[Cryptography] ghash.io hits 50% of the Bitcoin compute power

[Phillip Hallam-Baker]

On Sun, Jun 15, 2014 at 7:24 PM, John Levine <johnl at iecc.com> wrote:

> >Whether checkpoints are a good idea -- in particular, whether they imply
> >that Bitcoin is not nearly as decentralized as advertised -- is a
> >legitimate matter for debate. But on a purely technical basis, the
> >current block number is 306,006, so the correct answer to John's
> >question is "nothing would happen because his software would reject any
> >attempt to rewrite that much history".
>
> Well, OK, how about if it started hearing that there was a fork at 279,001?
>

Nobody would do a 50% attack to unwind the whole stack. It would be
pointless to go back more than a couple of hours. Just long enough to move
the money somewhere else.

The prime directive of the longest fork is sufficient for any practical
attack. So the blockchain scheme does not really deliver any security value
over a network of Haber-Stornetta notaries.

But its also a mistake to think Gash.io can only defect by unwinding
transactions. If they have 51% of the compute power their most profitable
approach will be to simply ignore all the other miners and work extending
their own chain.

Lets say that the starting block is B_t another mining pool wins block
B_t+1. Gash.io can either switch to mining the new chain or they can
continue to mine from B_t. Both approaches have the same expected reward,
there is a 50% chance of 1 coin or a 25% chance of 2 coins.

Gash.io doesn't do any better if the mining network synchronizes
instantaneously. But they do have an advantage when synchronization takes
time because they keep mining the old block without a pause rather than
moving to the next one.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20140616/c036320e/attachment.html>