[Bitcoin-development] Long-term mining incentives

Alex Mizrahi alex.mizrahi at gmail.com
Wed May 13 14:26:52 UTC 2015

> I don't really see how you can protect against total isolation of a node
> (POS or POW). You would need to find an alternative route for the
> information.

"Alternative route for the information" is the whole point of weak
subjectivity, no?

PoS depends on weak subjectivity to prevent "long term reversals", but
using it also prevents "total isolation" attacks.

The argument that PoW is better than PoS because PoS has to depend on weak
subjectivity, but PoW doesn't is wrong.
Any practical implementation of PoW will also have to rely on weak
subjectivity to be secure against isolation attack.
And if we have to rely on weak subjectivity anyway, then why not PoS?

> Again, it is part of the security model that you can connect to at least
> one honest node.

This is the security model of PoW-based consensus. If you study
PoW-consensus, then yes, this is the model you have to use.

But people use Bitcoin Core as a piece of software. They do not care what
security model you use, they expect it to work.
If there are realistic scenarios in which it fails, then this must be
documented. Users should be made aware of the problem, should be able to
take preventative measures (e.g. manually check the latest block against
sources they trust), etc.

> The problem is that if everyone uses the same check, then that source can
> be compromised.

Yes, this problem cannot be solved in a 100% decentralized and automatic
Which doesn't mean it's not worth solving, does it?

1. There are non-decentralized, trust-based solutions: refuse to work if
none of well-known nodes are accessible.
Well-known nodes are already used for bootstrapping, and this is another
point which can be attacked.
So if it's impossible to make it 100% decentralized and secure, why not
make it 99% decentralized and secure?

2. It is a common practice to check sha256sum after downloading the
package, and this is usually done manually.
Why can't checking block hashes against some source become a common
practice as well?

Also it's worth noting that these security measures are additive.
Isolating a node AND hijacking one of well-known nodes AND hijacking a
block explorer site user checks hashes against is exponentially harder than
defeating a single measure.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/attachments/20150513/4be37675/attachment.html>

More information about the bitcoin-dev mailing list