
The Shutdown Problem: How Does a Blockchain System End? - gnodar
https://arxiv.org/abs/1902.07254
======
hanniabu
I don't see this as an issue. If the chain is important enough, it will
continue on from usage. If it's not useful enough to keep alive, then why
bother with keeping it alive as a mean of archiving it?

~~~
mathgeek
Because there's a certain critical mass during the descent where 51% attacks
are possible, but coinholders still have value to lose.

~~~
ethbro
Part of the attraction and frustration of blockchains has been their obedience
to the laws of mathematics.

The answer to the stage of a blockchain you mention would seem to be, "If the
blockchain isn't distributed and scaled enough to be resistant to a 51%
attack, is there really any value remaining in it?"

~~~
jerguismi
If 51% attacks begin emerging, the chain still functions. People just need to
require more confirmations. Then you require so many confirmations that the
51% attacks aren't profitable any more.

This kind of chain might become very slow, but still have the same properties
as blockchains do have.

Btw the same thing can be thought has having a block time of 1 min, where de
facto standard is awaiting 10 confirmations, versus just having 10 minute
blocks.

------
benatkin
I remember when I thought FlappyCoin was going to be as big as Dogecoin. Nope!
I wonder what happens with a devalued Altcoin. I read through the article and
the gist seems to be that a 51% attack is possible. I wonder if this has been
pulled off with any that were at one time popular. If I were a flappycoin
millionaire it would bother me if someone had taken my coins even if they had
no monetary value. I imagine some others would be more annoyed than I would
be.

~~~
oconnor663
People have pulled off 51% attacks on altcoins that were arguably popular at
the time, most notably Bitcoin Gold. However, note that a successful 51%
attack doesn't allow the attacker to steal arbitrary balances. What it mainly
allows them to do is to undo their own spending, which they can exploit to
commit fraud on exchanges in the short term.

~~~
kpcyrd
This is the correct threat of a 51% attack, although if the currency is
unpopular enough, had little use and everybody stopped mining, you could
theoretically fork from the genesis block and replace the whole chain as soon
as your fork becomes longer than the original chain.

There is little to gain from attacking a system _that_ unpopular, but you
could "take" everybody's coins in that scenario.

~~~
therein
That's beyond a 51% attack, though. You'd have to have much higher hash rate
than that to catch up to the chaintip from scratch as you mine.

------
esotericn
This isn't a shutdown problem. That's getting the directionality confused.

This is actually the failure mode of most altcoins in the wild. They get
attacked because the consensus was never reliable.

There are still tons out there (easily more than 50% by number) that could be
smashed into oblivion by anyone with a decent amount of money tomorrow.

------
rocqua
Have N self-appointed archivists publish a timestamped record of the
blockchain. Any query can then be based on N of these archivists.

I'd imagine such a record to be: the final block header, and a Merkle tree
root hash of every block using a more time-resistant hashing function. The
Merkle tree root hash prevents rewriting the chain later through brute force.
The actual consensus mechanism has prevented wrong writes.

Timestamping could be done by publishing in newspapers, or in other
blockchains.

The biggest issue comes at the moment 'archiving' is announced. History-
rewrite attacks then suddenly become a lot more valuable, so you'd probably
need to say 'We are archiving the chain as of 100 blocks ago'. This prevents
anyone from mucking with the end of the chain, but comes at the cost of
discarding the last 100 blocks.

------
arcaster
Seems like every blockchain should have a baked in “genesis” procedure and
“felling” procedure (yep, a logging term since you’re “severing” the Merkle
tree) to tie up all sources of new transactions and stumping or “tarring” the
blockchain. Sureley there’s fantastic logging vernacular to draw from to name
the period between the start of a “felling” and the resultant stump.

------
keithtom
1) you could just post the last block ID to an active blockchain or
centralized data store if you must, then anyone can download the blockchain
via a torrent for example and verify the entire chain; this just requires some
trusted data store. If you don’t have one, then you are screwed anyhow and
probably shouldn’t have shut down that blockchain.

2) if there is utility in the blockchain, chances are it won’t shut down.

------
jhoechtl
By consensus?

------
swfsql
> 2\. The elements of the sequence are data blocks that are chained together
> via digital signatures.

This is incorrect. Digital signatures are used when (S) signing a transaction
which must refer some precious transaction with a receiver address
corresponding to the public key which verifies signature S.

Blocks are chained by their headers hashes. There are no keys nor digital
signatures involved here..

~~~
tfha
The generally accepted theoretical / abstract term for a winning block hash is
'dynamic membership multi-party signature'

To call the solution to a block a 'signature' is not incorrect.

~~~
swfsql
Thank you, I wasn't aware that they used the term "signature". Before I have
only seen this term as "digital signature" from pub-key cryptography, so I
think it's confusing to repeat the term for different things (unless there's
some hidden relation that I didn't catch). I mean, it was confusing for me, at
least.

(personal opinion): On the other hand, I don't understand why it's called a
"signature". Pub-key signs are used to prove integrity of some information and
some form of authenticity related to the priv-keys. Block header hashes are
related to integrity of immutable info, but are not related, in any way, to
authenticity. So I still don't find it obvious, nor that it's appropriate,
that it's a "signature".

~~~
tfha
A signature basically says 'someone qualified authorizes this to be valid'.

In the case of a block, the signature happens to prove the
authority/qualification without needing to be connected to a specific
identity.

