[Cryptography] Security model of blockchains ?

Ersin Taskin hersintaskin at gmail.com
Mon Jun 25 08:58:38 EDT 2018

 grarpamp <grarpamp at gmail.com>, 25 Haz 2018 Pzt, 04:31 tarihinde şunu yazdı:

> Cryptocurrency, once established globally in trio of... philosophical mind,
> enough mechanical knowledge to use confidently, and then used routinely
> as desired... is wonderfully adaptive to attacks. Each of those three are
> inevitable and unstoppable, and they continue to increase, leading to
> eventual victory of cryptocurrency.
> The "established" will make more by accepting and servicing it
> than they will by burning resources trying to fight it.

I believe, hope and wish the same. However, I try hard to remain skeptical.
We need coin-secularism in the space. We should separate our faith in our
coins and the space from our technical/scientific works.

As i mentioned i dont mean super-rational attack will absolutely take place
or try to forecast what will happen if it does. The process and space are
too complex for a serious forecast attempt.

However, I see super-rational attack as a boundary case worth discussing
for the blockchain security model. And the probability of such an attack is
significant enough. If we compute the necessity of SRA discussion as
probability X severity then we conclude significant necessity.

Let me explain what i mean by sr attack with an example.Let us imagine a
super-rational attack to, say, Dash. I chose Dash because BTC, BCH, ETH,
EOS might attract high emotions today. Dash is good. Not too big, not too
small, have the power of master-nodes, etc. Getting majority hash power
means buying majority master nodes stake. BTC threat was obvious for the SR
Attacker when Dash was born, and there was enough time window for it to
focus on the disruption threat. Then the powerful smart attacker would not
wait until today for its possible defensive-attack plan because it would be
awfully more costly and difficult. Instead, it would get majority master
nodes at its birth phase when the costs were peanuts. Stay dormant. It does
not cost a thing plus you make  money in terms of honest, good colour coin
(your fuel) and build reputation, which you will need for a super-rational
attack. If the coin explodes to become a threat, your investment-at-birth
gives huge profit to fuel the attack. A beautiful paradox. Nakamoto says
“then keep making money by playing by the rules”. Ok for the honest
investor but remember the SR attacker has infinitely higher gain by
destroying its disrupter. It is called survival. This phenomenon deserves a
separate philosophical discussion involving evolution. A nice chicken-egg
debate running forward rather than backward.

SR attack is not an acute-only attack. It is indeed chronical (with acute
episodes). The SRA would comprise the remarkable miners/masters of the
target coin, it would attack, if it is wise enough to take the first step
with good rather than stupid timing. BTC tragedies like block-size battle
and BTC-BCH holy war might be a sr attack episode. Causing such increases
at tx fees is trivial by sr attacker and the space has proven vulnerability
to such an attack. SR attack can take years. Maybe we should not use the
word attack. English is my second language, can someone offer a better
phrase for super-rational attack, which sounds Turkish-English:)

That is why I call the SR attack as the boundary of blockchain security
model, which is based on privacy, game theroy, trustlessness(!),
decentralization, etc. It shows that if the powerful target to disrupt did
steer its focus on the threat on time after the mortgage meltdown aftermath
then the blockchain cryptocurrency space has a paradox sitting as a bomb at
the heart of its security model which i try to explain at SR-attack
phenomenon. The only hope is to anchor to something immune to sr attack or
hope the SR attacker and the space will co-evolve to something that they
become compatible or even one. A sort of singularity as in AI-human

That being said let us do some thought exercise on below:

Legit users might statistical detect which miners are not mining
> their lower fee tx and conspire to filter out their tx and node traffic
> thus forking away from them.
Not mining lower fee txs is a normal/legit behavior. The sr attacker can
adjust attack period/duration, timing, growth, tx fee amount, etc.
parameters in such a way that detecting the system is under attack
statistically might be far from trivial. U may imagine the sr attacker
getting the majority hash power in terms of pools providing better
incetives to its members, as well. In case honest miners can detect and
collaborate, any fee they can get from the sybil nodes on the longest chain
is removed from the attacker's loop. However, remember the sr attacker is
much more powerful then the honest miners (and even the entire space) and
hold its breath longer. Furhermore, the block size is limited, the longest
chain rules, and the solution must be algorithmic + decentralized.

Such attackers will have massive non recyclable energy cost,
> typically required to appear on their public sheets.
The sr attacker uses legitimate mining energy as a reputable miner/pool
manager/masternode, etc. Even if it were to cover up the energy spent the
percentage of such costs should be negligible compared to total costs it
has + the attacker is unfathomably huge and complex. There is plenty of
space for cover-up. We should not be fooled with cases like Iran-gate that
such staff always gets caught (tip of the iceberg phenomenon) or even if we
the cypherpunks catch them the public will get mobilized against the
etablishment to sufficient degree.

> Legit p2p webs of in person validated global trust nets will also develop
> creating new handshake agreements in mining / nodes defense, sybils
> will not be able to pass inspection up to and including SSBI style,
> large operations will be suspected and derated in metrics accordingly.
I am a reputation systems believer and fan. The above is not as easy as it
sounds. I have a lot to write about it but I have limited time. Privacy,
legitimacy of high tx fee based choice, etc all make it algorithmically
impossible to detect valid/honest tx from invalid/sybil tx in a sr attack

> Attackers are ultimately frail and cannot continue to forever inflate
> and sink their fiat into such attacks, citizens will revolt against that.
FUD and speculation causing positive feedback mechanisms help collapse the
target coin with sustainable attack volume. Less than required for the
mortgage meltdown remedy. Globe has proven to be large enough to absorb the
trilllion-dollar scale shock emission. The globe is even bigger today.
There is enough room for de-emission (burning back) phases. Besides the sr
attacker would obviously take the stake at the early phases of the target
coin except BTC. BTC has the priviledge to be the first ever successful

> Users will simply migrate and exchange away to more advanced
> and resistant usable cryptocurrency nets if attackers tx fees and
> etc begin making make the old unusable. ie: What has happened
> with downfall of BTC...
If you controll the longest chain u have the power to select the txs. when
people panic due to legitimate reasons like high tx fees, they would run
towards the exit. And when they do they would instinctively follow the exit
sign, not the fire-danger/risk sign. Not all of the coin holders are
cypherpunks like u and me:) we r the very minority in this thing and that's
a good thing. The investors, speculators, the poor guy whos is here just to
make money, lambo dreamer, moonwalker, none will hear our calls as they
run. Besides all, remember the Dash scenario. How about this? The SR
attacker missing the train almost at BTC and not in the remaining coins
like Dash etc. could allow u to run from BTC to any of its coins where you
run into a smaller cage. Can the entire space of investor whales and poor
users collaborate to fight it? That is a huge question mark form me.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20180625/5b682cd1/attachment.html>

More information about the cryptography mailing list