12/31/13

M Y SU BRE D D I T S

The Math: Why litecoin is more secure than bitcoin : litecoin

Subscribe?

FRO N T - A L L - RA N D O M | P I C S - FU N N Y - G A M I N G - A SKRE D D I T - WO RL D N E WS - N E WS - V I D E O S - I A M A - T O D A Y I L E A RN E D - A WW - T E C H N O L O G MORE Y - AD V IC EA NIM

comments

related
(self.litecoin )

want to join?

login or register in seconds | English

The Math: Why litecoin is more secure than bitcoin

58 submitted 8 months ago by sup3

Submit Something New

Background:
This came out of some research I put into finding out the probability of a 51% attack for bitcoin. You'd think that mining 6 blocks in a row would be hard to do, even with 50% hashing power, because most people would probably think about a coin flip and how likely it is to flip 6 heads in a row. Intuitively it seems like a hard thing to do but in reality, if you do it enough times, it becomes not only possible, but downright likely, even with a mere 100 coin flips (warning:pdf). With bitcoin mining 144 blocks per day a 51% attack with 50% hashing power is just as likely. Even with 35% hashing power it's relatively trivial to pull off. The reason most people probably haven't thought about this before is because the math itself isn't very straitforward. According to askamathematician.com, it is a tough question to answer with a simple formula. Thankfully there are computer programs which can do this. This site has a javascript "streak" calculator that will calculate the odds of a doing a 51% attack. Just put in 1008 trials for a 1 week period (6*24*7), your streak length of 6 blocks, and a probability of .35 for 35% hashing power. The result is about a 70% probability over a 1 week period and a 99.2% chance over a 1 month period. Sense all the legwork had been done solving this problem for bitcoin I thought I'd run the math again for litecoin and what I found is actually quite surprising. Litecoin isn't just more secure than bitcoin, it is orders of magnitude more secure than bitcoin.

search reddit
this post was submitted on 21 Apr 2013

58 points (76% like it)

84 upvotes 26 downvotes shortlink: http://redd.it/1cssqr

username

password remember me res et pa s s word

Login

Litecoin
Subscribe 16,068 rea ders (~71 here)

Discussion about Litecoin Official website, litecoin.org Litecoin Core Development Fund Litecoin Developer Team AMA Live Discussion about Litecoin Comparison between Litecoin and Bitcoin Why you should mine and trade litecoins Why Litecoin is more secure than Bitcoin Where to buy and sell litecoins: Purchasing litecoins BTC-E - BTC, USD, EUR LitecoinLocal - USD, GBP, EUR... Litetree - USD, EUR VaultofSatoshi - USD Bitfinex - BTC, USD Crypto-Trade - BTC, USD Bit2C - BTC, NIS BitBargain - GBP Vircurex - BTC Cryptsy - BTC X-BT - BTC Bter - BTC Coins-E - BTC Related subreddits: Litecoin Multireddit /r/CryptoCurrency /r/CryptoMarkets /r/LitecoinMining /r/LitecoinProjects /r/AltcoinTIP /r/LTCMarket /r/HardwareSwap /r/jobs4litecoins /r/LocalLitecoins /r/zerocoin

Gambler's Ruin why litecoin is more secure than bitcoin:

I figure the reason is in both cases you're trying to "beat the odds" and mine every single block for a 1 hour period but with more "roles of the dice" occuring during that same period of time it's a lot harder to keep up your winning streak with litecoin than it is for bitcoin. While a bitcoin pool with 35% hashing power can reasonably expect to be able to pull off a 51% attack within one week, that same hashing power for litecoin makes it almost impossible, not just for a 1 week period, but for an entire year, even for 100 years! The numbers here are 4,032 trials per week and 24 blocks in a row. The result is 0.0000029760539%. The same problem over a month and a year is about the same and over 100 years the probability is a mere 0.0155609472527%. At 50% hashing power and 100 years an attacker has a 46.46% chance (6.06% for a 10 year period) but bitcoin hits both those thresholds in under 1 day. At 100 years bitcoin is vulnerable to a miner holding just 8% hashing power, while litecoin remains secure all the way up to 50%. No matter how you run the numbers litecoin remains significantly more secure -- entire worlds more secure -- than bitcoin.

How many litecoin blocks give you similar security to bitcoin?

With the numbers so dramatically in litecoin's favor one would assume you'd need overall less time to verify a transaction with litecoin than you
www.reddit.com/r/litecoin/comments/1cssqr/the_math_why_litecoin_is_more_secure_than_bitcoin/

1/10

12/31/13

The Math: Why litecoin is more secure than bitcoin : litecoin

would with bitcoin. Generally we have assumed it takes 4 litecoin blocks to equal the security of 1 bitcoin block but this has always been a guess. Even the people who run the litecoin-project on github know this isn't true (see bullet #3 on Faster transaction time). The problem again is the math not being a simple equation that you can easily solve for but using that same calculator at the 50% threshold I've found that 8 litecoin blocks give you about the same security as 6 bitcoin blocks. The nature of this problem is that it's not a linear relationship -- at 30%, 8 litecoin blocks are about twice as secure as 6 bitcoin blocks, but droping to 7 litecoin blocks and then to 6 very quickly tips things in bitcoin's favor. The only scenareo where litecoin is less secure than bitcoin is when you compare the two networks block to block. As a function of time litecoin is significantly more secure, so much so litecoin offers similar security at 20 minutes as bitcoin does at 60 minutes.
48 comments s ha re

/r/peercoin Join us on IRC: irc.freenode.net #litecoin, #litecoinpricetalk Join us on Teamspeak: ts6.gameservers.com:9142 created by [deleted] a community for 2 years

Message The Moderators

MODERATORS
Patrick5555 Litecoin_Messiah _

sorted by: best

SeansOutpost dsterry weex - Litecoin Association compgenius999

[] ThePiachu 8 points 8 months ago

someguy123 - LTC Forum Admin

AutoModerator zipzo

You should also take into consideration how much does it cost to perform such an attack on various networks. There is a difference between getting 35% of Bitcoin hashing power, versus getting 35% of Litecoin hashing power. Other than that, it is an interesting food for thought :).
permalink [] Normif 5 points 8 months ago

While this is true, you have to consider that the amount of mining scales directly with the amount of value that is being held in the currency. So in general with the Bitcoin/Litecoin mining model the network security scales to meet the transactional security needs. Even moreso in Litecoin due to the shorter block target. So Litecoin is much more secure now than when Bitcoin had comparable mining behind it and will be much more secure than Bitcoin when it comes to match Bitcoin's current mining levels.
permalink parent [] Rassah 6 points 8 months ago

What is the cost and propability of a malicious attacker getting a bunch of CPUs/GPUs (freely available on the market) to attack Litecoin, versus them getting a bunch of FPGAs/ASICs (which have to be custom built)? I believe part of the reason Bitcoin HAD to move to ASIC is because if the miners didn't, someone with bad intentions could have. Isn't Litecoin actually less secure simply due to there being so much cheap Litecoin mining hardware out on the market?
permalink [] Normif 2 points 8 months ago

No, Litecoin can be more secure due to not being vulnerable to ASIC attacks as I've described here and here.
permalink parent [] [deleted] 4 points 8 months ago

Not vulnerable to ASIC's, yet! Undoubtedly, in the future we will see ASICS for Litecoin if its profitibility continues to rise as the Bitcoin's has. This is likley a couple / few years off from the speculation's I have read.
permalink parent [] ertina 2 points 8 months ago

See the discussion here: http://www.reddit.com/r/litecoin/comments/1bvgf4/did_switching_from_sha256d_to_scrypt_acheive_its/c9agapx Litecoin ASICs are not coming any time soon, and even when/if they do they will not be so much more efficient than GPUs that GPU mining becomes unprofitable.
permalink parent [] aminok 3 points 7 months ago

www.reddit.com/r/litecoin/comments/1cssqr/the_math_why_litecoin_is_more_secure_than_bitcoin/

2/10

12/31/13

The Math: Why litecoin is more secure than bitcoin : litecoin

That's the same thing they claimed about CPU mining and sCrypt, and now CPU mining is unprofitable. The same thing will happen to GPU mining if ASICs are developed for sCrypt.
permalink parent [] 1930197 [ ] 2 points 6 months ago

source?
permalink parent [] aminok 1 point 6 months ago

Source for which claim? That they claimed that CPUs would be competitive with GPUs at sCrypt mining?
permalink parent [] 1930197 [ ] 2 points 6 months ago

yes, who is they -- anyone of any particular merit?

permalink parent [] aminok 1 point 6 months ago

I don't know if it was anyone of particular merit, only that the claim was often made by proponents sCrypt based proof of work.
permalink parent [] Rassah 4 points 8 months ago

That doesn't answer my question. Why is a coin that already requires only specialized hardware to mine, for which no huge stash of readily available hardware is available, less secure than the coin that relies on generic hardware, and can still be exposed to specialized hardware risk? You specifically state that ASICs make CPU/GPU mining worthless. Bitcoin has a few ASICs, and will have plenty more soon, so the only way to attack Bitcoin is to make more ASICs, and make A LOT of them. Litecoin is using all CPU/GPU's, so as soon as someone makes specialized ASICs for Litecoin, they can make all other CPU/GPU miners worthless, and since there aren't any Litecoin ASICs, they won't have to make too many of them to "steal" the market. I mean, just because you wish it doesn't happen does not prevent that from happening...
permalink parent [] ertina 3 points 8 months ago

I think you should read all the comments in the links they posted. Your analysis is naive. Also, see my post below for why ASICs aren't a threat to Litecoin.
permalink parent [] wantrepreneur 13 points 8 months ago

stocking up on the lites before they hit Gox/libertybit

permalink [] Normif 3 points 8 months ago*

Stocking up on Litecoins even after they wind up on other exchanges will be a great investment. Litecoin's technicals make it the best cryptocurrency for the major applications which will cause the first real waves in the currency markets in favor of technocurrencies. Regarding the post: While the general message here is correct, using a streak calculator will not give you accurate odds. The math is actually a bit more complex (see killerstorm's and my reply) and leans even more in Litecoin's favor. The simplest intuition you can have about the value of a confirmation is this though: Basically, every confirmation adds an exponential factor AGAINST whoever has a minority share of computational power. This is huge and means that ALL computational attacks involving less than half of the compute power of the Litecoin network are 4X exponentially less effective in Litecoin than they are in Bitcoin. Why, then, isn't the block target even shorter than 2.5 minutes? Well, you have to allow for the time it takes for new transactions and block discoveries to be broadcast across the P2P network. This involves a bit of processing time at each node plus normal network latencies. On average for most nodes it's probably just a couple of seconds. With high transaction volume it could take maybe half a minute for transactions and discoveries to broadcast across the network, which for Litecoin would mean that miners at the tail end of that are wasting 1/5th of their processing power.

www.reddit.com/r/litecoin/comments/1cssqr/the_math_why_litecoin_is_more_secure_than_bitcoin/

3/10

12/31/13

The Math: Why litecoin is more secure than bitcoin : litecoin

That's tolerable as an extreme case, but imagine if the block target were 1 minute... then there would be miners spending most of their time BEHIND the network, mining old blocks. By setting a block target you're aiming to estimate a level at which you never encounter this situation. With Bitcoin, it was set at the extremely conservative value of 10 minutes because there was no data to work off of to set a block target scientifically. Litecoin took advantage of years of Bitcoin network data in establishing that 2.5 minutes was a better compromise between expediency and cycle waste. Bitcoin may still turn out to be a great means of transacting between Earth and Mars in 50 years when we actually care about having a transaction network that can handle network latencies of a few minutes.
permalink parent [] Fjordo 5 points 8 months ago

Is it really common for litecoin sites to wait for 24 confirmations?

permalink [] dsterry weex - Litecoin Association

4 points 8 months ago

No, not common but as the OP says, that'd be the simple 4 to 1 calculation that a reasonable merchant might have done.
permalink parent [] Normif 4 points 8 months ago*

I wouldn't say reasonable merchants, but naive ones. An informed merchant will scale the number of confirmations required against the value of the transaction based on the current mining power of the network. That is, for exceptionally large transactions you would want to be able to estimate how many minutes of a 51% attack that transaction could pay for, then wait at least that long before accepting the transaction. For any transactions worth less than $20 you can probably just accept them with zero confirmations if you have a decent means of scanning the network for possible double-spends (like blockchain.info does for BTC). For transactions of more than that but less than it's worth to 51% attack the network for a couple of blocks, you can accept them after two confirmations (or three to both protect against lower power compute attacks and the chance of a random fork). For transactions worth more than that (but less than it would take for a 51% attack of more than six confirmations), I'd wait for six confirmations just to be safe. That means that for most applications you could accept Litecoin transactions, even now and for probably up to ~$2,000 in less than the time it takes to receive ONE confirmation from Bitcoin. That's where Litecoin really shines. Since, regardless of the compute power in the network, you want to wait for at least two or three confirmations for any transaction of more than around $20 (or whatever you're willing to occasionally lose), that means Bitcoin is impractical for transactions between $20-$5,000. Those transactions are what is most common in day to day commerce when the buyer expects to have their purchase completed in less than half an hour, and Litecoin can offer far more security for that than Bitcoin. Transaction security on either network, regardless of compute power, is negligible before three confirmations. Litecoin offers strong and equal security to Bitcoin after 7.5 minutes as Bitcoin has in 30 minutes. This applies for all transactions worth less than the cost of a 51% attack against Litecoin for 7.5 minutes. Litecoin offers IMMENSELY better security than Bitcoin if you want to accept a transaction before 30 minutes have passed for all transactions worth less than the cost of a 51% attack against Litecoin for 30 minutes. Most generally: Over any period of time for which it is not economical to 51% attack Litecoin, a transaction is much more secure in Litecoin than it is in Bitcoin.
permalink parent [] are595 7 points 8 months ago

Awesome write-up. This should be pinned to the sidebar

permalink [] Litecoin_Messiah _ [Moderator - speaking officially.] 9 points 8 months ago

Done! (Mod's Listen to Users on this Sub :P)

permalink parent [] Normif 2 points 8 months ago

www.reddit.com/r/litecoin/comments/1cssqr/the_math_why_litecoin_is_more_secure_than_bitcoin/

4/10

12/31/13

The Math: Why litecoin is more secure than bitcoin : litecoin

While the general message here is good, the math is off and there are many spelling/grammatical errors. A post covering this topic should be on the sidebar, but not this one. We should put our best foot forward as a community with topics that are fully accurate and well written. If I stumbled across this post through the sidebar on my first entry to this subreddit, I would be turned off of the community.
permalink parent [] sup3 [S] 2 points 8 months ago

Feel free to rewrite everything. I never expected for my post to get linked to or anything but if you think the math is wrong please elaborate. I appreciate that you think a faster difficulty reschedule helps secure the network but that's really just another aspect of security, concerning how expensive it is to keep a certain amount of hashing power, and has nothing to do with the gambler's ruin problem (which is an integral part of the security of both networks, even discussed by Satoshi in the bitcoin white papers). We already have two speculations about cost here (memory requirement) and here (taking advantage of botnets) but the math itself remains the same in either case. I'm not saying the math here should be the end-all be-all about litecoin / bitcoin security it's just one aspect and also happens to be an aspect that hasn't been researched very much (as far as I can tell, and for reason that I mentioned in the self-post).
permalink parent [] Normif 7 points 8 months ago*

Thanks. I will rewrite when I have more time. I'm glad you wrote this and I by no means meant to demean the effort; I just think it could do with some peer review before getting the rubber stamp on the sidebar. For anyone who wants to know the math, look at section 11 of the Bitcoin whitepaper, starting on page 6. The summary of that section is this: Solving for P less than 0.1%... P < 0.001 q=0.10 z=5 q=0.15 z=8 q=0.20 z=11 q=0.25 z=15 q=0.30 z=24 q=0.35 z=41 q=0.40 z=89 q=0.45 z=340 Where q is the fraction of compute power the attacker has on the network, and z is the number of confirmations required for a less than 0.1% probability that the attacker's chain is longer than the honest chain. This math applies both to Litecoin and Bitcoin, since the confirmation systems are the same on both other than the block target time. So in Litecoin you'd get the 340 confirmations required to be almost entirely positive that the transaction is final even if an attacker had 45% of the compute power on the network the whole time within 15 hours (340 * 2.5 / 60 = 14.167), where in Bitcoin it would be within 57 hours (340 * 10 / 60 = 56.67). The great thing about the math is that if the compute power of the attacker is equal to or greater than the power of the honest network, then you're almost sure to be on the dishonest chain, so the only really interesting thing beyond a few confirmations (where there are cheaper ways of faking a transaction than having over half the compute power) is whether your transaction is worth more than it would cost to overwhelm the network long enough to fake it. You can also see from the table above why 6 confirmations is an important number: it's the confirmation count above which it requires more than 10% of the network be controlled by an attacker to avoid an almost surety that the confirmation is real and final. You can also see that further doublings of

www.reddit.com/r/litecoin/comments/1cssqr/the_math_why_litecoin_is_more_secure_than_bitcoin/

5/10

12/31/13

The Math: Why litecoin is more secure than bitcoin : litecoin

confirmation count don't congrue with further doublings of compute power required, so it's an optimal value for assuring transaction security outside of the influence of 51% attacks. For Litecoin, since it gets to 6 confirmations within 15 minutes on average, this means that you get to be fairly sure your transaction is protected from everything other than a 51% attack within 15 minutes. This figure for Bitcoin is 1 hour. So Litecoin is more practical than Bitcoin for all transactions worth less than the cost of a 51% attack against Litecoin for one hour. Further, if Litecoin gets to the point of having comparable compute power to Bitcoin, it will have better security for ALL transactions.
permalink parent [] sup3 [S] 4 points 8 months ago

You are misunderstanding the problem. We are trying to find the chance of getting a run of K or more successes (heads) in a row in N Bernoulli trials (coin flips). What are you solving here is the probability of a single (K=1) poison distribution. If I get 3 blocks per hour on average (50% hashing power) what are the chances that I will get 6? This is a very easy problem to solve but it's not the correct problem. The reason the problem is incorrect is because it assumes we have exactly one attacker and that our attacker tries for 1 hour then just throws his hands in the air and gives up. The problem we should be looking at is, given enough time, what's the probability that someone, at some point, will get 6 blocks in a row. This is a scenario where the attacker doesn't give up at 1 hour but instead gives up at 24 hours (K=24) or even 1 year (K=8760). To make it simple here's an analogy: I run a casino and let you filp a coin. If it's heads, you win, if it's tails, I win. What is the probability that you can win 6 times in a row? The answer is (.5)6 or 1.5625%. Now lets say you don't play the game once. Lets say you play the game 100 times. What is the probability that at some point during the next 100 games you will flip 6 heads in a row? The answer is 54.609%, which you can verify here. As you can see the two scenarios above, while related, are completely different problems with completely different solutions.
permalink parent [] Normif 2 points 8 months ago

The only math I'm using is that from Satoshi's paper... are you trying to argue that Satoshi Nakamoto didn't understand the math behind the protocol he created? To be entirely fair, Satoshi made a simplifying assumption about the probability of the attacker's progress. Meni Rosenfeld's paper on double-spending goes further by modeling the attacker's progress as a negative binomial distribution instead of just assuming it follows a Poisson distribution. The values are still pretty close either way. As Meni has already commented in this thread, the way you're modeling the problem is flawed because you're just looking at the probability of getting a streak of blocks and not the probability that you will overtake the number of blocks generated by the rest of the network (which has nothing to do with streaks). Section 6 of Meni's paper covers an even more detailed risk/reward model for an attacker which factors in the ability to attack multiple merchants at once. The amount of time that an attacker persists isn't arbitrary and the simplest intuition about that is achieved by the model I've presented where you consider the cost of controlling 51% of the network long enough to guarantee success of your doublespend.
permalink parent

www.reddit.com/r/litecoin/comments/1cssqr/the_math_why_litecoin_is_more_secure_than_bitcoin/

6/10

12/31/13

The Math: Why litecoin is more secure than bitcoin : litecoin

[] sup3 [S] 4 points 8 months ago

The only math I'm using is that from Satoshi's paper... are you trying to argue that Satoshi Nakamoto didn't understand the math behind the protocol he created? Lol no I'm not saying anything like that. Actually if you read a couple posts up I had cited his paper and then you immediately started quoting from it, like you had never read it before or something. Either you're lost or you're just trying to be cryptic. As Meni has already commented in this thread, the way you're modeling the problem is flawed because you're just looking at the probability of getting a streak of blocks and not the probability that you will overtake the number of blocks generated by the rest of the network (which has nothing to do with streaks). How so? If you can find 6 confirms before the rest of the network then you can perform a double spend. I realize you can keep mining at a deficit but if you have less than 50% hashing power this will almost always be futile. I chose 6 confirms as a metric, a benchmark if you will, because that is what most people already see as safe. Section 6 of Meni's paper covers an even more detailed risk/reward model for an attacker which factors in the ability to attack multiple merchants at once. The amount of time that an attacker persists isn't arbitrary and the simplest intuition about that is achieved by the model I've presented where you consider the cost of controlling 51% of the network long enough to guarantee success of your doublespend. Right, and as I said above cost is in fact another aspect of security that I didn't talk about. I'm not trying to deny this nor was I trying to write a dissertation comparing every single aspect of litecoin to bitcoin. I was just looking at the numbers in order to gauge a comparisons between the two.
permalink parent [] Normif 2 points 8 months ago

I quoted the paper because the math there is a completely different model than a streak calculation, so I'm pointing out that your numbers are way off. If you don't understand the math in either Meni's or Satoshi's papers, please don't try to explain something contradictory as though it were right.
permalink parent [] platypii 3 points 8 months ago*

I'm not sure that a "streak" actually has much significance here. For a 51% attack to succeed, it's not about mining a streak of blocks before anyone else. You just need to create a longer chain. Lets say you want to reverse a transaction after 6 confirmations. First you send the transaction, and then begin mining your own private forked chain which contains an alternate version of the transaction that sends the outputs to your own address. After the 49% (honest nodes) have built their 6 confirmations, the recipient thinks the transfer is safe, and hands over the keys to their Porsche. At this point, it's 51% likely that your private chain is equal or longer. If it's not longer, just keep mining. Since you have more hashing power than the competing chain, you WILL eventually have a longer chain (gambers ruin guarantees this). Once you have a longer chain, release it into the network and the suddenly the recipient no longer has their coins, they've gone back to the attacker. The network sees this longer chain and naturally accepts it and begins working on extending it. The more power you have above 50%, the quicker you will produce a longer chain, but anything over 50% is still guaranteed to succeed given enough time.
permalink [] platypii 2 points 8 months ago

and just to add to that... the number of confirmations doesn't actually help against a 51% attack. You could make it 100 confirmations, and it would actually be even more likely that

www.reddit.com/r/litecoin/comments/1cssqr/the_math_why_litecoin_is_more_secure_than_bitcoin/

7/10

12/31/13

The Math: Why litecoin is more secure than bitcoin : litecoin

your chain is longer by that point. The number of confirmations makes it exponentially harder for a <50% party to form a longer chain, and in turn its exponentially more likely that the >50% party wins. Bottom line - 51% attack will always succeed and is unstoppable, regardless of number of confirmations!
permalink parent [] ertina 2 points 8 months ago

Don't forget though that the COST of a 51% attack rises over time, so waiting for more confirmations means that at some point the attacker will be spending more money than the transaction(s) they're trying to double spend are worth. A sane attacker won't 51% for longer than they can afford, and a smart merchant will wait long enough that no one could afford to double-spend the transaction they receive.
permalink parent [] arsenische 2 points 8 months ago

I'm sorry, I didn't understand it. Why attacker won't 51% longer than s/he can afford? Mining blocks is supposed to be profitable anyway, isn't it?
permalink parent [] MeniRosenfeld 7 points 8 months ago

There are lots of errors in your post. I tried to explain in https://bitcoil.co.il/Doublespend.pdf how double-spending works. In order to double-spend you don't need to find 6 blocks in a row. While the network is finding the 6 confirmations you're also mining so you'll be less than 6 blocks behind - and even then you don't need to find blocks in the row, you just need to catch up (e.g., if you're 3 blocks behind, you win if you find 2 blocks, the honest network finds another one, then you find 2 more). If you have 51% of the hashrate your chance to successfully double-spend is 100%. On the other hand, in order to successfully double-spend you need to attempt to double spend. You actually have to commence an attack and there are costs involved. So referring to the chance to obtain a "streak" in a given time period is pointless - you have to relate the cost of an attack, its potential gain and its success chance. Re terminology - a "51% attack" (or more accurately a ">50% attack") refers specifically to when you have majority hashrate and thus guaranteed success. If you have less than 50% it's not a >50% attack, it's just normal hashrate-based double-spending which can either succeed or fail. Anyway, it's well known that for <50% hashrate, success chance decreases exponentially with confirmations and thus 24 is much more secure than 6. It is also well-known that Litecoin obtains 24 confirmations as fast as Bitcoin obtains 6.
permalink [] Normif 6 points 8 months ago

Exactly. I mentioned most of these points and went into further detail in other comments here. Good to see your PDF here too. sup3 said they're happy to accept a rewrite, so I'll take some time to make this post more accurate soon.
permalink parent [] Normif 4 points 8 months ago*

I did some calculations based off of the data in the table on page 10 from your PDF: http://snag.gy/jC3d1.jpg Let me know if this looks right to you. From that, it seems that six confirmations is a good number in that the improvement of protection from compute attacks per confirmation drops off sharply after six.
permalink parent [] nullc 2 points 8 months ago

Anyway, it's well known that for <50% hashrate, success chance decreases exponentially with confirmations and thus 24 is much more secure than 6. This ignores latency. For example, if I make a cryptocurrency that produces a million blocks per second.. it's not secure after 50 blocks or whatever... no one has had time to communicate those blocks, so most of the hashpower is being lost to forking.
permalink parent [] sgornick 2 points 7 months ago

You are making the argument that a single trial to attack Litecoin with less than 51% of the

www.reddit.com/r/litecoin/comments/1cssqr/the_math_why_litecoin_is_more_secure_than_bitcoin/

8/10

12/31/13

The Math: Why litecoin is more secure than bitcoin : litecoin

hashing power has worse odds of success than a single trial to attack Bitcoin with that same less-than-51% percent But that is missing the point. Why care that your windows are bulletproof if your front door is left wide open? All that needs to happen is for there to be some attack vectors with a profitable outcome. So is there an attack against Litecoin that is cheap enough to perform and results in profit? While Litecoin's capacity has been climbing quickly, it still is vulnerable to an attack. DDoS the Litecoin pools, and with under a $1M of GPUs you can 51% Litecoin. Maybe even a fraction of that. Can that get you profit? If you can trade Litecoins for Bitcoins at Vircurex, BTC-e, etc, through anonymous accounts, the attacker can probably get thousands of bitcoins out of those exchanges before releasing the Litecoin blocks with the double spends. Will this be profitable? It depends on whether or not those Litecoins the attacker recovered still have any value after the attack. But the exchanges definitely will face losses of those thousands of bitcoins.
permalink [] ltcbtc 2 points 7 months ago

where do you get this $1mm figure from, the computer that backs litecoin is far more powerful and expensive to recreate than the coffee warmers that power bitcoin
permalink parent [] sgornick 3 points 7 months ago

Well, just a few months ago a person could buy well under one million USD worth of used GPU hardware and have more than 51% on Litecoin. That capacity has since increased, maybe that number is several million dollars worth now, I haven't calculated it recently. But with the pools being not mature with protections against 51% attacks, a good DDoS plus under a million USD worth of GPUs and I'm pretty sure a 51% attack against Litecoin could be pulled off.
permalink parent [] WHY111 2 points 8 months ago

Bitcoin is actually much more secure because while it has fewer confirmations the difficultly seems to be about 20 times less. So I could take over 51% of the litecoin network at 1/20 the cost. People also generally wait for 10 confirmations for litecoins not 24 as you seem to suggest which makes them equally susceptible. Further if I controlled a "minor" 8% of the bitcoin network I could easily own over 50% of the litecoin network for the same cost.
permalink [] ltcbtc 3 points 7 months ago

thats becuase you have ASIC and becuase it takes 1000 times more work to do scrypt so the hash rate just looks higher
permalink parent [] aminok 2 points 7 months ago

Bitcoin-lite (litecoin) has a significantly lower hashrate than bitcoin, making it MAGNITUDES less secure. IF it had the same hashrate as bitcoin, then its more frequent block generation would make double spend attacks by parties with significantly less than 50% of the total hashrate harder in a given space of time, because the probability of getting a consecutive number of blocks faster than the rest of the network decreases with each additional block discovered in that space of time. On the other hand, a >50% attack actually becomes EASIER with more frequent blocks, because more of the honest work is lost to latency when block times are shorter. tl;dr bitcoin-lite is currently much less secure than bitcoin. If it had an equal hashrate to bitcoin, it would be more secure from small double spend attacks from parties with much less than 50% of the hashrate, and less secure from large >50% attacks.
permalink [] ltcbtc 2 points 7 months ago

yes its so easy to attack but nobody ever has, except for the spam which failed and we fixed it, now bitcoin is getting spammed and they are faced with difficult and complex problems
permalink parent

www.reddit.com/r/litecoin/comments/1cssqr/the_math_why_litecoin_is_more_secure_than_bitcoin/

9/10

12/31/13
[] aminok 3 points 7 months ago*

The Math: Why litecoin is more secure than bitcoin : litecoin

The double spend attacks on Bitcoin are also completely hypothetical. No one has ever gotten six blocks in a row to double spend a bitcoin transaction.
permalink parent [] smurfmaster -1 points 8 months ago

Crosspost this over to Bitcoin so we get more people interested. I dont know how
permalink [] PzGren -3 points 8 months ago

Very interesting, I would love to see this crossposted to /r/bitcoin

permalink [] trkh -4 points 8 months ago

can someone please give me 1 litecoin I would love you forvever

permalink [] Harvin 5 points 8 months ago

Can you give me $3? I would love you forever.

permalink parent [] alohameans143 2 points 8 months ago

Upgrade that to threefiddy and i love you 5ever

permalink parent

subreddit layout adapted from r/Naut

about
blog about team source code advertise

help
wiki FAQ reddiquette rules contact us

tools
mobile firefox extension chrome extension buttons widget

<3
reddit gold store redditgifts reddit.tv radio reddit

Use of this site constitutes acceptance of our User Agreement (updated) and Privacy Policy. 2013 reddit inc. All rights reserved. REDDIT and the ALIEN Logo are registered trademarks of reddit inc.

www.reddit.com/r/litecoin/comments/1cssqr/the_math_why_litecoin_is_more_secure_than_bitcoin/

10/10