While the attacker A is racing to build a heavier chain than honest miners H, A is not profiting, on the contrary. He must hold the costs until he finishes the race for the next B blocks.
If A was honest beforehand, everyone will notice the higher delay for block mining. Two things follows:
(1) B could easily increase, since those would be "dangerous times".
(2) Mining-related investors on standby may jump-in and participate, increasing H since.. A's hashrate would suddenly vanish on the public's perspective.
So while A is eating [temporary] loss, other miners are eating [temporary] profit from block rewards (since equilibrium was assumed). B (for particular receivers, those involved in high-valued transactions) may be arbitrarily increasing while the mining delay is unstable. THat instability would reduce while other participants enter the mining game.
But for how long would A hold it's [temporary] loss?
Also, if and after he wins the race, it's not like people can't ignore his chain with a temporary hard-fork. If they do ignore it for a while, sooner or later A's chain must get weaker, and that temporary hard-fork could be erased.
For the incentives for such temp hard-fork.. remember those temporary profit and temporary loss during the race period? The attacker would need to happily turn his losses into other miners losses, and their profits into his profit (regarding block rewards). Also, standard users could be, very, negatively impacted by such chain change. This impact could be reduced if the attacker replicated the transactions in his private chain while racing, but some transactions may be specific to the block height, so.. to replicate the transactions, he can't be much faster than H chain.
So counting the chances of investors coming into mining field, temporary losses that could least longer than expected due to block mining instability, the possibility of a temporary fork..
I mean, I didn't get the paper's math nor read it fully, but I think that there are more variables.
I think we should be specific about the time scale here. In the case of Bitcoin a 6-confirmation double spend would only take 2-3 hours which doesn't leave much time for the community to even notice, let alone coordinate a response. I won't even consider the case where the community has been force-fed a "never ever hard fork ever under any circumstances" message.
You can't assume that equilibrium holds since the difficulty only adjusts every two weeks. (Even in cryptocurrencies with continuous difficulty adjustment, 51% of the hashrate missing for 2-3 hours would not cause a noticeable drop.) Because the difficulty does not adjust during the attack, honest miners would be producing blocks at half rate (every 20 minutes) and thus would still appear to get their fair share of the block reward; they wouldn't get more.
For ASIC-based cryptocurrencies I don't think there's much if any hashrate sitting on the sidelines and the attack would probably be over by the time miners noticed.
Yes, you are correct. New miners should not appear until difficulty recalculation. But given this fact, depending on the intensity of the block mining rate change and how far the next recalculation is, the network could easily notice such changes. I don't just mean they "could", but they probably "would" as well. The world's economy heartbeat h-a-l-v-i-n-g 6 times in a row? (this drama is how critical I think that would be)
I don't know if an effective and immediate response could be taken place, but this sort of monitoring could be anticipated, and also, they would probably store the old chain's backup (just in case). I mean that if they do a rapid decision, it's not necessarily final (although this would cost the whole world economy a lot).
Only newcomers fullnodes, during the racing period, couldn't know which chain actually appeared first, but all other fullnodes and miners do know which one did, and that the alternative chain came at once and out of nowhere. This is an easy target for an "temporary chain force-choosing" algorithm. And again, this could be coded before the attack -try itself.
So I don't mean that this surely would be a "forced" (rushed) code-fork. On the other hand, without such a thing, everyone would enter a rushed data-fork, which probably will also be viewed as something risky and some costs may be applied (prepared in antecedence).
You are assuming that A was acting as a good faith miner before the attack, they could have been a non participant or be continuing their regular mining as well as their attack.
If A was honest beforehand, everyone will notice the higher delay for block mining. Two things follows: (1) B could easily increase, since those would be "dangerous times". (2) Mining-related investors on standby may jump-in and participate, increasing H since.. A's hashrate would suddenly vanish on the public's perspective.
So while A is eating [temporary] loss, other miners are eating [temporary] profit from block rewards (since equilibrium was assumed). B (for particular receivers, those involved in high-valued transactions) may be arbitrarily increasing while the mining delay is unstable. THat instability would reduce while other participants enter the mining game.
But for how long would A hold it's [temporary] loss?
Also, if and after he wins the race, it's not like people can't ignore his chain with a temporary hard-fork. If they do ignore it for a while, sooner or later A's chain must get weaker, and that temporary hard-fork could be erased.
For the incentives for such temp hard-fork.. remember those temporary profit and temporary loss during the race period? The attacker would need to happily turn his losses into other miners losses, and their profits into his profit (regarding block rewards). Also, standard users could be, very, negatively impacted by such chain change. This impact could be reduced if the attacker replicated the transactions in his private chain while racing, but some transactions may be specific to the block height, so.. to replicate the transactions, he can't be much faster than H chain.
So counting the chances of investors coming into mining field, temporary losses that could least longer than expected due to block mining instability, the possibility of a temporary fork..
I mean, I didn't get the paper's math nor read it fully, but I think that there are more variables.