Craig Wright on “The Risks of Segregated Witness: Opening the Door to...

Craig Wright on “The Risks of Segregated Witness: Opening the Door to Mining Cartels”

By OP-ED -
7842
51
SHARE
The Risks of Segregated Witness: Opening the Door to Mining Cartels Which Could Undermine the Bitcoin Network

Written by Dr. Craig Wright.

The bitcoin community continues to debate Segregated Witness, the Bitcoin Core development team’s proposed scaling solution which would separate signature data (witnesses) from transaction data. There are numerous risks with SegWit, but one in particular needs more attention: SegWit opens the door to methods of collusion and mining cartels which could undermine the bitcoin network.

Also read: Why Segregated Witness Will NOT Decrease the Memory Burden on Nodes

Protections of the Current Bitcoin Protocol

To understand how SegWit opens this door, let’s review the format of the bitcoin protocol. The way that bitcoin works allows for a large miner who has managed to gain more than 51% of the network to engage in a form of attack based on double spending an existing transaction. This works in the following manner:

“Even if a bad guy does overpower the network, it’s not like he’s instantly rich. All he can accomplish is to take back money he himself spent, like bouncing a check. To exploit it, he would have to buy something from a merchant, wait till it ships, then overpower the network and try to take his money back. I don’t think he could make as much money trying to pull a carding scheme like that as he could by generating bitcoins. With a zombie farm that big, he could generate more bitcoins than everyone else combined.[1]“

This form of attack would cost the miner revenue. Unless the miner has more than 51% of the network, any such attack would be unlikely and expensive given the cost of mining bitcoins. It would also risk the miner’s existing revenue model.
In bitcoin, a large miner can make a small gain if it manages to introduce a double spent transaction into a block. This means that a nefarious miner is able to introduce a transaction that it has itself caused to be spent in an attempt to reverse the first payment. But there is no economic incentive whatsoever to do this for small transactions (such as transactions of less than an order of several thousand U.S. dollars).

In addition, this form of attack would only be viable with careful timing. The miner would have to implement the attack after a sale has occurred (in the above example, sale of a merchant product) and the transaction has been completed, but before the transaction is integrated into a block. Transactions of a higher (more expensive) amount are naturally the most lucrative targets for attack but they would likely be integrated into the block at a suitable depth where the time for being reversed has passed. For instance, when real property is transferred, the laws of many jurisdictions give the purchaser a right to rescind the transaction for some specified amount of time that would exceed any block height that could be reversed. Thus, the current bitcoin protocol provides economic disincentives to deter, and protections against, a double-spend attack, especially for larger transaction amounts.

SegWit Creates Incentives to Form Mining Cartels

If implemented, SegWit would change this for the worse. It opens the door to an economic incentive model that would encourage mining cartels to form. As the bitcoin network currently operates, there is no incentive for miners to form cartels. Mining pools are not cartels; they are a firm. But SegWit introduces a fundamental change to bitcoin: the “AnyOneCanSpend address”, or essentially a blank signature for transactions. SegWit uses an “AnyOneCanSpend” address so that transactions will be validated and recorded into blocks, even though the sender/receiver signature data is separated. Normally, an “AnyOneCanSpend” output (as its name implies) would allow any miner to spend the funds associated with that transaction; therefore, SegWit would introduce new rules for interpreting “AnyOneCanSpend”. This means that miners could not take advantage of that output address to inappropriately spend the funds associated with all SegWit transactions.

But with “AnyOneCanSpend” addressing, the system is only secure while all participants agree it is secure. Proponents of SegWit assume that once its protocol change is activated, all miners will agree to play nicely, never steal funds, and funds will be locked up safely. But the major flaw in their thinking is that it ignores economic incentives for nefarious miners to do the following after SegWit activates:

  1. Form a cartel to take over the network
    2. Switch off SegWit and revert back to the current bitcoin protocol
    3. Take advantage of the “AnyoneCanSpend” address to instantly steal funds associated with all SegWit transactions in blocks they mined.

By using “AnyOneCanSpend” addressing, SegWit therefore opens the door to a corrupt miner mining a block to subvert transactions, and instead redirect them to the miner’s own address. The value of such an illicit attack would grow every day SegWit is used. Over time, the more people use bitcoin, the more SegWit transactions are added to the blockchain, and the more funds are locked up with SegWit aspects of bitcoin, the more valuable this form of cartel attack becomes. A defecting miner could access historical funds that have not been redirected from SegWit to a traditional bitcoin address. Hence, the longer a SegWit system runs, the more likely it is that a cartel will form to steal funds.

Under SegWit, miners are not likely to form a cartel to recover an individual double spent transaction – even if it is a large single transaction. Rather, it is the sum of all SegWit transactions (at least in blocks mined by cartel members) which provides a large enough treasure chest worth pirating. If 51% of miners that signal for SegWit secretly support cartelisation of the protocol, it is only a matter of time before transactions are stolen. This could occur in the following way:

1. Miners signal SegWit.
2. A group of mining pools and companies with a joint hash rate in excess of 50% of the current network power form a cartel.
3. The cartel group then stops signaling SegWit and returns to the network to the former bitcoin protocol.
4. If a sufficient quantity of bitcoin is transacted using SegWit, the cartel would switch from SegWit to treat all transactions using the original protocol. Cartel members could then instantly use the “AnyOneCanSpend” address from SegWit to steal funds from the transactions in blocks they mined (especially any high-value block). To incentivize miners to join the cartel, the cartel could agree that each member distributes stolen funds from their attacked blocks to the whole the group in some proportion (for example, according to the hash rate each maintains.) No one miner or mining pool would need to itself have 51% of the hash rate in order to participate.

This is one of several hundred attack scenarios which SegWit could open. Under a SegWit regime, such attacks against the bitcoin network could work because the economics of the system would be changed; rather than illicit activity being discouraged, it would be encouraged under SegWit. This seems to be the aspect of the system that is least understood by Bitcoin Core developers and other proponents of SegWit.

There have been several large individual transactions even in the early days of bitcoin. As noted above, it is not however any individual transaction that creates the major risk to the network; rather it is the overall level of transactions within any one block. As bitcoin scales, it will become more and more likely that a large high-value block will come to exist. Looking at the Visa and MasterCard transaction processing rate, it would be expected that in certain peak transaction times, the collected pool of transactions within a short time period (for example, 1 to 2 hours) could lead to scenarios where total transaction volumes exceed USD $100 billion if bitcoin scales to be the predominant form of Internet money. At such levels, even a normally honest miner could be incentivised to defect from the standard protocol.

Such negative consequences of SegWit have not been explored and publicly vetted for the bitcoin community to consider. Instead, SegWit’s proponents downplay incentives, economics and the game theory of their system, and instead allude that the cryptographic controls are what makes bitcoin secure.

Game Theory Explains Why People’s Self-Interest Often Trumps Social Cooperation

An easy way to visualize the problem is through class game models. The present model of security within bitcoin is equivalent to a super game stag hunt. Conversely, SegWit changes the model into a prisoner’s dilemma, where groups of miners form into either “honest” or defecting groups.

In game theory, the prisoner’s dilemma shows why two people may not cooperate, even when it is in their best interests to do so. Two friends or partners are accused of committing a crime and are held separately, without means to communicate with each other. Prosecutors do not have sufficient evidence to convict them of the principal charge, so offer each of them a choice to either testify against (betray) the other or to help the other by remaining silent. The choice by each prisoner will determine scenarios (laid out in a four-quadrant grid) whether the prisoners go free (if they both choose to help each other by remaining silent), or get sentenced to different levels of prison time (with the worst case scenario being that each betrays the other). More often than not, each prisoner will look out for his self-interest and betray the other – and if both prisoners do that, they each end up receiving longer prison sentences than if they had both helped each other. The game model’s lesson is that personal interest often controls people’s decision-making, even if it often leads to a worse result when all involved persons act in their self-interest. It provides an interesting model for real world situations – such as the bitcoin network – involving cooperative behaviour.

If a prisoner’s dilemma results in both parties choosing to defect (betray the other), the game again becomes a stag hunt – another game model about incentives for individual vs. social cooperation. In a stag hunt, each player can choose to hunt a stag or a hare, and must choose without knowing the other person’s choice. Hunting a stag requires both players’ cooperation to succeed. A hare only requires one player but is worth less than a stag. Cooperation to hunt the stag would thus be better for both players (just as cooperation by both prisoners to help each other leads to the best result in the prisoner’s dilemma).

The Risks of Segregated Witness: Opening the Door to Mining Cartels Which Could Undermine the Bitcoin Network
Figure 1: Stags or Hare. Image by Chris Jensen and Greg Riestenberg.

Figure 1: Stags or Hare
Image by Chris Jensen and Greg Riestenberg
When applied to the bitcoin network under SegWit, the game model will be perverted. Instead of acting in a form of positive social cooperation to benefit all bitcoin network participants, a mining cartel will wait for a large enough target before engaging in a destructive hunt. Once a block reward is discovered containing a suitably large payment provided through SegWit, either in part or in whole, the cartel acts.

At this point, a cartel with over 51% of the network hashing power switches back to the original bitcoin protocol, changing all outstanding SegWit payments as well as the last block payments to AnyoneCanSpend addresses that can be instantly redistributed to themselves. As the volume of payments into SegWit addresses increase, the incentives for miners to defect from the network also increase. In game theory, this leads to a Nash equilibrium of defection.

As bitcoin becomes more widely used under its default protocol, it becomes more and more secure and less vulnerable to attack (which is a key feature of its default protocol). SegWit alters the protocol fundamentally in a manner that is opposite to this. That is, it allows it to become more and more vulnerable over time. If (for example) in the first week of a SegWit implementation, there are $100 million worth of transactions, and in the first month $1 billion worth of transactions, the incentive to cheat is not simply from the amount in any one transaction or even in any one block, but the total outstanding within the system.

From this, it is apparent that every transaction involving SegWit and not being relayed into a standard bitcoin address slowly increases incentive to attack the system. The larger the system, the larger the incentives to defect. This is exactly the opposite of the existing protocol dynamics within bitcoin: the larger the bitcoin ecosystem and hashrate grows (using bitcoin’s original protocol), the more secure it becomes. In the early days of bitcoin, it was possible for an individual miner to plan and execute a double spend attack. But as the system has grown in power and as it continues to grow, a double spend attack becomes more and more difficult, and less and less profitable. If SegWit is implemented, the longer the system runs and the more it is used, the incentives will only grow for miners to defect and compromise the system. Thus, SegWit would produce exactly the opposite effect of the current bitcoin network when it comes to building (or in the case of SegWit, undermining) security.

Risks from the introduction of new players

One of the key flaws in the modelling of SegWit is the assumption that existing miners who may harbour good intentions towards the protocol will remain as the key players. This assumption ignores new entrants to the system. The mere possibility of the defection strategy described above is likely, under SegWit, to attract new pool miners with illicit motives. These could be groups opposed to SegWit or those who have never mined bitcoin and seek a relatively quick profit. Such quick profit would allow them to enter the market at a discount.

The introduction of SegWit would alter the maximum known risk associated with bitcoin from a 51% attack with the ability to censor transactions or to engage in elaborate double-spending attacks, to a catastrophic risk that could possibly and completely destroy the whole ledger and all contained value. The premise that miners will not steal funds at the genesis of SegWit does not address the introduction of new players who are now incentivised more and more each and every day to steal the funds that are locked into the ledger and which are growing daily. These new players and the increasing level of funds place all open areas of the ledger at risk to attack at a later date.

Initial introduction of SegWit was proposed to activate at 95% hashrate support. This was based on the presumption that once SegWit activated, new entrants or players would need to support existing rules. The consequence is a presumption that all transactions will be safe forever. This presumption is incorrect. Mining pools and miners change periodically, just as industry players change in any other business field
In the current bitcoin protocol, the economically fair nature of the system increases security over time. But under SegWit, governments and other state players with increased incentives to attack bitcoin will benefit. The creation of a cartel secretly formed through a hostile government poses a serious risk.to attack and seriously damage bitcoin. Such a cartel would not require an immediate 51% control through the centralised party.

Rather, the cartel head could engage in a strategy where it boosts the weakest players. This strategy would involve finding mining pools that had been formally profitable but, due to a downturn or technological advancements or even changes in energy pricing, are finding it difficult to compete in the existing market. Joining the cartel would give these players a methodology to profitably leave the network. A final attack that is profitable in the short-term could fund the miner’s decision knowing that ongoing competition would be difficult.

The new player running the cartel would then gain access to the existing market share and be able to buy access to the system at a depreciated price before returning to a system that does not implement SegWit. With the flaws in SegWit then removed, the new entrant could gain a competitive advantage, low cost access to the market, and at the same time, subversive control.
These scenarios of cartel attacks against the bitcoin network may seem alarmist, but they are very real possibilities lurking behind the SegWit door. Does the bitcoin community really want to open the door to this serious risk of SegWit?

Written by Dr. Craig Wright.

Dr. Craig Wright is Chief Scientist at nChain, the global leader in research and development of innovations in blockchain technology. nChain opposes SegWit and instead supports removing the Bitcoin blockchain’s artificial block size limit (temporarily set at 1MB) to fuel increased scalability. nChain also supports on-chain scaling as the only viable method for the Bitcoin protocol to scale globally and remain decentralised. nChain also advocates for the formation of a neutral standards organisation to coordinate and manage the Bitcoin protocol and technical standards.

This post was originally published at Coingeek.

Do you agree Segwit poses unknown risks? Please let us know in the comment section below!

At News.Bitcoin.com all comments containing links are automatically held up for moderation in the Disqus system. That means an editor has to take a look at the comment to approve it. This is due to the many, repetitive, spam and scam links people post under our articles. We do not censor any comment content based on politics or personal opinions. Please be patient and your comment will be published.

RELATED ARTICLESMORE FROM AUTHOR

  • mably

    How is it different from P2SH addresses?

    • Craig Wright

      P2SH would be an attack against a single block.

      In SegWit, the attack is against all outstanding amounts. The scheme is designed to move people into SegWit addressing. Over time, the attack becomes more and more valuable.

      This starts at a low return, but with each additional SegWit UTXO, the value returned to an attacker increases.

      In P2SH, the attack is at best probabilistic. You can try (at the cost of lost blocks) to gain a single block where you do not have any means to plan the value ahead of time.

      With SegWit, you can plan an attack. It allows for coronation of Cartel memb

      • mably

        The Bitcoin value on the attackers hard forked chain would be close to zero anyway. Reverting a SF is a HF. Don’t know why they would do that.

        • Craig Wright

          Even if it decimated, it would not be zero. This could be profitable at 1/10 of the amount.

          It further opens the doors for coordinated attacks by people hostile to bitcoin. Government or other large actors unable to attack using 51 attack any longer.

          It is important to remember that you can also have a long option with potentially infinite returns in this scenario where we are shorted. We were talking about shorting bitcoin. The alternative is to short US dollars against bitcoin. In effect, we go long on a synthetic derivative created against a CFD pegged to the increase in US dollars. That is the increase against bitcoin deflating in value.

          The secret to the attack is that you do not need money or ownership of bitcoin (all with respect to litecoin) ownership of the individual crypto asset. You can short it on an exchange. There are numerous CFD markets, public ones that are not available for Litecoin do have bitcoin and these will allow you to take out a short position. In effect, what you are doing is betting the prices going down. A combination of the theft through a point attack coupled with the aggregation of available coin would make a doubly beneficial attack.

          This could result in a hard fork to a separate proof of work or even too separate chains.

          The cartel could use a leveraged buy. The shorted option could be leveraged at a value of up to 500 to 1 against Fiat currency. This would allow a £100,000 short option to effectively recover more than the value of the attack.

          There are always incentives in attacking the market.

          • mably

            Once you are ok with a HF, aren’t there better things to do than steal SW funds? Everything being possible, you could increase the block reward for example. This new alt coin could survive far longer and keep a far higher value than the stealing one. Anyway, Bitcoin’s mission is not to make the world scam-free. Scammers gonna scam, even miners.

          • Craig Wright

            You are making an assumption that the attack requires 51% to be completed. it requires that some nodes have upgraded and some have not. With nodes that have not upgraded to segregated witness, the attack is additionally incentivised and can happen on a small percentage.

          • mably

            Not sure to understand what you say here. Definitely not convinced that the attack you describe could have any real impact on Bitcoin anyway. As long as the main SW chain survives, I don’t really care what hard forkers do with my SW UTXOs.

          • Craig Wright

            The secret to the attack is that you do not need money or ownership of bitcoin (all with respect to litecoin) ownership of the individual crypto asset. You can short it on an exchange. There are numerous CFD markets, public ones that are not available for Litecoin do have bitcoin and these will allow you to take out a short position. In effect, what you are doing is betting the prices going down. A combination of the theft through a point attack coupled with the aggregation of available coin would make a doubly beneficial attack.

            This could result in a hard fork to a separate proof of work or even two separate chains. that is correct.

            The cartel could use a leveraged buy. The shorted option could be leveraged at a value of up to 500 to 1 against Fiat currency. This would allow a £100,000 short option to effectively recover more than the value of the attack.

            The interesting point that people do not understand is that the drop in price in the crypto currency fuels payment in Fiat. A government attacker or MasterCard level player would be able to extract the entire value out of a system such as bitcoin. They can do this without ever owning bitcoin.

            When people comment about this not being available attack, they demonstrate lack of understanding on how futures exchanges function. If we take this further, as noted, CFD markets do not require ownership of the actual asset. It is for instance possible to bet on the alteration of 25 million bitcoin in a CFD market.

            It is important to remember that owning the asset is only one of many ways to profit from an asset. Many people do not understand that the majority of derivatives traded do not involve ownership of the asset but monetary values associated with price fluctuations.

            It is important to remember that you can also have a long option with potentially infinite returns in this scenario where we are shorted. We were talking about shorting bitcoin. The alternative is to short US dollars against bitcoin. In effect, we go long on a synthetic derivative created against a CFD pegged to the increase in US dollars. That is the increase against bitcoin deflating in value.

          • mably

            I guess quite a few big actors are already shorting Bitcoin by spreading FUD or fake news, nothing new here. We have to go with it.

          • puzzled

            Nah, stopping SegWit on BTC would be moon fuel. A short would be foolish.

          • Sebastian Zmener

            But, is it possible to fill the AnyOneCanSpend addresses without exceeding the 1MB block limit nor having to mine the whole blockchain from the modified block up to the current one?

          • Craig Wright

            Yes. You can select the highest value TXs and work down. Aditionally, a miners can combine multiple SegWit Txs into a single output.

          • Sebastian Zmener

            But each of these actions would change the resulting block hash, invalidating the rest of the blockchain from that point in history. What am I missing?

          • Craig Wright

            The nature of the transaction.
            You’re confusing this with a standard bitcoin transaction when this is a reversed segregated witness implementation using anyone can spend. All the required information is separated into the second Merkel tree that is no longer a valid source.

          • Sebastian Zmener

            OK, but anyway to make the transaction standard you should put a destination address and that information won’t be in other merkle tree than in main’s so Bitcoin can work without SW (as planned by the attacker). That doesn’t affect the block hash?

          • Craig Wright

            The transaction is not standard, it is SegWit. Also, miners can mine non standard Txs, they do not forward them, but these are accepted into blocks.

            That stated, these are not he issue. It is a Hash puzzle address where the SegWit Tree provides the answers to the miners.

          • Sebastian Zmener

            The article itself says that the attack would be in standard Bitcoin protocol:
            “2. Switch off SegWit and revert back to the current bitcoin protocol”
            In order for this to work properly, the transactions should be standard. Am I wrong?

          • Craig Wright

            What you are missing is this idea that UASF “nodes” do anything.

            You do not impact a network through a non-event.

  • Swayzesghost

    I suspect this is like a cigarette company expert warning you that eating vegetables could possibly cause cancer.

  • Khurram Javed

    This makes Segwit sound like a bad idea. Never read of the consequences in this light before.

  • De Wilde Weldoener

    Just so you know, Craight Wright is the guy who without presenting any evidence claimed to be Satoshi Nakamoto.
    He is a con artist and anything he says should be read with that in mind.

    • Craig Wright

      Another one, libel laws are rather liberal in the UK and they can be in force globally.

      • De Wilde Weldoener

        So instead of countering that argument you instead prefer to threaten people, got it!

  • Mike Combrink

    Riiiight yes. So we fear 51% of mining infrastructure in the World will go and completely cripple Bitcoin in order to steal a bunch of coins? Why does anyone even publish stuff written by this fraudster?

    • Craig Wright

      I do hope you enjoy the eventual results of your libel.

      • Mike Combrink

        Go lookup ‘libel.’ A statement has to be false to be libel.

    • Richard Todia

      Network Security is of the utmost importance.

      There are major forces that would like Bitcoin to fail (particularly those who currently supply the world’s monies). I am confident that they will attempt to exploit any vulnerability, and that they have substantial resources to invest toward that goal.

      This article worries me. Please tell me why I should not be worried? Please respond to the content. I care not who wrote it.

      • Mike Combrink

        Right now, the worldwide network runs at 4754057.348 TH/S. Mining equipment costs around $130/TH/S so the World’s infrastructure at current prices is worth over $600m. The imaginary cartel that would pull off this heist will have to have more than $300m invested in mining hardware. An investment that will be worth next to nothing after an attack like this.
        It is possible that Craig imagined writing something like this could cause a huge dip in the Bitcoin price and bet against it before publishing. That is the only angle I can think of and as De Wilde Weldoener pointed out, he claimed to be Satoshi Nakamoto so I wouldn’t put any sort of elaborate hoax past him.

        • Jared Devers

          $300 million is a bargain for a collection of nation states to significantly damage the reputation Bitcoin. Is the motive there to justify the expense?

  • LucSr

    It seems to me that SW is irrelevant and over-engineering in the argument. If a group has 51% power, it can do anything already rather than a rollback. For example, if ISIS is the group, it doesn’t need to bother any BIP or agreement or whatever. All rest of the world can do is to have some protection code accordingly and unwillingly.

    • Craig Wright

      A Cartel only requires the difference, not all 51%

      If 80% signal, but only 40% implement, then it is a small incremental attack.

  • All forks are bad ideas when the need is non-existent. The current PoW works. All I hear is complaining on the transaction delay side from consumers not wanting to pay increases for expedition and the PoW time from miners because they have to prove they were mining a block and not just hopping around showing a presence here or there over time in many pools. Fattening the code or marking transaction in a so-called streamlining is hogwash. If you ever spent time in a Chinese pool, you will find out they are robbing your miner and delaying your payment. No mater what the bigger pools schemes are the Human Nature aspect will be found by the other Humans. The Cartel Idea will occur and is occurring and I hope more miners understand the small to medium pools that do not siphon fees and hash time from your rigs are the better place to be. Not only for the ROI to be less time, but for the health of the ideal decentralization effort. Everyone should mine, then all your scenarios for software changes are silenced. All that would be left is pre-marked blocks all coins found and a Huge Market where the fight will be who has the time not who can convince development. The system works and the incentive works, Human Nature is calling for more more more ROI in less time. Resist it or not. Resist change to a proven until there is proof and incentive to change. This idea is limited not infinite as designed and should stay that way. Make a new coin if it is such a great idea. If you want to use the current mining Hardware, then base it properly to take that advantage.

    • Craig Wright

      All nodes mine. If people want to increase the security of the network, they can invest in mining.

      As use of the system increases, so will the reward in terms of exchange value. Not as a “store of value” this is a consequence, not the cause. As velocity of use increases.

      • Yes, good point on exchange value.

      • Tuesday and skyrocketing fees with higher delay, from 1200-50min range will cost you 60-360 satoshi per Byte, the range has approximately 20k unconfirmed transactions in queue as of 14:30 PST and approximately 110K in process waiting for confirmation. ‘The Sgnalling’ has had an effect or people just are paying more and have payed up to avoid issues.

  • Alonzo C

    Craig i do not agree with you on this. If such a cartel would to exist and spend the coins the large theft would not go unnoticed and the value of bitcoin would collapse destroying the miners revenue stream and there stolen coins, it is possible that bitcoin would collapse instantly if segwit was disabled without the security patches because of the knowledge of such a attack being possible this would cause panic sells and increased sell pressure would crash the price. In short there is a large incentive to not do this or there rigs and there coins would become valueless.

    • Alonzo C

      oh, clever. if i shorted the bitcoin market with large leverage then such an attack would become profitable. as long as my individual profit is greater than the cost of my mining rig. switching bitcoin to PoS would fix this problem though because i MUST own bitcoins to attack bitcoin and this would destroy the value in there own tokens. This would require a 51% majority cartel and it is a one time attack. But this attack would only be worth it if there incentive for earning bitcoins drops bellow the value of an attack

      • Craig Wright

        I am not interested in you Alonzo. So, nothing to enforce.

        That does not make your assertions correct. The model is economic in nature, when people start to understand that, they may start to understand Bitcoin.

        • Charlie Lee is the creator of Litecoin:

          “After seeing such a dumb analysis of an alleged SegWit flaw, I now agree there is zero chance Craig Wright is Satoshi Nakamoto.”

          “After enough time, most outputs will be “tainted” with post-segwit block coinbase, so those SegWit coins cannot be stolen with rollback.”

          • Craig Wright

            CL is heavily invested in LTC…

            Not exactly one to trust after pumping LTC with SegWit…

    • Richard Todia

      There is great incentive for “The Powers That Be” to do such a thing. Those who currently supply the world’s currency would love for Bitcoin to fail. And they have enormous resources to invest toward that goal. Bitcoin is revolution. The community must realize that a natural enemy exists – those who currently supplies 97% of the world’s currency.

  • twilborn

    What about flextrans? It does everything that segwit does, but better.
    Does it have the same vulnerability?

    • Craig Wright

      I have not investigated FlexTrans to the same extent, so I cannot answer that at present.

      There is no reason for such a solution in any event. The hijacking of the term node to mean something it is not is the heart of the fallacy. People have been lead to believe that wallets offer more security than they in fact do. It is the integrity of the mining nodes that matters and security of this system grows as mining grows.

  • Craig Wright, the fake satoshi, with faked proof, doing his FUD run.

  • Ronald Boer

    posting articles of known scammer making false claims like craig wright?
    the fake satoshi, that had 0 evidence after publicly saying he would provide.
    sad to see they give jokers like him airtime for articles.
    #fail

    this article is a joke.
    and so is he.

  • Craig Wright

    The huge flaw in the UASF view of Bitcoin.

    There are ~64,000 edges associated with wallets. By wallets I mean that thing some people call “full nodes”. That is, a “validating node” or any of the other 1984 version double speak they want to use to try and rouse the “people” with their demagoguery. A good percentage of these are associated with large exchanges.

    If we take that into account, we have around the following edge counts:
    – Exchanges ~ 37,500
    – User wallets ~ 26,500

    There are over 1,200,000 mining edges. These are from under 5% of the systems. These are the nodes. All nodes are involved with mining. The effect is, miners receive a transaction and then wallets follow.

    In networks, it is not the nodes that matter, it is the edge count. The heart of Bitcoin is a densely connected semi-complete graph. This is expressed with a distance of around d ~ 1.32.

    It is the edge that matters, not the node when analysing the network topography and how transactions and blocks are distributed.

    A raspberry pi cannot run many connections. A miner’s server can. It is that simple. This idea that wallets are helping propagate the network is false. If all of the wallet nodes disappeared tomorrow other than the exchanges and online web wallets and those associated with mining, the network would actually speed up very slightly (~0.001%).

    People think running a small system helps democratise it into one person one vote. Bitcoin is not designed that way. It is a republic. One votes using investment. Not sunk investment, but continual investments.

    Right now, you would need to implement around four million small servers to impact the mining network. That is 4 million continuously connected Raspberry Pis. For that, you can start mining and having a vote.

    • CryptoSam

      Thank you Craig for enduring the trolls and providing this well thought out explanation for those who are listening. 🙂

  • Isma Topius

    I can’t see how stealing SW anyone-can-spends would be any different from stealing from normal utxo without providing a valid signature.

  • tacodan

    “Dr” Wright is the faker who pretended to be Satoshi, and was so famously outed as a fraud.
    All the experts who have looked at this article have replied with responses that can be effectively reduced to: “facepalm”.

  • Mike Combrink

    Go lookup ‘ad hominem.’ This is not ad hominem. That you are a con artist is very relevant to whether or not one should take this article seriously.

  • Gui

    F2pool has routinely majority hash rate on LTC, why didn’t they use AnyoneCanSpend yet? This crock of shit article just serves to demonstrate again what a scammer Craig Wright is. Sue me Craig.