|
|
|
@ -1,3 +1,4 @@
|
|
|
|
|
[appendix]
|
|
|
|
|
== Errata to the Bitcoin Whitepaper
|
|
|
|
|
|
|
|
|
|
A description of known problems in Satoshi Nakamoto’s paper, "Bitcoin:
|
|
|
|
@ -6,8 +7,8 @@ changes and how Bitcoin's implementation differs from that described in
|
|
|
|
|
the paper.
|
|
|
|
|
|
|
|
|
|
This document was originally published by a co-author of this book in
|
|
|
|
|
2016; it is reproduced here with updates. The numbers and names of
|
|
|
|
|
sections in this errata correspond to the numbers and names of the
|
|
|
|
|
2016; it is reproduced here with updates. The names of
|
|
|
|
|
sections in this errata correspond to the names of the
|
|
|
|
|
sections in Nakamoto's original paper.
|
|
|
|
|
|
|
|
|
|
=== Abstract
|
|
|
|
@ -23,7 +24,7 @@ longest chain would be the one backed by the largest pool of
|
|
|
|
|
computational power. However, Bitcoin was implemented in such a way that
|
|
|
|
|
the amount of POW can vary between blocks, so it became important not to
|
|
|
|
|
check for the "the longest chain" but rather "the chain demonstrating
|
|
|
|
|
the most POW"; this is often shortened to "strongest chain".
|
|
|
|
|
the most POW"; this is often shortened to "most-work chain".
|
|
|
|
|
+
|
|
|
|
|
The
|
|
|
|
|
https://github.com/bitcoin/bitcoin/commit/40cd0369419323f8d7385950e20342e998c994e1#diff-623e3fd6da1a45222eeec71496747b31R420[change]
|
|
|
|
@ -68,7 +69,8 @@ paper which refer to "network nodes" is mainly about what nodes can do
|
|
|
|
|
even if they aren’t mining.
|
|
|
|
|
* *Post-publication discovery:* When a new block is produced, the miner
|
|
|
|
|
who produces that block can begin working on its sequel immediately but
|
|
|
|
|
all other miners must wait for that new block to propagate across the
|
|
|
|
|
all other miners are unaware of the new block and cannot begin working
|
|
|
|
|
on it until it has propagated across the
|
|
|
|
|
network to them. This gives miners who produce many blocks an edge over
|
|
|
|
|
miners who produce fewer blocks, and this can be exploited in what’s
|
|
|
|
|
known as the _selfish mining attack_ to allow an attacker with around
|
|
|
|
@ -186,8 +188,9 @@ Some linking is still unavoidable with multi-input transactions, which
|
|
|
|
|
necessarily reveal that their inputs were owned by the same owner
|
|
|
|
|
____
|
|
|
|
|
|
|
|
|
|
* *Post-publication invention:* the revelation of a common owner for
|
|
|
|
|
different inputs isn’t necessary if owners often mix their inputs with
|
|
|
|
|
* *Post-publication invention:* it isn't clear that different inputs
|
|
|
|
|
in the same transaction have the same owner if if owners often mix their
|
|
|
|
|
inputs with
|
|
|
|
|
inputs belonging to other owners. For example, there’s no public
|
|
|
|
|
difference between Alice and Bob each contributing one of their inputs
|
|
|
|
|
towards paying Charlie and Dan than there is between just Alice
|
|
|
|
|