{"id":24312,"date":"2017-02-16T00:51:34","date_gmt":"2017-02-16T00:51:34","guid":{"rendered":"http:\/\/ci027cfe65600e26c3"},"modified":"2017-02-16T00:51:34","modified_gmt":"2017-02-16T00:51:34","slug":"how-satoshi-messed-his-math-and-how-these-academics-just-fixed-it","status":"publish","type":"post","link":"https:\/\/bitcoinmagazine.com\/technical\/how-satoshi-messed-his-math-and-how-these-academics-just-fixed-it","title":{"rendered":"How Satoshi Messed Up His Math (and How These Academics Just Fixed It)"},"content":{"rendered":"
<\/div>
<\/figure>\n

Satoshi Nakamoto\u2019s math doesn\u2019t quite add up.<\/p>\n

In chapter 11 of the Bitcoin white paper<\/a>, the pseudonymous author explained that an honest mining majority will always outrun a dishonest minority. As a key innovation in digital currency, this ensures transactions are practically irreversible once they have sufficient confirmations, effectively solving the double-spend problem<\/a>.<\/p>\n

However, as first explained<\/a> by Israeli mathematician Meni Rosenfeld back in 2012, Satoshi made some simplified assumptions. While Bitcoin mining<\/a> is a random process, Satoshi did not fully take into account that honest miners can be just as lucky or unlucky as dishonest miners can.<\/p>\n

Cyril Grunspan<\/a>, mathematician at \u00c9cole Sup\u00e9rieure d’Ing\u00e9nieurs L\u00e9onard de Vinci<\/a>, and Ricardo P\u00e9rez-Marco<\/a>, mathematician at the French National Center for Scientific Research<\/a>, now have taken this randomness into account. The two Parisians published a new paper<\/a>, finally correcting Satoshi\u2019s \u201cmistake.\u201d<\/p>\n

\u201cSatoshi wrongly assumed that honest miners use exactly as much time to find a block as they would on average,\u201d Grunspan told Bitcoin Magazine. \u201cHowever, this is actually a rough approximation of reality, since the time used by honest miners to mine a block is not deterministic. Therefore, the distribution of the number of blocks mined by the attacker is actually \u2014 what is called \u2014 a \u2018negative binomial distribution.\u2019 Not the assumed \u2018Poisson law<\/a>.\u2019\u201d<\/p>\n

In essence, the Bitcoin white paper assumes that two factors are needed to calculate how irreversible a transaction is. Satoshi rightly assumed that the share of total hash power available to the attacker is one factor: as an attacker controls more hash power, more confirmations are needed. And Satoshi rightfully assumed that the number of confirmations is another factor: the more confirmations a transaction has, the more secure it is.<\/p>\n

Grunspan and P\u00e9rez-Marco now show how a third factor comes into play: the deviation from average mining time \u2014 \u201cluck\u201d \u2014 the honest miners have in finding blocks. If they are very lucky, and find blocks faster than the average, their chain will probably be further ahead; the attacker will have had less time to secretly mine an alternative chain. On the other hand, if the honest miners are unlucky and find blocks slower than the average, they will probably be less far ahead: thus, the attacker will have had more time to mine an alternative chain.<\/p>\n

What This Means<\/strong><\/p>\n

The good news, as now conclusively shown by Grunspan and P\u00e9rez-Marco, is that the basic premise of the white paper still holds up. Bitcoin works as intended.<\/p>\n

\u201cIn this paper, we show that the probability of double spends drops exponentially to zero as the honest mining majority finds more blocks,\u201d Grunspan said. In other words, it becomes increasingly difficult for minority attackers to catch up and overtake the honest majority.<\/p>\n

That said, the security assumptions as stated in the white paper need to be tweaked a little. Rather than just accounting for the amount of hash power an attacker has and the number of blocks the attacker is behind, this third factor must also be considered. In their paper, Grunspan and P\u00e9rez-Marco have now published exactly how much this matters.<\/p>\n

\u201cThis is interesting information that can be used by merchants to monitor risk,\u201d Grunspan said on the relevancy of their calculations. \u201cLet\u2019s say a merchant always waits for six confirmations before sending his goods to a customer, as that is the level of risk he is comfortable with. That\u2019s 60 minutes on average. But sometimes he\u2019ll have to wait for two hours before six blocks are found. If that happens, the double-spend risk is also higher. So for the same level of security, he\u2019ll actually have to wait for a seventh confirmation. While if the confirmations come in much faster, he should be fine even with five confirmations.\u201d<\/p>\n

As double-spend protection is arguably at the heart of Bitcoin\u2019s innovation, the mathematical simplification in Satoshi\u2019s work is notable, especially for mathematicians. Grunspan does allow, however, that simplifying assumptions in a white paper is also understandable.<\/p>\n

And, perhaps, it reveals another hint about Bitcoin\u2019s origins.<\/p>\n

\u201cSatoshi was a genius,\u201d concluded Grunspan. \u201cBut he was not a mathematician.\u201d<\/p>\n","protected":false},"excerpt":{"rendered":"

Satoshi Nakamoto\u2019s math doesn\u2019t quite add up. In chapter 11 of the Bitcoin white paper, the pseudonymous author explained that an honest mining majority will always outrun a dishonest minority. As a key innovation in digital currency, this ensures transactions are practically irreversible once they have sufficient confirmations, effectively solving the double-spend problem. However, as […]<\/p>\n","protected":false},"author":2509,"featured_media":24313,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[35],"tags":[658,1212],"class_list":{"0":"post-24312","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-technical","8":"tag-technology","9":"tag-whitepaper"},"author_data":{"id":2509,"name":"Aaron van Wirdum","nicename":"aaron-van-wirdum","avatar_url":"https:\/\/bitcoinmagazine.com\/wp-content\/uploads\/2024\/12\/aaron-van-wirdum-96x96.jpg"},"featured_image_url":"https:\/\/bitcoinmagazine.com\/wp-content\/uploads\/2024\/11\/how-satoshi-messed-up-his-math-and-how-these-academics-just-fixed-it.jpg","_links":{"self":[{"href":"https:\/\/bitcoinmagazine.com\/wp-json\/wp\/v2\/posts\/24312","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/bitcoinmagazine.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/bitcoinmagazine.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/bitcoinmagazine.com\/wp-json\/wp\/v2\/users\/2509"}],"replies":[{"embeddable":true,"href":"https:\/\/bitcoinmagazine.com\/wp-json\/wp\/v2\/comments?post=24312"}],"version-history":[{"count":0,"href":"https:\/\/bitcoinmagazine.com\/wp-json\/wp\/v2\/posts\/24312\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/bitcoinmagazine.com\/wp-json\/wp\/v2\/media\/24313"}],"wp:attachment":[{"href":"https:\/\/bitcoinmagazine.com\/wp-json\/wp\/v2\/media?parent=24312"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/bitcoinmagazine.com\/wp-json\/wp\/v2\/categories?post=24312"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/bitcoinmagazine.com\/wp-json\/wp\/v2\/tags?post=24312"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}