Dan Larimer Cannot Censor Accounts with 51% of Hashes

in #eos7 years ago (edited)

I have been following the ongoing debate about the capacity for eos to censor certain accounts. My interest lies in the fact that such censorship is in complete contradiction to everything I believe crypto should represent. In my reading, I stumbled on this steem post https://steemit.com/eos/@thecastle/oooohhhhhhh-x-wait-is-this-fucking-true, that presents tweets where @dan (Dan Larimer) claims that a given account could be censored by convincing only 3 of the top 5 miners to reject specific transactions. Deeper in this thread @dan claims "Give me control of 51% hashpower if any chain and I’ll freeze all accounts to prove point."

Here I show that @dan is positively mistaken and his statement qualifies as FUD against ethereum and any proof of work blockchain. In this analysis, I give @dan a lot of hashes with which to censor transactions and demonstrate he can not censor anyone temporarily with certainty, and can not censor anyone indefinitely with any chance of success.

Let's fist consider what is involved in a 51% attack. The way a 51% attack works is that you have two groups of miners. Public miners and secret miners. Secret miners aren't always secret, but I will call them secret to underscore how a 51% attack works.

The secret miners begin the 51% attack by picking a branch point on the chain on which it will add secret blocks. That is, these blocks are not broadcast to the public network. Exchanges don't see them, typical users don't see them, block explorers don't see them, etc.

The secret miners proceed to mine this secret chain until it has a significant length advantage over the public chain, then they publish the longer chain, at which point the public miners must reorganize chains and accept the longer chain that has more work.

To "censor" transactions, the attackers must systematically exclude particular accounts.

But there is a catch that @dan completely ignores: finality of transactions is not a function of the blockchain like @dan wishes it to be, it is a function of the real-world entities that interact with the blockchain. This concept of finality is what makes a 51% double spend attack work, by the way. (A 51% double spend attack is not the same as "censoring" with 51% of the hashes, which is the subject of the following analysis.)

Consider an exchange, like bittrex, that requires only two confirmations to credit a bitcoin transaction. Imagine if we "gave" @dan 51% of the bitcoin network to censor whoever he wished. Could he have success censoring this person from sending coins to bittrex? I won't present the math here, but this amounts to sampling problem where the chance of success for the censored party is about 44% on any try spanning two blocks (given some conservative assumptions about the variance of mining power--the more variance, the easier it is for Alice).

In other words, let's say @dan has 51% of the hashes, and is trying to censor Alice. Every 2 blocks, Alice tries to send her transaction to bittrex to spend it. She has a 44% chance each time she tries to push the transaction through.

Alice's censorship at this point turns into a joint probability, where after 1 day of 72 tries (144 bitcoin blocks per day) we calculate the probability Alice will fail all 72 times with a 56% (100% - 44%) probability of failure on each try.

Basically, Alices chances of failure are so infinitesimal (1 in 1.35x10^18), that her chances for success within one day is absolute, rounding to 100% after 16 decimal places.

Clearly @dan can not censor Alice, or anyone else, with only 51% of the bitcoin hashes.

Now, let's take an extreme example where we give @dan 66% of the ethereum network. Can he censor Alice from sending ETH if she can find an exchange that credits her balance after 5 confirmations? This would admittedly be a rare exchange, but she only needs one outlet to spend her ethereum to bypass @dan's censorship.

This turns into a sampling problem where Alice has an 0.01% chance of success over any 5 block interval. Now @dan has some real power. But can Alice push a transaction through in a day?

Because ethereum has 15 second blocks, Alice has 1152 tries per day to push her transaction through, each with an 0.01% chance of success (or 99.99% chance of failure). In this case, @dan is doing much better than he did with all the bitcoin mining power. Alice only has about an 11% chance after 1 day, about a 20% chance after two days, and about a 68% chance after 10 days. If Alice keeps trying for a month, she will have about a 97% chance of getting it through. And after 3 months she'll get it through with a 99.997% chance. Dan is likely to give up after 6 months because Alice will have succeeded with 99.9999999% probability.

Sorry @dan, you can't censor anyone indefinitely with only 2/3 of the ethereum hashes. You'll need much more.

Sort:  

But there is a catch that @dan completely ignores: finality of transactions is not a function of the blockchain like @dan wishes it to be, it is a function of the real-world entities that interact with the blockchain.

Could you explain what his finality concept means? As I understand it during a 51% attack when it is kept long enough, people will be "forced" to move to the longer chain.

"Finality" is just a fancy way of saying that non-blockchain entities have their own definition of when they consider a transaction irreversible. For example, if Alice sends to bittrex, then bittrex will consider the transaction irreversible after two confirmations, and credit her balance.

If the secret miners (attackers) don't get two blocks before the public miners get two blocks, then bittrex will credit Alice's balance and she will circumvent @dan's attempt at "censorship".

This is the part that @dan ignored when he made his faulty claims about being able to censor with 51% of the hashes.

Ah now it makes sense, I had been speculating that this was the meaning of it.

Actually, now that I think of it, @dan is not only failing at censoring Alice, he is paying for her to have a nice income based on double spending.

I have been going through your little quarrel :P. And I think both you and @dan are right depending on the situation. If we take your Bittrex example, Alice's transaction will be censored whenever she has no prior knowledge of the attack of Dan, because as you say her coin will be destroyed. If she knows dan is after her she can trade her coins or move her coins to another exchange. But in the case when her coins doesn't get destroyed when there is a fork (like btc vs bcc), she is in fact never censored.

It all comes down to the finality, if people accept both Alice's chain and @dan's chain. I am not sure how EOS works, but applying the PoW logic to the system and your probability function, it would indeed be impossible to censor Alice over a long period of time based if miners accept both Alice's and Dan's chain, in which case there will be 2 EOS coins. But as I understand the goal is to only have 1 EOS network. In which case censoring is successful on the new accepted chain, but total censoring will never happen because there exists a chain where Alice accounts still exists.

Your probability function is also very relevent in that Dan is not able to immediately censor Alice on a PoW chain as with 49% of the mining power she will still be able to put through messages for a while.

Well this is my two cents on this subject and please correct me if I am wrong. My reasoning followed logical conlusions from my current understanding of PoW :P

it's great to know that the blockchain technology is this resistant to censoring, two questions comes to mind:

  • is it the same case for the majority of blockchains out there?
  • and what's the effect of censoring attempts on the blockchains that require a big number of transactions in a short time, I would imagine a user would be frustrated after few minutes if their post can't be submitted on a platform like steemit.

of curse I know it's a totally different platform but it's a mind exercise for me to imagine these cases.

This is excellent point.
I also agree with you.
Thanks for sharing sir @steemed.

@steemed what do you think the exact reason for the failure of EOS Network and why it is down???

You made an excellent point that I totally forgot to write in my post
https://steemit.com/bitcoin/@sames/bitcoin-vs-eos-understanding-the-drama
I was more focusing on a generalized aspect of my post and countering what Dan had commented to me.

thought we are in a world of free speech... don't understand why exist the word "censor" ...

I apologize for commenting here on a subject that is unrelated, but in the off chance that you do see it. I wanted to let you know about this new initiative called @steem-ua

I realize you might get stupid amount of memos asking for support and what not. But, I'm not here to waste your time, to ask for altruistic behavior, quite the opposite.

Because I realize my voice may not have enough weight, if you get a second check out this post written by @cryptoctopus to see what I'm talking about.

Conversations are happening on discord, the project is taking off and I think you could also play a role here. This is something the community is doing, outside of steemit inc, to pull steem out of the gutter and in that sense, I'm sure you can see its value.

Anyways, hope all is well

Meno

Replied to wrong post.

Actually guys, Dan IS correct and pretty much everyone I am talking to seems to be saying it. Its an unlikely scenario.

This is a quote response from Reddit bringing up this point.

correction: 100% of your transactions will not go through, since the 51% attack will be mining the longer chain

Not only that but its being brought to my attention that mining pools can be used to jack up the price as well. If they all decided to charge a higher fee then nothing can really stop them.

In other words, let's say @dan has 51% of the hashes, and is trying to censor Alice. Every 2 blocks, Alice tries to send her transaction to bittrex to spend it. She has a 44% chance each time she tries to push the transaction through.

Alice's censorship at this point turns into a joint probability, where after 1 day of 72 tries (144 bitcoin blocks per day) we calculate the probability Alice will fail all 72 times with a 56% (100% - 44%) probability of failure on each try.

Basically, Alices chances of failure are so infinitesimal (1 in 1.35x10^18), that her chances for success within one day is absolute, rounding to 100% after 16 decimal places.

In this scenario, Alice is using her wallet to make money so she can do posts about the political situations in China. 3 / 5. Well the situation you describe is her wallet being made basically useless at this point. Her wallet is dead. If your transactions are not going through and they become super expensive, lets face it, that's a dead fucking wallet.

Sorry @dan, you can't censor anyone indefinitely with only 2/3 of the ethereum hashes. You'll need much more.

They can continue this attack on Alice for as long as they want. It only takes a couple months to completely debilitate a person. They cant pay for food or rent.

I say its good enough to be counted as censorship. Alice might have been better off not using a crypto like ETH to down talk the chinese government. Its not impossible. It actually makes a ton of sense.

No, you are wrong and so is everyone else "you are talking to". The thing all of you are missing is that censoring Alice is a race, where the attackers (secret miners) have to get a longer chain in the time it takes the public miners get only two blocks. Remember bittrex gets its blocks only from the public miners.

I already did the analysis, so I won't do them again. But the chief considerations are: (1) attackers have to mine secretly until they have a longer chain, (2) each N-length race is probabilistic, and (3) exchanges and vendors will confirm the transaction after two public blocks.

The thing all of you are missing is that censoring Alice is a race, where the attackers (secret miners) have to get a longer chain in the time it takes the public miners get only two blocks.

A race they already win by default for for having better hardware. Why would they need to do it secretly. They can JUST DO IT. Theres nothing more to it than that. Alice would be screwed in this situation. Period. She made some powerful enemies and is now rocking a nearly useless wallet.

Why would they need to do it secretly. They can JUST DO IT.

NO THEY DON'T.

51% of the hashes only gets you 51% of the blocks. Alice can submit transactions that stay in the mempool and get accepted on 49% of the blocks. There is absolutely NO censorship in this case. It doesn't even inconvenience Alice because her transaction can stay in the mempool for hundreds of blocks. @dan fails.

To conduct a 51% attack, @dan has to mine secret blocks until he has a longer chain then force a chain reorganization by publishing his fork. While he is trying to get a longer chain, Alice can push a transaction through to bittrex because @dan is going to lose a 2 block race many times over the course of a day. That's how @dan fails.

you make the argument as if the mining pools own all the hashing under the pool

all miners would leave when they see the attack happening and woulnt take more than 10 minutes, not very long to do anything and most sites use more than one confirmation for a transfer so attack is obsolete with high cost and 0 incentive

I honestly think they would just either not give a crap or switch to another coin. Exasperating the problem further. Also you are making the argument that anyone would even know the attack was happening.

There is no way we would be able to genuinely know an attack like this was going on. All you have to do is get a couple shills on reddit to respond and say things to confuse the topic more and you can launch attacks like this consequence free forever.

bots would know when this happens, more accurately described as there algorithms would identify and act accordingly

What bots, what algorithms and how would they act accordingly?

a bot is an algorithm

programmers use algorithms(bots) as tools to automate functions and program commands for possible scenarios

do you think miner's review blocks manually and initiate commands manually

Actually, now that I think of it, @dan is not only failing at censoring Alice, he is paying for her to have a nice income based on double spending.

Consider what happens every time Alice is able to push a transaction through on bittrex. This happens when the public miners beat the private miners (attackers) over a given 2 block interval. @dan later comes along with his 51% attack and negates her transfer to bittrex because censorship is an ongoing process. Bittrex has credited her balance, but since @dan has negated her transaction from the block chain with all that censorship, she gets to send to bittrex again. @dan is conducting a 51% double spend attack on Alice's behalf instead of censoring her.

Derp.

At which point Bitrex says Alice can go fuck herself and locks her account. I think you are grasping at straws here if your argument is that this actually gives Alice an advantage when the reality is that it would be a fucking nightmare if 3/5 mining pools decided to fuck your wallet over.

I'm still leaning heavily in the direction that @Dan is right. The only counter arguments I can see is the likelihood this would happen. Which is pointless. WE KNOW IT CAN HAPPEN. Its functionally possible. But the moment Bitrex starts losing money to double spending is the moment shit gets locked down fast as fuck with them.

When Alice executes the double spend, bittrex won't shut her account down, they will put the wallet on maintenance. If it happens more than once, the coin in question gets delisted. There is plenty of precedence for delisting PoW coins that are double spent through 51% attack. Alice can then move to a new exchange.

Dan's 51% hashes don't censor Alice, it kills the coin.

You are struggling to defend @dan, but he's not even here defending himself. He's hiding because he knows he is wrong on this issue.

Check this out: Na na na na na na -- @dan you are wrong!

See? No @dan.

I am like 99% sure if Bitrex starts losing money because Alice is not actually sending them money that they credit to her account it wont fly for long.

Alice can then move to a new exchange.
That wont be cool with this shit either and she would be in deep water pretty fast especially if it goes public that Alice has been scrwed over.

You are struggling to defend @dan, but he's not even here defending himself.

Why would he bother. He stated that 3/5 entities can make your wallet basically useless. Right now, if you pay attention to whats being said isnt refuting what he said, but rather refuting about how bad it would be for Alice.

And the only disagreement we have is on a gradient of her being basically fucked and highly inconvenienced to completely screwed and highly inconvenienced.

Literall all you are saying is that

Alice would only be mostly fucked and unable to use her wallet. She wont be 100% fucked so its totally cool guys.

But that right there is conceding the argument at a base level. You took it for granted he was right from the get go and then reform the argument around how she can just walk it off and man up while 60% of her transactions fail and every exchange gives her the finger lol.

Were splitting hairs here and its bordering on comical. Literally NOBODY is going to want to be in a position where 3/5 mining pools decide to make your life a living hell.

You aren't getting it. Think about how it plays out instead of blindly trying to defend @dan. Let's imagine you are Alice (not the real person but the account). Alice realizes @dan has 51% of the hashes and is trying to "censor" her. I have shown that she can push a transaction through with certainty over a finite number of blocks. Let's say @dan is dead set on killing the chain to stop Alice. Alice sends the entirety of her balance to trex by pushing that transaction through.

Hungry to double her money she tries again after @dan graciously negates her original spend, then she executes a second (double) spend, maybe going so far as to dump her account on bittrex for the second time and transferring all of whatever she dumped into off the exchange. Alice is now 2x rich and out, @dan is wasting gobs of money mining a tainted coin.

Who won from this "censorship"?

You aren't getting it. Think about how it plays out instead of blindly trying to defend @dan.

All I care about is truth. Period. I never blindly defend anyone ever. If I smell bullshit I attack it endlessly.

Alice realizes @dan has 51% of the hashes and is trying to "censor" her.

First off she wont know. Nobody would ever know this is just happening to them. They would all assume the coin is 15 transactions per second pile of garbage like it has always been for many years. Nobody would assume there is a crazy attack going on against them. We would never be able to know. And any proof would be written off as a conspiracy theory.

Lets assume Alice is a ninja who knows exactly the moment she is getting attacked.

She instantly sends her entire stack to Bitrex at exactly the right moment knowing full well it will double her money! Alice is a perfect warrior because she was able to access her magical powers of perception and know exactly when she was being attacked. Bitrex lets her get away with it too even though they lose a ton of money lol.

I don't know guys but this chick sounds pretty hot. I bet she can dodge bullets and leap skyscrapers in a single bound.

Anyway with all of that said, Bitrex wont give her that money. I am like 99% sure Bitrex would not lol this off and let her cash out. Not only that but this attack could be done on any number of her other wallets. All you do is watch the transactions and boom the money she cashed out would be right on the same black list. Dude this shit would be a fucking nightmare.

Ok lets stop turning this into a secret agent movie. If the mining pools felt like it, Alice would be fucked and she would have zero idea it was happening. And theres no fucking way Bitrex would let her get away with double spending them.

I downvoted you with full weight because you are not working to understand the concepts here and instead you are resorting to nonsense statements like "lets stop turning this into a secret agent movie".

You obviously have no understanding of game theory, strategy, security, probability, or how blockchains work. I'm proving to you that I do because I got this voting power by being a student of all these things. I really recommend learning from someone who knows their shit rather than @dan who is just trying to promote his latest revenue venture with unsubstantiated and erroneous claims.

First off she wont know.

You failed right there. The success of an ongoing, persistent, indefinite attack can't rely on the victim's not finding out about it. That is a recipe for a failed attack, and boom Alice is uncensored. It's easy to discover these attacks. Everyone will know something is up when the chain keeps re-organizing every 2+ blocks. They will spot who is behind the 51% attack and identify it as such, with these new 2+ block forks suddenly coming out of nowhere and reorganizing the chain, and possibly causing other havoc, not just to Alice.

The rest of your post is based on this same fallacy, so isn't worth responding to.

if 3/5 mining pools colluded for a 51% attack they would lose power within 10-30 minutes as miners would notice what is happening and leave the pools

Not really, because we saw this happen with Bitcoin when they wanted to force 1mb blocksize completely crippling the coin and all it did was cause a schism. Also who would even notice if this were to happen. Its normal for ETH to take several hours to do a single transactions on peak times.

An attack like this against a single person would probably not even be possible to prove. They would just think ETH is being a little worse than usually today. It would take weeks before it clicks "Hey wait a minute" lol

on the bitcoin 1mb fork this wasn't a 51% attack and was caused due to the limit on blocksize being lower than thought and unknown untill was tried.

Miners would notice this or more accurately what ever bots they use to manage would identify and i would imagine most have corrective actions readily programmed for such a scenario

i speak on bitcoin not ethereum big difference

on the bitcoin 1mb fork this wasn't a 51% attack and was caused due to the limit on blocksize being lower than thought and unknown untill was tried.

Yeah it was, it was a massive propaganda campaign fueled by Blockstream to defend their ownership of Bitcoin. Don't you remember when Bitcoin was suddenly not money anymore? That was where the "store of value" meme began and it was insanely stupid. Bcash / Bitcoin cash was a massive disaster and it all stemmed from Blockstream having full control over Bitcoin and using that control to prevent larger blocks to be implemented on Bitcoin.

what are you talking about?

blockstream doesnt have full control of bitcoin

big blocks are stupid and uneeded

seems you've been hitting the roger ver koolaid a bit too hard

maybe try researching and learning yourself rather than listening to what your being told