Craig Wright's "Negative Gamma" and the Curious Lack of Intellectual Curiosity in the Crypto Space
As proof of Craig Wright's insanity, Buterin brought up Wright's mention of the proposed selfish mining attack in Bitcoin, where Wright had stated that a factor in the attack called gamma (Greek letter γ) is actually "negative."
The odd thing about Wright's statement is that gamma (γ) is a number that varies from 0 to 1 by definition and cannot possibly be a negative number.
However, the striking thing about Buterin's pronouncement that this remark proves Wright a madman, is how presumptuous and intellectually uncurious it is. When someone says something that cannot possibly be true in any interpretation you can think of, you have to make a judgment call: is this person clueless/insane or are they just phrasing things in a strange way?
Well, that largely depends on whether you see what their strange phrasing is getting at. If you see it, the phrasing is simply written off as an oddity. If you don't see it, you might start to question the person's sanity, but in my experience perhaps 9 times out of 10 the person is simply wording things in a way that is failing to cross a vast gulf of inferential distance that is separating you.
When I heard Buterin make his claim, even without hearing Wright's presentation nor his answer to Buterin, it was obvious to me from even the two words "negative gamma" what Craig was likely referring to. In fact, anyone who understands the network topology of Bitcoin and the financial incentives that drive the formation of that network topology, and is familiar with the selfish mining idea of using zero-hashpower virtual nodes to increase the gamma (γ) coefficient, should be able to see the issue immediately.
Indeed, it is not a matter of a negative value for the coefficient gamma (γ) but a reversal of sign in terms of the benefit gamma is purported to bring to the selfish mining pool.
I'll now show that the suggestion that gamma is "negative" is simple, correct, and relevant but worded in a weird way - a habit Wright is known for, which makes all the more puzzling the widespread kneejerk dismissal of his statements based on an eccentricity of verbiage. If there's one thing you realize within a few minutes of listening to Craig Wright, it's that he's not going to use language in a normal way and you're going to have to do a lot of thinking through the gaps to grasp his points and their relevance.
Anyway, let's begin by looking at this section of the original selfish mining paper [emphasis mine]:
The Bitcoin protocol prescribes that when a miner knows of multiple branches of the same length, it mines and propagates only the first branch it received. Recall that a pool that runs the Selfish-Mine strategy and has a lead of 1 publishes its secret block P once it hears of a competing block X found by a non-pool block. If block P reaches a non-pool miner before block X, that miner will mine on P.
Because selfish mining is reactive, and it springs into action only after the honest nodes have discovered a block X, it may seem to be at a disadvantage. But a savvy pool operator can perform a sybil attack on honest miners by adding a significant number of zero-power miners to the Bitcoin miner network. These virtual miners act as advance sensors by participating in data dissemination, but do not mine new blocks. (Babaioff et al. also acknowledge the feasibility of such a sybil attack ). The virtual miners are managed by the pool, and once they hear of block X, they ignore it and start propagating block P. The random peer-to-peer structure of the Bitcoin overlay network will eventually propagate X to all miners, but the propagation of X under these conditions will be strictly slower than that of block P. By adding enough virtual nodes, the pool operator can thus increase γ [gamma].
The first thing to note is that this passage is premised on a network model that has nothing to do with the Bitcoin mining network. The Bitcoin mining network is nearly a complete graph.
Every significant hashpower miner has a direct connection* to every other significant miner, with networking resources devoted to connecting to each other miner in proportion to its demonstrated hashrate.
Contrary to the claim made in the selfish mining paper, the Bitcoin mining network is not a "random peer-to-peer structure" but instead an all-to-all structure, and this structure is determined not randomly but by the financial incentives of each miner to propagate their blocks to as much of the rest of the hashpower owners as possible, as quickly as possible, as well as to receive new blocks as quickly as possible.**
Given the all-to-all topology, you can see that any zero-hashpower virtual nodes ("spy nodes") the selfish mining pool places near the honest mining nodes do nothing to alert the selfish miner any faster of any blocks the honest miner releases.
In fact, insofar as the selfish mining pool were to follow the paper's advice and rely on these spy nodes to alert them of new honest miner blocks, they would merely add an extra hop for the selfish miner when the original honest and selfish nodes were all already connected to one another through very fast direct connections whose speed and directness are ensured by strong financial incentives.
The selfish mining pool would be foolish to throw in an extra hop and listen through that necessarily slower and less direct connection.
In that way, the effect of this attempt to increase gamma (γ) is actually negative; it would hurt the SM and help the HM, the opposite of the intended result.
As a bonus point, since the prioritization of connections are of course based on demonstrated hashpower (you prioritize connections to the most productive miners**), honest-miner networking resources invested in connections to any such zero-hashpower spy nodes will at best be provisional and minimal compared to the fast direct connections they already maintain to the existing selfish mining pool nodes.
If you can visualize what the shape of a complete graph network looks like under the incentives mining creates, it is easy to see that the idea that zero-hashpower spy nodes could ever help the selfish mining pool is in fact what Buterin should be calling the insane position: it cannot possibly be true given the mining network topology. The conclusion could only be arrived at if the network were an entirely different shape: a loose mesh network with random connections, for example, where blocks going from one miner to another would have to propagate along multiple hops and could therefore be blocked to slow propagation (this, by the way, is the same myth that underlies the misunderstanding that a UASF by non-mining nodes can exert any influence via the software alone).
It seems that Ittay Eyal and Emin Gün Sirer, the authors of the selfish mining paper had something like (c) "distributed network" below in mind when they claimed, "By adding enough virtual nodes, the [selfish mining] pool operator can thus increase γ [gamma]." In their defense, the conventional wisdom in 2013 when they penned the initial paper was to assume the Bitcoin mining network was shaped basically like this loose mesh network.
In such a network the claim would be true, but Bitcoin mining nodes are not structured in this way at all. If you think about the incentives, it would make no sense for you as a miner with one of the nodes near the bottom of network graph (c) to not make a direct connection to all the significant hashpower nodes near the top of the graph, and to invest network resources preferentially to this connection over any connection to a zero-hashpower node. It would just be throwing money away to competing miners who did make such connections and didn't waste their resources on nodes that haven't demonstrated any hashpower.
The incentives drive the topology.
The foregoing shows how the shape of the network, far from being an incidental feature, is crucial. The difference between a loose mesh structure and a complete graph means the difference between a Sybil attack hurting the network or just hurting the attacker. It means the difference between a 0-confirmation transaction being viable after tens of seconds or tenths of seconds. It means the difference between being able to partition the network by knocking out just a few nodes and not being able to partition the network even if you knock out all but a few nodes.
Indeed, it means the difference between bigger blocks making Bitcoin easier to attack and bigger blocks - even at the gigabyte and terabyte level - making Bitcoin harder to attack. Bitcoin Cash is the only blockchain that embraces the full implications of the all-to-all network topology driven by mining incentives, which when properly understood enable on-chain scaling at least 6 orders of magnitude greater than is conventionally thought possible, with superior decentralization, robustness, and security to boot.
For the numbers on this, check out Lokad founder Joannes Vermorel's presentation Terabyte Blocks for Bitcoin Cash:
*Some will misunderstand what is meant by a direct connection here. "After all, isn't the Internet itself made of many hops? How can you speak coherently of direct connections versus connections via multiple hops?" Yes, the Internet onto which the Bitcoin mining network is overlaid consists of many hops. What "hops" here refers to is the number of hops counted along the Bitcoin mining network nodes themselves. This is important because each node can choose to relay blocks or not; indeed this ability to refuse to relay blocks is the premise of the quoted passage whereby the selfish pool operator can supposedly increase gamma. (To cut off movement of block packets along hops on the Internet at large, such as by compromising ISPs, would be a different attack and not the subject of the selfish mining paper.)
**The incentives are as follows: if you are late getting a block that has just been mined by another miner, you end up wasting hashpower and losing a lot of money. Every second counts. Likewise, if you are late getting your newly mined block out to other miners, you risk losing the block reward to another miner who has invested more in networking. These incentives push all significant miners to connect directly to all other significant miners, with very fast and robust connections, and with even faster connections to the most productive miners. Again, every second counts. Any additional hops or less-that-blazing-fast connections from or to you to the other miners is money down the drain. Proof of work is as much about proof (fast communication) as it is about work (fast hashing).
Note: Nothing behind the paywall but a thank-you for reading, and for being curious :)
22 of 22 reviewers say it's worth paying for
0 of 22 reviewers say it's not worth paying for