[Bitcoin-development] The insecurity of merge-mining

Jorge Timón jtimon at monetize.io
Fri Jan 10 18:50:36 UTC 2014


On 1/10/14, Peter Todd <pete at petertodd.org> wrote:
> Because there aren't that many pools out there and Ixcoin (and devcoin)
> appear to have been lucky enough to servive long enough to get the
> support of a reasonably big one. Once you do that, the potential
> attackers have PR to think about. (namecoin especially has a PR
> advantage) None of this stuff is hard and fast rules after all.

But shouldn't your reasoning apply here so that ixcoin would be
destroyed by those who aren't even mining it. Because of the
"supposedly obvious" harm it does to Bitcoin through competition?

> Anyway, I'm starting to think you're reading too much into my statement
> "merge mining is insecure", which, keep in mind, I said in relation to a
> guy who was trying to recruit devs to implement some unknown "altcoin"
> thing.

That's precisely my worry. Most of those guys planning to implement
random altcoins will conclude after reading you that what they need is
not merged mining but yet another independent scrypt coin, or worse,
yet another stupid PoW algorithm.

> In that context I sure as heck would loudly yell "CAVE DIVING IS FUCKING
> DANGEROUS, DON'T DO IT". Sure, that's not quite telling the whole story,
> but the message is pretty close to the truth. The people that should be
> in the sport are the ones that take a statement like that as a warning
> to do their research; I have no reason to think the OP asking for
> developers was one of those people.

I'm approached many times with questions like "How much would it cost
to create a new altcoin?" (Thanks, BlueMatt for creating coingen!!).
I try to explain them that there's more currencies beyond p2p
currencies and they probably don't need that. I talk them about local
currencies, colored coins or open transactions as solution that
probably fit their needs much better without the need to bootstrap and
antire economy with a network of computer that consumes plenty of
resources.

If none of that fits them (say, for crazy experiments like datacoin or
gridcoin), I recommend them merged mining because is more secure for
them, more secure for bitcoin, and better for the environment and
everyone in general.

Still, for some reason a new non merged mined chain is the most popular choice.
Less efficient, less secure, more popular.
Why?
I wonder if devs warning against merged mining or making stupid
predictions like "bitcoin's PoW algorithm won't survive the year" have
anything to do with that...

>> > Without merge mining if the value to the participants in the new system
>> > is greater than the harm done to the participants in the old system the
>> > total work on the new system's chain will still be positive and it has
>> > a
>> > chance of surviving.
>>
>> No, the "harm to the old system participants" is distributed among all
>> the participants, not only miners (assuming miners have any
>> speculative position at all).
>> I'm not denying that people do crazy and stupid things, but let's at
>> least allow the "anti-competition attacker" be equally crazy in both
>> cases.
>
> Distributing harm among n people just reduces the harm for each person
> by a factor of n. That may or may not make that harm smaller than
> whatever tiny reward mining the chain would be.

The harm TO THE MINERS alone (again, assuming they have any position
at all in the coins they're mining) is less than the "total harm" to
the competing system, assuming that's quantifiable at all.
Miners won't think about the "total harm", but only about their share
of harm vs their share of just mining the competing system alongside
with the old one.

>> I have many other explanations for the few currencies that died with
>> MM (can you remember any name?). At the beginning all altcoins were
>> much smaller and easier to attack, all of them. Bitcoin mining pools
>> didn't wanted to update to merged mining and didn't acted very
>> rationally about it.
>> Namecoin went through a really delicate situation just before
>> hardforking to MM, but now is by far the most secure altcoin of them
>> all, all thanks to MM.
>> All rational bitcoin miners should also mine namecoin. Period. All
>
> You assume doing so has zero cost - it doesn't. Running namecoind
> involves effort and bandwidth on my part.

Yeah, true, they will only mine if all those costs are lower than the
reward. Only the hashing is "for free".
I'm assuming that those costs are very small compared to the reward,
that is, that most of the reward pays for hashing and not validation.

>> those who consider it competition with their current Bitcoin
>> speculative position, should just "attack in the market" by selling
>> the namecoins as soon as they get them.
>> Providing security for a chain DOES NOT give it an utility or rise its
>> demand.
>> Operation COSTS DO NOT CAUSE VALUE.
>
> Lets rephrase that "A secure chain is no more useful than a less secure
> chain. A secure chain will not be more valuable than a less secure
> chain, all other things being equal."

Not exactly, a less secure chain can become completely useless due to
the lack of security.
What I'm saying is that a useless chain is still useless no matter the security.

> I don't think we're going to see eye to eye on this.

It is possible.
At least now we know each other position in MM.
I'm not sure if the silence means that only Maaku and Luke-Jr agree
with me on merged mining, that it is you who are more alone than me on
this one, or if it's just that not many people had taken the time to
think about this...




More information about the bitcoin-dev mailing list