On Tue, Dec 16, 2014 at 11:55:50AM +0200, Alex Mizrahi wrote:
> Usually at this point people say "we assume that miners aren't going to
> collude, otherwise even Bitcoin is not secure".
> Well, this is BS. The fact that a pool can acquire more than 50% of total
> hashpower was successfully demonstrated by ghash.io.
> But the thing is, Bitcoin doesn't offer one a good way to attack the whole,
> as there are powerful factors which will work against the attacker.
> But this is not the case with sidechains (or any merged-mined chains, for
> that matter).
> And once you have a clear incentive, collusion is much more likely.

+1

It's notable that blockstream hasn't published much if anything concrete
on what exactly you'd use merge-mined sidechains for; they're even worse
than Ethereum in that regard.

> > Proof of Burn is a real cost for following the rules.
> >
> 
>  So what? As long as cost is less than revenue, it is OK.

It's even better than that: if an attack does happen, the participants
in the consensus system have an incentive to defend against it to
maintain the value of their tokens. Proof-of-burn allows that defense to
be in response to a threat, and essentially unlimited in size.

So now any attacker knows that if they launch an attack in theory the
response could be as strong as the value of the system itself.

This can be improved upon with systems that allow the tokens to be
burned, "internal" proof-of-burn. This suffers from "nothing-at-stake"
vulnerabilities to an extent, OTOH within the context of the system it
is a true sacrifice of value; probably not a big deal in a zookeyv-style
block-DAG where multiple lines of history can be combined. Here the
incentives of the defenders are even more strongly tipped towards
burning their value to preserve the system, not unlike
replace-by-fee-scorched-earth thinking.

-- 
'peter'[:-1]@petertodd.org
00000000000000000e0c078667795abe21bfdebb913eba60cc7a625c732f0a89