This is extraordinarily well done and begs to be shared widely.
Agreed, this is a wonderful demonstration of the interesting principles behind the idea of a blockchain (or a distributed merkle tree). Definitely worth playing with for anyone interested in this, and the video is a nice overview as well.
As far as the moon being the limit, unfortunately we still inhabit the corrupted sublunary sphere, and blockchain technology (at least as implemented in Bitcoin) has some limitations which make it unsuitable as a currency or log of transactions between untrusted parties. On your last point, I'm not really sure people know what problems blockchain solves, because there are no problems which directly map to this solution, and there are plenty of problems it half-solves.
Problems it purports to solve but fails at:
Anonymity - good enough to protect criminals, not good enough to protect citizens against a state
Trustless consensus - 51% attack makes this unreliable, esp. with semi-anonymous actors
Trustless transactions - POW as in bitcoin makes this impractical due to energy use and delays
People want centralised trust in many cases for verified identity, transaction rollback, legal constraints on transactions, so in an important sense it is solving the wrong problems (pseudo-anonymity, fungible cash, sort-of trustless consensus) while leaving important problems untouched.
Still, the video and website are an excellent demonstration of the ideas behind a blockchain or Bitcoin.
Anonymity - good enough to protect criminals, not good enough to protect citizens against a state
If you really want anonymity, bitcoin isn't the only blockchain technology you have. I know you were focusing on bitcoin in your answer, but I feel the need to expand here because blockchain != bitcoin.
Trustless consensus - 51% attack makes this unreliable, esp. with semi-anonymous actors
51% attack is overblown. The bitcoin miners self-police and are switching pools as they get close to 50%. And the worst thing that could happen with a 51% is a double-spend. Big
whoop.
Trustless transactions - POW as in bitcoin makes this impractical due to energy use and delays
I don't follow you here. Sometimes the block size limit delays a transaction for a bit, but you still get trustless transactions. The bitcoin community is working to address this problem and I am confident this problem will be solved.
>And the worst thing that could happen with a 51% is a double-spend. Big whoop.
That was the #1 problem that Bitcoin/blockchain solved. If it fails at that it calls into question the whole endeavor moreso than any other possible problem could.
And yet it hasn't failed to solve that. It's only a problem in theory. It requires hand-waving and speculation and then, in practice, it could be a problem.
If you're worried about a double-spend, wait for 6 confirmations. Or wait for 10 if you really want to be vigilant.
The 51% is one of the most successful FUD campaigns I've seen since Microsoft called the GPL a virus.
All it would take is a state actor to decide to break that 51% mark, and bitcoin would crash. I wouldn't be terribly surprised if the US (specifically, the FBI or CIA) isn't poised to do just that if they feel it necessary.
An "accepted" blockchain where all of the funds are diverted to their own wallet even for a day would be enough for all of the speculation that provides bitcoins with value to fall apart. Who would want to invest in a product when can demonstrably be devalued?
Actually, it would take an irrational state actor to attempt this and even then they might only be able to forge a few transactions before a fork was called. A hard fork is not assured to "crash" Bitcoin, so please don't present this as a forgone conclusion.
Or a state actor that is rational given certain externalities. Just because Bitcoin is expensive to attack does not mean it's irrational under all possible circumstances to attack it. War is expensive too, but it happens. This is the fundamental problem when ledger security depends in part on economic incentives.
I think you might be missing the issue around rationality, as it causes actors to do things that are predictable within a certain probability...and cost. An irrational actor does things for irrational reasons and as such does not consider cost or results an intent.
Can't you double spend? You might not be stealing money, but you'd be stealing goods/services by using money twice. If so you're being really disingenuous saying you can't steal money.
Also, it doesn't really take 51%, that's an arbitrary figure, it depends on how many confirmations your adversary is using, and is just a probability, so 40% would probably do in some cases, there is no magical threshold of 51%.
Glad you brought up rule changes, as that's another area where a small group or groups can control blockchains, giving the lie to the idea of a completely distributed consensus - in practice the rules are only as distributed as those willing and able to develop clients (which is a very small group), so that small group have de-facto control of the network.
The state actor in your scenario can't steal anyone's money. They can only create transactions for addresses they control with a private key.
If you listed everything that would need to happen to cause a 51% attack to be successful, along with the odds that this could happen, you'd see that it has zero chance to succeed.
(I'm using some quick back-of-the-napkin odds to calculate the feasibility that this is even possible...)
- Build large mining network under control of state actor that matches the hashing power of the entire network (5% chance this is possible)
- Bad state actor buys something with bitcoin. (100% possible)
- Bad state actor receives the good within 3 blocks or 30 minutes. (5% chance they receive this in time)
- Bad state actor starts building bad blocks with alternate transaction redirecting the BTC into their own wallet. (1% chance)
- Bad state actor solves 3 (3 blocks back to the original transaction) + 2 blocks (to make this a longer blockchain than the good blockchain) faster than the rest of the network. (3.5% chance if they have over 50% of the hashing power)
- Bad state actor did all of this without the rest of the bitcoin network noticing and routing around the state actor (10% chance)
So you have something like 5% X 100% X 5% X 1% X 3.5% X 10% => 0.00000875% chance that this is possible.
Granted, I'm taking a guess at the odds of most of the numbers, but I don't think I'm that far off. The bitcoin network is currently operating at over 3 million TH/s. [1].
To set up another network with that same hashing power would cost at least $2 billion dollars, if not more.
You could buy 250,000 AntMiner S9s (if you could even purchase that many without anyone knowing and to avoid availability problems) for about $500 million.
Then you'd have to set up a place that could hold that many miners. Okay so get a warehouse wired up and properly cooled for another $100 million.
Then electricity is about 1350 watts per miner, requiring a $200 power supply. So add another $50 million just for power supplies....but let's say you wire it up custom, so I'll knock that down to $25 million.
We need 337.5 million watts of power to run our miners. At 10 cents per KW/h, the electric bill will be around $24.3 million a month--just to run the miners. Round that up a bit to power the rest of the electricity, run the UPS and backups, the computers for the staff, and let's say the monthly electricity cost would be about $35 million a month...which is $420 million a year.
Back to the staff, you'd probably need 500 people to maintain such a big operation, minimum. If each state actor employee received about $100k/year in salary, the personnel costs are about $50 million/year.
Now multiply all this by two because you would never set up an operation like this without building in redundancy. This comes to about $2.2 billion for a year of operations.
$2.2 billion to have a 0.00000875% chance at a double spend or to reject some transactions from making it to the blockchain. You'd be insane to approve this project.
But let's say the bad state actor is able to pull off this feat. Then the bitcoin miners do a hard fork and just route around the bad state actor the next day. Everything picks up again where it left off on Monday.
Anonymity - most people don't need or want it, and those who do need real anonymity, not traceable pseudo-anonymity.
51% attack - consider other uses like a shared ledger between 5 big banks, all of a sudden you just need 3 colluding and your blockchain is broken. Or bitcoin, most of the miners are in China, the state intervenes one day and secretly requires collusion.
POW - 7 transactions a second, minutes to confirm and massive costs for those keeping full copies of the chain are big stumbling blocks to any blockchain based on POW as in the example or bitcoin.
I think it has some fascinating ideas around shared trust, but Blockchains based on POW are fundamentally unsuited to the sort of large networks of transactions they are being proposed for and centralised solutions involving signing or hashing have the same advantages but solve all these problems and others like trust.
Things like Lightning Network helps Bitcoin scale by creating a network of payment channels, where you work with "transaction drafts" shared between various nodes that are updated for every transaction made by the involved parties, and which is frequently "settled" on the blockchain by being published to it in its latest version (followed by creating a new "draft").
This means that only a fraction of all transactions actually need to be visible on the blockchain since LN is a secure way to "keep tabs" on the current coin ownership.
Using multisignature mechanisms and timelocks, this is very secure and abuse resistant.
> And the worst thing that could happen with a 51% is a double-spend.
Maybe I misunderstood something, but couldn't someone with 51% of the power rewrite a block at any point in time in the past, and change history ? Or even write bogus transactions to the blockchain ? This would seem much more serious than double-spend, which in itself is already unacceptable for a monetary transaction system, and not to be brushed off so casually.
but couldn't someone with 51% of the power rewrite a block at any point in time in the past, and change history.
In order to change history your miners would need to solve blocks much faster than the rest of the network consistently for multiple blocks. Then all the nodes on the bitcoin network would accept the false fork because it was longer.
Or even write bogus transactions to the blockchain ? This would seem much more serious than double-spend
You can't write a transaction without knowing the private key of the address you're transferring from. This is true whether there's a 51% attack or not. So you can't just write any old transaction to the blockchain. The rest of the network would reject the block with bad transactions in it.
The big problem is buying something with bitcoin and receiving the purchased good--this transaction goes in Fork A. Then the attacker would start the 51% attack and create another fork--Fork B--which competes with Fork A. In Fork B the attack writes another transaction in which she sends the coins back to a wallet she controls.
Then the attacker must continue to solve blocks at a faster rate than the rest of the network is solving it....AND before the rest of the bitcoin network notices what is going on. This is no small feat.
and not to be brushed off so casually
It's not brushed off casually. The 51% attack is brought up a lot in the cryptocurrency community. But it really isn't feasible on closer examination.
In bitcoin it hasn't been a big deal because everyone is aware of the potential and self-polices.
I'm not sure what you mean in your explanation that it fails at trustless transactions.
Also, you are ignoring the main driving force for the development of bitcoin, that being the removal of the middleman/governments from the transaction.
If you are not trying to exchange currency, they can't really impose anything by force. You are taking about a failure of the exchange system, not bitcoin.
Those are indeed valid criticisms of Bitcoin. But Bitcoin != blockchain (and vice-versa). There are hundreds of different blockchain implementations. That includes some, for example that will rely on Proof of Stake as opposed to POW. Thus solving the trust and energy problems you mention.
Well at least that's the theory :-) Time will tell.
Agreed, this is a wonderful demonstration of the interesting principles behind the idea of a blockchain (or a distributed merkle tree). Definitely worth playing with for anyone interested in this, and the video is a nice overview as well.
As far as the moon being the limit, unfortunately we still inhabit the corrupted sublunary sphere, and blockchain technology (at least as implemented in Bitcoin) has some limitations which make it unsuitable as a currency or log of transactions between untrusted parties. On your last point, I'm not really sure people know what problems blockchain solves, because there are no problems which directly map to this solution, and there are plenty of problems it half-solves.
Problems it purports to solve but fails at:
Anonymity - good enough to protect criminals, not good enough to protect citizens against a state
Trustless consensus - 51% attack makes this unreliable, esp. with semi-anonymous actors
Trustless transactions - POW as in bitcoin makes this impractical due to energy use and delays
People want centralised trust in many cases for verified identity, transaction rollback, legal constraints on transactions, so in an important sense it is solving the wrong problems (pseudo-anonymity, fungible cash, sort-of trustless consensus) while leaving important problems untouched.
Still, the video and website are an excellent demonstration of the ideas behind a blockchain or Bitcoin.