Foreword: After two days about whether hackers have stolen money, whether the funds should be reclaimed through reorganization of the block is very enthusiastic. One party believes that it is technically possible to reclaim funds through block reorganization, while the other party believes that this will lead to community division and damage to people's confidence in the irreversible transaction of Bitcoin. The most critical issue here is not whether to reorganize, but whether it can be reorganized, or whether reorganization is feasible in practice. This is also a place that everyone needs to care about because it concerns the future of Bitcoin and PoW chain. In practice, reorganization is not a rational behavior choice from the perspective of game theory, unless the action is very rapid and action is taken in a few blocks after the event. The writer is Tamas Blummer, translated by the "SL" of the "Blue Fox Notes" community.

By inviting miners to reorganize blocks

In view of the currency hacking incident, the reorganization of the block to resume bitcoin transactions was raised. From the perspective of technology and PoW economics, they can do it. The following is about giving benefits to miners, and then they can unite to reorganize.

Bitcoin transactions are only economically meaningful when they are recorded on the most workload chain. As of the writing of this article, 111 blocks have been newly constructed on the block containing the currency hacking and gambling transactions. Basically, this 7000btc transaction is difficult to recover.

Block 575011 contains the hacker's transaction, and subsequent blocks are added to it as usual. If the miner builds another alternative chain before the block containing the hacker deal, there is a chance to retrieve the bitcoin stolen by the hacker. This alternate continuation chain does not contain hacking transactions and must grow faster than the current chain, and at some point it shows more effort, and all Bitcoin clients reorganize it. After the reorganization, the hacking transaction will not exist in the network. That is, block 575012 and subsequent blocks will not exist in the network.

For the network, reorganizing to the replacement chain with more workload (computing power) is not special. It is a common way to solve the competition between independent miners. The reorganization of replacing the latest block is very frequent.

For miners who are not mining on the longest chain, restructuring costs are high because these miners lose bitcoin mined in these blocks. This is why miners are keen to mine on the longest chain and avoid mining in alternative chains.

That is to say, there is a possibility that funds can be given to miners in the alternative chain, and if it is prepared and fast, the stolen funds can be retrieved.

How to motivate miners?

If you find a hacker, you can quickly:

1. Post the transaction from their last control address to the stolen address on the website

2. Publish the private key of the stolen address on the website

Since the funds are in the hacker's address, the transaction is worthless in the current reality. But in an alternative chain, it is very valuable if the replacement chain starts with the replacement block 575012. (Blue Fox Note: The author's meaning is to reorganize the longest chain from a block that does not contain stolen money transactions.)

Why is it valuable because the miner builds another chain that replaces the 575012 block, and because it has the private key of the stolen currency address, it can transfer the bitcoin at that address to its own address. In this way, the private key is disclosed, which is equivalent to giving the miners the benefits.

For miners, it is a rational act for miners to construct an alternative blockchain if the total amount of bitcoin in the stolen currency address is higher than the total amount of bitcoin they have mined from block 575011. In other words, this alternative blockchain will attract more work than the current chain.

Note that miners can significantly increase the probability that an alternative blockchain will replace an existing chain by not taking all the benefits but leaving enough money for other miners.

The benefits are high enough and not too greedy to quickly build an alliance to build an alternative chain, as any miner can be invited and motivated to join.

The miners who eventually participated in building alternative chains went beyond the current chain to build the longest chain. After the reorganization, in the new longest chain reality, the stolen funds can be awarded to the miners, while at the same time, they still have some funds, while the miners get more bitcoin than the normal mining.

This kind of rescue operation is feasible at the technical level. This action works if the person who loses money is prepared to provide benefits and at the same time the miner is ready to take action to make a rational choice. Of course, the probability of success decreases exponentially over time. (Blue Fox Note: That is to say, the longer the time, the higher the block height, the higher the cost of subsequent reorganization, the less likely the reorganization is.) If you can promise to use this program in advance, you can let the miners take it quickly. action.

what's the result?

If the miners are reorganized, the consequences can be very serious, because reorganization may disrupt normal transaction processing and undermine trust in the blockchain invariance.

This damage is proportional to the length of the reorganization. If the rescue operation is implemented in a few hours, the loss is negligible, because the reorganization of several blocks is not an event in the technical sense and does not significantly delay the normal transaction processing.

Appendix: From the perspective of game theory, reorganizing blocks is not a rational choice.

Regarding the incident of theft of money, first, community members proposed that the miners should be encouraged to reorganize the blockchain to obtain funds by publicly revealing the private key. Some people think that it is difficult to coordinate by stimulating the reorganization of miners, but it is not impossible. Others believe that restructuring is not realistic, not only for the community's confidence in Bitcoin, but also in the actual operation is not a rational choice.

Jimmy Song believes that the restructuring of the block is the entire network, so everyone has a lot of motivation not to change the trading history.

He mentioned using the simplest scenario to analyze, if the loser is willing to use the lost BTC to encourage the miners to reorganize the blockchain, if there is 10% of the computing power for reorganization, to reorganize the 100 blocks after the attack begins, then, This means that miners need to give up about 10 blocks of rewards, which is the 125BTC block reward. That is to say, once the miners want to restructure, they must first abandon the rewards and transaction fees previously obtained. If the transaction cost of 0.5BTC per block, then, at least 130 BTCs should be abandoned.

In addition, there is a risk premium if things go wrong. If others don't support the new alternative chain, then it may be wasting the power that could have been mined in the original chain. That is to say, for miners, if there is no successful reorganization, the losers should not only be rewarded with 130BTC, but also potential incentives for mining.

If you want to use the miners to successfully reorganize, the losers need to pay 1300BTC to recover, the total amount of lost coins is 7000BTC, then there is a net profit of 5700BTC. On the surface, it seems to be a reasonable choice.

But the biggest problem with this scenario is that if a subject can do this, then other funded entities can do the same, including the money thief. This leads to a lot of double-payment attempts, and people who have traded in the 100 blocks after the money has been a headache. This is a serious disruption for everyone who trades on the Bitcoin network. Therefore, this kind of scene makes everyone feel painful, and there will be resistance in its operation.

The more controversial choice is that this involves controversial forks and the longest chain of competition. For 100 block reorganizations, a hash calculation of more than 55% means that an average of 1000 blocks (two weeks) is required. The deviation is also high, and 500 and 1500 blocks are also possible. It is 99% of the computing power, and it takes 101 blocks (20 hours) to go beyond the original chain.

If both sides compete, both sides try to attract more miners. At this time, the original chain has a first-mover advantage, because there are already 100 blocks leading. Exchanges, merchants or users on the original chain can compete for the original chain miners if they do not wish to reorganize 100 blocks. The method is simple: increase the cost of sending a transaction on the original chain. If the transaction costs are high enough, many miners may be transferred to the original chain for mining. In particular, money thieves can attract miners to continue mining in the original chain by initiating high-cost transactions in the original chain.

If this happens, it will lead to a subsidy for miners between the money thief and the stolen money party. Both parties must spend money to compete for the longest chain. At this time, the money thieves have a natural advantage, because they have the funds they have stolen before, they have the power to use the funds for the subsidy war. This means that the end result is that the stolen funds will not be returned, and at the same time at least the same amount of funds plus subsidized miners' block award funds and transaction costs. According to the simple formula, if a large-scale stolen money incident occurs, considering the game theory, the cost of reorganizing the block is very high: assuming that X BTCs have been stolen, it is necessary to reorganize Y blocks to get back the funds. , then this means that the cost of reorganizing the blockchain is at least not less than the mining reward of X BTC+Y blocks.

From this perspective, it is not the most rational choice to motivate miners to reorganize blockchains to recover stolen tokens. The ultimate beneficiary is only miners. This is also the original intention of Bitcoin design, the cost of changing its transaction is very high.


