* Note: To be clear, DARPA is very interested in distributed ledgers. They’re doing what they have always done, which is advanced research to avoid and create surprising results knowing that failures are frequently required to do so.
people being able to dodge taxes using crypto is an existential threat to the US military, probably a bigger threat than China.
With the US economy tanking and inflation rampant the conditions are ripe for people to just go around the traditional financial system with crypto. BRICS are already talking about dollar alternatives as well
I always kind of feared something like this. Blockchain is a brilliant idea, but the implementation has such a tremendous surface area for flaws. (I’m also not sure blockchain has any truly justified usecases, but that’s neither here nor there.)
i used to work on this stuff (and thought about it quite a bit) so i thought i'd address some of these points purely for the fun of it.
> The challenge with using a blockchain is that one has to either (a) accept its
immutability and trust that its programmers did not introduce a bug, or (b) permit
upgradeable contracts or off-chain code that share the same trust issues as a
centralized approach
yeah, this is a problem. but there are also safeguards. bitcoin, for example, is a many-eyes project, with many developers with many different funding sources watching it. the release process is a work of art (gitian) which was one of the most interesting secure software supply chain attempts i've ever seen going back near a decade.
blockchains are living systems, (as is most software!), where cryptography and software security stops, security based on self interested humans starts.
> Every widely used blockchain has a privileged set of entities that can modify the
semantics of the blockchain to potentially change past transactions.
yes, every project has a set of core developers. but let's assume all those libertarian wingnut core developers agree on deciding to go rogue in a collective socialist fashion to edit the ledger. they still have to push their software through the many-eyes development process, and then get it into the hands of both miners and end users and then actually somehow get away with things getting rewritten in front of everyone, all while not destroying all their time, efforts and holdings on the chain they're attacking.
> The number of entities sufficient to disrupt a blockchain is relatively low: four for
Bitcoin, two for Ethereum, and less than a dozen for most PoS networks.
i'm not sure i follow this. what is an entity? how are they disrupting the network?
> The vast majority of Bitcoin nodes appear to not participate in mining and node
operators face no explicit penalty for dishonesty.
every node in bitcoin maintains an abuse/dishonesty score for every peer. if a node misbehaves in a known/detectable way, it is disconnected and banned as a peer.
the gossip protocol is designed to work around malicious/censurious peers.
> The standard protocol for coordination within blockchain mining pools, Stratum, is
unencrypted and, effectively, unauthenticated.
nothing that passes over this protocol is a secret. maybe making this tamperproof could have some value, but ultimately any attack either only affects the pool's revenue (they'll detect this) or attempts censor (another pool or miner will mine the tx eventually)
> When nodes have an out-of-date or incorrect view of the network, this lowers the
percentage of the hashrate necessary to execute a standard 51% attack. Moreover,
only the nodes operated by mining pools need to be degraded to carry out such an attack. For example, during the first half of 2021 the actual cost of a 51% attack on
Bitcoin was closer to 49% of the hashrate.
i imagine that no single pool or entity was near the ~50% required to carry out the attack.
> For a blockchain to be optimally distributed, there must be a so-called Sybil cost.
There is currently no known way to implement Sybil costs in a permissionless
blockchain like Bitcoin or Ethereum without employing a centralized trusted third
party (TTP). Until a mechanism for enforcing Sybil costs without a TTP is discovered,
it will be almost impossible for permissionless blockchains to achieve satisfactory
decentralization.
this is theoretical, as long as no one is anywhere near 50%, it's fine.
> A dense, possibly non-scale-free, subnetwork of Bitcoin nodes appears to be largely
responsible for reaching consensus and communicating with miners—the vast
majority of nodes do not meaningfully contribute to the health of the network.
they're canaries for a giant distributed network of annoying obsessive compulsive libertarians who will start squawking to high holy hell if they see issues on their nodes. those squawks then coalesce like voltron into a sort of gigantic metaphorical grizzly bear that lovingly watches over all actors in the network and the chain itself.
> Bitcoin traffic is unencrypted—any third party on the network route between nodes
(e.g., ISPs, Wi-Fi access point operators, or governments) can observe and choose to
drop any messages they wish.
randomness in transaction gossiping is designed to work around this as well as use of tor (as mentioned elsewhere).
> Of all Bitcoin traffic, 60% traverses just three ISPs
sounds like the modern internet.
> Tor is now the largest network provider in Bitcoin, routing traffic for about half of
Bitcoin’s nodes. Half of these nodes are routed through the Tor network, and the
other half are reachable through .onion addresses. The next largest autonomous
system (AS)—or network provider—is AS24940 from Germany, constituting only 10%
of nodes. A malicious Tor exit node can modify or drop traffic similarly to an ISP.
the gossip protocol attempts to work around this as mentioned above.
> Of Bitcoin’s nodes, 21% were running an old version of the Bitcoin Core client that is
known to be vulnerable in June of 2021.
lol.
> The Ethereum ecosystem has a significant amount of code reuse: 90% of recently
deployed Ethereum smart contracts are at least 56% similar to each other.
cool.
don't get me wrong, i still have massive issues with the environmental footprint involved with proof of work consensus. moreover, libertarian politics never really made sense to me, except perhaps until yesterday. and yeah, once you start to take the ideal of decentralization and implement it in the real world, there are implementation details that run counter to the ideal... but...
it's probably the closest thing we have to a decentralized and autonomous system of people, computers and software on the internet. it may actually be able to stand up to nation state level attacks. and perhaps most interesting to me personally, it may be an incubation bed for some of the ideas that could lay the foundations for globally neutral naming, identity and reputation services for a next generation internet.
> i'm not sure i follow this. what is an entity? how are they disrupting the network?
It's answered in the article:
> They argue this reduces the threshold for a so-called 51 percent attack. "If a node operator's self-interest is to be dishonest, then there is no explicit penalty for doing so. Moreover, the number of entities necessary to execute a 51 percent attack on Bitcoin was reduced from 51 percent of the entire network (which we estimate at approximately 59,000 nodes) to only the four most popular mining pool nodes (less than 0.004 percent of the network)," the study found.
ahh yes, there's some confusion here. it's not 51 percent of the entire network, it's 51 percent of the hashpower.
it's true that much of the hashpower is concentrated in the hands of a few pool operators, but if i recall, some "getblocktemplate" upgrades that took place around 8 years ago reduced the level of control that the pool operators have. that is, individual participants in the pool aren't mining blindly and would also have to collude. i'd have to look deeper to verify this though.
edit: to follow up, yeah it's true that stratum v1 relies on pool operators, but again it's monitored by gigantic metaphysical libertarian grizzly bears. getblocktemplate delegates transaction picking to participants, but it seems to be in less use and stratum v2 attempts to solve the issues with both.
i don't know what the main pools are using in practice (probably stratum v1 over ssl).
I think they are claiming it's less than 51 percent of hashpower - because they can reduce/disable the 51% by attacking some centralised points, including:
- The c20% of nodes that have outdated software could be eliminated
- The c60% of nodes that run on the three ISP's could theoretically be blocked by a nation state if those ISP's could be controlled.
i.e. it might be more like 51% of 30% = 15% of hash power, which are the 4 entities.
right, but those "nodes" are basically proxy nodes which fan out to thousands of individual miners which are actually burning the hashes. since downtime is extremely costly, i expect that those operators to have multiple geographically distributed proxy pool leaders ready to be switched on at a moments notice.
for the purposes of an entity that can be attacked, yes, the pool leaders are such... but since the pools are just proxies and the actual miners have incentives to stay online, i imagine new pools would form pretty quickly.
finally, everyone focuses on the 51% attack as the end-all, be-all. the only net effect of a 51% attack is that someone might be able to double spend. the cost of running the attack would require that the double spend be pretty massive to make it worth it, and for any massive transaction anyone prudent would wait until said transaction was quite deep in the chain before considering it done (thus requiring even more hashpower to undo it).
Ah, according to that there is no score or explicit ban.
It looks like if you are sending invalid blocks then the server will disconnect you before other peers, but still interesting to see and an implementation detail I didn't know about! Thanks for linking.
hm, guess they updated it. it used to keep a score for each peer in terms of misbehavior and then banlist the source ip address if a peer misbehaved too much.
overall the whole system operates under the assumption that peers are untrusted and unauthenticated, so it's more nuisance prevention than anything.
> they're canaries for a giant distributed network of annoying obsessive compulsive libertarians who will start squawking to high holy hell if they see issues on their nodes
OK that's both hilarious and true. It's one of the most critical components of the security of the network..
