
It's Time For a Hard Bitcoin Fork - AaronFriel
http://hackingdistributed.com/2014/06/13/time-for-a-hard-bitcoin-fork/
======
a3_nm
The article makes a pretty interesting point: Bitcoin's version of proof of
work can be delegated, which makes mining pools possible. An alternative
design could ensure that the task to solve is designed so that miners and pool
could not trust each other, thus ensuring that pools do not exist.

It seems like this is a pretty big flaw in how Bitcoin is designed, as its
security relies on miners remaining independent.

~~~
nullc
It's pretty easy to break delegation, but the cure is worse than the illness—
to reduce mining variance there you must use hosted mining, where miners have
even less control (absent more fixes…). GHash.IO is substantially hosted
mining in any case.

Really the more important point to note is that pooling for variance reduction
has absolutely nothing to do with delegating control. Running a outbound only
bitcoin full node, past initial syncup uses less than 20kbit/sec bandwith and
a fraction of a percent of cpu... it's not costly to do, purposefully so.

It's perfectly possible to individually run your own consensus decisions but
agree with others to, in a provable way, pool your payments. This is what
P2Pool does.

Unfortunately many Bitcoin miners don't have a rigorous mathematical
understanding of how mining works— they erroneously believe it to be a race
where the fastest wins disproportionally— something entirely untrue (absent
some proposed attacks which are not happening in practice)... just keeping
yourself from getting scammed by the many scammy hardware companies is
basically a full time job itself. Then you have various technically
unsophisticated Bitcoin pundits claiming that hashpower consolidations in
pools isn't something to worry about... not a great mix.

Fortunately, the reasons for the current behavior are mostly inertia— if
P2Pool had been invented first the symmetry would have broken differently.
It's still possible that there might be a massive swing (say if GHash.io
decides to steal a bunch of coins from their miners and makes a runner).

~~~
scythe
>to reduce mining variance there you must use hosted mining

Why should people [miners] be able to reduce variance at all? That's not a
necessary feature of the system, and it doesn't seem like a goal worth
pursuing. Security is paramount; mining variance is "first-world-problems".

>say if GHash.io decides to steal a bunch of coins from their miners

It seems far more likely that GHash would try to be sneaky about theft, rather
than overt. This would allow them to keep getting away with it (that "long
term revenue stream").

I know this sounds sort of unlikely, but consider e.g. GHash functionality to
identify and subtly interfere with the operation of automated tools (e.g.
ZeroCoin) that make lots of bitcoin transactions. The less likely that human
eyes will see a transaction, the easier it will probably be to subvert.

~~~
qq66
Reducing variance of a return allows the entry of smaller-scale and more risk-
averse participants into the market.

------
gojomo
This is the same panic-prone author (@el33th4xor) who, in early November 2013
with Bitcoin at about $220, wrote "@el33th4xor: You heard it here first: now
is a good time to sell your Bitcoins"
([https://twitter.com/el33th4xor/status/397219415025934336](https://twitter.com/el33th4xor/status/397219415025934336))

This was just before releasing some research that he thought would cause a
confidence collapse. (That is, his prediction was almost self-consciously
attempting market-manipulation.) In fact, the paper just formalized some
concerns discussed in the mining community for years.

So then, rather than collapsing, Bitcoin went on an epic rally, and hasn't
been below $339 since the same week of that doomsaying prediction.

There is certainly danger in one entity controlling 51% of the hashing power.
But everyone's known this risk, as one of the design assumptions of the
system, from the beginning... and also seen the tipping point
approach/recede/approach repeatedly. And also, the "Bitcoin lunatic fringe",
who this author mocks, has so far been right about the pool(s) attaining such
power refraining from taking destructive (and self-bankrupting) next steps.

So: focused concern, yes. But @el33th4xor-style panic, no.

Further, any 'hard fork' (or forks) that were to remedy pool issues, using the
"well-known" techniques referenced, would almost certainly retain some
continuity with prior key balances. That is: imagine the most destructive
transition possible. A total civil war between mining pools. Irreconcilable
dissension in the core team (or offshoots thereof). Collapse of the Bitcoin
price to values of 1-2 years ago. Still, at the end of that process, there are
one or more "offshoot" chains, adopting the Bitcoin history as their own,
patched and stronger than before, with pre-crisis Bitcoin balances intact.

(That is: a 51% cartel may not be actually "good" news... but it is survivable
and perhaps even necessary.)

So if you like to try to trade in and out of predicted market panics, like
@el33th4xor, maybe there are some trading plays here. But if you just like
cryptocurrency for the long haul, keep your Bitcoin private keys (end eyes)
safe & dry, and trust evolution. There are enough smart, well-funded, and
relatively cool heads involved that @el33th4xor's predictions are just a car
alarm going off in the night, whether the car is actually at risk or not.

~~~
emin-gun-sirer
Nice ad hominems you've got there.

>In fact, the paper just formalized some concerns discussed in the mining
community for years.

This is false. Discussed here: [http://hackingdistributed.com/2013/11/09/no-
you-dint/](http://hackingdistributed.com/2013/11/09/no-you-dint/)

>the "Bitcoin lunatic fringe" this author mocks has been right about the
pool(s) having such power refraining from destructive (and self-bankrupting)
next steps.

No. The Bitcoin lunatic fringe was adamant that no pool would willingly cross
the 50% boundary.

That just happened. Models and reasoning based on "no rational miner would do
X" are clearly flawed, partly because the miners may not be rational, or
partly because they are rational within a time-frame not modeled. In any case,
people who reasoned like you have now been shown conclusively to have the
model wrong.

This is an opportunity to fix the protocol, not shill for the price, and
certainly not to engage in ad hominems.

Cheers.

~~~
gojomo
I think your track record of alarmism and disrespect to non-academics is
relevant, but even if you classify it 'ad hominem', you've earned it with your
own prolific slurs of critics.

I've addressed your continued "no-you-dint" willful-blindness about earlier
analysis elsewhere... including on your own blog at
([http://hackingdistributed.com/2013/11/14/response-to-
feedbac...](http://hackingdistributed.com/2013/11/14/response-to-feedback-on-
selfish-mining/?utm_source=disqus-dashboard#comment-1125375004)). You failed
to discover (and thus footnote) prior community work, from years earlier, that
did everything except for your more-rigorous boundary formalizations. So
again, nice write-up, but exaggerated novelty. The interested can follow the
links and decide for themselves.

I'm sure _someone_ said no pool would ever even try to get 51%. Others simply
said a pool in such a position wouldn't self-destruct the entire ecosystem,
against their own interests. (Instead, they behave like the 'stationary
bandit' of Mancur Olson's political-economy. Not ideal, and not what Bitcoin
intended, and worthy of attempted-fixes... but also not an instant and
unsurvivable crisis.) It's this latter prediction, of stability even in the
presence of explicit (or secret) 51% cartels, that is still, so far,
outperforming your own. For now they have the same claim to "I told you so!"
as you do.

~~~
emin-gun-sirer
To the contrary, we've been far more respectful and accommodating to the
Bitcoin fringe than merited, and certainly far more than the other way around.
After all, we took a fair amount of abuse for simply pointing out an objective
weakness that is part of the protocol. This, despite the fact that we proposed
a fix for it.

Perhaps you've not read our final paper. It doesn't just footnote, but
actually cites the prior discussion.

And anyone who reads the previous discussion can see that our paper:

* shows a more extensive attack than the one described there, one that works,

* performs a full analysis of the revenue to be obtained from that attack, and characterizes that revenue as a function of attacking pool size and attacking pool's ability to control information flow in the network,

* shows that Bitcoin is not incentive-compatible,

* shows that, even under the best of circumstances (i.e. the attacker has terrible network connectivity, no Sybils, no control over information propagation and loses to the honest miners every single time), defending against the attacker requires at least 2/3rds of the network to be honest.

Perhaps the biggest giveaway that we did something differently is that THE
BITCOIN TALK FORUMS CONCLUDED THAT THEIR ATTACK WOULD NOT WORK, WHEREAS WE
SHOWED THAT OURS WOULD.

You're making things up when you imply that we're claiming that 51% is an
"unsurvivable crisis." To the contrary, the article very clearly says that the
Bitcoin economy remains unaffected, and that the Bitcoin price is also
unaffected.

We have been trying to improve the Bitcoin system since day 1. I realize that
you're part of the original brigade, and that also explains your ad hominems
here. I urge you to elevate the discussion.

~~~
gojomo
It's nice to hear that in your final paper you acknowledge the earlier
discussions. You should link that final version from your author homepages.
(The latest versions linked from you and your coauthors' pages, at arXiv [1]
and Cornell [2], still have no mention of the earlier discussion.) If the FC14
version [3] is final, it's better, but I still think you're unfairly
summarizing the key thread [4].

Every key aspect of selfish strategy is described there, from manipulating
'gamma' via network-tricks, to releasing the minimum number of 'secret'
blocks, after each external-block, to maximize the cartel's expected return.
ByteCoin's simulations show advantages, and breakeven thresholds with regard
to 'override success' ('gamma'), very similar to your paper's calculations.
That's why I credit your paper for rigorously describing the situation, under
your specific assumptions, but _not_ with the discovery of a previously-
unknown less-than-51% attack.

Also, your final paper is simply lying when it says the thread "does not
suggest a solution to the problem". It's almost as if your disdain of these
'fringe' Bitcoin fanatics has blinded you to the actual words of the thread.

Two commenters in the December 2010 thread (btchris and RHorning) suggest that
preferencing accurate-seeming timestamps can disadvantage cartel-delayed
blocks. That countermeasure is likely stronger than your paper's proposed
random-choice-between-ties. (Randomization, by pushing gamma to 1/2, could
make things worse if, on the real network, the effective gamma for late-
releasers was already closer to 0. Preferring realistic timestamps, meanwhile,
almost always helps 'honest' blocks, which don't have to guess a future time
when they'll be released.)

Note that the last bullet of supposed novelty in your paper – "defending
against the attacker requires at least 2/3rds of the network to be honest" –
is the _exact same best-case threshold_ as reported by ByteCoin in thread
message #36, 2010-12-14. He states: "a cartel with no preferential network
access can be profitable with 33% of the generating power"[5]. Same result, 3
years earlier. How can you allege ByteCoin was simulating some other strategy?
Wouldn't the _slightest_ difference in block-release-rules result in a
different best-case threshold?

Finally, the Bitcoin Talk forums hadn't "CONCLUDED" anything. They're not a
deliberative body. Some people were convinced, others weren't. The relevant
actors – mining insiders – knew what they needed to know, to either try the
attack, or detect it in orphan rates and weird timestamps... and to try
countermeasures based on disadvantaging cartel blocks if ever necessary. Meni
Rosenfeld also referred back to the matter as a known concern, in an answer on
the Bitcoin StackExchange, in October 2011 [6]. So he knew it was an issue,
and lots of people trust him about mining matters.

There's no "brigade" out to trash you led by some "failed academic"
"Singaporean" "ringleader". Your critics are not the heads of some unified
hydra, that you can disregard altogether as the "Bitcoin lunatic fringe" based
on a few quotes from particular yahoos. You've made specific claims of
novelty, or doom, that were either never true, or disproven by later events.
These will be pointed out when you claim to enjoy a "we told you so" record of
authoritative insights.

[1]
[http://arxiv.org/pdf/1311.0243v5.pdf](http://arxiv.org/pdf/1311.0243v5.pdf)

[2]
[http://www.cs.cornell.edu/~ie53/publications/btcProcArXiv.pd...](http://www.cs.cornell.edu/~ie53/publications/btcProcArXiv.pdf)

[3]
[http://fc14.ifca.ai/papers/fc14_submission_82.pdf](http://fc14.ifca.ai/papers/fc14_submission_82.pdf)

[4]
[https://bitcointalk.org/index.php?topic=2227.0;all](https://bitcointalk.org/index.php?topic=2227.0;all)

[5]
[https://bitcointalk.org/index.php?topic=2227.msg30138#msg301...](https://bitcointalk.org/index.php?topic=2227.msg30138#msg30138)

[6] [http://bitcoin.stackexchange.com/questions/1475/can-
someone-...](http://bitcoin.stackexchange.com/questions/1475/can-someone-
with-51-computing-power-earn-more-than-he-deserves/1601#1601)

------
chrisBob
If you really want to scare some people you should point out that this is
happening as we get ready for the US Marshal BTC auction, and could be
related. I would be very reluctant to put 1.5M into BTC right now.

------
wmf
Like IPv4, the "experiment" has grown so large that it may be impossible to
get consensus on any non-backwards-compatible change.

~~~
cdh
I'm not sure this is true, regardless of how large Bitcoin grows to be. If a
significant enough problem were discovered, wouldn't it be in everyone's best
interest to protect the value of their wallets by accepting a forked
blockchain?

~~~
Zikes
Wouldn't GHash be able to pivot their existing mining power to take 51% of
that new blockchain?

~~~
adventured
Yes, the extrapolation being missed by the article, is that the rich will
control bitcoin, and nothing can ever stop that from happening. It goes to the
very core of how bitcoin is designed that allows for it to be dominated by a
large rich entity with enough processing power. Inherently the 'little guy'
will be priced out of bitcoin, it was always going to be that way. Whether
it's one or ten entities in question doesn't matter, bitcoin will be dominated
by rich, powerful companies or persons, and that powerful position will only
increase in fortification with time.

This principle pops the utopian fantasy of bitcoin that some cling to, but
only a different approach to digital currencies will get you around the issue.

Money & power always consolidates down to the hands of a few that will possess
dramatic influence compared to the rest of the market participants. See: JP
Morgan, pre-Fed.

~~~
wmf
_the rich will control bitcoin, and nothing can ever stop that from
happening._

But should the rich have control in proportion to their richness or out of
proportion to it? That's the key issue that I see behind this article (and the
previous selfish mining work).

------
Lerc
I was under the impression that the mining percentage would give you the same
percentage chance to cook the books. 51% means you are more likely to succeed
than fail in an attempt. Much like buying 51 percent of lottery tickets gives
you a slightly better than even chance of winning the big prize.

in that respect, wouldn't 51% be only marginally different to 49%. Both would
be a bit of a concern, but neither would be the "position to exercise complete
control over which transactions appear on the blockchain" that this article
refers to.

Is there some mechanism I'm missing that makes 51% be vastly more powerful
than 49%?

~~~
aosmith
From the bitcoin wiki:

An attacker that controls more than 50% of the network's computing power can,
for the time that he is in control, exclude and modify the ordering of
transactions. This allows him to:

    
    
        Reverse transactions that he sends while he's in control. This has the potential to double-spend transactions that previously had already been seen in the block chain.
        Prevent some or all transactions from gaining any confirmations
        Prevent some or all other miners from mining any valid blocks
    

The attacker can't:

    
    
        Reverse other people's transactions
        Prevent transactions from being sent at all (they'll show as 0/unconfirmed)
        Change the number of coins generated per block
        Create coins out of thin air
        Send coins that never belonged to him

~~~
im3w1l
You could theoretically mine your own chain from the genesis block right?

~~~
wmf
That won't work due to checkpoints and even if it did work it would be the
equivalent of nuking the entire Bitcoin ecosystem.

It would be more profitable to do something like extending the current
blockchain but charge 1% transaction fees.

~~~
im3w1l
Interesting. For the benefit of others unfamiliar with this.

There is a hardcoded list of checkpoint blocks in the Bitcoin client. Any new
chain starting before the last checkpoint will be rejected.

[https://bitcoin.stackexchange.com/questions/1061/can-a-51-at...](https://bitcoin.stackexchange.com/questions/1061/can-a-51-attack-
be-detected-and-dealt-with/1065#1065)
[https://bitcoin.stackexchange.com/questions/3114/which-
block...](https://bitcoin.stackexchange.com/questions/3114/which-blocks-get-
to-be-checkpoints)

~~~
TheLoneWolfling
So in other words if a 51% attack were to mine starting before a checkpoint
block, it would end up "just" hard-forking Bitcoin.

------
gtirloni
And down it goes again:
[https://bitcoinity.org/markets](https://bitcoinity.org/markets)

In the previous crisis it was all based on trust ("it was just a bad player,
trust will return to the market"). Now we've a doomsday scenario and what
seems a serious flaw in Bitcoin.

Feels like a chapter out of The Foundation books.

~~~
platz
or it's because the silk road bitcoins being auctioned

~~~
meowface
Or a combination of both factors.

Relatively speaking, this is a pretty small dip, though.

------
dragontamer
A hash pool at 51% is big news. If this isn't corrected soon, BTC is doomed to
fail.

~~~
aosmith
You're assuming that someone with a significant investment in the space would
act dishonestly. That's the only reason BTC fails as the result of something
like this. Seem like MAD to me, if they were to act dishonestly they would
destroy their own investment and profit potential.

~~~
dragontamer
Then why are you using BTC in the first place? The US Fed and US Government
has no reason to act dishonestly. The value of the dollar relies on us
trusting the US Government / US Fed to protect it.

If switching over to BTC means "trusting GHash.io"... then nothing has
changed.

~~~
freework
The difference is that if GHash.io launches an attack, miners have the choice
to move to another pool. If the US government inflates the currency (yet
again) there is nothing to do.

~~~
dragontamer
If GHash.io launches a "no one else can mine" attack, then there won't be any
other pools to move to.

[https://en.bitcoin.it/wiki/Weaknesses#Attacker_has_a_lot_of_...](https://en.bitcoin.it/wiki/Weaknesses#Attacker_has_a_lot_of_computing_power)
* Prevent some or all other miners from mining any valid blocks

~~~
glitch003
Unless we hard fork...

------
imaginenore
You can't stop pool mining, even with a hard fork.

Let's say you implement a restriction like "5 blocks in a row max for a given
pool". GHash can split into GhashA and GhashB, and keep going.

~~~
emin-gun-sirer
That's not the kind of restriction that stops pool mining. The trick is to
enable the pool members to steal the blocks they discover. Andrew Miller, a
grad student at UMD, has an ingenious scheme for doing this. I am pretty sure
I put the link in the article, under the first bullet in the "What to Do Now"
section.

~~~
Peaker
Wouldn't pool participants that use this extension to steal rewards be exposed
to the pool simply due to their work being consistently challenged and thus
lost?

i.e: The pool would notice that certain participants contributions are
conflicting with other discoveries, and ban such participants?

~~~
Tuna-Fish
> The pool would notice that certain participants contributions are
> conflicting with other discoveries, and ban such participants?

How? Or, you ban me, I sign up again under a different alias.

~~~
gus_massa
The pool can use a 2% fee for old accounts and a 20% fee for new accounts (for
example, with less than 1 month or less than 10^x hashes calculated.)

~~~
Tuna-Fish
Fees cost almost nothing to hostile miners. With a 20% fee, they get 100% of
their hashrate through the theft, and 80% from the pool. So long as you pay
anything at all to new miners doing this attack is beneficial.

------
bobbygoodlatte
A hard fork would be just as devastating as a 51% attack. The author is way
over-reacting here. In fact, it looks like GHash is down to 45% and dropping —
BitFury just left, and Petamine is considering leaving too:
[http://www.coindesk.com/bitfury-pulls-power-ghash-
community-...](http://www.coindesk.com/bitfury-pulls-power-ghash-community-
uproar/)

~~~
sexmonad
Why do BitFury and Petamine use a pool at all? At their scale, wouldn't they
have low enough variance through solo mining? Or perhaps P2Pool?

------
srobertson
Another solution: assuming as the article claims that GHash grew to it's
current size because it had 0% fees. Other pools can respond by lowering their
fees or introduce negative ones. I.e. they pay miners to join the pool. Or
have fees but introduce a lottery system that randomly overpays members.

------
drcode
IANABME[1], but it seems that a solution already exists to this problem, which
is to use a decentralized mining pool. The unfortunate fact is that we're in a
time window right now where large miners have not yet transitioned to this
ideal solution.

However, any miner in the long run would prefer to join a mining pool that
does not require trusting some pool operator over one that does, all other
things being equal.

Yes, the current situation is dangerous for the health of bitcoin, but I don't
see any solution besides waiting for distributed, trustless pool technology to
catch up in terms of usability with the centralized pools.

This problem isn't going to be solved by a hard fork, as any "fixes" done this
way are untested, incomplete, and risky.

[1] I am not a bitcoin mining expert

~~~
wmf
As long as large centralized pools charge no fees and use less bandwidth than
p2pool, people will have no incentive to adopt p2pool.

~~~
drcode
Presumably large pools aren't charities, so the lack of fees can remain
indefinitely.

Bandwidth is certainly a problem though... are there any good numbers on the
bandwidth difference?

------
JacobEdelman
Their Bitcoin is broken argument doesn't really seem to work. I agree that
something needs to be done to stop huge amounts of pooling but this seems to
be too alarmist. The initial Bitcoin is Broken post is at
[http://hackingdistributed.com/2013/11/04/bitcoin-is-
broken/](http://hackingdistributed.com/2013/11/04/bitcoin-is-broken/) and a
counterpoint is at [https://freedom-to-tinker.com/blog/felten/bitcoin-isnt-so-
br...](https://freedom-to-tinker.com/blog/felten/bitcoin-isnt-so-broken-after-
all/) .

~~~
travisb
The argument in that counterpoint seems to be as follows:

1\. Assume that selfish mining doesn't work.

2\. Because selfish mining doesn't work there will be fair weather miners who
will only mine on whichever chain is furthest ahead, defaulting to the public
chain in the case of a tie.

3\. Since the selfish mining pool won't be ahead all the time nobody will mine
for it.

4\. Therefore selfish mining doesn't work.

It's not what I'd term a strong rebuttal.

~~~
JacobEdelman
I think that the "selfish mining" in your first point isn't truly selfish
mining. The idea is that the particular method of selfish mining being
discussed would be defeated by a truly selfish mining method. No matter what
you want to act selfishly and the debate is whether or not their is an optimal
selfish strategy that is bad for the overall bitcoin infrastructure. Since
little to no incentive exists to stick with a mining pool that is selfishly
mining it is my understanding that that the attack using a mining pool
mentioned in the previous post will not work well.

~~~
travisb
That's a valid point, but not at all what I got out of the argument. I picked
up primarily on the specific counter-strategy.

It's certainly true that selfish mining strategy A which gave a 5% increase in
results would lose out to another selfish mining strategy B which gave 10%
increases in results. However that's not an argument that strategy A doesn't
break the system, merely that the optimal selfish strategy breaks the system
at least badly as strategy A.

Now it is possible that there isn't a stable strategy to use. If we supposed
for the purposes of argument that the fair weather strategy was more
profitable than the selfish strategy described in the first article you
posted, then it would seem that the optimal strategy would oscillate. As more
people participate in a selfish pool consistently the more profitable it is to
be a fair weather miner. However, supposing that leads to a dissolution of the
selfish pool all those fair weather miners turn honest. Against honest miners,
however, the selfish strategy is proven to be more profitable. And so you'd
see an oscillation where people constantly shift between being honest, selfish
and fair weather.

Of course, if the long run gains keeping up on this strategy treadmill is less
than simply sticking to the selfish strategy through thick and thin, then
perhaps the fair weather strategy isn't better in reality.

------
logn
Is a "hard fork" really necessary? BTC miners can all just adopt a new
version. What's concerning is that the 51% attack has been known since the
beginning and the community never addressed it and seemed to irrationally
dismiss it. The current response is that GHash is removing processing power,
but how is that a good long-term solution? The BTC community should be
demanding and supporting technical fixes.

Also it's too bad that BTC is blinding everyone to a variety of other crypto-
currencies that have improved features.

~~~
meowface
The so-called 51% problem will be inherent in any truly decentralized P2P
network. All P2P protocols suffer the risk of poisoning by malicious nodes in
various different ways, and they mitigate it by assuming that proportionally,
most nodes will be good.

There will not be a way of "patching" the issue. The only thing that can be
done is to set up a proper emergency handling procedure in the event a 51%
attack is conducted, which involves directing as many clients as possible to
work on a new fork.

------
aresant
This article feels sensational, but I would say accurately reflects a large
portion of the communities feelings.

Great accompaniment is from Peter Todd (Coinkite adviser, respected dev) who
announced this AM he is selling 50% of his holdings in bitcoin until this is
resolved

[http://www.reddit.com/r/Bitcoin/comments/281ftd/why_i_just_s...](http://www.reddit.com/r/Bitcoin/comments/281ftd/why_i_just_sold_50_of_my_bitcoins_ghashio/)

~~~
c0ldfusi0nz
This article would be decent if they ditched the hyperbole. Like it or not,
this is not Armageddon for Bitcoin - the network is still functioning as
intended.

~~~
zheshishei
> the network is still functioning as intended.

"as intended" reminds me of this koan from the codeless code[1].
[1][http://thecodelesscode.com/case/135](http://thecodelesscode.com/case/135)

------
EGreg
Can't bitcoin simply require agreement from more than one author of a
blockchain? For example do not allow the same entity to sign the blockchain
for two consecutive blocks. This would require defining what constitutes a
single entity though. How do we define it when talking about mining pools?
Can't we have alliances of pools already have reached 51% long ago and
colluded "as one strategy"?

------
moe
In less sensational terms: The biggest pool got too big. Members (BitFury)
react by shrinking it back. Community is aware of the problem, solution will
probably be coming soon.

Anyway, stay tuned and don't miss the next iteration of 'We are all doomed!!1'
by the two muppet academics. To be published shortly after a solution gets
deployed. Or earlier.

------
conroe64
They don't have 51% anymore, although I think their other concerns are valid:

[http://www.coindesk.com/bitfury-pulls-power-ghash-
community-...](http://www.coindesk.com/bitfury-pulls-power-ghash-community-
uproar/) [https://blockchain.info/pools](https://blockchain.info/pools)

------
duckingtest
Proof of work can't be decentralized because it has almost infinite economies
of scale - starting from the production of asics, and ending at mining farm
cooling. It doesn't matter what you change, at the end, you're going to be
left with one mining farm.

------
Havoc
>GHash [...] just reached 51% of total network mining power today.

Is this official? Seems somewhat surreal...

Not really invested in this but at the very least I'd expect some posts along
the lines of "Pool X is fast approaching 50%...BTC in danger". Not "51%...game
over".

~~~
supergauntlet
A couple days back they were at 48% or 49%. It's not that big a surprise.

------
kolev
FYI, GHash.io is a Ukrainian company. As you know, the country is a mess now
and there's an ongoing civil war. Just sayin'! (See, I didn't even mention
that most black hat hackers come from that part of World.)

~~~
sillysaurus3
The idea that most black hat hackers come from that part of the world is quite
interesting. Would you expand on it?

~~~
kolev
Just stats. We know those fine computer scientists control most of the
botnets, for example.

~~~
sillysaurus3
Hmm, would you link to any stats?

~~~
kolev
You can ignore what I wrote or prove me wrong by providing links. I honestly
have better things to do on Friday night.

~~~
sillysaurus3
... What? How did me being curious lead to that?

~~~
meowface
He probably took it as you questioning his claim as he provided no real
evidence.

As someone who works in the information security industry, I can confirm from
personal experience that a very disproportionate amount of organized and semi-
organized cybercrime comes from Ukraine, Russia, and neighboring countries. I,
however, do not have any sources for you at thistime.

~~~
sillysaurus3
Thanks! I'm just curious about the field.

------
cs702
Why would GHash _ever_ want to attack the platform from which it profits and
from which it will likely continue to profit, as a leading transaction
processor, for many years to come? Should they be silly enough to attempt
something nefarious, miners would quickly abandon them, and their business
would _collapse_ overnight.

Every major participant in the Bitcoin network, including GHash, has a vested
interest in maintaining the network's integrity. Not only that: given
Bitcoin's increased mainstream acceptance, it's in the best interest of every
major participant to maintain a good reputation.

~~~
TomGullen
Makes logical sense, unfortunately we've seen examples in the past of this
logic not being adhered to. Take the poker site "Ultimate Bet", when cheating
was suspected the line of reasoning against it (and the strongest line of
reasoning at that)was "Why would they cheat when they are running a million
dollar profitable business and jeopardise the entire operation for a bit more
%?" Turns out they were willing to jeopardise it all.

~~~
Sambdala
In the case of Ultimate Bet it turned out that it was an inside job, but the
individuals involved didn't necessarily share in the long term profits of the
company, so they were able to benefit personally to the tune of millions,
while most of the negative effects landed on the company rather than
themselves.

Thankfully in at least two other poker companies (hint: the largest one and
its sister company) it was made impossible to see someone's hole cards before
the hand is over, which is what allowed the cheaters at Ultimate Bet to
perpetrate their con.

It's my pretty firm belief that when it seems like an entity is throwing away
a pretty obvious economic self-interest, there's probably just a
misunderstanding of where the economic self interest lies in the parties
involved.

------
uptown
Rather than a fork, wouldn't an alternate, easier approach be to form more
pools that charge no fees?

------
Aqueous
Take a deep breath. Stop hyperventilating. Bitcoin has died a violent, crashy,
gory death dozens of times at this point.

It's in Bitcoin community's, and GHash's, economic interest that no miner
exceeds 50%. That's all you need to know to know that this is just another
exasperated hand-wringer proclaiming the premature death of BitCoin.

BitCoin, RIP 2008 - 2009, 2010, 2011, 2012, 2013, 2014, ?

~~~
josu
>It's in Bitcoin community's, and GHash's, economic interest that no miner
exceeds 50%.

Are Bitcoin community's interests and individual miners' interests aligned? I
understand why the bitcoin community wouldn't want a mining pool with more
than 50% of the share, but why should "selfish" individual miners care?

~~~
Aqueous
If the blockchain is dominated by a single interest, and that player starts
abusing their market position, BitCoin's exchange rate will plummet and the
economic interest in question will lose millions. So yes, it is in the
community's interest and individual miners' interest to keep the hashrate
distributed enough to prevent that from happening.

What happens when people lose faith in the system? The 2008 financial crisis,
the great depression, etc....

Nobody wins if the entire system breaks down.

~~~
bunderbunder
This reasoning is based on the assumption that a 51% player must also be long
on Bitcoin, and that they interpret the nature and value of the Bitcoin market
in a similar manner to most members of the Bitcoin community.

In other words, assuming that they don't know anything you don't. Considering
we're talking about an entity that's managed to become a 51%er, that
assumption sounds downright Pollyannaish to me. The same line of reasoning
also supposedly implies that nobody should want to get even close to this
point. Counterfactually, as it turns out.

That said, I can see the attraction of that line of reasoning, too. When
you've got a tiger by the tail, it probably is best not to contemplate too
carefully what's at the other end.

~~~
joaorj
When they bought the mining machines they were entering bitcoin as long
weren't they?

They can't even sell their future winnings as they don't have them yet, so
they are really long!

~~~
dllthomas
Well, they aren't long _bitcoin_ from buying mining rigs, they are long
_bitcoin call options_ denominated in energy. If the return seems likely to be
too low, as eventually it must be when (if things continue) people make more
efficient rigs, then it would eventually be in their interest to let the
longer term options expire. It is totally conceivable that taking a huge short
position and scaring everyone off of btc could mean more profit than the could
be mined out of those rigs. Of course, you would need someone to take the
other side of that bet, in a setting with sufficiently little counterparty
risk that you can collect (which typically means a more regulated setting) and
a sufficiently lax regulatory environment that you aren't likely to be accused
of some illegal type of market manipulation. That said, people do seem to
overlook such details... and this all only seems unlikely to very unlikely,
not impossibly or absudly unlikely.

~~~
Aqueous
In other words, the stars would have to align in order for this to occur.

I don't really know what GHash knows, but I can tell you that GHash's hashrate
has dipped well below 50% only a day later, as it did when this happened
before.

~~~
dllthomas
The stars would have to align for it to be genuinely a good idea. Which...
well... stars align, sometimes. Moreover, people make mistakes and _think_
stars have aligned.

The threat here is that a single group has the capability to produce 51% of
the hashes, possibly reliably (we can't know whether scaling back was
deliberate or happenstance). It doesn't matter whether they are persistently
using that capability.

~~~
bunderbunder
Perhaps the deeper threat here is the rate at which the goalpost is moving.

It's strange, this situation where in there are all these things that would be
seriously problematic were they to happen, unless of course they actually
happen, in which case they're not actually a problem at all.

------
drcode
ELI5:

Miners join in pools to mine bitcoins to even out their earnings. It's a way
to diversify their risk.

Unfortunately, bigger pools let you diversify the best, and this is currently
undermining the core tenet of bitcoin, which is to avoid having any one person
with central control over the network.

The linked article is suggesting modifying the core software for bitcoin in
order to discourage this kind of centralization. Other people, however, think
the core software is fine, and that the solution is to instead improve
"decentralized mining pool" technology to get rid of the problem.

~~~
im3w1l
>bigger pools let you diversify the best

According to the article the big draw is that GHash don't have a fee.

