[Cryptography] blockchain and trustworthy computing

Peter Todd pete at petertodd.org
Mon Oct 5 08:32:40 EDT 2015 

On Mon, Oct 05, 2015 at 12:05:32AM -0500, phm wrote:
> 
> Peter Todd wrote:
> > On Wed, Sep 30, 2015 at 11:22:10PM -0400, ianG wrote: > In the Bitcoin world I think it's fair to say that most experts are
> very concerned about the high, and increasing, % of users who use SPV
> clients rather than run full nodes. While it's hard to predict exactly
> when this threshold is reached, at some point too few people will be
> actually verifying the blockchain to sufficiently strongly incentivise
> miners to follow the rules. For instance, at some point miners can great
> bitcoins out of thin air to increase their profits. >
> While I share your concern and generally encourage people to have a full
> copy of the block chain unless there is a very, very good reason not to
> (Armory over Electrum, desktop over mobile, etc.),  I am incredibly
> curious as to how coins could be "created out of thin air." Whether or
> not folks have full nodes, they can still review the block chain through
> a given explorer. It seems perhaps your real fear is that ignorance
> among new users of the protocol will eventually lead to malfeasance at
> the hands of those more practiced in it.
> 
> But still, how could these coins be generated without there being some
> actual provenance on the blockchain? Wouldn't the miners in fact then be
> stealing coins, in a sense? On the one hand, by generating oversized
> coinbase rewards somehow (please explain), that's theft from the future.
> On the other, sending coins that don't belong to them, in effect,
> invalidates some other coins.
> 
> Obviously miner centralization could create such a scenario. I've read
> on the bitcoin-dev list recently that there's talk via BIP 99 (I think)
> of having a way of changing the protocol such that ASIC farms would have
> to essentially reboot.
> 
> But, seriously. Please tell us how miners could "create coins out of
> thin air." I've never heard of such an idea until now.

From the perspective of a SPV client that does no validation a valid
block containing only valid transactions and an invalid block containing
invalid transactions are indistinguishable. Thus a miner can create a
block containing transactions that - among other things - spend inputs
that don't exist, creating coins out of thin air that will be accepted
by the SPV client as just as valid as any other coins. If a majority of
miners do this, the longest block chain - again from the perspective of
a non-validating SPV client - will be the one where miners are creating
coins out of thin air.

-- 
'peter'[:-1]@petertodd.org
000000000000000010734953ce486a820b6f7907e879b1b6e30fccf603098bef
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 650 bytes
Desc: Digital signature
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20151005/669df1a1/attachment.sig>

More information about the cryptography mailing list