[Cryptography] What has Bitcoin achieved?

L. M. Goodman lmgoodman at hushmail.com
Tue Jun 24 16:40:19 EDT 2014 


On 6/24/2014 at 4:06 PM, "Bear" <bear at sonic.net> wrote:

 
>
>This means it is transactions, and not mining, that supports the 
>security of the blockchain.   In order for transaction support to 
>be finite (necessarily count for only one side of the fork) it is 
>necessary for transactions to give a block hash from the blockchain
>they support.  Any transaction that gives a pre-fork block hash 
>can 
>be replayed into either side of the fork, thus cancelling its 
>support
>for the other side.  Any transaction that gives a post-fork block 
>hash can be counted as support only for the fork in which that 
>block hash appears.  Thus, transactions that name more recent block
>hashes (within the last 1-3 blocks) are more valuable for securing 
>the chain than transactions that name later block hashes (within 
>the 
>last 4-7 blocks), and if compensated via proof-of-stake 'interest' 
>payments for securing the chain, should be compensated more. 
>Transactions giving block hashes older than 8 blocks are not 
>terribly useful in securing the chain, and should not be accepted. 
> 
>
>Because this solution is not subject to nothing-at-stake, at 
>the very least attackers have to use real as opposed to already-
>spent stake to attack it, and cannot support their attacks by
>making transactions using the same coinbases they are trying to 
>steal via their attacks.  
>
>But this is still a partial solution.  There is still a flaw in
>that someone making a transaction can easily make it in both 
>sides of a fork, therefore supporting neither.  Further, there 
>is some motive for them to do so, unless such transactions can 
>be demonstrated based on information to be recorded in the main 
>branch and their proof-of-stake payment for securing the chain 
>withheld.
>I believe that this is possible, but complex and 
>possibly unnecessary.




Another flaw in TAPOS is that the weight given by a transaction to the chain can be extremely high. Thus, an attacker can force a reorganization and successfully double spend merely by keeping a large txout handy, ready to be spent on the fork.

In general, unless the weight of each block is bounded and the average block has a weight close to that bound, you're subject to this type of attacks.

More information about the cryptography mailing list