You don't have to match the energy burn, just the hash rate (so efficiency matters).
You also don't have to do it all at once, you just have to be faster than the network (If the private blocks are calculated 10% faster it only takes ~10 days to go back in time 1 day). But of course this attack isn't practical, actually executing it would demonstrate that the public network was a farce.
> You don't have to match the energy burn, just the hash rate (so efficiency matters).
Of course, but I don't know how anyone could be a lot more efficient that current miners, who are in a rat race to increase the efficiency of their mining operations. They probably think about energy consumption every waking hour of the day.
> You also don't have to do it all at once, you just have to be faster than the network (If the private blocks are calculated 10% faster it only takes ~10 days to go back in time 1 day)...
Of course, but by then the Bitcoin network would have invested ~10 more days of energy into the network, and now instead of being one day behind, one would be ~10 days behind. One would have a different, forked blockchain far behind the original one, with no hope of catching up.
If one wants to modify a transaction from a day ago over time, one must burn at least one day's worth of Bitcoin network energy consumption much faster than the network, in order to keep up with the network. If one wants to modify a transaction from a day ago right now, one must burn at least one day's worth of Bitcoin network energy consumption in an instant.
PS. Note that I mean without forking. SORRY if that wasn't clear in my earlier comments!
You just have to have the "higher" energy cost, you don't need to have the same blockchain. So if you are 10% faster, you can go back in time an interval t once you have burned ~10t.
This is why the demonstration would fracture Bitcoin; it would reveal the hidden mining power and second there would be a bunch of discussion of ignoring the higher cost chain and sticking with social consensus.
> Re your PS, there will still be an old and new consensus blockchain no matter how fast you calculate the replacement.
Yes, of course. In fact, at any point in time there are always multiple blockchains, one for every miner burning energy to add a new block.
However, only the longest blockchain (with the greatest proof-of-work) is valid. As soon as there's a longer valid blockchain, the miners discard their individual work-in-progress blockchains and switch to the one with the most proof-of-work.
That longest blockchain is the Bitcoin blockchain. That is the blockchain one would have to modify to alter the transaction history in the Bitcoin network without forking.
FWIW, I don't think we disagree; I feel like we've been talking about slightly different things until just now.
We are kind of talking about different things. I'm talking about how at the protocol level the contents of the longest chain do not matter, it is by rule the "consensus blockchain".
It naturally flows from there that as long as you can calculate blocks faster than the network, you can rewrite past transactions, with the speed difference restricting how far back you can rewrite.
There's no need to do it in an instant and doing it in an instant isn't any different than doing it more slowly (other than the amount of hidden hash power revealed).
You also don't have to do it all at once, you just have to be faster than the network (If the private blocks are calculated 10% faster it only takes ~10 days to go back in time 1 day). But of course this attack isn't practical, actually executing it would demonstrate that the public network was a farce.