[Cryptography] What has Bitcoin achieved?
L. M. Goodman
lmgoodman at hushmail.com
Tue Jun 24 16:40:19 EDT 2014
On 6/24/2014 at 4:06 PM, "Bear" <bear at sonic.net> wrote:
>
>This means it is transactions, and not mining, that supports the
>security of the blockchain. In order for transaction support to
>be finite (necessarily count for only one side of the fork) it is
>necessary for transactions to give a block hash from the blockchain
>they support. Any transaction that gives a pre-fork block hash
>can
>be replayed into either side of the fork, thus cancelling its
>support
>for the other side. Any transaction that gives a post-fork block
>hash can be counted as support only for the fork in which that
>block hash appears. Thus, transactions that name more recent block
>hashes (within the last 1-3 blocks) are more valuable for securing
>the chain than transactions that name later block hashes (within
>the
>last 4-7 blocks), and if compensated via proof-of-stake 'interest'
>payments for securing the chain, should be compensated more.
>Transactions giving block hashes older than 8 blocks are not
>terribly useful in securing the chain, and should not be accepted.
>
>
>Because this solution is not subject to nothing-at-stake, at
>the very least attackers have to use real as opposed to already-
>spent stake to attack it, and cannot support their attacks by
>making transactions using the same coinbases they are trying to
>steal via their attacks.
>
>But this is still a partial solution. There is still a flaw in
>that someone making a transaction can easily make it in both
>sides of a fork, therefore supporting neither. Further, there
>is some motive for them to do so, unless such transactions can
>be demonstrated based on information to be recorded in the main
>branch and their proof-of-stake payment for securing the chain
>withheld.
>I believe that this is possible, but complex and
>possibly unnecessary.
Another flaw in TAPOS is that the weight given by a transaction to the chain can be extremely high. Thus, an attacker can force a reorganization and successfully double spend merely by keeping a large txout handy, ready to be spent on the fork.
In general, unless the weight of each block is bounded and the average block has a weight close to that bound, you're subject to this type of attacks.
More information about the cryptography
mailing list