|
I think you are greatly overestimating the marginal cost of turning on mining hardware. Hardware depreciation is a much more significant cost than electricity.
Also, you're mistakenly assuming that attacker blocks have an "evil bit" set. When a node is facing a massive reorg, in general he doesn't know if the new branch is one built in secret by an attacker, or if so far he has been isolated by an attacker and finally he gets a glimpse of the real chain.
And, if the node does have some way to determine that a branch belongs to an attacker, there's no need at all to fire up the hardware to work to orphan this branch - the network can just agree to reject this obviously malicious branch.
The practice of rejecting a new branch if it conflicts with a known branch X blocks deeps is what I call "cementing". This has its uses but it carries the risk that a node will be stuck on the wrong branch. Which is why proof of stake is needed to have the final say - the cemented branch will be given up once proof-of-stake favors a different branch.
|
|
|
|
Yes, I agree that forum members are vehemently opposed to a mining monopoly. I think this is an irrational view which is related to the political leanings of the current user base. I expect this view to change over time as the user base diversifies. I don't understand how bitcoin could become successful AND not attract a monopolist. There is nothing in the technology to exclude a monopolist from taking over, proof-of-stake helps but it doesn't change this. Monopoly is potentially quite profitable. People may not like this, but their feelings don't affect the situation. Bitcoin use must eventually be supported by utility as a payments system. I don't think users will abandon a useful payments system because a monopolist is verifying their txns rather than a network of competitive miners. Once demand for money transfer becomes the primary reason for use of the technology, people won't care who is verifying the txns as long as they are cheap, quick, and cash-like.
Can you explain how a monopolized Bitcoin is better than a central currency issuer? The entire point of Bitcoin is decentralization, if we don't have that, what do we have left? And why do we need the whole proof of work/stake thing, instead of the monopolist just synchronizing transactions in its internal database? You could take pretty much any argument in favor of Bitcoin and use it against a monopoly. What if it charges exorbitant fees of $0.3 + 3%? What if its servers are down and nobody can process transactions? What if it is attacked by some government agency? What if it goes bankrupt due to bad management? What if it starts posing restrictions on how one can use their bitcoins? |
|
|
|
|
I intend to issue 300 new bonds later this week, at a price that is to be determined.
Current bidders should be advised that if the issue price is lower than their bid, they will pay the full price they bid.
|
|
|
|
|
"Bitcoinica Buy Apy" is what you'd get per year for an idle deposit. Currently this is 0% for BTC and 7.41% for USD.
"Daily Pip" is in units of 0.01% per day.
"Bitcoinica sell" is what you pay for a "negative balance". Eg, if you buy bitcoins on margin, you have to pay the USD Bitcoinica sell Apy.
|
|
|
|
Meni's system polls stake and work separately. I believe validity requires concurrence of votes by miners and votes by stakeholders (but am not sure, Meni?).
Stakeholders will only validate a block if it currently enjoys acceptance among miners. But once they do, their validation overrides anything miners have to say on the matter. Are there incentives for stakeholders to participate actively? If not, isn't there another tragedy of the commons problem [most stakeholders will passively sign off on whatever the miners send to them]? You can include signature fees in transactions and in assurance contracts. Since the cost of signing is low, the token incentives that can be obtained from assurance contracts, quid-pro-quo, direct interest and so on should be sufficient. For the purpose of preventing double-spending, stakeholders aren't supposed to make any judgment about which block is better. As long as enough of them sign, and they never sign more than one block in a given height, the system should work. Preventing other attacks may require a more sophisticated system. |
|
|
|
I wonder if this can already be done with the right script. It's similar but the proposed use case is different. Here the focus is not on merchant payments, but on personal wallet security. I think there are security schemes that are possible with this but not without it, and some people might want to use them. Also, in this proposal, you don't reverse just the offending transaction from the address, you reverse both this transaction and the previous transaction to this address (and have the funds return to a different, presumably uncompromised address). This is what allows it to have security implications. (If you reverse just one transaction, a hacker could just make the transaction again). |
|
|
|
Mini, instead of having an address represent a pair of keys, what about using the key associated with existing bitcoin addresses to sign a delegation certificate, which basically says "the owner of bitcoin address A approves of any blocks signed with key B". Delegation certificates could even be revoked, obviating the need to transfer money around if the block-verifying key is exposed.
It's a more general solution, doesn't require changing the bitcoin address format, and could be implemented without touching the block chain on an overlay network used by miners.
Sounds good. |
|
|
|
If the price of a bitcoin increases, so does the incentive to attack the network
So does the incentive to secure it. Exactly, that's my point. You can't argue "the current level of security requires spending $10M / year, and that's a small price to pay for a global financial system". By the time Bitcoin is a ubiquitous global financial system, securing it will cost $1T / year, and nobody will cough that up without personal incentives. Which is precisely the "tragedy of the commons" problem we've been talking about. |
|
|
|
Joe makes a double-spend, one to Walmart and one to himself. Walmart pays 51% of the pools to commit to the transaction to Walmart. Meanwhile Joes pays the other 49% (or 20%, or whatever) to commit to the send-back. Walmart thinks the transaction is safe and gives the product to Joe, when in fact there's a 49% chance that the next block found will have the payment to Joe, and Walmart will lose the money. If Walmart pays deepbit (and arguably other pools) to include his block he could also ask to be notified to detect double spends, or simply to ignore other tentative double spendings. Then this reduces to waiting to see if there is any conflicting transaction, which is a service which can be provided by any node, it needn't be a miner. In fact waiting a few seconds and querying nodes gives superior security to contracts with miners, so this fails as an extra revenue source for miners. |
|
|
|
I am finding it difficult to believe in the concept that some rich people will essentially fund then network. I'm just doing a back-of-the-envelope calculation here. Unfortunately, this is all dependent on BTC price: if price jumps to $100/BTC because all of online betting/gambling and MMORPG trading adopts Bitcoin, then miners would still have incentive even if generation dropped to 2.5 BTC/block right now. I know it's not that simple, but the point is that looking at raw BTC/block generated makes for a somewhat arbitrary measure of how much miner support there will be.
If the price of a bitcoin increases, so does the incentive to attack the network (political parties and banks see it as more of a threat, more potential profit from double-spending and short-selling), hence the resources attackers are expected to muster, hence the hashrate required to secure the network. Because of this, BTC/block is a good measure for the level of security. |
|
|
|
Meni's system polls stake and work separately. I believe validity requires concurrence of votes by miners and votes by stakeholders (but am not sure, Meni?).
Stakeholders will only validate a block if it currently enjoys acceptance among miners. But once they do, their validation overrides anything miners have to say on the matter. |
|
|
|
There's still some work to be done with the design. The design I currently have should work against double-spending, but not necessarily against denial of service.
I can work on the design from a high-level perspective, but I don't think I'll be able to lead the development and promotion efforts in the near future. Someone would have to volunteer for that (and to create a new thread for further discussion).
No problem, it is CRCoin not RCCoin I am thinking of first off anyway, since the 0.8 & 0.2 proposal seems concrete enough and simple enough, gosh knows how complicated whatever you want to "collect signatures" for will turn out to be. I was thinking of going really simple, the address the reward is to go to either contains enough stake or it doesn't, no licensed miner / licensed mining, just put the reward where the stake is if there is enough stake already there or invalidate the block. Maybe make sure at least stake plus reward is still there 120 blocks later or don't mature the reward. -MarkM- Can you link to the 0.8 & 0.2 proposal? My current design is described here, I think it's not complicated at all. |
|
|
|
... I assume you mean that the confirming pools will also reject any blocks that contain a conflicting transaction.
Yes, if by "a conflicting transaction" you mean a fraudulent double-spending attempt. That's not a bug, it's a feature. The protocol doesn't say that if there are two conflicting transactions (whether a fraudulent double-spend attempt or something else) you have to reject both and reject any block that contains either. It says you go with the one you encountered first, unless a block is found that contains the other and then you go with that. In your scenario (especially if there is a dedicated denial-of-service attack), every block will be rejected by every miner because it contains some transaction the miner committed to reject. I've obviously not explained myself clearly enough, because that's not what I'm suggesting. The miner does not commit to reject any block that it would not reject anyway. Suppose WalMart sells a widget to Joe for 2 BTC. Joe is at the checkout and sends 2 BTC to WalMart's receiving address. WalMart doesn't expect Joe to wait for 6 confirmations before departing with his newly-purchased widget. So WalMart pays DeepBit 0.01 BTC to validate the transaction and promise that DeepBit will include that transaction in the next block mined IF DeepBit is the miner of the next block. Neither WalMart nor DeepBit objects if some other miner includes the transaction first, so there's no need to reject from some other miner for this reason. In practice, WalMart might have a similar arrangement with DeepBit, Slush, Eligius and a couple of other pools, to obtain sufficient certainty that the transaction will make it into the block chain. WalMart is not paying these miners to reject anything. WalMart is paying these miners for advance knowledge that WalMart's transaction will be included in the next block, IF that next block is mined by one of those miners. And that service is valuable enough that mining will be plenty profitable even with a block reward of zero. I assumed the participating pools would reject conflicting blocks, because if not, the weakness is even clearer. Joe makes a double-spend, one to Walmart and one to himself. Walmart pays 51% of the pools to commit to the transaction to Walmart. Meanwhile Joes pays the other 49% (or 20%, or whatever) to commit to the send-back. Walmart thinks the transaction is safe and gives the product to Joe, when in fact there's a 49% chance that the next block found will have the payment to Joe, and Walmart will lose the money. Actually there has already been a rush to implement pretty much "anything", ha ha.
I am a critic of the majority of existing alt coins. Alts have their place but they really need to be thought out and have a reason to exist, I'm not eager to rush an alt of my own. We have a bunch of pennystock-like chains already, lets see if a penny-CRCoin can beat out the other penny-chains.
If it can emerge a clear leader "in its class" then that should lend at least a couple of pennyweights to the theory, yes?
I don't expect you to write code, I don't expect Cunicula to write code. It was a very very pleasant surprise to me that Unthinkingbit does write code, in fact a whole lot more of DeVCoin's code than I wrote. (Heh "than I hacked a little" is more like it, I didn't really "write" anything, I just hacked away some at what was already written, enough to get it to at least look like it runs.)
So don't worry about coding. We can bribe codemonkeys with DeVCoins, or just make up the code, it doesn't sound real hard. And it sounds like an interesting idea.
-MarkM-
There's still some work to be done with the design. The design I currently have should work against double-spending, but not necessarily against denial of service. I can work on the design from a high-level perspective, but I don't think I'll be able to lead the development and promotion efforts in the near future. Someone would have to volunteer for that (and to create a new thread for further discussion). P.S. Hey maybe we should also accelerate the decay of the block-rewards in it so we can get to the juicy bits sooner?  Possibly, but that's not strictly necessary, test attacks should work well for testing resilience. |
|
|
|
Thanks, but I'd much rather see this change implemented while keeping the Bitcoin name and the current blockchain.
So, back to proof of concept... I do not want to detract from bitcoin with altchains, so we can maybe make sure it is clear from the outset that if it takes off too darn well Bitcoin itself is free to set some block number at which it adopts a similar system. But to drive Bitcoin to do so, we really should demonstrate that failing to do so could indeed prove a competitive threat to Bitcoin's value rather than being a harmless companion-coin or hanger-on or, indeed, merely yet another of the many currencies used by various civilisations of the Galactic Milieu. I can certainly imagine a scenario where Bitcoin fails due to this problem, and an alt proof-of-stake coin will be there to pick up the pieces. But I fear that people will attribute the failure to the concept of cryptocurrency itself, rather than to solvable problems that were foreseen in advance. I don't expect an alt to rise to prominence before Bitcoin failing, so by the time people will be convinced to make the change, it will arguably be too late. Which is why I hope people will give more weight to theoretical considerations. Empirical testing is great but it's not always feasible. This needn't be an immediate all-or-nothing change. You could start by collecting people's signatures and ignoring them. Then you could try reasoning what would happen if we used these signatures in branch selection. I am losing track, are you both in favour of making such a change to Bitcoin on purely theoretical grounds, or is at least one of you at least a little more empirically oriented than that?
I'm not going to be writing code to implement this anytime soon, if that's what you mean. But I'm putting a lot of personal resources into Bitcoin on the hope that its challenges will eventually be overcome, so it's not "purely theoretical" to me. Anyway, this problem probably won't manifest for a long time. Discussion of the problem and solutions should be out there, but as long as uncertainty of the future prospects isn't holding back adoption, there's no rush to implement anything. |
|
|
|
I am still of the opinion that all the ideas proposed could account for some level of hashing, but not enough for proof-of-work to completely secure the network. Which is why proof-of-stake will need to augment it to pick up the slack.
Thanks! So then maybe we call it CMRcoin or MRCcoin? (Cunicula/Meni Rosenfeld or vice versa; I know normally it'd be just one initial for each of you but I have this bias for three-letter currency-symbols...) Thanks, but I'd much rather see this change implemented while keeping the Bitcoin name and the current blockchain. PS. AFAIK, the first mention of using proof-of-stake in Bitcoin was by QuantumMechanic, in this appropriately named post. |
|
|
|
first volume is in number of shares, not btc
second volume is ok, value of traded shares
As I said it's just a problem with the label. It's not pretty or anything, but you can still get the data about number of shares traded, even if they're labeled as "BTC". And I'm pretty sure it is solvable in the bitcoincharts platform if properly configured. and the volume of traded stock is shown with .00 two decimal places as if fractions of shares would be tradeable
IMO fractions of a share should be tradeable on GLBSE. |
|
|
|
... I assume you mean that the confirming pools will also reject any blocks that contain a conflicting transaction.
Yes, if by "a conflicting transaction" you mean a fraudulent double-spending attempt. That's not a bug, it's a feature. The protocol doesn't say that if there are two conflicting transactions (whether a fraudulent double-spend attempt or something else) you have to reject both and reject any block that contains either. It says you go with the one you encountered first, unless a block is found that contains the other and then you go with that. In your scenario (especially if there is a dedicated denial-of-service attack), every block will be rejected by every miner because it contains some transaction the miner committed to reject. Reduction in block reward is arguably the second biggest challenge Bitcoin is facing (the first is legal attacks).
In my opinion, the first challenge is legal attacks. The second challenge is wallet security. Reduction in block reward doesn't feature as a problem at all. We'll know after December anyway. In December the block reward will be 25 BTC. The problem is when block reward is close to 0. We're no going to have any empirical evidence for a long time. I'm not saying the problem isn't solvable; I'm saying it's silly to think of it as "not a problem" when it was never tested, and when the proposed ideas of how the ecosystem will work depart completely from how Bitcoin works now and from its design principles. Agreed. While this scheme helps protect the network integrity, I'm not sure this addresses the "Tragedy of the Commons " fallacy. They claim a conspiracy will form and that people will choose the side of the conspiracy because it human nature to exploit any public works to the point of failure. They will argue that people will not use network assurance contracts enough to counter a monopolistic attack because it is "someone else's problem to worry about." Game theory helps us find problems to address, but the real world isn't the zero-sum game that some folks want to believe it is. They are simply naive.
Yes, people will contribute more than what the immediate incentives can account for, due to altruism, fear of a snowball effect, superrationality, etc. But they will only do so by a small amount, not enough to sustain the expenditure that will be required. If you really want to be future-proof, you need to align the immediate incentives properly. If anyone succeeded in monopolizing mining power, the price of bitcoin will plummet, thus eliminating the very incentive for obtaining that monopoly (unless your incentive is to destroy bitcoin).
A big unless. You'd want to attack the network either for profiting from double-spending, or for harming Bitcoin (political agenda, destroying competition, short-selling bitcoins). There's a tradeoff, some things you can do to protect against the former makes you more vulnerable to the latter. I don't understand the assumption that you have to keep network speeds at the current level (argument 2). It seems to me very likely that network speeds are too high currently and could fall a lot without reversal attacks becoming overly problematic.
They are (arguably) too high now for the current value of Bitcoin. As the impact of Bitcoin rises, so will the incentives to attack it. Since the attack incentive is more or less proportional to the purchase power of a bitcoin, it is safe to assume that the BTC reward per block is the invariant security factor. 50 BTC is high, but 1 BTC - which may very well be the future equlibrium - is not. I believe Bitcoin already has everything required to handle this situation by having players who benefit from high network speeds automatically create and broadcast network assurance contracts: https://bitcointalk.org/index.php?topic=67255.msg785122#msg785122I think this correctly solves the problem by allowing co-operation amongst competing players to fund network security in such a way that one player doesn't end up carrying the rest. This will certainly help. Decoupling compensation from individual transactions is a positive direction. But I think the fundamental problem remains. Someone would want to pledge his own funds only if he thinks there's a good chance he will tip the scale to passing the threshold. Which means the network will always walk on the edge in which there's a chance for everything to crumble. Also, as Mike and others have commented, game theory is just a model of real people's behavior, and is often very very wrong, as numerous studies have shown.
Game theory isn't a model of what people do. It's a model of what people should do. Even if 99% of people do "better" than what game theory prescribes, there can still be 1% who are selfish and rational and exploit the system. Having a system that is secure in theory can go a long way to preventing unpleasant surprises in practice. By the way, "failures of game theory predictions" are commonly not problems with the theory, but with the game that was chosen to model the specific real-world situation. I am still of the opinion that all the ideas proposed could account for some level of hashing, but not enough for proof-of-work to completely secure the network. Which is why proof-of-stake will need to augment it to pick up the slack. |
|
|
|
volume is measured in BTC as opposed to # of shares traded. BTC seems a pretty good measure of volume in any case. in this context it is a bug in the charts and not a good measure. As I said it looks like there's no bug, it displays either shares or BTCs according to your choice, what am I missing? |
|
|
|
There was a bug in retrieving difficulty for new blocks. Because of it, coupons paid for the last 3 blocks were about 9% higher than should have been. Since the mistake was in favor of bondholders, no further action is needed; and hopefully the bug is fixed now. For reference, the amounts that were actually paid were: 170351 Mar 09 2012 12:39:10 1331296750 180784 1376302.26789 50 0.0015291719 Paid
170015 Mar 07 2012 10:26:06 1331115966 202337 1376302.26789 50 0.0017114792 Paid
169679 Mar 05 2012 02:13:49 1330913629 237283 1376302.26789 50 0.0020070720 Paid
The amounts which should have been paid, and are now reflected on the website: 170351 Mar 09 2012 12:39:10 1331296750 180784 1496978.59502 50 0.0014059004 Paid
170015 Mar 07 2012 10:26:06 1331115966 202337 1496978.59502 50 0.0015735113 Paid
169679 Mar 05 2012 02:13:49 1330913629 237283 1496978.59502 50 0.0018452753 Paid
|
|
|
|
- Assumptions: In 40 year(or 140, doesn't matter) ... the major income of miners is from transactions fees
One potentially lucrative source of income is to facilitate instant point-of-sale transactions. Here's how it works. When a customer makes a Bitcoin transaction at the checkout, the retailer forwards the transaction to 51% or more of the major mining pools with an increased fee. In return, the mining pools validate the transaction immediately and guarantee that they will include it in the blocks that they mine. The retailer willingly pays the fee to avoid the need to wait for six confirmations. I doubt this will work. I assume you mean that the confirming pools will also reject any blocks that contain a conflicting transaction. Which means that for every block and any pool, it's likely that at least one of its transactions will be rejected. Which means most blocks will be rejected, which is a vulnerability. If it's the same 51% hashrate used by everyone this won't happen, but then it's just a mining cartel, which is only one step removed from a central mint. The reduction of block reward is a total non-issue, even without considering that there will always be plenty of people with reasons to mine for free.
Reduction in block reward is arguably the second biggest challenge Bitcoin is facing (the first is legal attacks). |
|
|
|
|
Show Posts
