mm you are right, then the "moving checkpoint" rule needs to have some limits to allow the network self-heal instead of requiring humans detecting the splits or stopping nodes. Let's suppose than a 51% attack can be detected and the developers can release a new version of the software with a new mining protocol in about 3 days. Then the complementary rule could be something like this: - If 2 forks have a block height difference of 432 blocks (about 3 days) or more, then the moving checkpoint rule is ignored and everything works as with the current protocol. With this rule, the network can self-heal in a 100% automated way. This would prevent a history rewrite of more than 24 hours during a 51% attack during 3 days, which should give enough time to change the protocol. If instead of a 51% attack what happens is a network split, then nodes should converge to the longest chain in a few days. But maybe I'm missing something here, I'm still learning. Regards, ________________________________ From: Alistair Mann Sent: Thursday, August 1, 2019 1:28 To: Kenshiro [] Cc: Bitcoin Protocol Discussion Subject: Re: [bitcoin-dev] Add a moving checkpoint to the Bitcoin protocol On Wednesday 31 Jul 2019 14:53:25 Kenshiro [] wrote: >> How would a (potentially, state-sponsored) netsplit lasting longer than >> N be handled? > > It would be detected by the community much before reaching the reorg limit > of N blocks (it's 24 hours) so nodes could stop until the netsplit is > fixed. A netsplit cannot be detected but merely be suspected where the p2p protocol does allow arbitrary connecting/disconnecting of any peer: there's no difference between a remote net being split off, that net having nothing to say, and that net choosing to disconnect. Detection then mandates manual, out- of-band communications, which is error prone and centralising. I also observe 'stopping nodes' during netsplits introduces several attack vectors. Among them: create a netsplit, which stops the nodes, turn off the netsplit, repeat. A sequence of 365 actors causing their own small netsplits could effectively stop Bitcoin at the cost (to them) of no Internet for one day a year as the rolling netsplit could never be fixed. > In the extreme case no one notice the network split during more than N > blocks (24 hours) and there are 2 permanent forks longer than N, nodes from > one branch could delete their local history so they would join the other > branch. > > P.S.: To be clearer, in this example I set an N value of 144 blocks, which > is approximately 24 hours. I've seen estimates of China hosting more than 51% of hashpower. Say they conduct a netsplit. Does your suggestion mean that it's the rest of the world that has to delete their local history because they lack the hashpower to assert themselves as the proper branch? If so, I think having to delete actual history everywhere across the globe but China is not a price worth paying to limit reorgs to 24 hours. I am unconvinced that the moving checkpoint you describe would improve Bitcoin. -- Alistair Mann