Connection between the Byzantine Generals' Problem and Bitcoin

15 replies 219 views
3r1c777Full Member
Posts: 177 · Reputation: 674
#1Feb 3, 2018, 09:30 AM
Earlier today, I picked up a book called "The Internet of Money" (volume one) by Andreas M. Antonopoulos, which I found recommended here as a must-read for anyone wanting to grasp Bitcoin's basics. I wasn't really sure what to expect from it, but honestly, some of the ideas in the first few chapters really blew my mind. The first thing that jumped out at me was the phrase "Byzantine Generals' Problem." I had no clue what it meant, but the author connected it to Satoshi, which intrigued me and I’ll quote it below... I started wondering why I can’t find the term "Byzantine Generals' Problem" in the Bitcoin white paper. As I continued reading, I stumbled on a statement that really piqued my interest... The author mentioned something about only one mathematical currency, and that got me thinking. Although this is a strictly technical forum focused on Bitcoin, I can't help but wonder why other cryptos using a similar PoW mechanism aren’t also called mathematical currencies. So, here are my questions: 1. What's the link between the Byzantine Generals' Problem and Bitcoin? 2. Did Satoshi actually use that phrase in the Bitcoin white paper? 3. Is Bitcoin really the only mathematical currency out there? 4. I’ve come across some Bitcoin code written in C++. What other languages was Bitcoin coded in? And could someone share a GitHub link to those codes? I hope these questions stay on topic with Bitcoin's technical side. If not, let me know.
5 Reply Quote Share
coin777Senior Member
Posts: 143 · Reputation: 970
#2Feb 3, 2018, 03:02 PM
https://www.metzdowd.com/pipermail/cryptography/2008-November/014849.html No, but you can find it in his e-mails from metzdowd.com. In general yes, but it depends, how do you want to classify the altcoins. The original one was just in C++. But in the current version, you also have some Python, some Sage scripts, and other stuff. For example: https://github.com/bitcoin/bitcoin/tree/master/src/secp256k1/sage
0 Reply Quote Share
LuckyCoinLegendary
Posts: 832 · Reputation: 4795
#3Feb 3, 2018, 06:40 PM
He called it "mathematical money" because you can't mine (inflate) more of it unless you solve a SHA256 problem where the result is less than a particular number. Laws can be corrupted, but the cryptographic properties of SHA256 and other message digest algorithms cannot, and as a result, it is a perfect base to build something like Bitcoin on - so long as it is the only means defined for creating new coins.
5 Reply Quote Share
3r1c777Full Member
Posts: 177 · Reputation: 674
#4Feb 3, 2018, 11:33 PM
I was thinking, what about other alts that uses Similar Cryptographic proof (PoW) like Bitcoin?. I guess the Bitcoin community developers were behind the further addition(current version), or was it Satoshi ?.
1 Reply Quote Share
chris.altHero Member
Posts: 458 · Reputation: 2287
#5Feb 6, 2018, 12:02 AM
Regarding the classification of altcoins: PoW altcoins like BCH, LTC or XMR of course work in the same fashion than Bitcoin. But there is still a quite big difference: Bitcoin is the only coin where we can sure that really 50% of the existing miners are needed to attack the network. "Existing miners" here refers to all miners in the crypto space, not only the Bitcoin miners. So the 50% threshold of adversary hashrate who are needed to attack the chain is only really sound for Bitcoin.[1] Other SHA-256 altcoins like BCH in theory are all the time in danger to be attacked by a much lesser percentage than Bitcoin. BCH has currently a hashrate of about 3.4 Eh/s, Bitcoin's hashrate is 500-600 EH/s. So only 0.5% of all Bitcoin miners would be necessary to launch an 51% attack on BCH. PoW altcoins with other algorithms like LTC and XMR are a little bit safer because the vast majority of Bitcoin mining nodes (I guess more than 99%) run on ASICs, and these ASICs can't easily be used to attack XMR or LTC with their different algorithms. The biggest coin of each algorithm (Scrypt for LTC, for example) has thus still a quite high safety. However, as these coins are also minable with GPUs relatively efficiently, they are vulnerable to attacks for example with botnets "capturing" servers doing AI calculations. At least, the mathematical assumption is not so sound as with Bitcoin. Proof-of-Stake altcoins explicitly use "Byzantine Fault Tolerant" (edited mistake) algorithms (most, including Ethereum, use PBFT, a mechanism proposed first in 1999) since this mechanic was investigated properly. So they can only deal with 33% adversary validating power. They don't solve the Byzantine Generals problem, they "live with it". [1] it might be actually more close to 49%, but as Bitcoin really has a vastly higher hashrate than all other PoW altcoins, the difference is negligible.
5 Reply Quote Share
hash_bossLegendary
Posts: 1166 · Reputation: 5261
#6Feb 6, 2018, 04:27 AM
It should be someone who's not Satoshi. After all, Satoshi never use GitHub and that secp256k1 library created some time after Satoshi no longer appear. Efficiency difference for Scrypt between GPU and ASIC are too wide, so it's not practical for attacker to mine LTC after "capturing" such server. But generally you're right, as attacker would just mine "better" coin.
3 Reply Quote Share
paul.stakeHero Member
Posts: 651 · Reputation: 3798
#7Feb 7, 2018, 09:17 PM
Take into consideration that Monero is designed to be mined by CPU. You can mine it with a GPU, but it's much less effective. Definitely not mineable by ASICs. Apart from the mentioned email, he had also posted the exact same in bitcoin.org: http://web.archive.org/web/20090309175840/http://www.bitcoin.org/byzantine.html. Nowhere else, as far as I'm aware. Nowhere in this forum at least.
4 Reply Quote Share
HyperCipherFull Member
Posts: 220 · Reputation: 780
#8Feb 8, 2018, 01:51 AM
Indeed. Plus Proof of Stake has a different security model wherein they secure their networks through different check-pointing schemes - often centralized, which make the Proof of Stake part in those networks reduced to mere "ornaments/decorations". Why? Because what actually keeps the network secure is not the Proof of Stake, but something that Gregory Maxwell calls "ask a friend" - the check-pointing scheme.
6 Reply Quote Share
ape_2018Senior Member
Posts: 412 · Reputation: 1728
#9Feb 10, 2018, 11:19 AM
That makes Monero actually even more attractive for botnets, since just about any hardware will do. "Security theater" was the phrase, I think.
1 Reply Quote Share
lord_chadFull Member
Posts: 52 · Reputation: 359
#10Feb 10, 2018, 04:21 PM
Byzantine Generals basically is a hypothetical situation where the Byzantine army is divided into divisions each led by a general. They have to come to a consensus about how or whether they will even attack. They can only communicate through a messenger in which they are not even sure if trustworthy or not. So the problem here is that there is no way for them to verify if one messenger is bringing the right information. This problem is then solved by the blockchain and bitcoin's consensus mechanism. You see the problem is the lack of transparency which in blockchain is finally solved. Each block is verified to ensure its validity and trueness in a sense. It is a decentralized I do not think so but blockchain technology is the closest to a solution to the Byzantine problem that we have currently. No, there are now other currencies that have followed bitcoin's technology.
2 Reply Quote Share
3r1c777Full Member
Posts: 177 · Reputation: 674
#11Feb 10, 2018, 08:24 PM
What has the messenger got to do with this?. Am not sure if that's what Satoshi email described. Here is the email, which the link has been provided, from vjudeu's reply at the top, and I also think BlackHatCoiner also shared thesame explanation, but appears to be posted on a separate platform. So there is no such thing as "a messenger failing to bring the right information". It's just a problem where it is difficult for others to listen to two attack instructions from two different generals, at same point in time. Just as the article says: some may hear one first and the others hear the other first. Hearing both attack instructions wasn't even stated, so you either here one or the other first, at a particular time. And i think this part of the email also explain how the problem can be solve Why don't just read through the entire thread, when less busy.
3 Reply Quote Share
coin777Senior Member
Posts: 143 · Reputation: 970
#12Feb 10, 2018, 10:49 PM
https://en.wikipedia.org/wiki/Byzantine_fault As you can see, it is not only about the timing. It is also about knowing, which information is right, and which is wrong. If you have two blocks at the same height, with two conflicting transaction histories, then you may have Alice->Bob transaction in one block, and Alice->Charlie transaction in another. As long as you don't have the next block, both are valid. Your node can even show you that information as "valid-fork", if you execute "getchaintips" in your bitcoin-cli console.
2 Reply Quote Share
3r1c777Full Member
Posts: 177 · Reputation: 674
#13Feb 11, 2018, 01:24 PM
From your explanation using two separate blocks of same height, if an incoming candidate block is to be attached, what now determines which chain it should be attach to?, Because one of them ought to be neglected by incoming blocks as time passes.
4 Reply Quote Share
ape_2018Senior Member
Posts: 412 · Reputation: 1728
#14Feb 11, 2018, 04:38 PM
The miner's software, as this conflict is not handled at the protocol level. At any given time a miner will keep only one of these blocks in their mempool (presumably the one they saw first), dismissing any other block that may come in. Once they attach a new block to whichever of the conflicting blocks they ran with, that chain becomes the "correct" chain on a protocol level with the other block being orphaned.
3 Reply Quote Share
coin777Senior Member
Posts: 143 · Reputation: 970
#15Feb 11, 2018, 05:35 PM
By default, it is "first seen", so whichever chain is received first, it is assumed to be the right one. However, you can always manually pick it, by using "preciousblock" command, and switch to the second, the third, or to any other competing chain, just by picking manually the hash of the block, which should be used as "valid".
4 Reply Quote Share
nova365Full Member
Posts: 82 · Reputation: 551
#16Feb 14, 2018, 03:03 AM
The proof-of-work chain is a solution to the Byzantine Generals' Problem.  I'll try to rephrase it in that context. A number of Byzantine Generals each have a computer and want to attack the King's wi-fi by brute forcing the password, which they've learned is a certain number of characters in length.  Once they stimulate the network to generate a packet, they must crack the password within a limited time to break in and erase the logs, otherwise they will be discovered and get in trouble.  They only have enough CPU power to crack it fast enough if a majority of them attack at the same time. Here: https://www.metzdowd.com/pipermail/cryptography/2008-November/014849.html You can find some troubleshooting about Byzantine from here. Because there is enough argumentative evidence that is absolutely necessary.
4 Reply Quote Share

Related topics