Sefish Mining Fallacy - Part 1 (Background)
Background
Recently on btcchat.slack.com, a private forum was created dedicating "Selfish Mining" topic.
Paper: https://www.cs.cornell.edu/~ie53/publications/btcProcFC.pdf
By: Ittay Eyal and Emin G¨un Sirer.
CSW claims on self mining topic can be found here: https://web.archive.org/web/20160502203749/http://www.drcraigwright.net/consistency-distribution-transactions/
Index: https://steemit.com/bitcoin/@zillionaire/sefish-mining-fallacy-index-updating
Member Opinions
1. zbingledack:
If the selfish mining attack paper made an error in probability measurement (failing to use conditional probabilities when needed), it seems like it should be straightforward to dismantle the paper or at least show that the viability of the attack is different than assumed. I'm not yet able to contextualize CSW's comments in the screenshot above.
Also the article seems to say many people mistakenly think blocks are fixed before they are solved, but as far as I can tell that isn't a widespread belief. Perhaps he means that people don't take this fact seriously in terms of thinking through all the implications, such as on selfish mining. Here, too, I don't see the connection.
cryptorebel [4 days ago]
zbingledack: I would also agree that I don't think its a widespread belief, so maybe a bad assumption on Craig's part. But I believe he is making a sort of logical argument that as a result of the random ordering of txs in blocks, and latency in the network, it causes extra processing time for the selfish miner making it less economically feasible.
2. elliotolds [1:49 PM]
CSW's initial message about conditional probabilities makes no sense to me. The probability of finding the next block is independent of who found the last one. CSW's blog post about selfish mining is extremely bizarre, in that it doesn't address any of the important issues in selfish mining, and instead focuses on weird things that no one believes, like the content of blocks being fixed before they're mined
[1:50]
I wrote my own python program to simulate selfish mining after the paper came out. Selfish mining is legit and Sirer & Eyal's calculations are right, CSW is wrong.
An outside-view argument: Note that Sirer and Greg / other Core devs dislike each other almost as much as Core and BU folks hate each other, and are always criticizing each other's work. How likely is it that the Core folks would let a basic probability error in that paper go unnoticed?
**3. zbingledack [2:00 PM] **
I'm guessing CSW is saying it is a Monty Hall style counter intuitive situation that many people get wrong. Need a bit more details/context on P(SS|H)
cypherblock [2:01 PM]
I also do not see the connection of the content of blocks being fixed thing. @elliotolds what have people concluded about this paper? What refutations or other conclusions exist?
zbingledack [2:01 PM]
Even Paul Erdős apparently didn't believe switching in the Monty Haul problem was profitable until shown a simulation.
And it's a very simple conditional probability problem.
**4. elliotolds [2:05 PM] **
@zbingledack that may be the claim, and even brilliant individual people can have weird mental blind spots, but the selfish mining paper has gotten lots of review from lots of smart people. I don't know anyone other than CSW who thinks he found this type of flaw.
@cypherblock the paper is widely accepted as legit. Core devs all accept it but they just claim that the paper isn't novel because everyone already knew about the attack. People mostly disagree about the seriousness of the practical consequences / whether social factors will make the attack less likely.
[2:06]
the attack is detectable, for instance, so if a big mining pool were to use selfish mining, everyone else would notice when they started releasing long strings of blocks at the same time, and presumably they'd get bad PR
**5. deadalnix [2:36 PM] **
High. Core folk are far from infallible, and take criticism as an attack.
Try saying to Peter Todd that you can remove RBF from the node with breaking a single test and see how it goes.
Try saying to blockstream folks that their implementation of schnorr in element alpha is broken (related key attacks).
Shall I continue ? Nobody think fixing a proba in a freaking paper is worth being the target of a smear campaign.
elliotolds [2:52 PM]
you're saying Core devs would be reluctant to point in an error in someone else's paper, because Core devs are afraid of being smeared? Maybe you're thinking of different Core devs? The ones I know take the typical geek delight in smacking down anyone else any chance they get to show how smart they are, and don't shy away from intellectual fights. The fact that Peter Todd will attack you if you criticize RBF strengthens my point. Core devs took the selfish mining paper as an attack on them, because Sirer was essentially claiming to have discovered something that they missed, which was a threat to their ego. We should expect Core to have been especially motivated to find any flaws in that paper.
Anyway, this is just the outside-view argument. If you know math and want to verify CSW is wrong for yourself, it's easy to read the paper. CSW hasn't actually clarified what exactly his claim is. If someone here actually think's he's right, can you post a clear description of what the claimed probability error is,?
**6. peter_r [3:04 PM] **
I was speaking with CSW about this too, and I still can't make heads-or-tails about his conditional probability argument. As far as I can tell, the work in Eyal and Sirer's paper is correct given their assumptions. I'm open-minded to being proven wrong, but I really need to see a clear presentation of the arguments and a simulation.
deadalnix [4:20 PM]
@elliotolds I meant that core devs aren't as good as one might think they are. They are aggressively defneding a high priesthood status so they won't risk it going out of their confort zone.
@peter_r I think csw argument is that the assumption are not correct, which may well be true. Or not. Not sure.
cryptorebel [4:33 PM]
yeah I don't think he is saying there is a probability error in the math of the paper, but more he is saying there is a problem with the initial assumptions
He seemed to be saying that as a result of the random ordering of txs in blocks, and latency in the network, it causes extra processing time for the selfish miner making it less economically feasible. He was analyzing the game theory of it I think, and trying to show the incentives dont align. But would be nice if he could clarify more what he is getting at
elliotolds [6:36 PM]
@cryptorebel, the screenshotted message makes it look like he think's the probability math is wrong.
Why would the ordering of transactions in a block make selfish mining less feasible? I don't see any mechanism there that makes sense.
**7. cryptorebel [6:38 PM] **
I was getting it from this part: "What seems to be misunderstood here is that separate miners can mine transactional data in any order. The addition of a nonce to seek a solution provides miners with the ability to add verified transactions in any order while they equally and fairly compete using their levels of computational power. As a consequence, miners do not benefit by pruning transactions in blocks or by seeking a common ordering of transactions. If a miner were to seek to align a transactional order with other miners, the likely result would be a scenario in which any miner seeking to align transactional positions would be economically disadvantaged due to the extra cost of this pre-processing."
I think the screen shotted thing is not about the existing probability math in the selfish mining paper, but additional math that Craig is introducing to help explain the true incentives and game theory, something to do with competition between miners, I am not smart enough to understand it though
**8. elliotolds [6:42 PM] **
what would a miner gain exactly by aligning transaction positions with other miners? I don't see why he's even talking about this.
zbingledack [9:31 PM]
@elliotolds It's not deference, just interest in establishing priors for how seriously to investigate his other claims. This seems like it could be a more straightforward case than the Segwit critique, so I thought it worth delving into.
**9. csw [11:22 PM] **
All wrong sorry. The Selfish Miner needs to wait until after the Honest miner has released.
There are issues with the gamma and the lack of a model based on k-shell network graphs and the issue of thinking nodes are the same as vertices. The paper will come out in a matter of weeks. I will discuss in a couple weeks. Sorry, but I have zero time today.
Please have a read of:
"Standard Deviations Flawed Assumptions Tortured Data and other ways to lie with Statistics" Gary Smith
https://books.google.com/books/about/Standard_Deviations.html?id=8WgjCQAAQBAJ
And no, it is not independent. The argument that a Selfish Miner waits and then releases following the Honest Miner, means that they are always conditional. Conditional probability seems to really be counter intuitive to most people.
Next, Part 2 - Q&A - https://steemit.com/bitcoin/@zillionaire/sefish-mining-fallacy-part-2-q-and-a
Next, Part 3 - Debate - https://steemit.com/bitcoin/@zillionaire/sefish-mining-fallacy-part-3-debate
Link to Part 2
https://steemit.com/bitcoin/@zillionaire/sefish-mining-fallacy-part-2-q-and-a