On 08/31/2015 05:53 PM, Monarch wrote: > > Bitcoin is a decentralized currency which allows any person the > ability to transact in a way that does not require specific trust in > any particular party. Users can independently verify that > transactions they receive are valid and confirmed, with strong > confidence that they can not be reversed or modified. A third party > does not hold these same properties, there is no reason to believe the > information they present other than trust they will not lie, cheat, or > violate privacy at their own will. Given information by a trusted > third party (such as a balance or existance of transaction), a person > has no ability to independently validate their claims as you do in a > decentralized system. This is on the right track, but still falls short in a few areas. It's a false dichotomy to say that our choices are: Bitcoin as it exists today (or in some theoretical perfect state of decentralization), or an Excel spreadsheet edited by a trusted third party who can change any number to be any other number they want. Imagine there was only one miner in the network. In spite of being the sole entity creating the blockchain there would still be many actions they could *not* do: * Falsify ECDSA signatures * Generate proof of work without expending energy * Produce blocks that non-mining nodes would recognize as including invalid transactions (including printing themselves unlimited balances) * Force other people to purchase the coins they mine so that they can pay their electric bills What they *can* do is: * Defraud recipients of transactions by including a payment transaction in a block, then orphaning that block with another block that contains a conflicting transaction (double spend). There is usually*** a cost to performing this attack, so miners would only be expected to do it if the benefit exceeds the cost. * Prevent the inclusion of valid transactions into any block using any criteria they want. The worse case scenario for mining monopolization is that the risk of profitable double spends means that transactions might require more confirmations to be reliable, and that some entity can censor transactions at will. Those aren't exactly end-of-the world failure cases. They are certainly undesirable and every means of preventing them should be investigated, but it does mean that it should be possible to dial back on the catastrophe language when analysing possible failure modes. The weakest area for Bitcoin to be attacked is via censorship enforced by miners. The first line of defence is to improve the privacy features of wallets to the point at which blacklists are not effective. I'm confident that this can be achieved. That leaves the censors with the choice of whether or not to escalate to whitelisting, which ultimately can be countered by users switching to a new system which does not have that particular anti-feature. tl;dr: Bitcoin security does not lie on a one-dimensional "centralized vs decentralized" axis. Treating it as if it does removes the clarity that is needed in order to effectively solve problems. ***Exploring the exact conditions under which this is true is an interesting exercise and relevant to long term discussions vis a vis the block subsidy and transaction fees in the future. -- Justus Ranvier Open Bitcoin Privacy Project http://www.openbitcoinprivacyproject.org/ justus@openbitcoinprivacyproject.org E7AD 8215 8497 3673 6D9E 61C4 2A5F DA70 EAD9 E623