[bitcoin-dev] On the security of softforks

Peter Todd pete at petertodd.org
Fri Dec 18 12:18:45 UTC 2015

On Fri, Dec 18, 2015 at 03:02:36AM +0000, Eric Lombrozo via bitcoin-dev wrote:
> First of all, that's an expensive beer!
> Second of all, any consensus rule change risks non-full-validating
> or non-upgraded nodes seeing invalid confirmations...but assuming a
> large supermajority (i.e. > 95%) of hashing power is behind the new
> rule, it is extremely unlikely that very many invalid confirmations
> will ever be seen by anyone. The number of confirmations you require

To clarify, because the 95% of upgraded hashing power is creating valid
blocks from the point of view of the remaining 5%, that 95% majority
will continually reorg the 5% non-upgrading chain. This ensures that the
invalid chain remains short, and thus the # of invalid confirmations
possible remains small. For instance, the chance of getting one invalid
confirmation is 0.05^1 = 5%, two invalid confirmations 0.05^2 = 0.25%, three
0.05^3 = 0.01% etc.

Whereas with a hard fork, the 5% of miners will continue mining on their
own chain. While that chain's length will increase more slowly than
normal, the # of confirmations that non-upgraded clients will see on it
are unbounded.

Anyway, we should write this up as a BIP - there's been a tremendous
amount of misinformation, even flat out lies, floating around on this

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 650 bytes
Desc: Digital signature
URL: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/attachments/20151218/6607180d/attachment.sig>

More information about the bitcoin-dev mailing list