"Explaining the lack of such attacks in practice requires significant additional modeling assumptions."
Yes, the main assumption being that burning such huge resources would in any way be recouped by a simple double spend.
A double spending attack, as the name implies, simply allows you to spend twice the same amount of bitcoins. Thus, "an attacker [who] can purchase mining power" needs to be able to do so at a lower cost than the value of the bitcoins he will spend for the second time. Obviously, considering the hashrate and the fact that you need around 51% of it, or, 30% of it according to some calculations, I can't envisage any scenario where such a cost would in any way be justified by simply spending your own coins twice.
Moreover, one has to consider that if such hashing power was used to simply do what it is meant to do, then the attacker would be supplied with fresh new bitcoins, probably to the tune of far more than any amount he can double spend.
That is why "the Bitcoin protocol is a stable Nash Equilibrium."
You can convert BTC to cash. You can cash out all of your bitcoins twice instead of once. That means at least that everyone who is profitably mining bitcoins now should have an incentive to be doing this.
Since individual Bitcoin transactions can be as large as you like, you could conceivably double-spend tens of thousands of BTC in a single block. It's possible or even likely that there's nobody who would actually give you cash equivalents for tens of thousands of BTC without more precautions, but I don't see a clear limitation in the Bitcoin technology itself to limit how lucrative an isolated double spending attack could be.
I think confirmation count does a good job of this, allowing processors to choose the balance between risk and convenience. No one's going to convert large fiat to btc without increasing confirmation count, and splitting smaller transactions will require setting up traceable account. Unless of course the attacker launders thru alt-coins, but then you might run into liquidity issues.
I think confirmation count isn't so useful when one person or pool owns something close to 50% of the hashing power. Everyone gets complacent because they can't launch a 51% attack, but it's possible for someone with 40% of the power to effectively pull off the exact same attack for a span of six blocks. It is improbable, but not that improbable.
Miners would have to mine valid blocks secretly, risking never receiving a payout unless x-consecutive blocks have been mined. I mean it's technically possible, just economically infeasible.
There are social pressures, too. The payoff needs to be worth the risks associated with being "that person who attempted to double-spend". It's hard to rent half a network the size of bitcoin without someone from the mining community speaking up about it. It's in the miners' collective best interest to preserve the immutability of Bitcoin.
All the discussed attacks (51%, selfish mining etc) are working under assumption of a relatively short time preference of a miner (how long he is willing to wait for ROI). In practice, though, there is no stable condition when you have miners of varying time preferences.
Miners with longer time preference are willing to tolerate greater difficulty increases and invest more in mining and generally will go out of business later than miners with shorter outlook. This creates a feedback loop which quickly leaves in business only the most hardcore investors doing mining. This provides a foundation for "rational behaviour", that is decision-making for long-term value of Bitcoin.
In other words, economics of mining leave among miners only the biggest believers in bitcoin driving out lesser believers. That's why in practice all miners are "honest" - all of them have dug the deepest hole possible, none is interested in short-term "profit" from double spending that would not return even a fraction of their investment.
> In other words, economics of mining leave among miners only the biggest believers in bitcoin driving out lesser believers. That's why in practice all miners are "honest" - all of them have dug the deepest hole possible, none is interested in short-term "profit" from double spending that would not return even a fraction of their investment.
GHash already conducted a 49% attack against a gambling site. https://bitcointalk.org/index.php?topic=327767.0 They blamed a rogue employee - but then the claim is no longer "miners would never do that, it wouldn't be in their self-interest" but "no single person at any mining concern would do that, it wouldn't be in the mining concern's self-interest even if it it was in their own". Which of course isn't true. (It isn't true in the wider financial system either, which is why regulations exist.)
Not all. Some cryptocurrencies are Proof of Stake instead of Proof of Work. This means that in order to try and do a 51% attack, the attacker must have 51% of the staking coins. PoS uses magnitudes less electricity than PoW and game theory suggests it's just as, if not more, secure.
No, all, including the USD, gold or what have you are subject to P+e attacks. Currencies are consensus, and you can, in theory, bribe a majority of people to turn against that consensus at no cost.
So for instance, I could print a lot of bills and call them dollar2, and go to everyone in the world - except Bill Gates, and say:
"Hey, I have this new currency, it's the dollar2. Tell you what, I'll give you a dollar2 for every dollar you have. I'm going to do that to everyone except Bill Gates. I don't like him, so I'm going to keep half of his share of the dollar2, and burn the other half. Here's the catch, you have to commit to only recognizing dollar2 as the real currency for the next week. If I succeed, you'll be a little richer because of the deflationary effect of burning half of Bill Gate's share of dollars. If I don't succeed, you can go back to using the dollar, and I'll pay you a dollar for your trouble."
So in a very narrow, restricted way, the "rational" thing to do is to go along with this plan, and there we go, the dollar have been taken over. Obviously, such a plan would never work, but it's similar to the arguments against most proof-of-stake or even proof-of-work systems.
Yes, the main assumption being that burning such huge resources would in any way be recouped by a simple double spend.
A double spending attack, as the name implies, simply allows you to spend twice the same amount of bitcoins. Thus, "an attacker [who] can purchase mining power" needs to be able to do so at a lower cost than the value of the bitcoins he will spend for the second time. Obviously, considering the hashrate and the fact that you need around 51% of it, or, 30% of it according to some calculations, I can't envisage any scenario where such a cost would in any way be justified by simply spending your own coins twice.
Moreover, one has to consider that if such hashing power was used to simply do what it is meant to do, then the attacker would be supplied with fresh new bitcoins, probably to the tune of far more than any amount he can double spend.
That is why "the Bitcoin protocol is a stable Nash Equilibrium."