Hm, maybe you are right..! It actually does sound quite simple when you put it like that.

It sort of brings into question why we bother so much with consensus mechanisms at all, then, but still...

... Yeah, so maybe a mitigation strategy could simply be to add to the protocol: 'If a chain is the result of a reorg that has allowed double spending, then it should be regarded as invalid.' Could that work?

Ideally you should then also roll out an update where miners can vote to declare any new contentious chain invalid.

... Well, but then in theory, we still have the problem that 51% of the miners might be compromised, if voting is distributed according to PoW. So the voting power still has to distributed some other way, doesn't it..?

Edit:
How about this: The vote in such a case is not distributed to the miners, but rather to the investors, who pay the miners (and other bitcoin owners) for their coin. Could this principle be enough to prevent a hard fork?

priceof bitcoin dependant on mining?.. no
dont confuse PRICE with value/premium

lets translate it to another commodity.. lets use milk as an example

lets say 2litre of milk costs at the farm $0.50 to produce(mine) at the most efficient farm on the planet
last year there were 2x more cows so was $0.25.. and in 2021-22 before inflation was about $0.15 minimum global cost to produce at globel efficient farms

now lets say the most expensive farms on the planet at a cost from the farm of
2021-22 $0.75
2022-23 $0.95
2023-24 $1.45
2024-25 $3.00

now this is the costs at the farms around the globe.. current production range of $0.50-$3

now knowing that the retailers then resell milk to the general public from different sources and may have freeze dried some milk from earlier supplies
what price range do you think RETAILERS(exchange users) would want to sell their milk for today in 2024

do you really think they want to sell it for <$0.15 of 2022's min cost today.. or would they see that no one can even produce milk in 2024 for less than $0.50 and set that as the benchmark as even current producers cannot produce for less so so it currently retails for $0.60-$0.75 with a potential that it could reach $3 if there is a economic event next year

lower threshold value is $50k(bottom support barrier) but the market PRICE is $60-$75 this year with potential to go to $300k next year if a ATH pump even occurs

That's a quite naive understanding of the differences between both consensus methods.

PoS is a bit of a circular logic: consensus determines stakeholders, and stakeholders determine consensus. I hope you know about the Nothing-at-stake problem. The root of that problem is that in PoS there is no way to determine objectively in a decentralized setting if a certain entity is "staking coins" and has thus the right to be a validator. For this reason, you have to be sure that the node you connect to when you re-sync the chain has the correct information. This is different in PoW (see below).

Empirically it seems that PoS blockchains have stood the test of the time and "just work". This however doesn't mean that the Nothing at stake problem has been "solved". Instead some mitigation strategies, including BFT principles, were applied which make it more difficult to attack the PoS consensus. But the problem is: These strategies depend on a certain grade of centralization. Weak subjectivity means approximately: If everybody agrees that the nodes by the Ethereum Foundation and some big exchanges are authoritative for the state of the blockchain, then most nodes will follow their nodes and we have a stable "state". So it "looks" like the chain is safe.

And still, as the consensus lacks objectivity, it is not impossible the find a loophole to attack. A complex attack involving hacking of the servers of "authorities" like exchanges and foundations and perhaps even identity theft (imagine Vitalik's node and his social media accounts being hacked and luring users to the attack chain) could reduce the cost of an attack to a fraction of 34% or 50% (depending of the attack's goal) of the staked coins.

In a PoW blockchain, you don't need to trust other nodes. If you are eclipsed for some time by an attacker, then you may think for a moment that you are following a wrong chain, but as long as you are not 100% eclipsed (which is nearly impossible) and can connect to at least one node with the real "longest" chain, then you're fine. In PoS, you need to find an authority.

We could argument for example, with the same validity than your assumptions about "Ethereum attacking Bitcoin", that Bitcoiners could fund an AI to discover loopholes in the PBFT PoS mechanism of Ethereum and attack it in a similar way I described above. Is this case contemplated in Ethereum's security policy?

In the attack I mentioned you wouldn't know who is a legitimate stakeholder and could vote. Thus every time the blockchain is attacked a hard fork would have to occur. That's the same as in PoW.

Who would sign this agreement? Bitcoin's CEO and the CTO?

Of course a developer group could prepare such a fork in advance, but that would only be necessary once really such an attack was going on, for example if a smart contract like the one you propose appears on ETH's blockchain and gets some traction. Such an attack would probably take months to materialize. Enough time to create a PoS "final last resort" fork.

Bitcoiners of course would probably first try a Scrypt/some-other-algo "last resort" fork, and such ideas have already been discussed for years (maybe even decades ... I remember the so-called "nuclear option" in 2017, I think there was even usable code). The oh so rational Ethereum attacker group would then have to repeat the attack and waste the same resources again in Scrypt hardware. There may be even more algos to try. And "changing the algorithm" is something that happened a lot of times in the altcoin world, and is thus not really an experimental thing one has to pray that there's a 1% probability that it works

No, you are trying to promote a "paper". I'm heavily suspecting from your behaviour that it's a pseudoscientific "paper" to disseminate FUD and try to establish some "PoS is better than PoW and Ethereum will be flippening!" narrative. Prove me wrong

The only "novelty" your "paper" offers (the rest is only "with much money you can 51% attack bitcoin" - even Satoshi knew that) is that you claim that Ethereum owners could profit from the attack, but you have not apported a (falsifiable) hypothesis to back this claim. And I don't see a question mark in your thread title either, which would be the way a serious researcher would go if they wanted to start an open-ended discussion. This post adds to the "strange smell" in this thread.

If I'm wrong and you're really concerned about Bitcoin's security without trying to install the PoS > PoW narrative, you could for example research similar attacks in the real world. There are numerous cases where companies with predatory behaviour tried to attack and kill their competitors. But not all cases are useful. Here I jump to the "market cap" vs "sales" issue.

Your hypothesis that a smaller coins' stakeholders could profit if a bigger competitor is successfully attacked, is based on the assumption that the cryptocurrency market works like a market of goods (say: apples) where sales are the figure to analyze. This means: there is a "static" necessity creating a demand, which is fulfilled by several competitors with a certain market share, and if one of them sells less, then the others normally sell more.

The crypto market however doesn't behaved like that historically. The "competitors" are often dependant one from another (one crashes, the others crash too, or vice versa). And there are also other products outside the crypto space (gold, stocks, bonds, "speculative assets" in general) partially covering the same demand. This means that while a "market" exists, if one competitor loses market cap, other coins in most cases do not benefit directly from that. Instead there is a very complex interdependence with dependencies to the outside world (e.g. vs the bonds market via the interest rate). And the market for strange reasons in some years contracts 70% and then again expands 500% ...

You would have to find cases in the real world where a similarly complex market exists and then such a predatory attack was successful, to support your claim.

Let's continue speculating in this direction. Imagine a ETH->BTC attack occurs. How can you prevent that people flee in extreme numbers from the whole crypto space because trust has been eroded, and instead invest again in what they have invested until Bitcoin appeared in 2009? Then Bitcoin, Ethereum and most other coins would crash.

In addition: If the Ethereum->Bitcoin attack works, then that means probably that also a Solana -> Ethereum attack would work, and I already wrote that the Solana and Ethereum markets are more similar than the BTC-ETH markets.

I can also imagine Bitcoin holders invested in also Ethereum (not a rare case absolutely, see HeRetiK's last post) in the case of an ETH whales ->BTC attack push an Ethereum competitor to harm the ETH whales. Bitcoin holders would then be selling their Ethereum (crashing it) and instead buying Solana. Solana in this case could emerge as the winner surpassing ETH's market cap, and if the ETH whales having tried to attack BTC would score huge losses. If the ETH whales due to this failed experiment would have to stop their BTC attack then even BTC could recover, and ETH would be the only loser.

Perhaps slightly, but in the PoW/PoS comparison it isn't relevant that the market is similar to a "sales" market of goods with exactly the same type of demand. In your "attackers benefit from competitor market share" scenario it is much more relevant.

Just as another thought experiment would be how much would it cost to get enough ETH while people are selling theirs to do this to launch your own 51% attack on ETH.

The fact that there is no real work involved just having enough money to buy enough of a specific coin has always been a weakness of all POS coins.
And now that there are ETH ETFs there is an incentive for people to be able to short the ETFs if they think their value will go down.

Think about it, get enough funds to buy the companies I discussed above that host a bunch of the ETH staking nodes, while simultaneously buying ETH and spinning up your own nodes and then a simple 51% attack against ETH.

-Dave

I think you misunderstood me: I was talking about the field of IT Security in general. Here it doesn't work to only think about what is the most likely thing to happen; you need to speculate at least a bit beyond that.

Well, your not wrong in that I am trying to promote my discovery, and hoping that it will be seen as an interesting an useful contribution to the field. In terms of "FUD," I don't think you really need to be too worried about that. I'm quite certain that there are ways for Bitcoin to mitigate the attack vector, as long as the community doesn't completely dismiss it as being impossible, and ignores it. (I could imagine that this might only make any would-be attackers more bold, by the way.)

In my preprint, I suggest that Bitcoin might switch to PoS. But as you rightly point out, there's no central authority, and this move could therefore potentially cause a hard fork. Although, if PoW is deemed insecure, then it is not unrealistic that by far the majority of Bitcoin investors would choose to invest in the new version.

However, I've also recently come to think that there might be a middle-ground solution where Bitcoin adopts PoS only as a soft fork. This is also what I've talked about recently in my discussion with @HeRetiK above.

Personally, I don't see why Bitcoin would then want to also cling to PoW necessarily, and to the fact that their users and investors have to continue carrying the daily electricity bill of the miners (ultimately), now and in perpetuity, but that's just my own personal view; you seem to think that this bill is worth it, and I'm sure that there are a great number of other people who do.

In theory, a 51% attack on Ethereum would cost > $300B × 50% = $150B. (Bitcoin and Ethereum have apparently just dropped 11% and 21%, respectively, in this past 24 hours.)

And a 34% attack would cost > $300B × 33.3% = $100B.

The stakers would lose that money (in a Rival Goldfinger attack), and they would only be able to gain $300B, and only when assuming that the Bitcoin investors share the costs equally. If not, it would thus take at least 33.3% of the Bitcoin investors to participate in an attack in order to break even in terms of costs and gains. (And for a 51% attack, it would require at least 50%.)

Now, if the Bitcoin investors is somehow able to keep their attack a secret, they would in theory not need to beat 33.3%, but only ~0.01% (in the current moment), which is the actual fraction of staked Ether compared to what's in circulation. But on top of the need to keep it a secret, this theory also assumes that safe guards like described in https://ethereum.org/en/developers/docs/consensus-mechanisms/pos/#finality isn't implemented or doesn't work.
(Edit: Sorry, my mistake! I mistook 33M ETH for 33M USD when I looked up the amount. The amount of staked Ether is currently 28%, not 0.01%. x))

Last but not least, in order for the steal to be finalized for good, the attackers would also need to confuse the Ethereum community of whether the reorg was malicious or not, assuming that the remaining 66.6% of the Ethereum stakeholders would otherwise just revert the attack afterwards. (Edit: Think of what happened with the Ethereum Classic fork.)

For a 51% attack, the attackers would be able to force a hard fork when the "honest" stakeholders revert the attack. But unless again the attackers can succeed in confusing the whole community, the community and investors will know which of the two chains they ought to support, if they don't want to support the chain that actively tries to undermine its own currency.

I agree with this statement.

I don't really believe that any attackers would be able to actually confuse the Ethereum community/traders of which is the honest and the malicious chain in practice, however. Do you agree with this?

But it's still a valid point, and why some might choose PoW over PoS. However, if PoW truly has this vulnerability that a rival blockchain could profit from a 51% attack, then its not certain that PoW will remain the more favored protocol, and Bitcoin might want to consider a switch as well.

In theory, there are some attacks in POS chains that would make the malicious chain indistinguishable from the honest chain, therefore they need check-points. But the problem - how do you decentralize check-pointing. And for those projects that claim they have, they are hard to analyze.


To find out is simple - Attack Bitcoin. If the attackers are successful with that, then Bitcoin has no right to exist.

im saying if production cost of most efficient asics is $48k/btc COST..  only those at $48k+ would sell at $48k+ to break even/profit. no one likes to sell at a loss

those with higher costs would just retain coin and wait for the market to rise before selling
this causes a lack of supply on the market

also those with coin from say 2012 ($6/btc cost) may have sold to someone else in 2017 at $20k, where that buyer of that coin has a now $20k min break even so wont sell for $6 even if that coins origins had a mining cost initially of $6.. if then the guy that bought the $6 mined coin for $20k then sells that coin to someone else in 2021  ATH for $70k. the new buyer sets their break even at $70k so wont be selling their stash for under $70k
thus although the coin mined in 2012 had a mining cost of just $6 it has a current break even cost of $70k thus wont be on the market when the market price is $50k.. and would be retaining the coin off the market and wait for the market to reach their desired amount..
so again less supply willing to sell at <$50k

i for instance am one of the rare ones with coins still held from 20212($6/btc). however im not ready to sell and no i wont be interested in selling at <$50k even if my initial cost was just $6/btc..
those that do panic about markets more than likely already have sold and as such the new buyer sets the new break even amount

when you look at the mining costs and the coin acquisition costs of coin movements (realised value) you start to build a picture of how much coin is supporting certain price levels

if people are willing to sell at a loss. they probably already have. EG those that bought at $70k in 2021 and panicing in the 2022 $15k price range. if stupid enough to sell at a loss. they already have. meaning the new buyer at $15k+ in 2022+ may have more control of emotion to not sell at a loss.
which reciprocally they would sell at profit only in the $15k-$75k range of 2022-2024. where the next buyer then sets their break even above the $15k range. again strengthening the periodic bottoms of 2023-2024 of $25k- ~$50k

and no..its not about the market being $50k today and people are finding ways to sell coin today for $70k-$300k. its about people setting limits of break even to decide to sell now at $50k today OR hold onto coin because its not yet time to sell, they wait for the market to rise to sell when the market price is right

if people have no intention to sell in the 2024 period of $50k-$70k they wont put their coin into the market, they obviously want to wait for more then $75k before selling so are just holding onto coin and not putting it on the market

then you have to look at the other side of the market.. when there are regions of the planet where it costs $300k to mine (they assess cost before actually investing) they see its not worth mining at $300k a coin and would happily buy coin at $50k+ from the market. which also supports the market and the underlying value because they know chances of getting coin via any market for less is extremely thin, because even trying to get coin via OTC hidden markets of the most efficient mining pools will still have those efficient miners not wanting to sell below $50k today

In some POS blockchains/networks, there's check-pointing that's signed by a centralized entity - usually the developers - every X blocks to ensure that that is the real history to be followed.


If an attacker/attackers could be successful in getting more than 51% of the Hashing Power behind him/her/them, AND overcome the network's army of full nodes, then that would prove that Bitcoin has failed and therefore it has no reason to exist.