But I still don't understand, what advantage the attacker obtains by creating these smaller accounts? Why not just sit on his big account and wait?
Creating blocks in a row is the major threat, if I understand it correctly. Then there is no point in creating new accounts. The point is that an attacker might find a clever combination (trying enough of them out) to control a large enough row. This is, essentially, about breaking the cryptography, right? Probably, this could be beaten by introducing some extra randomness (e.g., take some quantity that the attacker does not control as a seed, etc.).
|
|
|
1) each block has its own forging queue 2) the network draws from the queue until it is depleted and creates a new one 3) the network considers all accounts of the queue as equally good
Then, if we decide on all queue at once, the algorithm should be changed, because this way you'll not obtain the "correct" forging probabilities (all k i's are different, right?). Think of a situation when there is an account with 50% of all NXT, and limit=100. Normally this account would forge every second block, but under this approach, it will only forge every 100th. Do you mean 2) or 3) ?
2
|
|
|
Can you describe the algorithm of determining the next forgers in terms of the math model? In particular, how exactly this list is updated?
If I read the source correctly, that function will return a sorted list of limit accounts that are able to forge the next block. In math model: it is like having not only k 0 but also k 1 and k 2 and ... and k limit-1 representing the next in the what I would call forging queue. k 0 is the best, followed by k 1 and so on. But at the next moment (when the next block is forged) you decide on only one new entry to the queue? Or you wait until the queue is empty and decide on the whole queue then again? That is yet to be decided. EDIT: possibilities if could come up with: 1) each block has its own forging queue 2) the network draws from the queue until it is depleted and creates a new one 3) the network considers all accounts of the queue as equally good Then, if we decide on all queue at once, the algorithm should be changed, because this way you'll not obtain the "correct" forging probabilities (all k i's are different, right?). Think of a situation when there is an account with 50% of all NXT, and limit=100. Normally this account would forge every second block, but under this approach, it will only forge every 100th.
|
|
|
But I still don't understand, what advantage the attacker obtains by creating these smaller accounts? Why not just sit on his big account and wait?
Creating blocks in a row is the major threat, if I understand it correctly. Then there is no point in creating new accounts.
|
|
|
Can you describe the algorithm of determining the next forgers in terms of the math model? In particular, how exactly this list is updated?
If I read the source correctly, that function will return a sorted list of limit accounts that are able to forge the next block. In math model: it is like having not only k 0 but also k 1 and k 2 and ... and k limit-1 representing the next in the what I would call forging queue. k 0 is the best, followed by k 1 and so on. But at the next moment (when the next block is forged) you decide on only one new entry to the queue? Or you wait until the queue is empty and decide on the whole queue then again?
|
|
|
But still, an attacker could create raw transactions at will to create new accounts that might lead to a block that he has the highest cummulativeDifficulty of. He could include these txs into blocks that favor him most. So, it will be self-inducing.
Can you explain the last sentence to me, having in mind that I wrote my last program 20 years ago? In particular, how this cummulativeDifficulty is computed in the math model? Sure. raw = to-be-verified aka to-be-agreed-on The problem with raw transactions are: they are the things we need to find consensus about. That is why we need blocks. Blocks represent the consensus on which transactions occured. But: since we have not found any consensus about these raw transactions they can be added or removed at will. Why? Because we have not agree on them yet, because there is no block verifying them. I hope that is clear. So, an attacker could add raw transactions into his pool of available raw transactions and therefore increase his probability of bundling them into a block that one of his accounts can forge. A new forging account F is created by at least two transactions (3 NXT need in total): 1) funding (2 NXT to F) 2) public key creation (1 NXT form F to somewhere else) => F still holds 1 NXT and is able to forge in 1440 block from 2) Because of that, an attacker could carefully design transactions that create accounts that will forge in the future. So, this attacker could design raw transactions and shuffling existing ones and his artificial ones until he can a row of blocks that is long enough for his purpose. But I still don't understand, what advantage the attacker obtains by creating these smaller accounts? Why not just sit on his big account and wait?
|
|
|
Can you describe the algorithm of determining the next forgers in terms of the math model? In particular, how exactly this list is updated?
|
|
|
Thanks in advance!
About the last point: in the mathematical model we are considering, splitting is completely harmless. But, maybe, there are other attacking possibilities that the splitting gives in the real world: spam the network, affect its topology, ..., ... I don't know, I'm not a specialist here. In the case there are such possibilities, we may consider introducing this lower limit, so that the number of accounts that participate in forging cannot become too big.
You are welcome. Okay, got it. But still, an attacker could create raw transactions at will to create new accounts that might lead to a block that he has the highest cummulativeDifficulty of. He could include these txs into blocks that favor him most. So, it will be self-inducing. Can you explain the last sentence to me, having in mind that I wrote my last program 20 years ago? In particular, how this cummulativeDifficulty is computed in the math model?
|
|
|
But maybe since then it became more clear?..
Do u have any ideas how it's better to implement Transparent Forging? The goal is to find an optimum where we can predict few blocks in advance but noone could game the system by preparing such accounts that he would be able to forge a lot of blocks in the row. I think the algorithm can be easily adjusted in such a way that the next N forgers are known at each moment. But I don't dare to propose any solutions about penalizing accounts and things of this sort...
|
|
|
Version 0.3.1 of my article: http://www.docdroid.net/abp9/forging0-3-1.pdf.htmlAdded a new section about splitting of accounts. Conclusions: - Under Exp-algorithm, the probability that an account with relative active balance b generates the next block is exactly b; if all relative balances are small, then the U-algorithm essentially works the same way as the Exp-algorithm. - In general, splitting has no effect on the (total) probability of block generation under Exp-algorithm, and this probability always decreases under U-algorithm. However, the difference is usually not very significant (even if the account is split into many small parts). - Thus, neither algorithm encourages splitting (anyhow, there is some cost in maintaining many forging accounts, so, in principle, there is no reason to increase too much the number of them in the case of Exp-algorithm as well). The reader should be warned, however, that all the conclusions in this article are valid for mathematical models, and the real world can introduce some corrections. - In particular, it should be observed that, if the attacker could harm the network by splitting his account into many small ones, then a very small gain that he achieves by not splitting would not prevent him from attacking the network. If this attacker's strategy presents any real danger, we may consider introducing a lower limit for forging (e.g., only accounts with more than, say, 100 NXT are allowed to forge). Review will follow as usual. EDIT: maybe, you could elaborate more on the last point you made Thanks in advance! About the last point: in the mathematical model we are considering, splitting is completely harmless. But, maybe, there are other attacking possibilities that the splitting gives in the real world: spam the network, affect its topology, ..., ... I don't know, I'm not a specialist here. In the case there are such possibilities, we may consider introducing this lower limit, so that the number of accounts that participate in forging cannot become too big.
|
|
|
Thanks! There is even one theorem about Nxt now So I hope your new efforts are going to be rewarded (hint to whales) and that you will also consider modelling the BCNext proposed TF approach (with "penalties" which you can ask CfB about). This sort of scientific work is very beneficial for the Nxt project IMO. Yeah, I would be very interested in analyzing the TF, but for this I need a mathematical model... I remember I discussed this with CfB some weeks ago, but at the end we didn't come to any conclusion about the precise details of the TF implementation. But maybe since then it became more clear?..
|
|
|
Thanks! There is even one theorem about Nxt now
|
|
|
Version 0.3.1 of my article: http://www.docdroid.net/abp9/forging0-3-1.pdf.htmlAdded a new section about splitting of accounts. Conclusions: - Under Exp-algorithm, the probability that an account with relative active balance b generates the next block is exactly b; if all relative balances are small, then the U-algorithm essentially works the same way as the Exp-algorithm. - In general, splitting has no effect on the (total) probability of block generation under Exp-algorithm, and this probability always decreases under U-algorithm. However, the difference is usually not very significant (even if the account is split into many small parts). - Thus, neither algorithm encourages splitting (anyhow, there is some cost in maintaining many forging accounts, so, in principle, there is no reason to increase too much the number of them in the case of Exp-algorithm as well). The reader should be warned, however, that all the conclusions in this article are valid for mathematical models, and the real world can introduce some corrections. - In particular, it should be observed that, if the attacker could harm the network by splitting his account into many small ones, then a very small gain that he achieves by not splitting would not prevent him from attacking the network. If this attacker's strategy presents any real danger, we may consider introducing a lower limit for forging (e.g., only accounts with more than, say, 100 NXT are allowed to forge).
|
|
|
@ mthcl, C-f-B, коль скоро вы заглянули - вопрос по математике Nxt-форжинга: из статьи mthcl видно, что сейчас алгоритм таков, что есть небольшая выгода в объединении стейков. Что потенциально может привести к созданию 1-го - 2-х пулов-монополистов, как сейчас в биткоине. Но может быть есть несложный способ слегка подправить алгоритм форжинга, чтобы выгода форжинга от слияния аккаунтов росла до какого-то предела, а затем плавно, но неумолимо снижалась? Тогда можно было бы безбоязненно реализовывать Account Control в части передачи прав на форжинг. Есть простой способ: установить верхний предел по количеству форжащих NXT на аккаунт.
|
|
|
А, тогда я спокоен.
Только эта часть около 10 лямов A сколько он уже продал?
|
|
|
начал переводить статью Why NXT Ought to be Taken Seriously
- отлично, когда закончишь, не забудь в конце статьи (или здесь) указать свой Nxt-аккаунт.. Кстати, вот ещё занятная статейка.. но, похоже, одним английским там не обойтись я бы за статью по математике форджинга взялся бы, но в компаний с кем то кто еще знает теор вер и криптографию, а то вдруг я подзабыл что то с окончания универа Автор той статейки говорит по-русски, я точно знаю Но он, вероятно, решил, что тот, кто достаточно знает математику, обычно и с английским не имеет особых проблем. А когда будет версия 1.0.0? А когда захотим, тогда и будет Мне ChuckOne еще обещал комменты по Section 3 прислать. Но, в принципе, пока я не представляю, что там еще можно добавить/исправить.
|
|
|
начал переводить статью Why NXT Ought to be Taken Seriously
- отлично, когда закончишь, не забудь в конце статьи (или здесь) указать свой Nxt-аккаунт.. Кстати, вот ещё занятная статейка.. но, похоже, одним английским там не обойтись я бы за статью по математике форджинга взялся бы, но в компаний с кем то кто еще знает теор вер и криптографию, а то вдруг я подзабыл что то с окончания универа Автор той статейки говорит по-русски, я точно знаю Но он, вероятно, решил, что тот, кто достаточно знает математику, обычно и с английским не имеет особых проблем.
|
|
|
|