one-vote (rejected in the original paper).

2. Bitcoin's legitimacy and trustworthiness depends on whether or not there exists (or can exist) an entity with more horsepower than all more than 50% of the nodes on the network. This is old news.

The Bitcoin community has been discussing the 51% attack for a while and appears to be working on addressing the issue:

https://en.bitcoin.it/wiki/Proof_of_blockchain_fair_sharing

In case it's of interest to someone, here are two sites about known attacks on Bitcoin:

http://codinginmysleep.com/bitcoin-attacks-in-plain-english/
https://en.bitcoin.it/wiki/Double-spending

Cheers,
Greg


--
Please do not email me anything that you are not comfortable also sharing with the NSA.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20131216/25d396ad/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 495 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20131216/25d396ad/attachment.pgp>


More information about the cryptography mailing list