
Can someone tell me where my decentralized/blockchain theory breaks? - W09h
Hi folks! Can someone please tell me where my theory breaks?
I theorize that the cost to get enough shared ledgers to agree that user x has 0$ (previously had $5M) is less than or equal to the amount of money that could be divided amongst the thieves.
IE if you get enough people to say the sky is purple is the sky purple? Isn&#x27;t cooperation key to a decentralized system? What happens when a new patch is released that pays you $100 to say a lie that user X has $0 and everyone involved has $100 more?
======
DennisP
Something like this happened last year with Ethereum. A hacker stole $150
million, but the funds were conveniently trapped on one place for a month.
People rolled out a patch that moved the funds back to their original owners.

Some people thought that was a bad idea and kept running the unpatched
version. That caused the blockchain to split into two separate blockchains,
the patched (ETH) and unpatched (ETC).

After that, it was up to the market to determine which version was more
valuable. So far ETH is worth a lot more, so apparently the market was fine
with this action in this particular case.

If people were to roll out a patch that _committed_ a theft instead of
repairing one, it's unlikely that many other people would go along with it.
There'd be another split, the thieving chain would drop to a low value, and
the original chain would keep rolling along with funds unstolen.

~~~
cantrip
The term "hacker" depends on your viewpoint. Put another way, a user executed
a function on a decentralized smart contract platform that transferred $150
million to the possession of the function's caller.

If the value of smart contracts is that they will execute as written with no
possibility of third party interference then Ethereum is not a smart contract
platform. It is a very inefficiently designed public ledger governed by a
highly centralized group of developers who can change it on a whim.

~~~
majormajor
> If the value of smart contracts is that they will execute as written with no
> possibility of third party interference then Ethereum is not a smart
> contract platform.

Why would there be such value in a dumb contract platform like that?
Historically, what societies have chosen to adopt such a set of values?

~~~
kbenson
I think the perceived value comes from the assumption that contracts can be
written perfectly. Apparently, some people believe that the problems
encountered so far are just a matter of weeding out the problems and
eventually contracts will be much less likely to have loopholes like this.

I don't really agree with that worldview, but not strongly enough to bet that
it won't reach some fairly safe equilibrium at some point. Even then though, a
major bug could be lurking for years just waiting to be exploited later.

~~~
samsonradu
This is a rather perfectionist point of view, implying that our current day-
to-day contracts are perfect and don’t have loopholes. Why do smart contracts
have to be written perfectly to be usable by people.

In the end, what’s perfect in the world around us? Big banks fail and lose
people’s savings, cars break and cause deaths and it has’t stopped people from
adopting these on a large scale and keep on improving them.

~~~
kbenson
Wanting all contracts and actions performed by them to be immutable is an
_odd_ point of view in my eyes, but I'm not sure I would call it perfectionist
because the perfection depends on whether you think a perfect system fulfills
the contracts to the letter or the spirit.

In the physical world, we arbitrate contracts with authorities vested with the
power to make decisions over them, such as courts, governments, mediators, etc
that both parties have agreed has the final say, because the alternative is
_unworkable_.

In a consensus system such as a blockchain, that consensus is based on a
majority of the participants. Wanting them to have no say on the outcome of
actions is like wanting the courts to have no jurisdiction over your
contracts.

------
alistproducer2
You're forgetting that the integrity of the blockchain has value, particularly
for miners. The token would crash once such a deception were made known making
the miner's reward for mining worthless. That's the cost that you are not
factoring into your example.

~~~
tootie
Game theory. While the mining community understands the value, whoever is
committing the theft is probably just interested in short-term gain. A few
thieves have not broken the fundamental trust in crypto, but there is
definitely a tipping point.

~~~
abakker
Yeah - as long as the crypto token has liquidity to settle into other
currencies, there is a possibility of agreeing to ruin the chain and exchange
the tokens while information asymmetry still exists. Essentially, if you don't
care about the "store of value" part, a large enough group could do it.

------
thisisit
Too many things going on here:

a. Are you aware of the Ethereum DAO hack? The whole Ethereum vs Ethereum
classic. Short story - The largest ethereum contracts was hacked and money
stolen. Then a patch was released saying that the hack didn't happen.

People who accepted the patch were "ethereum" holders and those who refused
are now on "ethereum classic".

So, changing the rules in a patch doesn't matter. If there are enough people
helping user x and the currency is still accepted it can be called 'currency
classic/cash'.

b. There is a lot of confusion on whether cheating n blockchain somehow
requires a patch or 51% support. It doesn't. 25% is enough to try and cheat
within the rules. Read:

[https://steemit.com/ethereum/@dhumphrey/update-f2pool-
manipu...](https://steemit.com/ethereum/@dhumphrey/update-f2pool-manipulates-
usd1-2-million-on-the-ethereum-blockchain-during-the-status-im-ico)

------
mrep
With greater than 50% of capacity, you can do a lot of bad things.

For ASIC blockchains like bitcoin, a few companies in china dominate the
network so they could easily collude and do just this.

For non-ASIC blockchains, you can do it through the cloud. Here is some math i
did on it the other day:

digiconomist [0] estimates that current etherum mining cost is 1.3 billion a
year, or 3.6 million a day, or 151,000 an hour, or 2,500 a minute.

Multiply by 5 for cloud on demand premiums and you could dominate the etherum
network for an entire day for 18 million. You could also do it for free if you
can manage to do it with stolen credit cards.

[https://digiconomist.net/ethereum-energy-
consumption](https://digiconomist.net/ethereum-energy-consumption)

~~~
andrewla
The reality is that even for Bitcoin, the attack, as described, is infeasible.
It is possible for miners to collude to censor transactions, but not to create
fake transactions, or to somehow steal money from a person and deliver it to
others. An attack on that scale would require rewriting the block validity
criteria, and no existing nodes or other miners would accept the new criteria,
which would result in the chain forking, and the main chain simply losing a
lot of hash power, which would be working on the fork that contained the
change the validity criteria.

------
wakamoleguy
You're correct that cooperation is key and that if you get "enough" people
(50% of hashing power in most cases) behind a plan, they can change the rules
of the game. This could be used to steal coins.

This has actually happened in the past. When massive amounts of Ethereum were
stolen from the DAO, the community got together and decided that those coins
did not belong to the hacker. With >50% of the network, they forked the coin
and created a refund contract where people could retrieve their stolen
coins.[1] The dissenters remained to form what is now Ethereum Classic.

So, what prevents this from happening in a malicious way? The first hurdle is
building that consensus. Many people involved in cryptocurrencies today
believe that the future value is much higher than today's value. Paying them
off would not be easy, especially considering that cashing out a large sum
would crash the price of the coins, and thus the profits from your maneuver.

That being said, a core assumption of cryptocurrencies is that 50%+ of the
network is not malicious. Another way of looking at this is that whoever
controls greater than 50% of the network cannot be considered malicious from
the network's perspective. They _are_ they consensus.

The last point I'll make is speculative. If you created (or took over) a
cryptocurrency and built consensus out of malicious actors, what value do you
think the outside world would place on that coin? You would win lots of coins,
but would anybody pay you dollars for them?

[1] [https://www.cryptocompare.com/coins/guides/the-dao-the-
hack-...](https://www.cryptocompare.com/coins/guides/the-dao-the-hack-the-
soft-fork-and-the-hard-fork/)

~~~
sharemywin
Now sell your coins...bitcoin is only worth something if it works. you'd also
have to get bunch of people that have invested most of their lives to it.

~~~
fixermark
... unless the end goal is not to generate profit, but to diminish value
represented as BTC by undermining fundamental faith in the network, in which
case, a value drop is working as intended.

------
golergka
When you create counterfeit money, you damage people's trust in the money,
which damages it's perceived value. You'd have to do it without doing
catastrophic damage to the public trust, because then all you've stolen
wouldn't have nay value.

However, you could SHORT crypto currency and then do some damage it. Where
would this logic break?

~~~
valuearb
Shorting never damages anything, it's just a market adjustment mechanism.

~~~
golergka
Yes, it doesn't. Also isn't not what I wrote about.

------
tfha
> the cost to get enough shared ledgers to agree that user x has 0$
> (previously had $5M) is less than or equal to the amount of money that could
> be divided amongst the thieves

That's the trick. In some cases, you'd be correct and the thieves can get away
with theft. In most cases though you are incorrect, the cost of getting that
many ledgers to agree with the thieves is prohibitively high.

This theory underscores the importance of having many full nodes running on
the network. If only a small number of people run validating nodes, the cost
of committing some theft like this is substantially reduced. This is one of
the biggest and most important arguments behind having small blocks instead of
large blocks.

Large block supporters tend to think you only need a few full nodes to get
immunity from these types of attacks, and small block supporters tend to
believe that a small number of nodes is easy to compromise relative to the
reward for doing so.

~~~
smokeyj
> Large block supporters tend to think you only need a few full nodes to get
> immunity from these types of attacks

How exactly do you see an attack on full nodes going down? I imagine the
attack would occur on the mining side..

Also, if the mempool becomes more expensive to host than blocks on disk -
would you still think small blocks are safer?

~~~
tfha
Hack the full nodes to modify their database. Or cut a business deal with the
biggest full nodes (Coinbase, Bitmain, Shapeshift, But go, etc.) and decide to
implement a rule much of the network opposes, like raising the block size
(which consequentially makes a repeat attack easier in the future because
fewer users will have the resources to run full nodes themselves)

~~~
smokeyj
> and decide to implement a rule much of the network opposes

And they'll immediately be blacklisted from the network..

Do people realize you can store the entire bitcoin chain for less than the
cost of one transaction? The centralization narrative doesn't hold up.

------
TallGuyShort
>> Isn't cooperation key to a decentralized system?

Slightly off-topic, but cooperation is key to traditional currencies, too. If
a majority of the United States determines that I suck and tries to stick it
to me and anybody who does business with me, all of my US Dollars would have
substantially less purchasing power.

~~~
valleyer
I'll be off-topic with you. Your scenario seems a little different, because I
could still shop with dollars at the 49% of stores that still like me. Whereas
if bitcoin replaced dollars, even those 49% of stores that liked me couldn't
take my money, because the 51% can veto the transaction.

~~~
posterboy
Imagine its an industry at the top of the food chain and middle man are
forbidden, so you can go shop at the neutral 49% of stores, but they may not
provision you with something essential and monopolised. Although in those
cases the law is layed out to mandate certain types of business take
contracts.

------
billconan
1\. enough people means >50%, that's a lot.

2\. ledgers keep transaction histories, not absolute values. to clear
someone's wallet, you have to transfer his money out. you can't forge that
guy's crypto signature.

3.whoever owns more than 5m would not probably put all the money under one
wallet.

~~~
borplk
> 2\. ledgers keep transaction histories, not absolute values. to clear
> someone's wallet, you have to transfer his money out. you can't forge that
> guy's crypto signature.

As long as there's >50% consensus, they can do anything they want (longest
chain wins).

You don't need to forge someone's crypto signature to clear their wallet.

You just stop agreeing that the guy has the 5m.

~~~
teolandon
The longest valid chain wins. People can't add invalid blocks to the chain and
have them be accepted by the rest of the community that is not in on it.

The power of >50% is that you can keep some (valid) blocks on the chain, like
some payments to a service provider, for as long as you want and have them
accepted by the community because that's the longest chain that everyone's
seen, and collect the service for that payment. Then whenever you want release
another chain, that's longer and doesn't include the payment blocks,
invalidating the payment.

The rest of the 49% of the users can still agree that someone has 5m, nobody's
gonna take that away from them. But they're not going to be able to agree on
any payments on the chain, because the 51% could invalidate them at any point.

~~~
borplk
Yes you are correct.

------
borplk
As another person said, that would damage the reputation of the network.

It reminded me of how in the movies a group of bad guys get away with the big
briefcase of money and then two of them plan to get rid of the third guy and
split the rest between themselves.

------
zodiac
You don't even need a protocal change (patch) - a supermajority group of
validators (miners or stakers) can censor the minority group profitably, with
no way to tell in-protocol.

The fact is, all existing blockchain protocols are not coalition resistant
Nash equilibria ([https://en.m.wikipedia.org/wiki/Coalition-
proof_Nash_equilib...](https://en.m.wikipedia.org/wiki/Coalition-
proof_Nash_equilibrium)) and we rely on the difficulty of coordination for
security. Strong centralization can make coordination easier though.

------
smokeyj
No you can't do this. Disregard the DAO comments. Yes, a hack _caused_ a hard
fork - but the fork itself _was not a hack_.

You can't _update_ an account value without issuing a valid transaction
(requiring the private key). What you can do with a majority hash power is
_roll back_ transactions. But this is limited to your ability to generate a
longer chain which becomes more improbable with each mined block.

This attack vector isn't that great because transactions worth larger amounts
will wait for more confirmations. You're essentially left with an expensive
DoS.

------
andrewla
The particular attack you describe is infeasible in Bitcoin for sure, and
almost certainly for any other cryptocurrency. The problem is that the miners
certify that a given chain is valid, but nodes and other miners will apply
block validity criteria on top of that. Block validity includes things like
"transactions are properly signed" and "miner rewards are correctly
calculated".

This effectively means that creating a "fake" transaction that would empty
someone's account and credit it to the thieves would require a valid signature
from the original account. Otherwise nobody would accept the new block.
Changing the block validity criteria is possible, but requires cooperation on
a much more grand scale, especially for Bitcoin where there are many
implementations of the protocol that would have to change to match the new
block validity criteria (which, suspiciously, will contain a new criteria
saying "oh, and the signature check criteria don't apply to transactions from
this address").

Without some form of consensus, this would amount to "theftcoin" simply being
a hard fork of Bitcoin, with the main chain continuing, potentially with less
hash power.

------
randomerr
There's a cost to run shards - bandwidth, processing and storage. Each
transaction has a 2n1 cost (2 Parties, 1 shard, 'n' shards to sync too.)
Decentralization has a high overhead to verify transactions over 'n'
participants.

That why centralized ledgers were created. Sharded ledgers just means that you
have smaller ledgers that have to be synchronized at some point. When you have
more centralization you have larger chance of fraud.

------
Olshansky
It doesn't break down everywhere. This is one of the reasons why BTC is
leading the way even though there are a lot of other blockchains which are
arguably "better". Being the first kid on the block has a lot of benefits
since the mining power is sufficiently large and distributed that it's near
impossible to have a 50% attack now, unless the miners stop mining or
cooperate.

If you think about it, there are many improvements that could be made to basic
networking protocols (TCP, IP, HTTP), but since the standards were set "in
stone" so long ago, it is difficult to change now.

