The difference is that even if the difficulty adjusts, there will be dormant ASICs waiting to be used. If the price lowers enough and enough ASICs are out on the bench, it’ll at one point becoming economically beneficial to turn them all on and attack the network rather than having them collect dust and depreciate.
People vastly overestimate the profitability of attacking a crypto network.
There are tons and tons of much smaller coins, that can be attacked for very cheap, and yet attacks are still very rare.
IMO, this is because double spends just aren't a very good idea. If you tried to steal money from an exchange, everyone would know it was you doing the attack, and then they wouldn't accept your money in the future, or maybe you'd just go to jail instead.
Also, the network is not static. If there is lots of hashpower sitting unused, maybe that hashpower would turn in to defend against an attack.
More people have something to lose from a successful attack, and thus could be motivated to defend when an attack happens.
Haha, then “PoW is for security” is a myth. If you are correct (which is arguable), then you don’t need PoW, you just need an elected federation of validators. And validators won’t attack because of the counter-incentives you describe.
So either PoW has a security hole related to dormant ASICs or it’s useless. Either way it’s not a good look.
This is a somewhat weak argument. I could say the same thing about door locks.. no lock is perfect and an attacker with sufficient resources can successfully subvert pretty much any lock. We don't depend only on locks but on police, neighbors, security-alarms, etc. This does not mean that locks are useless.
PoW provides some amount of security but in order to pull off a double-spend you have to not only gain majority hashrate, but also somehow actually spend/cash-out both 'copies' of your coins. This carries substantial risk as you first have to be long those coins (not smart when you are attacking the network). Then convince exchanges to convert both 'copies' while hoping they don't have systems that notice the massive increase in hash-rate nor the unexpected fork you are creating.
Simply shorting a coin, then attacking as more of a DoS may be more feasible but still carries risk as a successful defense could positively affect price.
Dormant POW could be as much of a benefit as it is a drawback.
If someone owns 10s of millions of dollars worth of miners that are temporarily turned off, do you think this entity would want an attack to succeed?
No. They'd want to protect their future investment in mining equipment. They might just turn that hashpower back in, if an attack was in progress, and take a temporary loss to fight off a temporary attack.
Even the threat of a big player coming in to prevent an attack would make the risk of attacking way to high.
We saw this happen recently when someone tried to attack the Bitcoin Cash network. Defending miners temporarily turned on their hashpower to stop any attacks. And it worked.
> If someone owns 10s of millions of dollars worth of miners that are temporarily turned off, do you think this entity would want an attack to succeed?
Well that depends on how much they're holding and how deep they are in the hole at the given time.
> No. They'd want to protect their future investment in mining equipment.
Unless they were in financial trouble and an attack would get them some cash, fast. The sort of financial trouble that can happen when a company invests, say, millions and millions of dollars into now-unprofitable hardware.
What I am saying is, that it one "desperate" miner attacks, then 5 other miners, who don't want to lose their investment, will defend.
The network is not static. It doesn't matter if one miner wants to make a quick buck, because the defenders have more to lose, and would spin up defending POW if needed.
I am skeptical of cryptocurrency networks in general but one thing that they share is the general 'attack resistance' of trade and markets in that attacking it ruins the value they would seek to steal.
If you try raiding a market the trade will dry up as traders won't want to come where they may be attacked and trading with people who attack traders is bad for business given the precedents it establish for property rights. Essentially even if you could seize it all it would be worth a fraction of the value because nobody wants to give their goods/money to 'dicks who steal stuff from traders' for the same reason you don't go to barbecues with cannibals. This is one way that markets and trade help promote peace - war becomes a losing move and ones who anger others less are better resourced
If they want to take everything by force you need to seize the goods and means of production themselves - which also highlights why communist countries have had terrible economies - in addition to all of the economic fallacies. Expropriation scares people off.
Come to think of it this is something that has bitten Haiti with its history and highlights the amorality of the effect. Slaves suffered under conditions so brutal that the slave population was sustained through importation instead of reproduction, greed and economic forces caused slaves to vastly outnumber the masters, and machetes were indispensable tools for sugar plantations. While their grievance was justified they were pretty much embargoed pariahs as a result.
The point being that these phenomenon aren't moral or immoral in themselves and are something that should be kept in mind by all actors.
If they’re dormant, by definition they’re already unprofitable to operate. If the price decreases further, only the most efficient miners will remain, not the least efficient of them.
If you can flip a switch and 10x the hashrate of a network, all under your control, and you don’t care about killing the chain in your attack, it may be a perfect exit for you if you no longer want to play the mining game.
There’s actually a mining pool doing something like this on smaller PoW bitcoins https://sharkpool.cash (not associated, just think it’s interesting)
Can you explain why this is the case, especially when the value of BTC is declining? The capital costs (ASICs and the power hookups) are sunk costs, and if it stops being profitable to opwerate all the ASICs honestly, or even to operate any of them if you don't have the lowest cost per hash on the network, then it may be quite valuable to attack the network and barely valuable at all to continue mining normally.
Very true. I still believe this happened in Bitcoin in 2013... When Pieter Wuille and Luke DashJr decided to abandon the v0.8 fork and told the miners to hop on v0.7, they could have easily sold v0.8 coins...
I've speculated before that the Chinese government may use this to sow confusion in the event of an altercation, "hot" or otherwise, with the West - in which case, the profitability of a miner is moot, only the ability to spin up a majority of the network.
Getting those ASICs from where they are unused to where someone can use them to attack the network is not a simple task. The only way this becomes possible is if the current owner of the hardware decides to attack the network. Even to buy the hardware will require a large capital input, let's at you can buy $1m worth of hardware and ship it to your location within 7 days (shipping and setup), you then need to run it (electricity cost) and hope that you can recoup costs plus profit by double spending. The only option to double spend and profit is to double spend on an exchange and withdraw fiat currency before the exchange realises, the speed at which fiat transfers work this is highly unlikely.
Couldn't the protocol be extended, such that the hash algorithm could be switched periodically, in such a way that ASICs would no longer be profitable to produce?
That's essentially the approach Monero has taken. From [1],
> In sum, we strongly believe that it's beneficial to preserve our ASIC resistance. Therefore, we will perform an emergency hard fork to curb any potential threat from ASICs if needed. Furthermore, in order to maintain its goal of decentralization and to provide a deterrent for ASIC development and to protect against unknown or undetectable ASIC development, the Monero team proposes modifying the Cryptonight PoW hash every scheduled fork, twice a year.
In theory yes, the algorithm could be changed or even moved away from proof of work and towards proof of stake (I think ETH is doing this?)
In practice bitcoin is somewhat resistant to large changes or forks, most anyone who would consider any type of alteration to the existing implementation forked off with bitcoin cash for a relatively minor change (block size). That self selection has left a staunchly "traditionalist" majority in the remaining bitcoin community.
