That is not an adoption market. can you elaborate why? to me it seems the nsa is pushing us companies strongly for a transition. That most of the world can't even look forward more than 1 quarter of a year (read upthread too for more context), should be indicative of the near-term priorities of corporations. And the masses have no clue about this. |
|
|
|
Hahaha, they are fucked if they do and fucked if they don't. Checkmate. |
|
|
|
|
My (age 17 in May) high IQ daughter has confirmed that my plan is correct and if I can implement then I do have a shot of replacing Facebook for her generation.
She is very excited to promote my new site to her 10,000+ Facebook friends.
My daughter has Fb friends in every country of the world.
|
|
|
|
You guys are clueless as to Zcash not being able to succeed with a 11% block subsidy. Ripple premined 100% of their coin and they are doing quite well, Dash did too. Bitcoin was effectively "instamined" by early adopters. There is no way to fairly distribute any cryptocurrency. Then again, this being "fatal flaw" is being brought up by someone that insist they should include a backdoor for the government, so I will take anything you say about their business plan (and the fact that yours is so much better) with a grain of salt.
[...] Yeah you are so smart and TPTB is so dumb. Thank you immensely for leading your generation to the truth. Amen. Note it was some where recently I wrote that all coins are effectively premined because the distribution is to speculators and not to the eventual mass adoption users (assuming crypto ever does make it to mass adoption). Also my input has been entirely misconstructed by the dufus. He could read but refuses: https://forum.z.cash/t/funding-the-founders-reward/205/5The salient points fly over this head apparently: The issue I pointed out is just to make sure the coins are widely distributed (i.e. not concentrated into fewer HODLers). And to give time for the coin to be adopted as the coins are distributed, so that wide participation (and thus wide distribution) are achieved. That is not free market price discovery. Their current braindead plan isn't generous to anyone, not even to themselves nor their investors! |
|
|
|
That is not an adoption market. I agree it is possible to sell a P&D (no adoption) about quantum resistance to speculators. |
|
|
|
This would fit in with Armstrong's debt crisis phase transition call ; he says a collapse in confidence in govt or some event that shocks this bond market will see a rush out of govt bonds and into the private realm of stocks. I presume this would also lead to the moonshot for gold etc as well.
Yep and MA is thinking May before any such crack. With it really picking up steam in 2017 and governments go bezerk with capital controls, hot wars, and possible a pandemic as icing on the "we are fucked" cake. He always had predicted there would be one more hooray in bonds first which is why he is seeing a capitulation low in gold first before the blast off. And eventually capital heads to the USD and USA stocks because the dollar is the reserve currency and for example China and Hong Kong had pegged their currencies to the dollar thus effectively borrowing dollars to the tune of $34 trillion. The entire developing world is short the dollar in dollar debt (either explicit debt and/or a currency peg). Thus unwinding of the carry trade is going to send the dollar skyrocketing and capital will follow like a herd. sloanf get fuck off our lawn you imbecile. Edit: http://www.bbc.com/news/business-35516054 |
|
|
|
Thank you for your understanding. Well I don't plan on failing! The main issue is the one I can't entirely control (yet)...
The main issue I am still struggling with is my health. Because I relapsed this week, I increased my intake of 80% concentrated curcumin extract (w/piperine) to 30 grams per day! (mixed with locally fresh cold pressed coconut milk/virgin oil). That means 1 kilo per month! And that is concentrated extract thus equivalent to consuming 100 kilos of tumeric monthly.
The result is I want to sleep always. But I think that is good. After I sleep, I awake with some energy and feel good for perhaps 4 hours. But then I take more curcumin and I feel sleepy again.
It seems I am so messed up in my pancreas/gall bladder/colon area, that it will require either surgury (but no MRI or diagnosis yet) or it will require massive doses of curcumin and massive sleep (I assume sleep is the body's way of repairing damage).
So all I can say is the curcumin extract treatment is very active in the area of the problem (gut/digestion) and seems to be efficacious in terms of calming the systemic imflammation and improving disgestion and (frequency/stool quality of) defecation. And it is causing me to want to sleep so much that it limits the hours I can be awake to work. And I can't yet discern whether it is actually curing my gut issue. I have some signs that cause me to believe it may be. But I can't yet detect for sure. I think this fight for cure is one where I will struggle while undergoing the cure (I do imagine there is really cancer in there and I am attempting to shrink the tumor with the curcumin). So much guessing bcz I haven't a MRI. I contemplate going again to try to get a doctor here, but then again I'd rather expend my time trynig to work. I will pursue the curcumin for some more weeks before deciding what to do next on my health issue.
About the work in front of me now, first step is I am working on the memory hard PoW function. After that, I will investigate the XXXXXXXXXXX issues. Then I will be able to make some sort of estimate as to whether I think we can do a quicker launch and ramp from a rudimentary set of features, or whether I really need a year of coding before launch.
I think our window of opportunity is more limited than you think, because everyone is searching for the solution to Bitcoin's scaling problem. And others are starting to get wind of the idea of combining social networking and crypto [e.g. GetGems]. I think we need to strike now asap. Also yes I need money to go abroad [for medical diagnosis]. |
|
|
|
Summary of my design and its significance.
The stated problem bounds do not include being able to tell whether someone controls >50% of the hash rate. That isn't in the paper at all. The wording of the paper is "As long as a majority of CPU power is controlled by nodes that are not cooperating to attack the network". It doesn't matter whether they cooperate via pools or otherwise, either way it is outside the bounds.
Without considering the Sybil attack, then one isn't solving the Byzantine fault issue, i.e. isn't solving the Byzantine Generals problem (which is the correct title of this thread). Just because Satoshi failed to mention that he hadn't solved what he was implying to have solved, doesn't make that just having a majority of the hashrate is the only consideration in a PoW solution to the Byzantine Generals problem. There is no Sybil attack possible on the problem as stated. "A majority of CPU power" is a physical quantity which can't be Sybil attacked. Period. The Byzantine Generals problem does not state "A majority of CPU power" as the problem. I already stated that is Satoshi's requirement but as the correct title of this thread points out, Satoshi's stated requirement is not a solution to the Byzantine Generals problem. Period. One of the attack vectors in solving the Byzantine Generals is the Sybil attack. The Byzantine Generals problem is all about the need to trust that 2/3 of the generals are loyal without centralization where all generals are the same person, i.e. that there is no Sybil attack. Anyone who has studied all the variants of consensus algorithms (as I have) will know clearly that Sybil attacks are always resolved via centralization of the protocol. This is why as I looked for an improvement over all of what has already been tried, I was cognizant of that I would need to accept centralization in some aspect and so I began to look for the possibility of controlling centralization with decentralization, i.e. a separation of orthogonal concerns which is often how paradigm shifts arise to solve intractable design challenges. Every consensus design creates centralization. This will always be unavoidable due to the CAP theorem. The key in my mind is to select carefully where that centralization should be. - Satoshi's PoW consensus design centralizes because a) SHA256 has orders-of-magnitude lower electrical cost on ASICs, b) full nodes must centralize (maximize pooled hashrate) to win the battle over who will have the most profitable verification costs (which can be accomplished with a Sybil attack), and c) variance of block rewards require maximizing pooled hashrate (at least up to double-digit percentages and Sybil attack incentives kick in from there).
- Stellar's SCP consensus design centralizes because although it can't diverge, it requires that slices are not Sybil attacked to avoid eternal preemption (being jammed stuck forever).
- Ripple's consensus algorithm diverges unless it is centralized trust, as confirmed by Stellar's divergence before it switched to the SCP algorithm.
- Iota's (any DAG's) consensus diverges unless centralization can force the mathematical model that payers and recipients encode in their interaction with the system.
- Ethereum never solved the issue that verification of long running scripts can't be decentralized. They are now off another deadend tangent (consensus-by-betting, Casper, shards) trying to deny the CAP theorem.
- PoS is centralization.
Extracting the generative essence of an issue is what I do. That is where I have made my career in the past and will do so again.
|
|
|
|
First let us realize that the weaknesses of those approaches is they must use some centralization to prevent Sybil attacks: Still another approach to consensus is Byzantine agreement [Pease et al. 1980; Lam-
port et al. 1982], the best known variant of which is PBFT [Castro and Liskov 1999].
Byzantine agreement ensures consensus despite arbitrary (including non-rational) be-
havior on the part of some fraction of participants. This approach has two appealing
properties. First, consensus can be fast and efficient. Second, trust is entirely decou-
pled from resource ownership, which makes it possible for a small non-profit to help
keep more powerful organizations, such as banks or CAs, honest. Complicating mat-
ters, however, all parties must agree on the the exact list of participants. Moreover,
attackers must be prevented from joining multiple times and exceeding the system’s
failure tolerance, a so-called Sybil attack [Douceur 2002]. BFT-CUP [Alchieri et al.
2008] accommodates unknown participants, but still presupposes a Sybil-proof cen-
tralized admission-control mechanism.
Generally, membership in Byzantine agreement systems is set by a central authority
or closed negotiation. Prior attempts to decentralize admission have given up some of
the benefits.
The new Stellar SCP protocol/algorithm (above white paper) morphs the Sybil attack problem from one of divergence to one of perpetual preemption (unless of course centralization of trust is used by participants to thus remove the Sybil attack). It also provides asymptotic security that Satoshi's PoW doesn't have. Note that Bitcoin does not have asymptotic security, meaning if ever someone with greater hashrate could come along in the future, they could rewrite the block chain. Iota has an interesting point about the insecurity of PoW hashes in the context of quantum computing. However, I argue that the community will enforce checkpoints, because our transaction history is valuable to us.
<r0ach> you can't solve byzantine generals problem with a probabilistic model unless you've first solved sybil with a probabilistic model and Bitcoin doesn't do that
<r0ach> because there's no way of telling if all pools are owned by the same person, then it's not collusion or 51% attack, it's a sybil attack
<r0ach> since the essence of the byzantine generals problem is sybil attack, dealing with sybil comes first in the hierarchy before byzantine generals is discussed at all
I made this same point in either 2013 or 2014. Afaics, the only solution is unprofitable PoW which is the design I am now pursuing. Bitcoin solves the byzantine generals problem within the bounds of the assumptions in the model. If one entity controls a majority of hashing power, that is outside of the bounds. Circular logic. Bitcoin didn't solve the Sybil attack problem when pools control 51% and no one can know whether they do and reroute their PoW shares. The stated problem bounds do not include being able to tell whether someone controls >50% of the hash rate. That isn't in the paper at all. The wording of the paper is "As long as a majority of CPU power is controlled by nodes that are not cooperating to attack the network". It doesn't matter whether they cooperate via pools or otherwise, either way it is outside the bounds. Without considering the Sybil attack, then one isn't solving the Byzantine fault issue, i.e. isn't solving the Byzantine Generals problem (which is the correct title of this thread). Just because Satoshi failed to mention that he hadn't solved what he was implying to have solved, doesn't make that just having a majority of the hashrate is the only consideration in a PoW solution to the Byzantine Generals problem. Even if we remove the economics which drives hashrate to concentrate into mining farms such as my suggestion to make mining unprofitable (and an ASIC resistant PoW protocol such as a memory hard hash would help improve the ratio of PoW shares from the marginal mines which are the payers required to make mining unprofitable for the lowest-cost miners which are the mining farms), we still have the problem that if payers are not full nodes and thus have to choose another server to do verification and select transactions for each block, the Sybil attack problem remains in that one can't know if many servers are owned/controlled by the same entity. And in fact, I have shown that verification MUST due to economics be centralized because those full nodes which have higher hashrate (even if hidden behind a Sybil attack from the public's perspective) thus earn more block reward and/or transaction fees per verification than those who control less hashrate, thus pools/full nodes are forced to be centralized (and hide it from the public with a Sybil attack because we all are delusional and expect Satoshi's design to remain decentralized when it can't). But let's consider what damage the Sybil attack on full nodes can do, and how it can be detected and mitigated. In Satoshi's design, the Sybil attacking full node has lower costs for verification (and maybe can also potentially do a selfish mining attack but that isn't required to make my point) and thus will eventually drive the other full nodes bankrupt as a result. Thus Satoshi's design centralizes because of the inviolable and insoluble economic reality. The other bad things centralization can do is censor some transactions and execute long-con double-spend attacks. The solution is to centralize only the verification, but keep the control of the PoW computation decentralized, and make it such that the blame for censoring transactions and long-con double-spending is not ambiguous as it is in Satoshi's design. That is exactly what my design accomplishes, while also enabling instant transactions that are sound. White paper and implementation forthcoming. |
|
|
|
Kim.fat.com.idiot was a brilliant marketer (and so was Charles Ponzi) He tapped into the desire of millions of hackers/people to steal from themselves. > Fat.com.idiot is a roly-poly savvy marketer and we should partner with him Anyone can be a good marketer if they create a site to help steal via Bittorrent and then charge a small commission on that activity. Fat.com had his 10 minutes of criminal fame. Now will receive justice for his crimes. > As to 'theft' and 'copyright' we are obviusly in disagreement - and let us leave it at that, no need for us to spend energy on that. Huh  https://bitcointalk.org/index.php?topic=1350711.msg13796388#msg13796388Quote from: TPTB_need_war on February 05, 2016, 03:45:47 PM And he will not also admit the following is why he incorrect about stealing content. Governments are organizing now around controlling the internet. The illegal activity through Bittorrent (which also steals from ISPs which have higher upload bandwidth allowances) is helping the governments feel they are justified in regulating the internet via Net Neutrality and other measures. You young fellow feel free to pursue theft of music and other content which deprives the millions of artists of income to pay their rent. You are not going to create the new Knowledge Economy with your theft model. And by advocating theft, you are helping the NWO totalitarianism to take form by providing an economic incentive and political support from millions of artists who are violated by piracy. Dumb. But I expect that from you. |
|
|
|
<r0ach> you can't solve byzantine generals problem with a probabilistic model unless you've first solved sybil with a probabilistic model and Bitcoin doesn't do that
<r0ach> because there's no way of telling if all pools are owned by the same person, then it's not collusion or 51% attack, it's a sybil attack
<r0ach> since the essence of the byzantine generals problem is sybil attack, dealing with sybil comes first in the hierarchy before byzantine generals is discussed at all
I made this same point in either 2013 or 2014. Afaics, the only solution is unprofitable PoW which is the design I am now pursuing. Bitcoin solves the byzantine generals problem within the bounds of the assumptions in the model. If one entity controls a majority of hashing power, that is outside of the bounds. Circular logic. Bitcoin didn't solve the Sybil attack problem when pools control 51% and no one can know whether they do and reroute their PoW shares. |
|
|
|
this is a complete fucking insanity to compare the development of revolutionary technologies with Holocaust
I have not heard a delusional arguments and comparisons.
It looks like this guy really loves BDSM and far from understanding the real thing. All his chatter, there is one lie.
He is making that stark analogy because he believes JINN is a scam and he believes scams are destructive to the crypto landscape. The "reality denial" and 'BDSM' attacks are vindictive, not factual, and lowering the credibility of those who issued them. This is not an appeal to authority, but rather a discussion of ideas. Those who attack individuals who raise strong ideas are weak on strong ideas. I agree with AltcoinUK that the only way to monetize quantum resistance at this time is probably selling it to speculators. I don't think there are any adoption markets that care enough yet. Perhaps not absolutely true, but seems roughly correct. |
|
|
|
Let me reiterate again that the math you cited from Meni Rosenfeld was incomplete and thus incoherent. I explained that the same probabilistic guarantees can be obtain by increasing the number of confirmations rather than increasing the block reward.
In a system with no block reward, you can calculate the probability that an attacker can outpace the rest of the network from N blocks deficit. However, I don't see a way to put bounds on when it is safe to accept a transaction of size X as confirmed because the amount of PoW on top of any given transaction doesn't have a value which is easily observed. I explained upthread that the math is incoherent and there is no bound with profitable proof of work either due to k. I will formalize the argument in a white paper, not now. (which doesn't require there is necessarily no block reward but rather just that the block reward is less than profitable at the current difficulty)
If the block reward is unprofitable in a system with adjustable difficulty, this is not an equilibrium, so the difficulty will adjust downwards until it there is one. If your design includes other factors which you are not revealing, this may be different, but with what I know this is how I see it. In my design every txn includes a PoW share thus difficulty will not reduce unless transactions reduce. The sender of the txn is entirely unconcerned about the cost of producing the PoW share. The threshold of the difficulty to win a block will increase accordingly so that the block period remains constant. |
|
|
|
...but there is no monetization route for a quantum resistant digital currency at this moment in time.
Strong point. Not absolute, but strong IMO. |
|
|
|
...and another incentive structure must be developed to encourage decentralized p2p mining.
Switching to an ASIC resistant PoW coin doesn't solve this problem but merely delays the inevitable. As interest and hash power grows ASICS will be developed within time regardless.
I believe it is possible to design a memory hard PoW that is not electrically more efficient on an ASIC, but it will be very slow. I originally didn't think so, but have since realized I had a mistake in my 2013/4 research on memory hard hashes. It is possible that Cuckoo Hash already achieves this, but it is more difficult to be certain and it is very slow when DRAM economics are maximized (although it adds asymmetric validation which is important for DDoS rejection if the transaction signatures are ECC and not Winternitz and for verification when PoW share difficulty can't be high because each PoW trial is so slow).
Cryptonote's memory hard hash can't possibly be ASIC resistant, because by my computation it could not possibly have 100 hashes/second on Intel CPUs and be ASIC resistant.See also Zcash's analysis thus far. |
|
|
|
Does anyone know of any proof which says that convergence can be guaranteed without a block reward? I would like to hear more detail because it's my gut feeling that it cannot.
I am working on it for a white paper. Details are upthread. We've covered the issues upthread, perhaps not to your satisfaction. Let me reiterate again that the math you cited from Meni Rosenfeld was incomplete and thus incoherent. I explained that the same probabilistic guarantees can be obtain by increasing the number of confirmations rather than increasing the block reward. The Nash equilibrium in an unprofitable PoW design (which doesn't require there is necessarily no block reward but rather just that the block reward is less than profitable at the current difficulty) is that payers want their transactions to be included in the longest-chain, thus they will send their PoW shares towards confirming blocks which honor the LCR. In my design, the amount of electricity that secures the coin is sensibly insignificant relative to the value of transactions since each transaction includes a PoW share. |
|
|
|
<r0ach> you can't solve byzantine generals problem with a probabilistic model unless you've first solved sybil with a probabilistic model and Bitcoin doesn't do that
<r0ach> because there's no way of telling if all pools are owned by the same person, then it's not collusion or 51% attack, it's a sybil attack
<r0ach> since the essence of the byzantine generals problem is sybil attack, dealing with sybil comes first in the hierarchy before byzantine generals is discussed at all
I made this same point in either 2013 or 2014. Afaics, the only solution is unprofitable PoW which is the design I am now pursuing. ...and another incentive structure must be developed to encourage decentralized p2p mining.
Switching to an ASIC resistant PoW coin doesn't solve this problem but merely delays the inevitable. As interest and hash power grows ASICS will be developed within time regardless.
I believe it is possible to design a memory hard PoW that is not electrically more efficient on an ASIC, but it will be very slow. I originally didn't think so, but have since realized I had a mistake in my 2013/4 research on memory hard hashes. It is possible that Cuckoo Hash already achieves this, but it is more difficult to be certain and it is very slow when DRAM economics are maximized (although it adds asymmetric validation which is important for DDoS rejection if the transaction signatures are ECC and not Winternitz and for verification when PoW share difficulty can't be high because each PoW trial is so slow). Cryptonote's memory hard hash can't possibly be ASIC resistant, because by my computation it could not possibly have 100 hashes/second on Intel CPUs and be ASIC resistant. See also Zcash's analysis thus far. Correction follows. It will be impossible to design a memory hard PoW that is not electrically more efficient on an ASIC, unless the hash function employed (for randomizing the read/writes over the memory space) is insignificant w.r.t. the RAM power consumption, which is probably not going to be the case in any design where that hash function has sufficient diffusion to be secure. The only way to make an ASIC resistant PoW is for the proving computation to be memory latency bound, because DRAM latency can't be improved much in general (whereas hardwired arithmetic computation and memory bandwidth can be accelerated with custom hardware): http://community.cadence.com/cadence_blogs_8/b/ii/archive/2011/11/17/arm-techcon-paper-why-dram-latency-is-getting-worsehttp://www.chipestimate.com/techtalk.php?d=2011-11-22However, what a GPU (which starts with 4 - 10X worse main memory latency than CPUs) and especially an ASIC will do to get better DRAM amortization (if not also lower electricity consumption due to less latency) is run dozens or hundreds of instances of the proving algorithm with the memory spaces interleaved such that the latencies are combined and amortized over all instances, so that the effective latency drops (because reading from the same memory bank of DRAM is latency free if multiple accesses within the same bank are combined into the same transaction). This can even be done in software as interleaved memory spaces without needing a custom memory controller. More exotic optimizations might have custom memory controllers and larger memory banks (note I am not expert on this hardware issue). This is probably why Cryptonote includes also AES-NI instructions because GPUs have only at best at parity in performance per watt on AES, but that won't be enough to stop ASICs. However that optimization for ASICs will bump into memory bandwidth limit so the amortization will have a limit. Theoretically memory bandwidth can be increased with duplicated memory banks for reads but not for writes! Using larger memory spaces in a properly designed memory hard PoW hash function (not Scrypt) can decrease the probability of that instances will hit the same memory bank within a sufficiently small window of time necessary to reduce the latency. Also using wider hash functions (e.g. my Shazam at 2048 to 4096-bits) reduces the number of instances that can be interleaved in the same memory bank (and standard DRAM I think has bank/page size of 4KB?). The ASIC can respond by designing custom DRAM with larger memory banks and run more instances, but that not only raises the investment required but the memory bandwidth limit for writes seems to be an insurmountable upper bound. So although I think a memory hard PoW hash can be made which is more ASIC resistant than current ones, I think it will be impossible to sustain parity in hashes/Watt and hashes/$hardware. Perhaps the best will be within 1 to 2 orders-of-magnitude on those. So all profitably mined PoW coins (with sufficient market caps) are destined to be centralized into ASIC mining farms running on cheap or free electricity, but the scale and rate at which this happens can be drastically improved over SHA256 (Bitcoin, etc). My design of unprofitably mined PoW will only require that the difficulty from the PoW shares sent with transactions is sufficient to making ASIC mining unprofitable for the level of block reward offered. Keeping the CPU implementation of the PoW prover within 1 to 2 orders-of-magnitude of an ASIC implementation reduces the level of such aforementioned difficulty needed. I hope I didn't make another error in this corrected statement. It is late and I am rushing. |
|
|
|
<r0ach> you can't solve byzantine generals problem with a probabilistic model unless you've first solved sybil with a probabilistic model and Bitcoin doesn't do that
<r0ach> because there's no way of telling if all pools are owned by the same person, then it's not collusion or 51% attack, it's a sybil attack
<r0ach> since the essence of the byzantine generals problem is sybil attack, dealing with sybil comes first in the hierarchy before byzantine generals is discussed at all
I made this same point in either 2013 or 2014. Afaics, the only solution is unprofitable PoW which is the design I am now pursuing. |
|
|
|
With PoS/PoI/DPoS a sybil attack can come without any notice and with potentially much cheaper costs. (No, an attacker need not have to "buy" coins to attack, They can create an exchange/bank that pays interest/dividends to corner a good chunk of coins 5-30% needed depending upon the algo, Or they can create a popular wallet with a backdoor, Or they can compromise several large bagholders computers, Or a few large holders could short and attack their own coin, ect..)
These are social engineering attacks, of course. I guess the equivalent in POW would be to 'borrow' someone's server farm. Some of it does involve Social engineering, yes. The distinction between PoW and PoS/PoI/DPoS is that several of these attack vectors cannot be accomplished with PoW. With PoW all you can do is steal the account holders coins with a mtgox, ponzi scheme, or when a large bagholder is compromised. With PoS you can also attack the network and steal other peoples coins as well. Additionally, a compromised wallet cannot attack the network with a 51% attack with PoW as in PoS. I suppose one could social engineer their way into Ant-pools mine and covertly reflash the firmware on all the miners. This attack would be much more difficult to do because large farms have multiple engineers who look over things and they have to constantly check their equipment and have large incentives to keep ontop of everything because of razor thin profit margins. It is no surprise that many PoS coins use checkpoints to add another security layer which is essentially centralization by a few developers approval. Checkpoints don't prevent these attacks just narrow the window of attack which is absolutely no problem. Developers Like Vitalik have studied these security weaknesses long and hard and despite desperately wanting to use some form of TaPoS for security still have not found an acceptable solution to mitigate these threats. [...] I have added the above quote to my epic post about all the flaws in PoS. |
|
|
|
|
I have nothing more to say. I hope all parties can make sure they fact check everything.
|
|
|
|
|
Show Posts
