Merged mining + timetravel fix @19200 - must upgrade

Davincij15
Posts: 104
Joined: Thu Jul 07, 2011 7:27 pm
os: windows

Re: Merged mining block number - 19200 - must upgrade

Post by Davincij15 »

It is my opinion that this merged mining is rushed. The new version of the software was released what like a few days ago?

You should give people time to download it and test it.

hashman
Posts: 4
Joined: Thu Sep 08, 2011 2:19 pm

Re: Merged mining block number

Post by hashman »

doublec wrote:So luke-jr who runs the Eligius bitcoin pool claims that there is a security exploit in the merged mining code:
17:02 < luke-jr> bliket_: will you still like me if I exploit the security hole in merged mining? <.<
...
17:06 < doublec> luke-jr: have you notified vinced of what you think the security issue is?
17:07 < luke-jr> doublec: no, I prefer to exploit it
He's also mentioned it on IRC in the past. Vince, has he got in touch with you about this or is he trolling?

Greetings. My apologies for jumping in here but I was directed from the bitcointalk forums. I am a big fan of namecoin and am worried about the merged mining idea. Please hold off on this vinced!

The main question that needs to be answered here before it is implemented: How does this merged mining change provide improved security for the namecoin network?

Unless the answer is 100% clear then it is a mistake to jump to new code. Right?

From the dot-bit wiki:

"With merged mining you create a ticket and check it against both the Bitcoin block chain and the Namecoin block chain, Bitcoin and Namecoin know nothing about each other, they are two totally different lotteries with different winning numbers, you just sent a copy of your ticket to both. Since you are sending the same ticket to two lotteries you increase your chances of winning one or the other."

This doesn't make sense. The reason a NMC miner is rewarded is because NMC transactions are verified, for the current block and past blocks. A BTC miner with a BTC block (containing hash of previous BTC block, etc.) has done nothing to verify NMC transactions. Why should they be rewarded with NMC? What about pending NMC transactions that need to be verified?

One proposed benefit of merged mining (also in wiki) is that "mining becomes more profitable". This cannot be true! The payout is hard coded per block! The only possible advantage to miners is short-term for the first who change over until the difficulty increases. Clearly this is not an improvement for the network.

Helping miners is not a worthy goal of block chain network administrators as payout of NMC and BTC is fixed (as Gavin pointed out in his talk!). Further the change has potential to reduce the overall security verification by miners even if there aren't other security problems in the code.

Perhaps there is something to the "more hashing power" claim, but I don't see it. If you aren't hashing NMC transactions it doesn't seem that you are increasing security of the NMC network.

Thank you for your caution and happy hashing -

jtimon
Posts: 27
Joined: Fri Jul 22, 2011 5:36 pm
os: linux

Re: Merged mining block number - 19200 - must upgrade

Post by jtimon »

hashman wrote: How does this merged mining change provide improved security for the namecoin network?
Because more miners will work for the network. All the current bitcoin miners should do it, because the additional cost for them is meaningless.
hashman wrote: Unless the answer is 100% clear then it is a mistake to jump to new code. Right?
People have been testing it. You can test it yourself and report us your percentage of certainty if you wish.
hashman wrote: A BTC miner with a BTC block (containing hash of previous BTC block, etc.) has done nothing to verify NMC transactions.
If he doesn't verify nmc tx, he's only working for the bitcoin network and won't be rewarded. Miners have to verify both networks but the heaviest work of the miner is hashing, and that's what you're using in both networks at the same time.
hashman wrote: One proposed benefit of merged mining (also in wiki) is that "mining becomes more profitable". This cannot be true!
If you were mining for bitcoins or namecoins and you used to sell them for dollars, now you can sell both of them.
hashman wrote: Further the change has potential to reduce the overall security verification by miners even if there aren't other security problems in the code.
Please point out the bug you're talking about.

hashman
Posts: 4
Joined: Thu Sep 08, 2011 2:19 pm

Re: Merged mining block number - 19200 - must upgrade

Post by hashman »

jtimon wrote:
hashman wrote: How does this merged mining change provide improved security for the namecoin network?
Because more miners will work for the network. All the current bitcoin miners should do it, because the additional cost for them is meaningless.
Thanks for your reply. I think I understand a little more the idea now... however still some uncertainty. How can a bitcoin miner include NMC transactions in a block (including 50 NMC for himself) and still have a block which is a solution to the BTC block validity constraints? Guess I should read the code and see how that is done..
jtimon wrote:
hashman wrote: A BTC miner with a BTC block (containing hash of previous BTC block, etc.) has done nothing to verify NMC transactions.
If he doesn't verify nmc tx, he's only working for the bitcoin network and won't be rewarded. Miners have to verify both networks but the heaviest work of the miner is hashing, and that's what you're using in both networks at the same time.
The hash will change with any change to the block. In particular, I make a block that includes a tx with my address getting 50 BTC, then I cycle through nonces until the hash is under the difficulty-- solved. Could a block that includes a tx of my address getting 50 NMC be valid on the BTC network?
jtimon wrote:
hashman wrote: One proposed benefit of merged mining (also in wiki) is that "mining becomes more profitable". This cannot be true!
If you were mining for bitcoins or namecoins and you used to sell them for dollars, now you can sell both of them.
If that were the case, then the difficulty of both networks will both go up, and we are back where we started in terms of mining profitability. Right?
jtimon wrote:
hashman wrote: Further the change has potential to reduce the overall security verification by miners even if there aren't other security problems in the code.
Please point out the bug you're talking about.
Not really a bug per se, referring to potential for bugs (added complexity) when there isn't much to gain in security.

In the merged mining proposal as i understand it proof of "having done hashes" is being accepted as proof of work on the network. Consider that I could easily come up with plenty of strings that hash to some value under the difficulty. For example I could even use previous blocks or find many strings that have the required hashes and save them for use later. This doesn't work as an attack in satoshi's block chain concept because each new block must contain certain things e.g. the hash of the last one. The security provided by proof-of-work is not due to the proof of hashing but also what has been hashed. For merged mining the contents of what has been hashed have lowered in relevance to the network. Isn't this a decrease in the security per hash that will offset any increase in total hashrate?

Thanks -

jtimon
Posts: 27
Joined: Fri Jul 22, 2011 5:36 pm
os: linux

Re: Merged mining block number - 19200 - must upgrade

Post by jtimon »

hashman wrote: How can a bitcoin miner include NMC transactions in a block (including 50 NMC for himself) and still have a block which is a solution to the BTC block validity constraints?
First the miner includes all transactions, then he hashes with a nounce to try to win difficulty.
The exact details have to do with a merkle tree and you can find them in the wiki if you don't want to read the code.
But think of it like if with the same nounce you could try to hash both blocks with no extra effort.
If you "win" the bittcoin block and bitcoin has a difficulty greater or equal than namecoin's, you will also win namecoin block.
If you "win" the namecoin block but the difficulty is not enough to also win in bitcoin, you broadcast the nmc wining block. And start mining with the same bitcoin block and the next nmc block.
hashman wrote: If that were the case, then the difficulty of both networks will both go up, and we are back where we started in terms of mining profitability. Right?
You can expect that competition will lower profitability, yes. Some people expect the value of bitcoin to drop instead of a higher temporal profitability, but I'm not one of them.
hashman wrote: Not really a bug per se, referring to potential for bugs (added complexity) when there isn't much to gain in security.

In the merged mining proposal as i understand it proof of "having done hashes" is being accepted as proof of work on the network. Consider that I could easily come up with plenty of strings that hash to some value under the difficulty. For example I could even use previous blocks or find many strings that have the required hashes and save them for use later. This doesn't work as an attack in satoshi's block chain concept because each new block must contain certain things e.g. the hash of the last one. The security provided by proof-of-work is not due to the proof of hashing but also what has been hashed. For merged mining the contents of what has been hashed have lowered in relevance to the network. Isn't this a decrease in the security per hash that will offset any increase in total hashrate?
Not sure about the technical details, please anyone correct me if I'm wrong.
What you hash normally is the hash of the block + the hash of the nounce. But you're not repeatedly hashing the the block, only new nounces.
Your "ticket" to gain difficulty would be:
Ticket = Hash(btc_block, nounce)

With merged mining you use the hash of the namecoin block as "part of your nounce".

Ticket = Hash( Hash(btc_block, Hash(nmc_block) ), nounce)
But Hash(btc_block, Hash(nmc_block) ) is "constant", so you're still hashing a nounce with each try.
And the result is quivalent to
Ticket = Hash( Hash(btc_block, Hash(nmc_block, nounce) ))

So you can just report to the bitcoin network that your nounce has been Hash(nmc_block) + nounce.
To the namecoin you have to report Hash(nmc_block) and nounce separately and the new code will know how to treat it.

I made up the algebra, sorry if it's not very formal.
Last edited by jtimon on Thu Sep 08, 2011 8:33 pm, edited 1 time in total.

twobits
Posts: 26
Joined: Fri Sep 02, 2011 10:10 pm
os: bsd

Re: Merged mining block number - 19200 - must upgrade

Post by twobits »

Davincij15 wrote:It is my opinion that this merged mining is rushed. The new version of the software was released what like a few days ago?

You should give people time to download it and test it.
I have been testing out the merged mining feature some now using the Multicoin-exp client that was released back in July if I remember right. According to its author, only change needed in the latest release to match it, is to change the block number it will take effect. I think that was done due to others testing it. This is not the first release with merged mining, it is the release after the testing, that sets the block number for it to go live.

Davincij15
Posts: 104
Joined: Thu Jul 07, 2011 7:27 pm
os: windows

Re: Merged mining block number - 19200 - must upgrade

Post by Davincij15 »

twobits wrote:
Davincij15 wrote:It is my opinion that this merged mining is rushed. The new version of the software was released what like a few days ago?

You should give people time to download it and test it.
I have been testing out the merged mining feature some now using the Multicoin-exp client that was released back in July if I remember right. According to its author, only change needed in the latest release to match it, is to change the block number it will take effect. I think that was done due to others testing it. This is not the first release with merged mining, it is the release after the testing, that sets the block number for it to go live.

Is the new client required by everyone or only those that want to mine with their client? If the update is required by all then 3 weeks is not enough time.

hashman
Posts: 4
Joined: Thu Sep 08, 2011 2:19 pm

Re: Merged mining block number - 19200 - must upgrade

Post by hashman »

jtimon wrote:
hashman wrote: How can a bitcoin miner include NMC transactions in a block (including 50 NMC for himself) and still have a block which is a solution to the BTC block validity constraints?
First the miner includes all transactions, then he hashes with a nounce to try to win difficulty.
The exact details have to do with a merkle tree and you can find them in the wiki if you don't want to read the code.
But think of it like if with the same nounce you could try to hash both blocks with no extra effort.
If you "win" the bittcoin block and bitcoin has a difficulty greater or equal than namecoin's, you will also win namecoin block.
If you "win" the namecoin block but the difficulty is not enough to also win in bitcoin, you broadcast the nmc wining block. And start mining with the same bitcoin block and the next nmc block.
hashman wrote: If that were the case, then the difficulty of both networks will both go up, and we are back where we started in terms of mining profitability. Right?
You can expect that competition will lower profitability, yes. Some people expect the value of bitcoin to drop instead of a higher temporal profitability, but I'm not one of them.
hashman wrote: Not really a bug per se, referring to potential for bugs (added complexity) when there isn't much to gain in security.

In the merged mining proposal as i understand it proof of "having done hashes" is being accepted as proof of work on the network. Consider that I could easily come up with plenty of strings that hash to some value under the difficulty. For example I could even use previous blocks or find many strings that have the required hashes and save them for use later. This doesn't work as an attack in satoshi's block chain concept because each new block must contain certain things e.g. the hash of the last one. The security provided by proof-of-work is not due to the proof of hashing but also what has been hashed. For merged mining the contents of what has been hashed have lowered in relevance to the network. Isn't this a decrease in the security per hash that will offset any increase in total hashrate?
Not sure about the technical details, please anyone correct me if I'm wrong.
What you hash normally is the hash of the block + the hash of the nounce. But you're not repeatedly hashing the the block, only new nounces.
Your "ticket" to gain difficulty would be:
Ticket = Hash(btc_block, nounce)

With merged mining you use the hash of the namecoin block as "part of your nounce".

Ticket = Hash( Hash(btc_block, Hash(nmc_block) ), nounce)
But Hash(btc_block, Hash(nmc_block) ) is "constant", so you're still hashing a nounce with each try.
And the result is quivalent to
Ticket = Hash( Hash(btc_block, Hash(nmc_block, nounce) ))

So you can just report to the bitcoin network that your nounce has been Hash(nmc_block) + nounce.
To the namecoin you have to report Hash(nmc_block) and nounce separately and the new code will know how to treat it.

I made up the algebra, sorry if it's not very formal.

Well I like the algebra but I think there is a problem here because the block formally contains the nonce. You can see them in the block explorers. Last NMC block (18903) had inside it

Nonce: 2250928270

The nonce alone is never hashed, the hash is done of the whole block which contains the nonce. So indeed you ARE repeatedly hashing the block.

hash(A)+hash(B) != hash(A+B)

Hmm since you mention algebra, does a hash operation on certain subsets form a mathematical group?

RE: Profitability, consider the miners as a single group. Their profit is determined by a single line of code (per block chain) determining the payout: 50 BTC every block, 50 NMC every block. End of story, no change with this merged mining. Unless of course this proposed change is only here to give a certain subset of miners a short term advantage; that sure wouldn't look good.

Anyway, thanks for your help; I really should look into the code more.. I wasn't able to get any details that explained otherwise to me from the wiki from my current opinion: don't make the change at 19200.

Davincij15
Posts: 104
Joined: Thu Jul 07, 2011 7:27 pm
os: windows

Re: Merged mining block number - 19200 - must upgrade

Post by Davincij15 »

hashman wrote:
jtimon wrote:
hashman wrote: How can a bitcoin miner include NMC transactions in a block (including 50 NMC for himself) and still have a block which is a solution to the BTC block validity constraints?
First the miner includes all transactions, then he hashes with a nounce to try to win difficulty.
The exact details have to do with a merkle tree and you can find them in the wiki if you don't want to read the code.
But think of it like if with the same nounce you could try to hash both blocks with no extra effort.
If you "win" the bittcoin block and bitcoin has a difficulty greater or equal than namecoin's, you will also win namecoin block.
If you "win" the namecoin block but the difficulty is not enough to also win in bitcoin, you broadcast the nmc wining block. And start mining with the same bitcoin block and the next nmc block.
hashman wrote: If that were the case, then the difficulty of both networks will both go up, and we are back where we started in terms of mining profitability. Right?
You can expect that competition will lower profitability, yes. Some people expect the value of bitcoin to drop instead of a higher temporal profitability, but I'm not one of them.
hashman wrote: Not really a bug per se, referring to potential for bugs (added complexity) when there isn't much to gain in security.

In the merged mining proposal as i understand it proof of "having done hashes" is being accepted as proof of work on the network. Consider that I could easily come up with plenty of strings that hash to some value under the difficulty. For example I could even use previous blocks or find many strings that have the required hashes and save them for use later. This doesn't work as an attack in satoshi's block chain concept because each new block must contain certain things e.g. the hash of the last one. The security provided by proof-of-work is not due to the proof of hashing but also what has been hashed. For merged mining the contents of what has been hashed have lowered in relevance to the network. Isn't this a decrease in the security per hash that will offset any increase in total hashrate?
Not sure about the technical details, please anyone correct me if I'm wrong.
What you hash normally is the hash of the block + the hash of the nounce. But you're not repeatedly hashing the the block, only new nounces.
Your "ticket" to gain difficulty would be:
Ticket = Hash(btc_block, nounce)

With merged mining you use the hash of the namecoin block as "part of your nounce".

Ticket = Hash( Hash(btc_block, Hash(nmc_block) ), nounce)
But Hash(btc_block, Hash(nmc_block) ) is "constant", so you're still hashing a nounce with each try.
And the result is quivalent to
Ticket = Hash( Hash(btc_block, Hash(nmc_block, nounce) ))

So you can just report to the bitcoin network that your nounce has been Hash(nmc_block) + nounce.
To the namecoin you have to report Hash(nmc_block) and nounce separately and the new code will know how to treat it.

I made up the algebra, sorry if it's not very formal.

Well I like the algebra but I think there is a problem here because the block formally contains the nonce. You can see them in the block explorers. Last NMC block (18903) had inside it

Nonce: 2250928270

The nonce alone is never hashed, the hash is done of the whole block which contains the nonce. So indeed you ARE repeatedly hashing the block.

hash(A)+hash(B) != hash(A+B)

Hmm since you mention algebra, does a hash operation on certain subsets form a mathematical group?

RE: Profitability, consider the miners as a single group. Their profit is determined by a single line of code (per block chain) determining the payout: 50 BTC every block, 50 NMC every block. End of story, no change with this merged mining. Unless of course this proposed change is only here to give a certain subset of miners a short term advantage; that sure wouldn't look good.

Anyway, thanks for your help; I really should look into the code more.. I wasn't able to get any details that explained otherwise to me from the wiki from my current opinion: don't make the change at 19200.

Someone correct me if I am wrong but here is my 2 cent guess at how I would of re-coded namecoin to allow for merged mining. From what I know hashes are a make work equation that is created by the bitcoin or bitcoin derivative software. The work can be broken into smaller chunks and can be distributed. Thus namecoin (or its proxy) can take the work of bitcoin break it up add in it's specific task and hand it off to a miner. The solution of the larger difficulty has the solution to lesser difficulty as well. This is similar to pushpool breaking up the work and each share of work done is a solution. Therefor the larger difficulty of the 2 networks is a solution for both networks, it's just that you will find the solution to the smaller difficulty faster.

Again just like pushool breaks the larger difficulty into a difficulty of 1 for the miner to solve, each share solved is the solution to the whole difficulty level. Thus as an example if there where 5 bitcoin derivatives the largest difficulty is the solution to all 5 bitcoin network.

If I am wrong because my knowledge is incomplete please correct me.

Davinci

jtimon
Posts: 27
Joined: Fri Jul 22, 2011 5:36 pm
os: linux

Re: Merged mining block number - 19200 - must upgrade

Post by jtimon »

hashman wrote: Well I like the algebra but I think there is a problem here because the block formally contains the nonce. You can see them in the block explorers. Last NMC block (18903) had inside it

Nonce: 2250928270

The nonce alone is never hashed, the hash is done of the whole block which contains the nonce. So indeed you ARE repeatedly hashing the block.
When you hash a message, you hash it in blocks.
Hash(Hash(Hash(Block1), Block2), Block3)
If the nounce is the last data block you hash, you don't have to re-hash the whole bitcoin/namecoin block for every nounce you try.
hashman wrote: RE: Profitability, consider the miners as a single group. Their profit is determined by a single line of code (per block chain) determining the payout: 50 BTC every block, 50 NMC every block. End of story, no change with this merged mining.
But you can't use your hardware to mine both the bitcoins and the namecoins now !!!
Now you have to chose: you mine bitcoin or you mine namecoin.
With merged mining you can mine both networks at the same time with no extra hashing costs.
If you don't understand how can this be possible, that's another thing.
If you have a gold mine and you start to extract silver as a by-product, won't your mine become more profitable?
hashman wrote: I wasn't able to get any details that explained otherwise to me from the wiki from my current opinion: don't make the change at 19200.
You're unfunded doubts are not enough to stop this great technology to start being used. With a block per hour happening often to namecoin, it really needs merged mining.
It also has been tested. You admit that you haven't test it and you haven't read the code but you don't believe it will work. It seems like a question of faith.
I'm sorry, but we don't care about your beliefs, we need logical arguments.

Post Reply