Gold collapsing. Bitcoin UP.

cypherdoc

Well-Known Member
Aug 26, 2015
5,257
12,998
I can sell the block to the excluded miners, and nobody will know who did it.
ok, i must be tired tonite. what does this mean?

@Peter R

i am tired. i totally left out the discussion about the jacked mempool in my response over on Reddit just now ;)

guys, i'm starting to rethink the inclusion of the user config setting. i'm almost sure Gavin wouldn't be supporting the BU with no limit based on what he said yesterday. that and the exablock attack.
 

Mengerian

Moderator
Staff member
Aug 29, 2015
536
2,597
OK I'm warming up to the idea. if the majority of node support restricted blocks that will result in fee pressure that goes to the miners. (previously I felt it's just the technical limitation of nodes that should limit block size) now I see that there may be some benefit in that nodes can voluntarily limit block size to increase network fees, I've yet to fully understand how this impacts the incentive schema or why its good, but I'm open to the idea none the less.

What are the benefits of this behavior thinking long term?
I think the biggest benefit long term would be the increased security of the network created by more total miner's fees.

It seems that the miners should have an incentive to restrict block size somewhat to maximize the fees they collect. It is not obvious how they would determine what block size or fee level would maximize their profits, they would somehow have to determine this based on their understanding of the market. I would imagine, though, that miner's profit would be maximized with fairly large blocks with many transactions, and low fees per transaction. For example, if the marginal cost to include transactions is a tenth of a cent, they might restrict supply of block space to raise the transaction fees to three tenths of a cent, while processing thousands of transactions per second.

The most obvious way they could accomplish this is by collectively orphaning blocks above a certain size in a "cartel-like" manner. But since cartels are unstable, and the optimum block size is not obvious, there would always be back and forth in the market of the likelihood that large blocks would be orphaned at different sizes.
 
  • Like
Reactions: AdrianX and Peter R

theZerg

Moderator
Staff member
Aug 28, 2015
1,012
2,327
If you are part of a group of miners that are withholding blocks from other miners, you can make extra $ by selling the block info to the miners that are not part of the group. Nobody will be able to tell which miner is selling, except by experimentation. However, experimentation is hard because the buyer won't advertise that he knows the block info unless he finds a block on top of it. So statistical uncertainty will cover you for quite a few rounds. By then the cabal will likely be busted...

Ofc I could be not understanding something -- I'm just throwing out ideas here; I've been focusing a lot more on the code lately so not much time to dig into these things.
 

Peter R

Well-Known Member
Aug 28, 2015
1,398
5,595
"guys, i'm starting to rethink the inclusion of the user config setting. i'm almost sure Gavin wouldn't be supporting the BU with no limit based on what he said yesterday. that and the exablock attack."

Personally, I still think that having the limit default to 8 MB would be the most politically palatable (but I was fine with no limit if that's what others wanted).

I don't see why Gavin would be opposed to the limit being adjustable via an optional command-line option, however.
[doublepost=1447216265,1447215636][/doublepost]
I think the biggest benefit long term would be the increased security of the network created by more total miner's fees.

It seems that the miners should have an incentive to restrict block size somewhat to maximize the fees they collect. It is not obvious how they would determine what block size or fee level would maximize their profits, they would somehow have to determine this based on their understanding of the market. I would imagine, though, that miner's profit would be maximized with fairly large blocks with many transactions, and low fees per transaction. For example, if the marginal cost to include transactions is a tenth of a cent, they might restrict supply of block space to raise the transaction fees to three tenths of a cent, while processing thousands of transactions per second.

The most obvious way they could accomplish this is by collectively orphaning blocks above a certain size in a "cartel-like" manner. But since cartels are unstable, and the optimum block size is not obvious, there would always be back and forth in the market of the likelihood that large blocks would be orphaned at different sizes.
Yes, great points!

Another thing I suspect they will do (and are in fact already doing) is purposely delay low-fee transactions to create a premium market for "next-block service." Some people think that miner's will viciously undercut each other and lose all pricing power, but I now disagree. A decent analogy is software: companies sell their premium software for more money even though the marginal cost of production is no different than for their lower-tier software. Sure, their competitors could start discounting their premium software to force a race to the bottom, but this doesn't happen because it would destroy the industry.

Like Cypher always says: miners won't keep their foot on the pedal if they see a cliff approaching in the distance.

I also think this means that the results from my fee market paper represent a sort of "extreme limit" where everyone is viciously undercutting one another. In practice, fees (especially for next-block service) will probably be higher than my paper suggests.
 
Last edited:
  • Like
Reactions: Mengerian

cypherdoc

Well-Known Member
Aug 26, 2015
5,257
12,998
If you are part of a group of miners that are withholding blocks from other miners, you can make extra $ by selling the block info to the miners that are not part of the group. Nobody will be able to tell which miner is selling, except by experimentation. However, experimentation is hard because the buyer won't advertise that he knows the block info unless he finds a block on top of it. So statistical uncertainty will cover you for quite a few rounds. By then the cabal will likely be busted...

Ofc I could be not understanding something -- I'm just throwing out ideas here; I've been focusing a lot more on the code lately so not much time to dig into these things.
that's a pretty far fetched scenario, imo. what you're describing is Fairweather Mining ala Ed Felten's paper here:

"There is a certain poetic justice in this result. ES-miners plan to deviate from the normal agreement that miners should always mine the longest chain. They do this in the hope of extracting extra revenue. But the coalition of ES-miners is itself destroyed because its members secretly deviate from the ES-mining strategy. And the result is that the system returns to normal mining. ES-miners can’t agree to cheat, because it’s too easy for them to cheat on that agreement."

https://freedom-to-tinker.com/blog/felten/bitcoin-isnt-so-broken-after-all/
 

rocks

Active Member
Sep 24, 2015
586
2,284
someone help me here.

is there a short term effective way to deal with an exablock sprung on the network by a malicious miner? or is it reasonable to think this is an attack scenario that just won't happen?
Personally I think thin blocks and IBLT go a long way towards preventing the exablock attack. With both of these mechanisms built on top of each other (i.e. an IBLT of thin block hashes as the default transmission), the transmission cost of normal blocks that only contain pre-announced transactions is much less than the transmission cost of an exablock that contains a large number of self mined and withheld transactions (which are needed to produce the exablock without losing fees).

This means that Peter's graph showing the transmission cost of large blocks effects the exablock attacker much more than normal blocks (since normal blocks will utilize thin blocks and IBLT for transmission).

The only way to counter this, is to pre-announce the transactions in the exablock. But doing so simply turns this into a standard spam attack, which requires fees to implement. Now every miner is able to include those transactions in their blocks and capture the fees generated, draining them from the exablock attacker and increasing the cost of the attack.

This is one of the main reasons Satoshi implemented fees, fees were partially to fund mining but also function as a spam prevention mechanism.

The cost of fees and increased financial risk of orphaned exablocks, together go a long way towards preventing the exablock attack IMHO.

All that said, I understand the optics of keeping some sort of limit to gain consensus. I just worry that we are kicking the can to another day with that though and trusting the free market to sort it out is always the best option.
 

Peter R

Well-Known Member
Aug 28, 2015
1,398
5,595
That's a great point, @rocks. In order to implement coding gain (thin blocks, weak blocks, IBLT, etc), a significant portion of the block contents must be communicated prior to the block solution announcement. Like you said, this means a 100 MB spam block full of zero-fee TXs costs a lot more than a 100 MB block full of regular fee-paying TXs.
 

Peter R

Well-Known Member
Aug 28, 2015
1,398
5,595
I was looking through the old Gold thread when I came upon this comment.

Pop quiz: who said it?


"The incohearence in some of these posts is so foaming so thick that it's oozing out and making the floor slick; careful-- you might slip and mess up your future as 'the LeBron James of the Bitcoin world'"
 
  • Like
Reactions: bitsko

Peter R

Well-Known Member
Aug 28, 2015
1,398
5,595
@Zangelbert Bingledack

It's funny in hindsight, because he's implicitly refering to @cypherdoc's suggestion that F2Pool and AntPool were producing more empty blocks when mempool swells. Many people including Holliday (who is normally very reasonable IMO) were WTF'ing Cypher after Gmax made that comment, yet it turns out that Cypher's hunch was completely correct: miners were producing more empty blocks when mempool swelled because getBlockTemplate() took longer to execute for large mempool sizes.
 

sickpig

Active Member
Aug 28, 2015
926
2,541
all,

fwiw still short on time to contribute in a meaningful way. just want to thanks everybody for the tons of wisdom distributed in the last few pages. really really impressed.

that said I just want to share with you the the video of Daniel Krawisz's presentation at Las Vegas Bitcoin Investor Conf:

 

cypherdoc

Well-Known Member
Aug 26, 2015
5,257
12,998
@Peter R

Thanks for helping to remember what I said back then; for me :p

I've since added "jacked mempool" to my response last night to /u/drewshaver. Funny; as I was writing it there was something I knew I was missing while trying to ascribe the motive to spv mine solely to full blocks. It was bugging me enough for me to write that post here to you to check me. It just goes to show you how complex this stuff can get especially if you're not working with it everyday. At the time I was particularly focused on mempools and full blocks because of the stress tests. Not at all now.

His question was particularly important given what I've been trying to accomplish in my latest posts the last few days which is trying to combat alot of the FUD theories of mini blockers one by one. And that is;
1. Pieter certainly is able to cause a fork, just like Mike if you wish to characterize it that way. Despite the fact that we know all the core devs are responsible for signing off on changes to code.
2. Stop FUD'ing about the larger miner, larger block attack vs small miners. It's not practical for Chinese miners.
3. Relay network encourages perverse behavior by relaying without verification.
4.at least exablocks can be somewhat countered with SPV mining again debunking the attack of #2.
5. @Peter_R's paper is correct in assuming propagation latency as the major factor in miner decision making.
6. Blockstream are clearly bears on Bitcoin.

What's also funny is I initially guessed iCEBREAKER when I read the quote. On finding out it was gmax, it reminded me of why I distrust him so much. It's the accumulation of quotes like that over the last almost 5 years I've interacted and observed him. He shoots from the hip often with snap condescending judgments before gathering all the facts. We all do that but it's particularly concerning coming from him as the core dev who holds the most sway right now. In fact, it's downright dangerous to Bitcoin. The other example of this is his negative rating of me in BCT which is basically extortion without getting all the facts and demonstrates his willingness to pre-judge without understanding his own biases in the situation while slandering another. Especially since that #CuzHashfastClawback isn't settled yet.
 
Last edited:
  • Like
Reactions: Peter R

awemany

Well-Known Member
Aug 19, 2015
1,387
5,054
guys, i'm starting to rethink the inclusion of the user config setting. i'm almost sure Gavin wouldn't be supporting the BU with no limit based on what he said yesterday. that and the exablock attack.
@cypherdoc: So we maybe want an optional limit on the blocksize that is accepted by a node?
For peace-of-mind-purposes?

Honestly, if I think about it, even for peace-of-mind, I rather let my node follow the cumulative-hashpower-wise longest chain of valid transactions rather than kick out blocks that would be valid.

Thoughts?
 
  • Like
Reactions: rocks

cypherdoc

Well-Known Member
Aug 26, 2015
5,257
12,998
@Peter R

"because getBlockTemplate() took longer to execute for large mempool sizes."

While I may have been correct, it was you who figured out the getblocktemplate nuts and bolts mechanism .
[doublepost=1447238408,1447237802][/doublepost]@rocks

I haven't studied thin blocks yet. Can you summarize them quickly?

Offhand it doesn't sound like iblt plus fees would stop a f2pool multi input single tx exablock attack would it? I can't remember if it had much in the way of fees because of its construction. I'll have to look.
[doublepost=1447238897][/doublepost]@awemany

Personally I think the chances of am exablock are quite low because it requires am attacker to go out and buy a small mining farm and then wait months to solo mine it. That would be @rocks argument that we therefore don't need configuration.

But I also understand those who would want the configurable setting for peace of mind to be used as a credible stick against attackers.

Its complex. I'll need to think about it more.
[doublepost=1447239036][/doublepost]@rocks

If BU ever got accepted without a configurable setting, it would take a long time before iblt and thin blocks got into the code as a defense against an exablock.
 

Zarathustra

Well-Known Member
Aug 28, 2015
1,439
3,797
I was looking through the old Gold thread when I came upon this comment.

Pop quiz: who said it?


"The incohearence in some of these posts is so foaming so thick that it's oozing out and making the floor slick; careful-- you might slip and mess up your future as 'the LeBron James of the Bitcoin world'"

The more influence gmax is losing, the more optimistic we can be. Theymos' agitation helps a lot in decentralizing dev. power.
 
  • Like
Reactions: cypherdoc

theZerg

Moderator
Staff member
Aug 28, 2015
1,012
2,327
No Cypherdoc i think you dont understand. An exablock cannot use iblt or thin blocks because it self mines unbroadcast txns. So it must be broadcast fully whereas the normal blocks use the info already in the nodes mempool. This means that its exa propagation spd will be much slower than iblt or thin blocks.

Also once the exablock is transmitted all those txns are public... so miners could try to steal your txns by ignoring the exablock but not the tx within irt.
 
  • Like
Reactions: rocks and awemany

albin

Active Member
Nov 8, 2015
931
4,008
So basically in the abscence of a hard consensus code cap, in the prescence of adequate block message compression techniques, the level of usage acts as a practical cap in terms of addressing DDoS by dramatically increasing the relative cost of attacking?
 
  • Like
Reactions: awemany

awemany

Well-Known Member
Aug 19, 2015
1,387
5,054
No Cypherdoc i think you dont understand. An exablock cannot use iblt or thin blocks because it self mines unbroadcast txns. So it must be broadcast fully whereas the normal blocks use the info already in the nodes mempool. This means that its exa propagation spd will be much slower than iblt or thin blocks.

Also once the exablock is transmitted all those txns are public... so miners could try to steal your txns by ignoring the exablock but not the tx within irt.
With the caveat that the miner could have spammed free transactions only paying himself before. Of course, this is again not possible unless all people set their node relay policy to insanely low values.


@cypherdoc:

You wrote earlier 'but it only takes one bloat block to screw things up.'. I kind of disagree here, or like to rephrase it at least to a weaker form: It will temporarily screw things up. Because I only see the following scenarios:

a) Exablock went through with most full nodes and other miners -> wasn't actually that exa at all and nodes were actually able to process it
b) Exablock bogs down nodes trying to validate it -> will lose the race with another block and be orphaned

Am I missing something?

There's a lot of imagined problems with Bitcoin that are just semantics.

Might there be a clue in the fact that, at this very moment because of the possibility a block being built on will actually be orphaned, what is actually the longest chain - in other words what is actually to be called the "Bitcoin" blockchain - is undefined or at least subject to change? And in the fact that what constitutes the community of miners and nodes changes depending on how block propagation goes? (Or would in the case of Bitcoin Unlimited.)

What if all the attacks only gain their plausibility from this kind of semantic blur obfuscating the reason they wouldn't work? That could be the systematic mechanism you're looking for.
So are you saying that some people (ahem) are basically framing the situation in a certain way by misleading about illusionary problems?

That's what I feel is the weird thing about it, and maybe I wasn't able to express it: If I put my 'Bitcoin attacker hat' on, I would certainly invent similar scenarios but I am also certain they'd also at some point fall apart. Just as above with the above exablock spamming example and relay policy.

Intuitively
, I strongly feel that all such scenarios will fall apart at some point - just look at all the games Peter Todd invented (to show how badly broken Bitcoin is?)

This disconnect - the seemingly rational first-order attacks that eventually all crash and break at the rock-hard shore of the Bitcoin incentive system - does indeed weird me out a bit about Bitcoin's design.

Maybe this is just because it is very hard to prove a negative and basically impossible if you consider that Bitcoin has social aspects to the system?

Or is it because this time it is about money and not just some hacked gaming webserver so it activates the ultra-paranoid security-hole-seeking mode in people?

Something tells me this schism of a broad, optimistic but well-informed intuition that Bitcoin's incentive system is safe on one side and the paranoia of creating many random narrow and technical arguments (that are seemingly rational up to a point!) on why it should break will stay with us for a long while. (Though I am hopeful not in the shape of further blocksize arguments)

Satoshi must have surely thought long about this - or he must also have been very intuitively convinced by his genius insight - as certainly most of us were when we he read his initial whitepaper a couple years ago.

For some weird reason, it appears to require quite 'schizophrenic' thinking to try to understand both sides on this core design feature.
 
Last edited:

Zangelbert Bingledack

Well-Known Member
Aug 29, 2015
1,485
5,585
@awemany

To a degree what is tripping up small block adherents is the "magic" (i.e., the "invisible hand") of the market, the way people react dynamically to incentives.

As has been harped on in this thread for years, there is a strong tendency for people to extrapolate scenarios out deterministically without regard to how the incentives of all the actors involved change dynamically as the scenario unfolds. In that case it's a simple instance of greedy reductionism, where one looks at only one or two moving parts in isolation within a system that has many moving parts, and then draws conclusions as if the other moving parts didn't exist or couldn't move on their own. Or as Nick Szabo might say, they get lost examining the small game and end up ignoring the large game.

More sophisticated small block adherents perhaps understand that incentives change dynamically and therefore would likely thwart a lot of these attacks, yet they still object because they don't want to rely on incentives and the market. This seems especially true when dealing with software, because the security optimizer's (e.g., Gmax's) instinct is to make everything watertight through code alone. In most software design, say for a website, if they didn't make it perfectly watertight, they failed. That seems to be the mindset they are carrying into Bitcoin. Probabilities and "market forces" that they as software engineers have little fluency in are considered too nebulous for the security of a billion+ dollar system.

Of course this logic is already out the window in Bitcoin, because the entire system only works because of incentives and probabilities. A large class of small block adherents' objections (of the form "miners might collude to...") just boil back down to something equivalent to the risk of a 51% attack.

Adding to this is the semantic blur of fuzzy language or over-simplified conceptions, such as viewing mining pool operators as commanding an army of drone miners without their own free will, and ill-defined notions of "consensus," "the network," and "Bitcoin" itself as these are dynamically changing in definition during various scenarios.

To have people understand these concepts will likely require visuals and even animations to show how situations change dynamically as these attack scenarios play out.

However, they are also missing the basic belief that the market finds ways of working things out that no central planner can piece together in advance (so neither can we as we try to analyze the security of the system to make it airtight, so if we aim for perfection we will never be satisfied and will be eternally ultraconservative even as competing systems threaten to take over). That belief only comes from looking at many examples in economics, which is mostly an alien field to the Blockstreamers at least, judging from how often I have ever seen them make any economic insights. Rather any economic aspects tend to be ignored or touched on in the most superficial and naïve manner.

Ultimately, although it may not be true in the blocksize situation, there could easily be a security situation where there is simply no way for us humans to be 100% sure that the incentives will play out in an acceptable way. Then we have to decide whether to take the risk and implement the change in Bitcoin or let a spinoff (or perhaps a sidechain or altcoin) experiment with it first. Conservatism to the bitter end is not an option the market will allow. If the Core devs want to try the market, they should learn to enjoy the final days of their power.

TL;DR: The illusory attack vectors are thought up endlessly because of lack of understanding of the "invisible hand" of the market and due to sloppy language about dynamically changing situations. The solution will ultimately be to help people understand more of the big picture through visual aids, clearly worded arguments, and general economic training. Ultimately, risk cannot be avoided, nor can it even be minimized within Bitcoin itself due to competition (however, the damage is limited to having to have spinoffs; investor value in the Ledger is preserved).
 

theZerg

Moderator
Staff member
Aug 28, 2015
1,012
2,327
@cypherdoc RE: "far fetched scenario" Yes, but I think the block withholding attack is itself "far fetched".

@albin RE: "practical cap": Exactly, and its only needed because of an irritating "bug" in the miner architecture. The problem is that the miner can add spam to blocks by adding unbroadcast txns that pay-to-self (and fee to self). However, if it becomes significantly slower to propagate a block with unknown transactions then that discourages use of this bug.

RE: configurable max block size. If you are on the fence WRT it being configurable, then choose configurable. Having it configurable helps reduce the problem of "bullet blocks" -- that is, a block that you send to a client which kills the client. Note that this block does not even have to be "mined" because validation takes place after download. If such a block could be crafted it could temporarily interrupt the network. Exablocks are great candidates for these, but also block sizes that have not been tested (engineers like to test everything). So a configurable max block size will allow many users to avoid a bullet block and allow the others to simply reconfigure and restart their client.
 
  • Like
Reactions: awemany and Peter R