[Cryptography] Electronic currency revived after 20-year hiatus
Peter Todd
pete at petertodd.org
Thu Aug 18 18:20:57 EDT 2016
On Thu, Aug 18, 2016 at 02:15:00PM -0400, Allen wrote:
> >
> > Note that Bitcoin - specifically proof-of-work - does solve a problem that
> > signature-based approaches can't: even if the people building consensus in
> > Bitcoin (miners) all conspire to change history, it's provably expensive
> > for
> > them to rewrite history because they have to re-do all the proof-of-work.
> > That's not true in signature based consensus, as forging a signature is
> > free.
> >
>
> Not so easy though if all honest participants use a signing key only once,
> publishing a new public signing key and overwriting the old private key
> each time they sign a block. Once the old private key is overwritten, it's
> impossible to revise the history (except to rewrite it completely by
> changing the software to accept a different genesis block, which I think
> would be possible with any blockchain).
That's the thing with proof-of-work: you get that guarantee even if miners
aren't honest. Even dishonest miners have to re-do work, with provable
expendetures, to re-write history. All you need to assume is that miners are
economically rational actors, which is a stronger threat model than needing
honest participants.
Additionally, because consensus systems can be layered, once one proof-of-work
system exists other consensus systems can piggyback on it for additional
security. For instance, a signature-based consensus system can additionally
require that the system state be published on a PoW blockchain periodically,
with the protocol defining a state as valid only if that publication exists
(perhaps with some time-window for cost/latency reduction of recent history).
By doing that attacks have a much higher chance of being detected, because the
PoW consensus forces the attacker to publish the fact that the attack is
happening widely.
--
https://petertodd.org 'peter'[:-1]@petertodd.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 455 bytes
Desc: Digital signature
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20160818/98062882/attachment.sig>
More information about the cryptography
mailing list