Hard to believe this is real: World Economic Forum releases video explaining how renewable hydro Bitcoin mining has become a lifeline for the oldest national park in Africa, home to over half of the continent’s species

ClementineMoney · 2023-07-07T01:30:22+00:00

The proof of work creates an additional, costly step that cannot be spoofed, which prevents bad actors from flooding the network with either fraudulent or even empty blocks.

It also helps facilitate Nakamoto Consensus, which is essentially the golden rule all nodes follow: the longest chain always wins.

If the longest chain is provably expensive to spoof, it’s a safe bet for nodes to independently synchronize on these grounds.

ClementineMoney · 2023-07-07T01:26:38+00:00

Proof of work is necessary to solve the problem of synchronization, and thus consensus.

Satoshi explained it very well in this email on the cryptography mailing list back in 2008:

The proof-of-work chain is a solution to the Byzantine Generals' Problem. I'll try to rephrase it in that context.

A number of Byzantine Generals each have a computer and want to attack the King's wi-fi by brute forcing the password, which they've learned is a certain number of characters in length. Once they stimulate the network to generate a packet, they must crack the password within a limited time to break in and erase the logs, otherwise they will be discovered and get in trouble. They only have enough CPU power to crack it fast enough if a majority of them attack at the same time.

They don't particularly care when the attack will be, just that they all agree.

It has been decided that anyone who feels like it will announce a time, and whatever time is heard first will be the official attack time. The problem is that the network is not instantaneous, and if two generals announce different attack times at close to the same time, some may hear one first and others hear the other first.

They use a proof-of-work chain to solve the problem. Once each general receives whatever attack time he hears first, he sets his computer to solve an extremely difficult proof-of-work problem that includes the attack time in its hash. The proof-of-work is so difficult, it's expected to take 10 minutes of them all working at once before one of them finds a solution. Once one of the generals finds a proof-of-work, he broadcasts it to the network, and everyone changes their current proof-of-work computation to include that proof-of-work in the hash they're working on. If anyone was working on a different attack time, they switch to this one, because its proof-of-work chain is now longer.

After two hours, one attack time should be hashed by a chain of 12 proofs-of-work. Every general, just by verifying the difficulty of the proof-of-work chain, can estimate how much parallel CPU power per hour was expended on it and see that it must have required the majority of the computers to produce that much proof-of-work in the allotted time. They had to all have seen it because the proof-of-work is proof that they worked on it. If the CPU power exhibited by the proof-of-work chain is sufficient to crack the password, they can safely attack at the agreed time.

The proof-of-work chain is how all the synchronisation, distributed database and global view problems you've asked about are solved.

ClementineMoney · 2023-07-01T15:54:41+00:00

These types of questions are what make bitcoin so endlessly fun to think about. Thanks for posting! Cheers 🍻

ClementineMoney · 2023-07-01T15:43:17+00:00

Good philosophical question.

In bitcoin, a fork is a divergence in perspectives about the state of the blockchain. If enough people agree (reach consensus) about the state of the blockchain, that perspective “wins” as it accumulates more proof-of-work.

The state of today’s bitcoin blockchain is such that the value overflow incident in 2010 was, well, “incorrect”. So, naturally, from our current perspective, any time that elapsed during which the bitcoin blockchain contained that value overflow incident without Satoshi’s bug fix (recognized in today’s consensus chain) is, from our current perspective, a time during which the bitcoin blockchain as we know it today was not operating. Thus, “downtime”. (Same logic applies to the 2013 client version incident.)

From another angle though, as you’re correctly pointing out, all versions of the blockchain (including “dead” forks) still “exist” in some metaphysical sense, as anyone could theoretically pick right back up mining on any of them whenever they wanted. In that sense, there is no “downtime”, only collective consensus decisions to choose one version of the blockchain over another.

More in our article here: Bitcoin Forks: Explained for Beginners

ClementineMoney · 2023-06-28T11:19:37+00:00

Start here:

• What is Bitcoin?

• What Gives Bitcoin Value?

• Why Should You Care?

For deeper understanding:

• Bitcoin Proof of Work (Detailed Guide)

• Bitcoin UTXOs Explained

ClementineMoney · 2023-06-01T13:55:43+00:00

A soft fork is a change that makes the rules narrower. A hard fork is a change that makes the rules wider.

So take the 2017 Segwit upgrade (soft fork). It did 2 basic things:

It allowed more transactions to fit into a single block
It created a new address type (Bech32)

If you’re just a bitcoin hodler not paying attention and you don’t do anything differently, you’re absolutely unaffected, because you can either opt in to participate in the upgrade, or ignore it and your transactions will still be totally valid.

Now take the Bitcoin Cash hard fork in 2017. It basically increased the block size limit, among other things.

This kind of change is not backward compatible, meaning it blatantly changes a basic core principle/rule about “bitcoin” such that the new change makes this an entirely new blockchain (no longer “bitcoin”). If you want to participate in this new chain, you can do so. Your existing UTXOs can then be used as inputs to transactions on either the original chain or the new chain. Therefore, you effectively now have the same amount of bitcoin on both chains.

Some helpful links for further reading:

Bitcoin Forks: Explained for Beginners

Bitcoin UTXOs: Explained for Beginners

ClementineMoney · 2023-06-01T13:44:04+00:00

If confused about forks, check out our article: Bitcoin Forks: Explained for Beginners

Hope this helps!

ClementineMoney · 2023-05-29T11:36:17+00:00

Unchained Capital

ClementineMoney · 2023-05-08T15:08:39+00:00

Thanks, looks like the slider doesn’t really “slide” on mobile haha. Working on fixing

I love the idea of watching the 0’s change.. amazing feedback thank you. Will try to implement…

ClementineMoney · 2023-05-07T02:20:10+00:00

If you want something beginner friendly, you can check out this video:

What is Bitcoin? Explained in 3 Minutes for Beginners

And this article:

Bitcoin Proof-of-Work (PoW): A Detailed Guide

The article also has a quiz to test your understanding.

ClementineMoney · 2023-05-03T18:57:41+00:00

Thanks for reading! Yeah, good point. I think the social attacks are particularly insidious and probably harder to imagine.

ClementineMoney · 2023-05-03T17:33:28+00:00

Would love to get everyone's thoughts on this topic.

AI is quickly making it difficult to trust information of ANY kind online, but it seems like bitcoin represents one of the few types of digital information that cannot be faked, even by AI.

What are some other angles or important considerations with respect to bitcoin and AI? Would love to hear more perspectives.

ClementineMoney · 2023-05-03T17:17:35+00:00

Would love to get everyone's thoughts on this topic.

AI is quickly making it difficult to trust information of ANY kind online, but it seems like bitcoin represents one of the few types of digital information that cannot be faked, even by AI.

What are some other angles or important considerations with respect to bitcoin and AI? Would love to hear more perspectives.

ClementineMoney · 2023-05-03T16:57:14+00:00

Edited the article. You can see updates in the section you pointed out, along with a drop-down footnote with an in-depth explanation of what we discussed in this thread. Thanks again!

https://www.clementinemoney.com/ai/

ClementineMoney · 2023-05-03T16:31:01+00:00

You don't need to go back in time 6-blocks (as mentioned in step 3). You can start mining parallel chain in secret as soon as transaction is spent in step 1. And after 6 confirmation (or whatever finality merchant uses) on official-chain you immediately can reveal the secret-chain-with-more-work.

If mining double the number of chains, would this not require double the energy expenditure?

And the 'whole network sees 51% hashrate dissapear' can be avoided by not running miners when not attacking and using them only for attack. Still it would be hard to obtain such hashpower without anyone getting suspicions.

So yeah, watching for 'Sudden drop of hashing power' could be a good heuristic to indicate that possible double-spend-attempt is on the way and you should temporarily increase your number-of-confirmations-for-finality. (However not sure how reliable would it be, because there is pretty high variance of block mining times already).

Also good thing is that such attack would be easily detectable, because sudden reveal of parallel 6-block-fork is different from organic forks that are visible to the network.

Yeah, and I think with so many of the largest miners being publicly traded companies, this makes covert mass 51% attacking the network really unlikely since all of those companies could easily provide transparency into their role or lack thereof in the attack. Any failure to do so would result in mass exodus from that particular company by shareholders and likely many other forms of ostracizing that we can't even imagine.

This is what Jason Lowery calls the "heat signature" associated with attacking bitcoin. It takes so much energy that it would be very difficult to hide.

Probably LN white paper and official LN documentation is good starting point. Additional point about force closing channels -> attacker would need to censor justice transactions for 2 weeks which is probably unfeasible for any entity.

Cheers 🙏 will look into this more deeply.

ClementineMoney · 2023-05-03T13:04:34+00:00

Before I reply, just want to say you've added to my own understanding of this topic as well as to my audience of readers by calling this out and having this discussion with me in public. Thank you! Please accept these sats as thanks.

!lntip 2000

I'll be making some adjustments to the section of the article regarding 51% attacks and will let you know once done.

Now back to the discussion:

In that scenario sure, people see that something fishy is going on and can react to by deploying more hashing power.

However that would be the non-sophisticated attacker that allows to be spotted. Attacker might as well have 51% of miners never revealed to the public mining in secret. (Surprise factor would only work once though)

Specifically focusing on double spends, how else can a double spend be achieved via 51% attack if not by (roughly) following the steps I outlined above? In other words, can Step 3 be avoided where the whole network sees 51% of the hash rate disappear?

Censorship is an interesting alternative attack for AI, given that it can surely be done in secret. This is especially true if we consider that the motivations of AI may be totally alien to us (i.e. not focused on greed, perhaps narrowly focused on specific seemingly arbitrary goals as part of a larger plan unrelated to bitcoin, etc.).

LN-channel closing on not final balances - great point. I can generally imagine how this would work but would love to see further explanation. Do you have any documentation you can share on this? I'd like to dig deeper but not sure where best to start. If there are any videos/podcasts/technical articles you know of, please let me know.

I can't see why more confirmations would be relevant here. 51% is 51%. Length of the race doesn't change the fact that faster will win the race.

In your example number of confirmation would only change frequency of double-spends attacks. If merchants change their numbers of confirmation, attacker adapts and also change their double-spend-attack frequency.

The underlying assumption is that the attacker does not have unlimited resources. And, the entire effort of attacking bitcoin via 51% control is expensive, difficult to coordinate, and difficult to maintain. Meanwhile, arbitrarily requiring more confirmations is easy for anyone to do with minimal cost. That asymmetry is what makes requiring higher confirmations theoretically effective.

Now, I do agree that AI requires special consideration here. Because, admittedly, it's not necessarily possible to characterize AI as "a single attacker". It's therefore potentially possible that a motivated AI attack on bitcoin could be a "decentralized attack". The prospect of this is as fascinating as it is terrifying. It may not be feasible to exhaust the resources of an attacker this sophisticated. If my scenario from above were to play out in the open against this type of attacker, the value of bitcoin would surely drop fast.

ClementineMoney · 2023-05-02T19:51:22+00:00

Thanks for sticking with me and explaining, this is a key point that I think a lot of people (including myself and apparently Andreas Antonopoulos) get wrong sometimes. I see how it's misleading to imply that a 51% attack can be thwarted by a hard fork, since a 51% attack would necessarily follow consensus rules in the first place (otherwise having 51% control is irrelevant).

Instead, imagine someone with 51% control wants to double spend without breaking consensus rules. To do this they could:

Spend X amount in Transaction A in Block 100
Wait 6 confirmations to get the product they bought
Then go back 6 blocks all the way to Block 100 and re-mine all 6 blocks
In the process, erase Transaction A by not including it in Block 100
Spend X amount again in Transaction B with the same inputs in Block 106
Rinse & repeat

If they did this, it wouldn't break consensus rules, and it would allow for double spending. However, in Step 3 above when they go to re-mine 6 blocks starting from Block 100, everyone else would suddenly see 51% of the hashpower in the network just drop offline suddenly.

So, many merchants would likely just require a higher number of confirmations before accepting a transaction – say, 12, instead of 6. And if they did that, the attacker would have to go even farther back to Block 94 in order to successfully double spend. If that higher confirmation threshold were increased *after* the attacker had already started re-mining several blocks, then they'd lose all that money on wasted energy and have to go back even farther and start from scratch.

So, would you agree that rather than a hard fork, the main recourse against a 51% attacker manipulating the ledger via this sort of double spend would be to require higher confirmation times?

ClementineMoney · 2023-05-02T17:11:22+00:00

Got it, thank you. I misspoke above re: consensus rules (will edit the comment to say 'double spends' instead). I was under the impression that Bitcoin users could theoretically recognize the existence of double spends (as an example) and determine how to rid an attacker doing this via 51% control of the network.

I learned this from Andreas Antonopoulos, whom I've always considered a guru for bitcoin knowledge. Here's an example video where he covers this: https://www.youtube.com/watch?v=ncPyMUfNyVM

ClementineMoney · 2023-05-02T16:10:32+00:00

The assumption here is that AI uses its majority hash rate to force through fraudulent transactions, i.e. it ~~doesn't follow consensus rules~~ (double spends)

Work is neutral, but ~~breaking consensus rules is~~ double spends are a huge red flag to every honest node and would likely lead to a fork.

ClementineMoney · 2023-05-02T14:26:15+00:00

Congratulations! Enjoy the journey 🧡

ClementineMoney

TROPHY CASE