Hi folks! Can someone please tell me where my theory breaks?
I theorize that the cost to get enough shared ledgers to agree that user x has 0$ (previously had $5M) is less than or equal to the amount of money that could be divided amongst the thieves.
IE if you get enough people to say the sky is purple is the sky purple? Isn't cooperation key to a decentralized system? What happens when a new patch is released that pays you $100 to say a lie that user X has $0 and everyone involved has $100 more?
Something like this happened last year with Ethereum. A hacker stole $150 million, but the funds were conveniently trapped on one place for a month. People rolled out a patch that moved the funds back to their original owners.<p>Some people thought that was a bad idea and kept running the unpatched version. That caused the blockchain to split into two separate blockchains, the patched (ETH) and unpatched (ETC).<p>After that, it was up to the market to determine which version was more valuable. So far ETH is worth a lot more, so apparently the market was fine with this action in this particular case.<p>If people were to roll out a patch that <i>committed</i> a theft instead of repairing one, it's unlikely that many other people would go along with it. There'd be another split, the thieving chain would drop to a low value, and the original chain would keep rolling along with funds unstolen.
You're forgetting that the integrity of the blockchain has value, particularly for miners. The token would crash once such a deception were made known making the miner's reward for mining worthless. That's the cost that you are not factoring into your example.
Too many things going on here:<p>a. Are you aware of the Ethereum DAO hack? The whole Ethereum vs Ethereum classic. Short story - The largest ethereum contracts was hacked and money stolen. Then a patch was released saying that the hack didn't happen.<p>People who accepted the patch were "ethereum" holders and those who refused are now on "ethereum classic".<p>So, changing the rules in a patch doesn't matter. If there are enough people helping user x and the currency is still accepted it can be called 'currency classic/cash'.<p>b. There is a lot of confusion on whether cheating n blockchain somehow requires a patch or 51% support. It doesn't. 25% is enough to try and cheat within the rules. Read:<p><a href="https://steemit.com/ethereum/@dhumphrey/update-f2pool-manipulates-usd1-2-million-on-the-ethereum-blockchain-during-the-status-im-ico" rel="nofollow">https://steemit.com/ethereum/@dhumphrey/update-f2pool-manipu...</a>
With greater than 50% of capacity, you can do a lot of bad things.<p>For ASIC blockchains like bitcoin, a few companies in china dominate the network so they could easily collude and do just this.<p>For non-ASIC blockchains, you can do it through the cloud. Here is some math i did on it the other day:<p>digiconomist [0] estimates that current etherum mining cost is 1.3 billion a year, or 3.6 million a day, or 151,000 an hour, or 2,500 a minute.<p>Multiply by 5 for cloud on demand premiums and you could dominate the etherum network for an entire day for 18 million. You could also do it for free if you can manage to do it with stolen credit cards.<p><a href="https://digiconomist.net/ethereum-energy-consumption" rel="nofollow">https://digiconomist.net/ethereum-energy-consumption</a>
You're correct that cooperation is key and that if you get "enough" people (50% of hashing power in most cases) behind a plan, they can change the rules of the game. This could be used to steal coins.<p>This has actually happened in the past. When massive amounts of Ethereum were stolen from the DAO, the community got together and decided that those coins did not belong to the hacker. With >50% of the network, they forked the coin and created a refund contract where people could retrieve their stolen coins.[1] The dissenters remained to form what is now Ethereum Classic.<p>So, what prevents this from happening in a malicious way? The first hurdle is building that consensus. Many people involved in cryptocurrencies today believe that the future value is much higher than today's value. Paying them off would not be easy, especially considering that cashing out a large sum would crash the price of the coins, and thus the profits from your maneuver.<p>That being said, a core assumption of cryptocurrencies is that 50%+ of the network is not malicious. Another way of looking at this is that whoever controls greater than 50% of the network cannot be considered malicious from the network's perspective. They <i>are</i> they consensus.<p>The last point I'll make is speculative. If you created (or took over) a cryptocurrency and built consensus out of malicious actors, what value do you think the outside world would place on that coin? You would win lots of coins, but would anybody pay you dollars for them?<p>[1] <a href="https://www.cryptocompare.com/coins/guides/the-dao-the-hack-the-soft-fork-and-the-hard-fork/" rel="nofollow">https://www.cryptocompare.com/coins/guides/the-dao-the-hack-...</a>
When you create counterfeit money, you damage people's trust in the money, which damages it's perceived value. You'd have to do it without doing catastrophic damage to the public trust, because then all you've stolen wouldn't have nay value.<p>However, you could SHORT crypto currency and then do some damage it. Where would this logic break?
> the cost to get enough shared ledgers to agree that user x has 0$ (previously had $5M) is less than or equal to the amount of money that could be divided amongst the thieves<p>That's the trick. In some cases, you'd be correct and the thieves can get away with theft. In most cases though you are incorrect, the cost of getting that many ledgers to agree with the thieves is prohibitively high.<p>This theory underscores the importance of having many full nodes running on the network. If only a small number of people run validating nodes, the cost of committing some theft like this is substantially reduced. This is one of the biggest and most important arguments behind having small blocks instead of large blocks.<p>Large block supporters tend to think you only need a few full nodes to get immunity from these types of attacks, and small block supporters tend to believe that a small number of nodes is easy to compromise relative to the reward for doing so.
>> Isn't cooperation key to a decentralized system?<p>Slightly off-topic, but cooperation is key to traditional currencies, too. If a majority of the United States determines that I suck and tries to stick it to me and anybody who does business with me, all of my US Dollars would have substantially less purchasing power.
1. enough people means >50%, that's a lot.<p>2. ledgers keep transaction histories, not absolute values. to clear someone's wallet, you have to transfer his money out. you can't forge that guy's crypto signature.<p>3.whoever owns more than 5m would not probably put all the money under one wallet.
As another person said, that would damage the reputation of the network.<p>It reminded me of how in the movies a group of bad guys get away with the big briefcase of money and then two of them plan to get rid of the third guy and split the rest between themselves.
You don't even need a protocal change (patch) - a supermajority group of validators (miners or stakers) can censor the minority group profitably, with no way to tell in-protocol.<p>The fact is, all existing blockchain protocols are not coalition resistant Nash equilibria (<a href="https://en.m.wikipedia.org/wiki/Coalition-proof_Nash_equilibrium" rel="nofollow">https://en.m.wikipedia.org/wiki/Coalition-proof_Nash_equilib...</a>) and we rely on the difficulty of coordination for security. Strong centralization can make coordination easier though.
No you can't do this. Disregard the DAO comments. Yes, a hack <i>caused</i> a hard fork - but the fork itself <i>was not a hack</i>.<p>You can't <i>update</i> an account value without issuing a valid transaction (requiring the private key). What you can do with a majority hash power is <i>roll back</i> transactions. But this is limited to your ability to generate a longer chain which becomes more improbable with each mined block.<p>This attack vector isn't that great because transactions worth larger amounts will wait for more confirmations. You're essentially left with an expensive DoS.
The particular attack you describe is infeasible in Bitcoin for sure, and almost certainly for any other cryptocurrency. The problem is that the miners certify that a given chain is valid, but nodes and other miners will apply block validity criteria on top of that. Block validity includes things like "transactions are properly signed" and "miner rewards are correctly calculated".<p>This effectively means that creating a "fake" transaction that would empty someone's account and credit it to the thieves would require a valid signature from the original account. Otherwise nobody would accept the new block. Changing the block validity criteria is possible, but requires cooperation on a much more grand scale, especially for Bitcoin where there are many implementations of the protocol that would have to change to match the new block validity criteria (which, suspiciously, will contain a new criteria saying "oh, and the signature check criteria don't apply to transactions from this address").<p>Without some form of consensus, this would amount to "theftcoin" simply being a hard fork of Bitcoin, with the main chain continuing, potentially with less hash power.
There's a cost to run shards - bandwidth, processing and storage. Each transaction has a 2n1 cost (2 Parties, 1 shard, 'n' shards to sync too.) Decentralization has a high overhead to verify transactions over 'n' participants.<p>That why centralized ledgers were created. Sharded ledgers just means that you have smaller ledgers that have to be synchronized at some point. When you have more centralization you have larger chance of fraud.
It doesn't break down everywhere. This is one of the reasons why BTC is leading the way even though there are a lot of other blockchains which are arguably "better". Being the first kid on the block has a lot of benefits since the mining power is sufficiently large and distributed that it's near impossible to have a 50% attack now, unless the miners stop mining or cooperate.<p>If you think about it, there are many improvements that could be made to basic networking protocols (TCP, IP, HTTP), but since the standards were set "in stone" so long ago, it is difficult to change now.