Bitcoin Wiki - User contributions [en]

Bitcoin is not ruled by miners

2021-05-15T22:53:57Z

Charlespax: "were" is the correct grammer of a hypothetical. See https://www.grammarly.com/blog/was-vs-were/

A common misunderstanding is that Bitcoin is ruled by [[Mining|miners]]; ie. that miners act as some sort of parliamentary body for Bitcoin. This misunderstanding probably arises from over-simplified explanations of Bitcoin in introductory material, and from certain quotes from the original whitepaper which are easy to take out of context.

== Why Bitcoin is not ruled by miners ==

=== The paper ===

The [https://bitcoin.org/bitcoin.pdf original whitepaper] said:

<blockquote>Proof-of-work is essentially one-CPU-one-vote. The majority decision is represented by the longest chain, which has the greatest proof-of-work effort invested in it. If a majority of CPU power is controlled by honest nodes, the honest chain will grow the fastest and outpace any competing chains.</blockquote>

When taken out of context like that, it makes it sound like Bitcoin is a democracy among a constituency of [[Mining|miners]]. You have to read the entire paper to realize that this section is ''only talking about the block-chain timestamping mechanism''. In other words, when it contemplates the majority of [[Proof of work|CPU power]] ''not'' being owned by honest nodes, the risk is that [[Irreversible Transactions|transactions could be reordered]] and therefore double-spending could be introduced; '''not''' that invalid transactions or blocks could be created.

This is made clear in several sections of the paper:

<blockquote>Nodes accept the block only if all transactions in it are valid and not already spent.</blockquote>

<blockquote>We consider the scenario of an attacker trying to generate an alternate chain faster than the honest chain. Even if this is accomplished, it does not throw the system open to arbitrary changes, such as creating value out of thin air or taking money that never belonged to the attacker. Nodes are not going to accept an invalid transaction as payment, and honest nodes will never accept a block containing them. An attacker can only try to change one of his own transactions to take back money he recently spent.</blockquote>

<blockquote>[Concerning simplified payment verification] As such, the verification is reliable as long as honest nodes [miners] control the network, but is more vulnerable if the network is overpowered by an attacker. While network nodes [full nodes] can verify transactions for themselves, the simplified method can be fooled by an attacker's fabricated transactions for as long as the attacker can continue to overpower the network. One strategy to protect against this would be to accept alerts from network nodes when they detect an invalid block, prompting the user's software to download the full block and alerted transactions to confirm the inconsistency. Businesses that receive frequent payments will probably still want to run their own [full] nodes for more independent security and quicker verification.</blockquote>

<blockquote>In this paper, we propose a solution to the double-spending problem using a peer-to-peer distributed timestamp server to generate computational proof of the chronological order of transactions.</blockquote>

=== Current centralization ===

If Bitcoin ''were'' ruled by miners, then this would currently be quite terrible security-wise. As of 2017, less than 10 individuals command a majority of hashrate. This is probably far more centralized than even most fiat currencies, and completely defeats the main point of Bitcoin, which is to be ''decentralized'' money.

=== Efficiency ===

If you are OK with 10 or so individuals controlling the currency, then you can design a much better system than Bitcoin. For example, you can design a system using [http://groups.csail.mit.edu/mac/classes/6.805/articles/money/nsamint/nsamint.htm chaumean e-cash] with the following properties:

* 20 independent entities are designated as signers.
* As long as a majority of signers are honest, the system remains secure.
* The system has perfect anonymity. The signers cannot know anything about the flow of money.
* Transactions are instant, requiring only communication with the signers and a small amount of computation.

If you want to preserve the mining mechanism, you can create a simple proof-of-work block chain which simply determines the current signers and creates coins. Users of the system would look at the most recent blocks only to determine the public keys and IP addresses of the current signers, and then use the system as previously described.

This system would be '''better''' than Bitcoin in several ways. But the point of Bitcoin is to be ''decentralized'', so Satoshi rejected this idea (which has been well-known for over 20 years) and created Bitcoin instead.

=== Incentives ===

Some believe that miners will be incentivized to follow the rules, and so it is not necessary for anyone but miners to actually verify the rules. While it is probably true that miners would not want to ''destroy'' Bitcoin, they have no particular incentive to maintain rules which look very much like the current rules. For example, if they can figure out any plausible excuse to do so (price crashes, etc.), they would love to stop the process which halves the number of bitcoins created per block every 4 years. Trusting miners to behave optimally for users is like trusting tobacco companies to act with their customers' health as their #1 priority. Additionally, miners may not have a ''choice'' in some matters: since mining is so centralized, a small number of governments could just confiscate the mining operations or order miners to do certain things.

=== Legal issues ===

If it is possible to say that some group of 10 or so miners control Bitcoin absolutely, then these miners may be viewed from a legal perspective as issuing a currency, transmitting money, etc., which are often highly regulated activities. If Bitcoin is centralized, that the central controller(s) become legal targets. Furthermore, people holding bitcoins may be viewed for example as holding money in foreign accounts, since the currency controllers may be fully/mostly foreign, or as depositing money in unregulated/uninsured bank accounts, which may be prohibited in some circumstances.

== How Bitcoin actually works ==

In reality, how it works is that all versions of Bitcoin since Satoshi's very first software release have '''hard-rejected''' blocks and transactions which break certain rules called the ''consensus rules''. An example of a consensus rule is that transactions must have valid signatures. A hard-rejected block or transaction will never be accepted under any circumstances, even if every other person in the world accepts it.

As a result of this hard-rejection, if miners produce blocks which break the consensus rules, then to everyone running a [[full node]], it will be as if these blocks never existed; these blocks create no bitcoins and confirm no transactions. Since most of the economy is in some way relying on a full node to verify transactions, this prevents the miners who are creating invalid blocks from actually breaking any rules with any sort of real-world effectiveness, even if 100% of miners are doing so.

If, rather than mining invalid blocks which are just ignored, a majority of miners attack the network (eg. by double-spending transactions or refusing to confirm any transactions), then the Bitcoin economy must execute a [[hardfork]] to change the [[Proof of work|proof-of-work]] (PoW) function, getting rid of these bad miners in favor of new ones. If it was impossible for the Bitcoin economy to change the PoW in opposition to miners, then Bitcoin ''would be'' ruled by miners (and therefore insecure for the reasons explained earlier), since there would be no recourse against attack. But in reality, miners can't do anything about a hardfork, so it doesn't matter how much hashrate they have. Once a PoW change (or any other hardfork) is being done, it becomes an economic issue rather than a technical issue, and the amount of hashrate or number of nodes or any other technical parameter are almost completely meaningless.

If not much of the economy is running independent full nodes, then Bitcoin is ruled by someone. If most of the economy is using SPV-style lightweight nodes (but without the "alert" system intended by Satoshi), then Bitcoin is ruled by miners and therefore insecure. If the vast majority of the economy is using a small set of centralized banks or verification services, then Bitcoin is ruled by the most popular such services -- miners might be irrelevant in this case. As of 2017, the economy is far from ideal in this area, but probably not very near real danger.

The result of all this is that there is no "Bitcoin governance"; '''Bitcoin is not governed'''. No person or group can force their views on anyone else, and even things like the definition of a bitcoin can be subjective. Some people find this uncomfortable because it is so different from most traditional things, and so they look for decision-makers where there are none. But achieving this non-governance was one of the primary motivations behind Bitcoin, it continues to be one of its biggest advantages over traditional systems, and both the system itself and the Bitcoin community will vigorously resist any attempt to weaken this feature of Bitcoin.

==See also==

* [[Myths#Miners, developers or some other entity could change Bitcoin's properties to benefit themselves]]
* [[Principles of Bitcoin]]
* [[Economic majority]]
* [[Proof of work]]

[[Category:Technical]] [[Category:Mining]]

Airdrop

2017-12-01T21:43:54Z

Charlespax: Created page with "{{seealso|List of alternative cryptocurrencies}} "Airdrop" refers to the act of distributing Bitcoin or altcoin tokens to addresses. This is often used to bootstrap a new..."

{{seealso|List of alternative cryptocurrencies}}
"Airdrop" refers to the act of distributing Bitcoin or [[altcoin]] tokens to addresses. This is often used to bootstrap a new [[altcoin]]

==Types of airdrops==
There are several types of airdrops.

* Direct forking. 1:1 ratio. Forks Bitcoin blockchain at a specific block.

==References==
<references/>

Altcoin

2017-12-01T21:31:12Z

Charlespax: Added brackets to airdrop in preparation of making and airdrop wiki page.

{{seealso|List of alternative cryptocurrencies}}
Altcoins are cryptocurrencies other than Bitcoin.
The majority of altcoins are forks of Bitcoin with small uninteresting changes. This page categorises different ways altcoins have modified Bitcoin.

==Different proof-of-work algorithm==

The PoW algorithm used for mining Bitcoin is SHA2.
It was chosen because it is fast to verify and has been critically analyzed.
SHA2 has had ASICs developed for it meaning there is a much smaller risk of centralization.
The following mining algorithms are being used in different altcoins:

*[[Scrypt proof of work]]
*Combination of hashing algorithms in series (e.g. X11)
*Combination of hashing algorithms in parallel (e.g. Myriad algorithm)

The problem with having an algorithm that is "easy to mine with" (referring to the ability to CPU or GPU mine profitably) is that mining should be hard in order to secure the network. When a mining algorithm is difficult to make ASICs for, there is a higher barrier to entry. A high barrier to entry increases the time that the first group to create ASICs will monopolize the market (and the time the network is vulnerable to a 51% attack from a single source). Many argue that the creators or the developers could simply change the mining algorithm when an ASIC is developed, but this defeats the purpose of decentralized consensus by causing centralization.<ref>[https://download.wpsoftware.net/bitcoin/asic-faq.pdf ASIC FAQ]</ref>

If these cryptocurrencies do have a healthy number of companies producing ASICs and have avoided centralization, they still are using algorithms that take longer to verify than SHA2. Therefore, at best a cryptocurrencies with merely a hashing algorithm change are as good as an exact clone of Bitcoin and not better (however since Bitcoin already exists, an exact clone of Bitcoin has no innovation or value). If the hashing algorithm is slower, as most altcoin algorithms are, it is a disadvantage because it takes more processing time to validate a block and increases the number of organic re-orgs (makes it easier to double spend).

==Proof Of Stake==

In [[Proof of Stake]], instead of sacrificing energy to mine a block, a user must prove they own a certain amount of the cryptocurrency to generate a block. The more stake you own, the more likely you are to generate a block. In theory, this should prevent users from creating forks because it will devalue their stake and it should save a lot of energy.

Proof of Stake sounds like a good idea, but ironically, there is the "Nothing at Stake" problem. Because mining Bitcoin is costly, it is not smart to waste your energy on a fork that won't earn you any money, however with Proof of Stake, it is free to mine a fork.

An example of a nothing at stake attack is an attacker buying lots of "old stake" from users inexpensively (inexpensive to users who no longer have stake in the currency). This can be made convenient by offering small payments to users for uploading their wallet.dat. Eventually after accumulating enough "old stake", the user can begin creating blocks and destroying as many or more coin days than the network was at that time. This block generation can be repeated until it catches up to and beats the current main-chain very cheaply.

There are also "stake grinding" attacks which require a trivial amount of currency. In a stake<ref>[https://bitcointalk.org/index.php?topic=131901.0 Peercoin Security Analysis]</ref> grinding attack, the attacker has a small amount of stake and goes through the history of the blockchain and finds places where their stake wins a block. In order to consecutively win, they modify the next block header until some stake they own wins once again. This attack requires a bit of computation, but definately isn't impractical.

Because these attacks exists, including Peercoin<ref>[https://github.com/ppcoin/ppcoin/blob/master/src/checkpoints.cpp#L370 Peercoin Source | Centralized Checkpointing Public Key]</ref> and Blackcoin<ref>[https://github.com/rat4/blackcoin/blob/master/src/checkpoints.cpp#L361 Blackcoin Source | Centralized Checkpointing Public Key]</ref> proof of stake cryptocurrencies have "master" public keys that control the blockchain.

This class of cryptocurrency is either insecure or centralized, however proof of stake (based on a PoW currency) is useful in some systems because gaining stake is costly, but it isn't workable for bootstrapping distributed consensus.

==Application Built on Top of a Cryptocurrency==

Bitcoin is a lot like HTTP. It is an application layer protocol and tools can be built on it (like websites can be built on HTTP). There is a class of cryptocurrencies that promise features like casino websites and exchanges and anonymity protocols to be built on top of them.

When creating a new website, one doesn't make a new protocol unless it is necessary. For example, HTTPS is an encrypted version of HTTP, therefore it is useful and necessary. When creating an app such as "[https://bitcointalk.org/index.php?topic=467857.0 DarkSend]", one doesn't need to make a new protocol such as "Darkcoin". This is synonymous to making an HTTPS alternative (eg. HTTPSX) for your new encrypted chat website and not adding any new security or functionality to HTTPSX.

Because Darkcoin is by far the most popular cryptocurrency of this class, the Darkcoin example will be covered in this section.

The Darkcoin devs created a tool called DarkSend. DarkSend is an implementation of coinjoin (an anonymity feature originally implemented in Bitcoin<ref>[https://bitcointalk.org/index.php?topic=279249.0 Coinjoin Outline | BitcoinTalk]</ref>) which utilizes the Darkcoin network to organize the coinjoins. If DarkSend becomes open source and is useful, it will be ported to Bitcoin with a few small modifications. These changes won't be a hardfork, they will likely involve the masternodes being paid by those they are coinjoining for rather than the block reward, which is already possible and implemented for Bitcoin. <ref>[https://www.wpsoftware.net/coinjoin/ Rotating Coinjoiner]</ref>Currently one must hold 1000DRK to become a DarkSend masternodes. Masternodes are paid 10% of the block reward.<ref>[https://darkcointalk.org/threads/darkcoin-update-masternode-requirements-masternode-payments.225/ DarkSend Payment Scheme]</ref> This is a flawed reward scheme because while purchasing 1000DRK is trustlessly verifiable, a user running a DarkSend masternode isn't trustlessly verifiable. It is also costs bandwidth to run a masternode, therefore there is an incentive to buy 1000DRK and get a chance at the 10% block reward masternodes are being paid, but not actually act as a masternode. For this reason, DarkSend would work better if the masternodes were paid by those they were helping coinjoin, or if there wasn't a masternode at all and everyone collaborated in a decentralized fashion. The better implementation not vulnerable to tragedy of the commons is compatible with Bitcoin, therefore, the Darksend protocol serves no purpose.

==Demographic Based Premined Cryptocurrencies==

This is a new class of altcoin that is targeted at a certain demographic.

All of these cryptocurrencies have a large premine intended to be paid to members of that demographic. Ultimately, all of these coins have suffered (or are suffering) their fate of an immediate sell off after the "[[airdrop]]" (term for distribution of coins to the target demographic) begins.

Note: These cryptocurrencies aren't government initiatives, but are independently created for that demographic.

==Useful Cryptocurrencies==

A cryptocurrency is useful if it accomplishes a task that Bitcoin cannot.

*Acting as a keystore for things like decentralized domain registration.
*Having demmurage or some other economic system that is one of the [[prohibited changes]].
*Allowing creation of and transmission of digital assets.

==References==
<references/>