<div dir="ltr"><div><div>>Can you please show an attack whereby bigger blocks decreases<br>
Bitcoin's "security model"? What's the game theory of that attack<br>
scenario? What's the metrics / measurement when Bitcoin should know<br>
it is in danger?<br><br></div>I don't have a specific vulnerability on hand -- and it would be extremely irresponsible of me to disclose it via a mailing list (!) -- but an example of a vulnerability found less than a year ago is Sergio Demian Lerner's FindAndDelete exploit. <br><br><a href="https://bitslog.wordpress.com/2017/01/08/a-bitcoin-transaction-that-takes-5-hours-to-verify/">https://bitslog.wordpress.com/2017/01/08/a-bitcoin-transaction-that-takes-5-hours-to-verify/</a><br></div><div><br></div><div>This was a serious vulnerability before it was patched. It is made worse by a throughput increase to our system as you can fit more of these txs in a block.<br></div><div><br></div><div>Another example of Christopher Jeffrey's exploit at breaking bitcoin. He emphasizes that the setup for this attack takes a long time -- which makes it unlikely -- however if there is a throughput increase to the system this can be setup faster (and cheaper). <br></div><div><br></div><div><a href="https://www.youtube.com/watch?v=0WCaoGiAOHE&feature=youtu.be&t=8944">https://www.youtube.com/watch?v=0WCaoGiAOHE&feature=youtu.be&t=8944</a></div><div><br></div><div>The moral of the story here is we should be conservative/humble with the security assumptions of bitcoin. We *still* have a lot to learn about bitcoin and consensus based protocols. If you can DoS the network in a way that causes the p2p network to fail there will be a severe disruption to bitcoin. As it stands the bitcoin protocol has an astounding track record in terms of up time -- I'd like it to keep it that way. <br></div><div><br></div><div>-Chris<br></div><div><br></div></div><div class="gmail_extra"><br><div class="gmail_quote">On Tue, Oct 10, 2017 at 9:16 AM, Jared Lee Richardson via Bitcoin-segwit2x <span dir="ltr"><<a href="mailto:bitcoin-segwit2x@lists.linuxfoundation.org" target="_blank">bitcoin-segwit2x@lists.linuxfoundation.org</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><span class="">> If you want to redesign the system to force everyone into a weaker security model, you could do a LOT better to make it simpler and more efficient while you're at it.<br>
<br>
</span>Can you please show an attack whereby bigger blocks decreases<br>
Bitcoin's "security model"? What's the game theory of that attack<br>
scenario? What's the metrics / measurement when Bitcoin should know<br>
it is in danger?<br>
<br>
<br>
On Tue, Oct 10, 2017 at 7:03 AM, Jameson Lopp via Bitcoin-segwit2x<br>
<div class="HOEnZb"><div class="h5"><<a href="mailto:bitcoin-segwit2x@lists.linuxfoundation.org">bitcoin-segwit2x@lists.<wbr>linuxfoundation.org</a>> wrote:<br>
><br>
><br>
> On Tue, Oct 10, 2017 at 5:50 AM, Tom Zander via Bitcoin-segwit2x<br>
> <<a href="mailto:bitcoin-segwit2x@lists.linuxfoundation.org">bitcoin-segwit2x@lists.<wbr>linuxfoundation.org</a>> wrote:<br>
>><br>
>> On Sunday, 8 October 2017 23:38:50 CEST Alex Bosworth via Bitcoin-segwit2x<br>
>> wrote:<br>
>> > The Bitcoin Core process is quite unrelated to this question. Regardless<br>
>> > of which code they do or do not merge into their repositories, it is the<br>
>> > existing set of nodes with the existing set of software that is the<br>
>> > question.<br>
>><br>
>> The vast majority of people use either SPV wallets or online wallets.<br>
>> They will just follow the longest chain.<br>
>><br>
>> I’d like to point out that the only people that will have to upgrade are<br>
>> the<br>
>> people that run a Bitcoin Core node while they are not miners etc.<br>
>> Those individuals are doing it wrong anyway.<br>
>><br>
>> Instead of badgering the SegWit-workgroup, I think a much higher rate of<br>
>> benefit can be reached by educating the people that run full nodes and<br>
>> explaining how they are not in actual fact helping the network.<br>
>> The simple fact is that if they didn’t run those nodes, this whole<br>
>> discussion would not exist.<br>
>><br>
> If you want to redesign the system to force everyone into a weaker security<br>
> model, you could do a LOT better to make it simpler and more efficient while<br>
> you're at it.<br>
><br>
> Yes, user sovereignty is a huge inconvenience to those who wish to push a<br>
> contentious proposal. That's the whole point. You're free to create a new<br>
> system without it, but I suspect you won't have much success convincing<br>
> users who value financial sovereignty to voluntarily give it up.<br>
>><br>
>> --<br>
>> Tom Zander<br>
>> Blog: <a href="https://zander.github.io" rel="noreferrer" target="_blank">https://zander.github.io</a><br>
>> Vlog: <a href="https://vimeo.com/channels/tomscryptochannel" rel="noreferrer" target="_blank">https://vimeo.com/channels/<wbr>tomscryptochannel</a><br>
>> ______________________________<wbr>_________________<br>
>> Bitcoin-segwit2x mailing list<br>
>> <a href="mailto:Bitcoin-segwit2x@lists.linuxfoundation.org">Bitcoin-segwit2x@lists.<wbr>linuxfoundation.org</a><br>
>> <a href="https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-segwit2x" rel="noreferrer" target="_blank">https://lists.linuxfoundation.<wbr>org/mailman/listinfo/bitcoin-<wbr>segwit2x</a><br>
><br>
><br>
><br>
> ______________________________<wbr>_________________<br>
> Bitcoin-segwit2x mailing list<br>
> <a href="mailto:Bitcoin-segwit2x@lists.linuxfoundation.org">Bitcoin-segwit2x@lists.<wbr>linuxfoundation.org</a><br>
> <a href="https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-segwit2x" rel="noreferrer" target="_blank">https://lists.linuxfoundation.<wbr>org/mailman/listinfo/bitcoin-<wbr>segwit2x</a><br>
><br>
______________________________<wbr>_________________<br>
Bitcoin-segwit2x mailing list<br>
<a href="mailto:Bitcoin-segwit2x@lists.linuxfoundation.org">Bitcoin-segwit2x@lists.<wbr>linuxfoundation.org</a><br>
<a href="https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-segwit2x" rel="noreferrer" target="_blank">https://lists.linuxfoundation.<wbr>org/mailman/listinfo/bitcoin-<wbr>segwit2x</a><br>
</div></div></blockquote></div><br></div>