On Tue, Nov 05, 2013 at 11:56:53AM -0500, Ittay wrote:
> Hello,
> 
> Please see below our BIP for raising the selfish mining threshold.
> Looking forward to your comments.

<snip>

> 2. No new vulnerabilities introduced:
> Currently the choice among equal-length chains is done arbitrarily,
> depending on network topology. This arbitrariness is a source of
> vulnerability. We replace it with explicit randomness, which is at the
> control of the protocol. The change does not introduce executions that were
> not possible with the old protocol.

Credit goes to Gregory Maxwell for pointing this out, but the random
choice solution does in fact introduce a vulnerability in that it
creates incentives for pools over a certain size to withhold blocks
rather than immediately broadcasting all blocks found.

The problem is that when the pool eventually choses to reveal the block
they mined, 50% of the hashing power switches, thus splitting the
network. Like the original attack this can be to their benefit. For
pools over a certain size this strategy is profitable even without
investing in a low-latency network; Maxwell or someone else can chime in
with the details for deriving that threshold.

I won't get a chance to for a few hours, but someone should do the
analysis on a deterministic switching scheme.

-- 
'peter'[:-1]@petertodd.org
0000000000000005e25ca9b9fe62bdd6e8a2b4527ad61753dd2113c268bec707