Hacker News new | comments | show | ask | jobs | submit login

It's nice to hear that in your final paper you acknowledge the earlier discussions. You should link that final version from your author homepages. (The latest versions linked from you and your coauthors' pages, at arXiv [1] and Cornell [2], still have no mention of the earlier discussion.) If the FC14 version [3] is final, it's better, but I still think you're unfairly summarizing the key thread [4].

Every key aspect of selfish strategy is described there, from manipulating 'gamma' via network-tricks, to releasing the minimum number of 'secret' blocks, after each external-block, to maximize the cartel's expected return. ByteCoin's simulations show advantages, and breakeven thresholds with regard to 'override success' ('gamma'), very similar to your paper's calculations. That's why I credit your paper for rigorously describing the situation, under your specific assumptions, but not with the discovery of a previously-unknown less-than-51% attack.

Also, your final paper is simply lying when it says the thread "does not suggest a solution to the problem". It's almost as if your disdain of these 'fringe' Bitcoin fanatics has blinded you to the actual words of the thread.

Two commenters in the December 2010 thread (btchris and RHorning) suggest that preferencing accurate-seeming timestamps can disadvantage cartel-delayed blocks. That countermeasure is likely stronger than your paper's proposed random-choice-between-ties. (Randomization, by pushing gamma to 1/2, could make things worse if, on the real network, the effective gamma for late-releasers was already closer to 0. Preferring realistic timestamps, meanwhile, almost always helps 'honest' blocks, which don't have to guess a future time when they'll be released.)

Note that the last bullet of supposed novelty in your paper – "defending against the attacker requires at least 2/3rds of the network to be honest" – is the exact same best-case threshold as reported by ByteCoin in thread message #36, 2010-12-14. He states: "a cartel with no preferential network access can be profitable with 33% of the generating power"[5]. Same result, 3 years earlier. How can you allege ByteCoin was simulating some other strategy? Wouldn't the slightest difference in block-release-rules result in a different best-case threshold?

Finally, the Bitcoin Talk forums hadn't "CONCLUDED" anything. They're not a deliberative body. Some people were convinced, others weren't. The relevant actors – mining insiders – knew what they needed to know, to either try the attack, or detect it in orphan rates and weird timestamps... and to try countermeasures based on disadvantaging cartel blocks if ever necessary. Meni Rosenfeld also referred back to the matter as a known concern, in an answer on the Bitcoin StackExchange, in October 2011 [6]. So he knew it was an issue, and lots of people trust him about mining matters.

There's no "brigade" out to trash you led by some "failed academic" "Singaporean" "ringleader". Your critics are not the heads of some unified hydra, that you can disregard altogether as the "Bitcoin lunatic fringe" based on a few quotes from particular yahoos. You've made specific claims of novelty, or doom, that were either never true, or disproven by later events. These will be pointed out when you claim to enjoy a "we told you so" record of authoritative insights.

[1] http://arxiv.org/pdf/1311.0243v5.pdf

[2] http://www.cs.cornell.edu/~ie53/publications/btcProcArXiv.pd...

[3] http://fc14.ifca.ai/papers/fc14_submission_82.pdf

[4] https://bitcointalk.org/index.php?topic=2227.0;all

[5] https://bitcointalk.org/index.php?topic=2227.msg30138#msg301...

[6] http://bitcoin.stackexchange.com/questions/1475/can-someone-...

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact