Gavin Andresen of the Bitcoin Foundation has responded to the academic paper that points out a flaw in the Bitcoin algorithm. There is also a new conference workshop to deal with Bitcoin security matters. The debate moves on - see latest updates.
As we reported earlier this week, a recent paper from Conrnell University points out a flaw in the Bitcoin algorithm that makes it vulnerable to small groups of miners banding together to "game the system".
The Bitcoin algorithm was previously thought to lack any incentive for miners to band together to increase their share of the newly minted coins. The paper demonstrates that by withholding results a mining pool can capture increasingly large shares of the rewards and can potentially control the block chain, Bitcoin's central ledger, more easily than previously thought.
Given that the very existence of a fair currency depends on confidence, and given that Bitcoin is approaching an all-time high valuation, you can expect a strong reaction from its supporters. In fact if anything the responses are remarkably muted.
Andresen's blog post starts off by saying how wonderful it is that academics are taking some notice of the Bitcoin system and essentially it's all the journalists fault for over stating the case. He also points out that the paper hasn't been peer reviewed yet and hence implies that it might be invalid in some way.
However, the technical contents of the paper in question are not deep and make use of only basic algebra and probability theory. The paper makes clear a mechanism for increasing the miner's reward that is so obvious, once it has been pointed out, that there is little chance that the paper would be found to be technically incorrect by peer review.
The blog post doesn't offer any challenge to the paper apart from the very vague:
"I believe the paper’s assertion of a fundamental flaw is based on some over-simplified assumptions about how the bitcoin mining market works."
What these assumptions at issue are isn't made clear.
A much better response would have been to recognize that there is a flaw and point out that if it is being exploited currently then there is no evidence that it is resulting in any further manipulation of the block chain and that the flaw is easy to fix.
The encouraging part of the post is:
"This response is not meant to discourage academic research. In fact, as a Foundation, we believe that the strength of the open source development process is bringing together lots of incredibly smart people to consider and resolve long-term issues like those raised by researchers. To that point, we are proud sponsors of International Financial Cryptography Association. During their 18th international conference, they will be hosting the first Bitcoin Technical Workshop."
This is a really good idea, but if you have a paper to submit it is worth noting that the last date for acceptance is November 24th. The workshop will be held on March 7th 2014 in Barbados.
A debate has started, not on the correctness of the paper, but on its effects. The main argument is that the paper claims that the flaw found in the algorithm breaks Bitcoin and this is only true if the mining pools that game the system are stable. It is clear that it is an advantage to form such pools because any miners joining them are, on average, going to increase their income. Ed Felten, a professor of computer science at Princeton University, points out a second level strategy - a fair-weather miner joins the pool but cheats by publishing his own block in an honest pool whenever the dishonest pool isn't ahead. That is, a fair-weather miner swaps allegiances according to which strategy is ahead, so always getting a reward. It is claimed that this makes the formation of dishonest pools unstable.
The big problem here is working out if fair-weather mining is possible because it requires detailed information on what is happening to the block chain and the progress of multiple mining pools. There is also the point that existing pools require that their members produce proof that they are working on problems and hence participating rather than defecting.
The argument is now moving very much into the area of psychology, economics and game theory. There is no doubt that a flaw has been revealed in the algorithm in that there is an incentive for miners to form groups to get more rewards by delaying releasing blocks. The open question is, are there more complex strategies that destabilize the pool by earning an even more dishonest miner even more Bitcoin?
Ed Felten has just posted a clear analysis of the problem:
Game Theory and Bitcoin
The title confirms the approach in the earlier I Programmer news item - that the issue is really about game theory rather than cryptography. The algorithm does have a flaw, in the sense that there is an incentive to gather larger groups of miners to increase profit by not following the simple implementation of the algorithm. What is not clear is whether this is a dominant strategy or not.