19:43:36 <m-relay> <r​ucknium:monero.social> kayabanerve: You asked "If I have 10% of the hash power and want to do a 10-block reorg, what period of time do I need to maintain 10% of the hash power before I successfully pull off such an unlikely event?"
19:43:38 <m-relay> <r​ucknium:monero.social> This isn't a complete question because you don't specify a threshold probability for the second part of the question, i.e. do you mean "...what period of time do I need to maintain 10% of the hash power before I successfully pull off such an unlikely event _with 50% probability_?"
19:44:17 <m-relay> <k​ayabanerve:matrix.org> Yes
19:44:28 <m-relay> <k​ayabanerve:matrix.org> *am likely to successfully pull of
19:44:29 <m-relay> <k​ayabanerve:matrix.org> \*am likely to successfully pull off
19:44:58 <m-relay> <k​ayabanerve:matrix.org> (where 50% odds is the turning point from unlikely to likely)
19:45:03 <m-relay> <r​ucknium:monero.social> As a draft, what I have now is a table where the rows are the N block lock, the columns are the number of blocks that the adversary possesses the 10% hashpower share (i.e. 30, 360, 720, 5040), and the cells are attack success probability
19:45:17 <m-relay> <r​ucknium:monero.social> Ok I will change to making it a 50% threshold
19:46:42 <m-relay> <r​ucknium:monero.social> So, the rows should be the N block lock, columns should be hashpower share, and the cells should be the duration, in number of blocks, that the adversary possesses the hashpower share.
19:47:02 <m-relay> <r​ucknium:monero.social> ....to achieve the 50% probability of a successful attack
19:49:09 <sech1> You would need <10% effort for 10 blocks in a row, and the rest of a network should have >100% average effort. It doesn't look like a high probability
19:50:20 <m-relay> <r​ucknium:monero.social> It's not a high probability for a single attack. But kayabanerve wants to know the probability when you try again and again.
19:51:04 <m-relay> <k​ayabanerve:matrix.org> If I can pay 100k a year for a minority of hash power yet enough to cause disruptions which impact user privacy (even infrequently), I believe that's valuable to consider.
19:52:14 <sech1> 10^-10 probability or so, probably even less
19:53:41 <m-relay> <r​ucknium:monero.social> What formula are you using?
19:54:10 <sech1> <10% block effort = 10% probability, and you need it 10 times in a row
19:54:42 <sech1> That's VERY approximate, but it's just a magnitude estimation
19:56:15 <m-relay> <r​ucknium:monero.social> The magnitude is not correct. I get 7.859765e-04 using Theorem 1 of Grunspan & Perez-Marco (2018). "Double spend races."
19:58:28 <m-relay> <r​ucknium:monero.social> That's the probability in percent: https://gist.github.com/Rucknium/da1e57b1864aca477dfa3b4e02e86e26
20:16:11 <m-relay> <r​ucknium:monero.social> IMHO, it is a little unrealistic to assume that an adversary could have the resources to possess 10% of hashpower for a year, but not 50% of hashpower for a few hours. But I'll compute this scenario anyway.
20:20:33 <m-relay> <r​ucknium:monero.social> There is an enormous difference in the attack success probabilities when an adversary has 10% of hashpower vs 30%.
20:21:05 <m-relay> <j​effro256:monero.social> For the record, current mining security budget is 157,680 XMR per year, so 100k XMR in a year would be almost two thirds of the security budget, which would be pretty impractical to guard against in any capacity
20:21:24 <m-relay> <j​effro256:monero.social> Oh you were probably talking about USD lol
20:21:27 <m-relay> <k​ayabanerve:matrix.org> *USD, jeffro256*
20:21:29 <m-relay> <k​ayabanerve:matrix.org> *USD*
20:22:00 <m-relay> <j​effro256:monero.social> fake money!
20:22:09 <m-relay> <k​ayabanerve:matrix.org> Yes, and that is very American-centric of me, but I promise I wasn't asking about spending 16m a year on DoSs.
20:22:38 <m-relay> <j​effro256:monero.social> 🦅🦅🦅
20:22:56 <m-relay> <k​ayabanerve:matrix.org> *16m USD
20:25:09 <m-relay> <r​ucknium:monero.social> My _very preliminary_ calculations say that the adversary has to possess 10% hashpower for about six years to have a 50% probability of maliciously re-orging a series of 10 blocks while constantly attacking. I'll double-check the numbers and present a table tomorrow at the meeting.
20:25:40 <m-relay> <j​effro256:monero.social> It would interesting to know what the "optimal" attack would be given a certain fixed budget, where the attacker gets to determine the timeline. Should one compress the attack into a few minutes and try to reorg as much as possible as quick as possible? Or should they try many many shallow reorgs over the period of a few weeks/months? Depends on the goals I guess
20:27:22 <m-relay> <j​effro256:monero.social> If they want to undermine confidence in the currency, a single very deep reorg at an opportune time might be the way to go
20:30:38 <m-relay> <m​onerobull:matrix.org> in reality surprisingly few people would actually care
20:31:18 <m-relay> <r​ucknium:monero.social> This assumes (1) That the attacker halts the attack if the honest chain reaches 10 blocks, but the attacker has not yet reached 10 blocks (Theorem 1.2 of Grunspan & Perez-Marco (2021). "On Profitability of Nakamoto Double Spend.") and (2) After the attack halts, (1-q)/q blocks elapse on the honest chain before the attacker mines their next block and starts their attack again. I si<clipped message
20:31:18 <m-relay> <r​ucknium:monero.social> mplified and took the average of the negative binomial distribution (Proposition 5.1 of Grunspan, C & Perez-Marco (2018). "Double spend races."
20:32:08 <m-relay> <m​onerobull:matrix.org> as long as they dont get personally affected by it
20:32:44 <m-relay> <r​ucknium:monero.social> Also, this probability is for when _at least one_ attack succeeds. The attack would succeed multiple times in the time window, with lower probability.
20:35:12 <m-relay> <r​ucknium:monero.social> monerobull: IMHO, it is "interesting" that very deep re-orgs on other chains had small effects on their exchange rates. e.g. Eth Classic and Firo.
20:35:36 <m-relay> <j​effro256:monero.social> And Firo's was 306 blocks deep lol
20:36:07 <m-relay> <m​onerobull:matrix.org> its because nobody actually uses these chains for anything real
20:36:08 <m-relay> <j​effro256:monero.social> I don't know if the reorger accompanied it with a double spend attack as well or it was just for the sake of disruption
20:36:19 <m-relay> <o​frnxmr:monero.social> Ppl trading on binance dont care what the chain does
20:36:47 <m-relay> <o​frnxmr:monero.social> Did my market maker bot stop? No? Then nothing happened
20:36:59 <m-relay> <j​effro256:monero.social> Okay apparently it was https://cointelegraph.com/news/privacy-focused-firo-cryptocurrency-suffers-51-attack
20:37:27 <m-relay> <j​effro256:monero.social> They might care if Binance loses money and halts trades on that chain
20:38:00 <m-relay> <m​onerobull:matrix.org> they would just let trades continue but block deposits
20:38:03 <m-relay> <o​frnxmr:monero.social> Right. "did my bot stop?"
20:38:19 <m-relay> <o​frnxmr:monero.social> Block withdrawals 😂
20:38:26 <m-relay> <m​onerobull:matrix.org> nah
20:38:47 <m-relay> <o​frnxmr:monero.social> Im poking fun at the fact that they do it all the time
20:38:54 <m-relay> <m​onerobull:matrix.org> "we sent the withdrawal, not our fault the chain you use is dogwater and erased a week of history"
20:38:58 <m-relay> <r​ucknium:monero.social> jeffro256: "In [15], the authors introduce a profitability setup and look for the optimal number of blocks that an attacker should premine before launching a double-spend attack (we will answer this question in a future article)." Grunspan & Perez-Marco (2021). "On Profitability of Nakamoto Double Spend."
20:39:08 <m-relay> <o​frnxmr:monero.social> (Block dep/wd and ket ppl keep trading)
20:39:25 <m-relay> <r​ucknium:monero.social> Maybe I should look around to see if they have posted the future article. We are in the future, after all.
20:39:42 <m-relay> <j​effro256:monero.social> Thanks Rucknium . I guess I should just suck it up and read that paper you keep referencing ;)
20:41:02 <m-relay> <r​ucknium:monero.social> They are available on moneroresearch.info :)
23:01:16 <m-relay> <r​ucknium:monero.social> jeffro256: IMHO Rosenfeld (2014) "Analysis of Hashrate-Based Double Spending" is easier to digest than the Grunspan & Perez-Marco papers: https://moneroresearch.info/index.php?action=resource_RESOURCEVIEW_CORE&id=191
23:05:39 <m-relay> <r​ucknium:monero.social> Rosenfeld's equation 1, page 7 is equivalent to Theorem 1 of Grunspan & Perez-Marco (2018). Grunspan & Perez-Marco use the regularized incomplete beta function instead of Rosenfeld's summation of binomials. Grunspan & Perez-Marco are more rigorous and it looks like it is easier to prove that a majority hashrate attack has 100% success probability as time goes to infinity if you us<clipped message
23:05:40 <m-relay> <r​ucknium:monero.social> e the version with the regularized incomplete beta function.