Dan Larimer Cannot Censor Accounts with 51% of Hashes

in eos •  3 months ago

I have been following the ongoing debate about the capacity for eos to censor certain accounts. My interest lies in the fact that such censorship is in complete contradiction to everything I believe crypto should represent. In my reading, I stumbled on this steem post https://steemit.com/eos/@thecastle/oooohhhhhhh-x-wait-is-this-fucking-true, that presents tweets where @dan (Dan Larimer) claims that a given account could be censored by convincing only 3 of the top 5 miners to reject specific transactions. Deeper in this thread @dan claims "Give me control of 51% hashpower if any chain and I’ll freeze all accounts to prove point."

Here I show that @dan is positively mistaken and his statement qualifies as FUD against ethereum and any proof of work blockchain. In this analysis, I give @dan a lot of hashes with which to censor transactions and demonstrate he can not censor anyone temporarily with certainty, and can not censor anyone indefinitely with any chance of success.

Let's fist consider what is involved in a 51% attack. The way a 51% attack works is that you have two groups of miners. Public miners and secret miners. Secret miners aren't always secret, but I will call them secret to underscore how a 51% attack works.

The secret miners begin the 51% attack by picking a branch point on the chain on which it will add secret blocks. That is, these blocks are not broadcast to the public network. Exchanges don't see them, typical users don't see them, block explorers don't see them, etc.

The secret miners proceed to mine this secret chain until it has a significant length advantage over the public chain, then they publish the longer chain, at which point the public miners must reorganize chains and accept the longer chain that has more work.

To "censor" transactions, the attackers must systematically exclude particular accounts.

But there is a catch that @dan completely ignores: finality of transactions is not a function of the blockchain like @dan wishes it to be, it is a function of the real-world entities that interact with the blockchain. This concept of finality is what makes a 51% double spend attack work, by the way. (A 51% double spend attack is not the same as "censoring" with 51% of the hashes, which is the subject of the following analysis.)

Consider an exchange, like bittrex, that requires only two confirmations to credit a bitcoin transaction. Imagine if we "gave" @dan 51% of the bitcoin network to censor whoever he wished. Could he have success censoring this person from sending coins to bittrex? I won't present the math here, but this amounts to sampling problem where the chance of success for the censored party is about 44% on any try spanning two blocks (given some conservative assumptions about the variance of mining power--the more variance, the easier it is for Alice).

In other words, let's say @dan has 51% of the hashes, and is trying to censor Alice. Every 2 blocks, Alice tries to send her transaction to bittrex to spend it. She has a 44% chance each time she tries to push the transaction through.

Alice's censorship at this point turns into a joint probability, where after 1 day of 72 tries (144 bitcoin blocks per day) we calculate the probability Alice will fail all 72 times with a 56% (100% - 44%) probability of failure on each try.

Basically, Alices chances of failure are so infinitesimal (1 in 1.35x10^18), that her chances for success within one day is absolute, rounding to 100% after 16 decimal places.

Clearly @dan can not censor Alice, or anyone else, with only 51% of the bitcoin hashes.

Now, let's take an extreme example where we give @dan 66% of the ethereum network. Can he censor Alice from sending ETH if she can find an exchange that credits her balance after 5 confirmations? This would admittedly be a rare exchange, but she only needs one outlet to spend her ethereum to bypass @dan's censorship.

This turns into a sampling problem where Alice has an 0.01% chance of success over any 5 block interval. Now @dan has some real power. But can Alice push a transaction through in a day?

Because ethereum has 15 second blocks, Alice has 1152 tries per day to push her transaction through, each with an 0.01% chance of success (or 99.99% chance of failure). In this case, @dan is doing much better than he did with all the bitcoin mining power. Alice only has about an 11% chance after 1 day, about a 20% chance after two days, and about a 68% chance after 10 days. If Alice keeps trying for a month, she will have about a 97% chance of getting it through. And after 3 months she'll get it through with a 99.997% chance. Dan is likely to give up after 6 months because Alice will have succeeded with 99.9999999% probability.

Sorry @dan, you can't censor anyone indefinitely with only 2/3 of the ethereum hashes. You'll need much more.

Authors get paid when people like you upvote their post.
If you enjoyed what you read here, create your account today and start earning FREE STEEM!
Sort Order:  

But there is a catch that @dan completely ignores: finality of transactions is not a function of the blockchain like @dan wishes it to be, it is a function of the real-world entities that interact with the blockchain.

Could you explain what his finality concept means? As I understand it during a 51% attack when it is kept long enough, people will be "forced" to move to the longer chain.

·

"Finality" is just a fancy way of saying that non-blockchain entities have their own definition of when they consider a transaction irreversible. For example, if Alice sends to bittrex, then bittrex will consider the transaction irreversible after two confirmations, and credit her balance.

If the secret miners (attackers) don't get two blocks before the public miners get two blocks, then bittrex will credit Alice's balance and she will circumvent @dan's attempt at "censorship".

This is the part that @dan ignored when he made his faulty claims about being able to censor with 51% of the hashes.

·
·

Ah now it makes sense, I had been speculating that this was the meaning of it.

Actually, now that I think of it, @dan is not only failing at censoring Alice, he is paying for her to have a nice income based on double spending.

I have been going through your little quarrel :P. And I think both you and @dan are right depending on the situation. If we take your Bittrex example, Alice's transaction will be censored whenever she has no prior knowledge of the attack of Dan, because as you say her coin will be destroyed. If she knows dan is after her she can trade her coins or move her coins to another exchange. But in the case when her coins doesn't get destroyed when there is a fork (like btc vs bcc), she is in fact never censored.

It all comes down to the finality, if people accept both Alice's chain and @dan's chain. I am not sure how EOS works, but applying the PoW logic to the system and your probability function, it would indeed be impossible to censor Alice over a long period of time based if miners accept both Alice's and Dan's chain, in which case there will be 2 EOS coins. But as I understand the goal is to only have 1 EOS network. In which case censoring is successful on the new accepted chain, but total censoring will never happen because there exists a chain where Alice accounts still exists.

Your probability function is also very relevent in that Dan is not able to immediately censor Alice on a PoW chain as with 49% of the mining power she will still be able to put through messages for a while.

Well this is my two cents on this subject and please correct me if I am wrong. My reasoning followed logical conlusions from my current understanding of PoW :P

it's great to know that the blockchain technology is this resistant to censoring, two questions comes to mind:

  • is it the same case for the majority of blockchains out there?
  • and what's the effect of censoring attempts on the blockchains that require a big number of transactions in a short time, I would imagine a user would be frustrated after few minutes if their post can't be submitted on a platform like steemit.

of curse I know it's a totally different platform but it's a mind exercise for me to imagine these cases.

@steemed what do you think the exact reason for the failure of EOS Network and why it is down???

You made an excellent point that I totally forgot to write in my post
https://steemit.com/bitcoin/@sames/bitcoin-vs-eos-understanding-the-drama
I was more focusing on a generalized aspect of my post and countering what Dan had commented to me.

This is excellent point.
I also agree with you.
Thanks for sharing sir @steemed.

thought we are in a world of free speech... don't understand why exist the word "censor" ...

I apologize for commenting here on a subject that is unrelated, but in the off chance that you do see it. I wanted to let you know about this new initiative called @steem-ua

I realize you might get stupid amount of memos asking for support and what not. But, I'm not here to waste your time, to ask for altruistic behavior, quite the opposite.

Because I realize my voice may not have enough weight, if you get a second check out this post written by @cryptoctopus to see what I'm talking about.

Conversations are happening on discord, the project is taking off and I think you could also play a role here. This is something the community is doing, outside of steemit inc, to pull steem out of the gutter and in that sense, I'm sure you can see its value.

Anyways, hope all is well

Meno

Replied to wrong post.