Scumby,

What you say is very interesting. Satoshi designed the current Bitcoin proof-of-work system to prevent an adversary from presenting a forged blockchain as legitimate. My approach makes that difficult by having only one canonical version of the blockchain, in which the current hash is widely known, in which participants are identified by certificates, and in which misbehavior is detected by verifying peers.


This is a desirable property for the blockchain or agent logs. I want to understand the circumstances allowing an adversary to forge such a blockchain. I seem to comprehend how a KSI + chaos blockchain could be tamper-evident, but the forgery attack is one in which the adversary replays transactions from some point in the history, with some change in their own favor, recalculating the merkle trees and block hashes at each step. The forged block chain is thus internally consistent with no evidence of tampering unless compared with the final block hash of the legitimate blockchain.

Does KSI as you understand it somehow make replaying of the blockchain building process impossible - as I described that process above?

Even if not, your mentioning of a public chaos value is a good idea for convincing observers that the blockchain was not constructed prior to the timestamp associated with the public chaos value. I could use the daily radio flux at 10.7 cm as reported by the U.S. Dept. of Commerce, NOAA, Space Weather Prediction Center, or can anyone suggest something published and archived by a more international source?

Indeed.

For reason you mention, I have stripped out the work-in-progress, natural language dialog and face-recognition aspects of Texai from the code that I am committing to GitHub for TexaiCoin. When I talk with coin developers at the Hasher's United conference in Las Vegas next month, I will be talking about a multi-agent software system which can cooperate to mine coins with no effort and still be as secure as Bitcoin.

My approach to artificial general intelligence is to follow Alan Turing's advice back in 1950, which is to create a system capable of being taught skills and then to teach it. My implementation uses the robotic-inspired architecture described by James Albus, in which his hierarchical control network of software agents has been elaborated by me to model a human organization. For TexaiCoin, I have 27 simple agents which cooperate and will check each other to operate an altcoin network with no trusted third parties.

I could have implemented these agents for TexaiCoin using any one of several agent frameworks, but it was the security aspects that motivated me to repurpose my existing AI code. Concerned about the need to ensure Friendly AI in a distributed network operated by anyone downloading the code, I designed the AI code years ago to be secure against intruders and hackers. I incorporated X.509 certificates for that purpose. Currently, I plan to use tamper-evident logs and remote attestation to strengthen Texai against attackers.

I will be able to market TexaiCoin as having genuine artificial intelligence, thus helping this altcoin and its innovations to be distinguished from other thousand-plus altcoins. I do not plan to say much initially about the OpenCyc knowledge base that is part of each deployed container.

TexaiCoin ideally will become a platform upon which third-party developers can add vetted skilled agents, and receive payment in TexaiCoin for the benefits gained by the collective infrastructure, or from the proceeds of services for sale, e.g. an API. I will start with the document timestamp service as a demonstration.

I will add a high level goal to the system to pursue self-improvement, e.g. to increase revenue and coin value via tasks performed by paid developers. Humans will be able to perform tasks specified in the same manner as for software agents, but with a secure web form or secure email as the communication channel. I think that the system paying one person to perform the task, and paying two non-affiliated others to check the work should be safe.

Thanks for the help, Scumby!

I wanted to offer a document timestamping API which would not necessarily be evidence in a court of law but would provide a distributed, robust service implemented with micropayments. This is an excellent implementation suggestion for this skill, which is required by the nomadic mint which timestamps incoming transactions. I would then be easy to expose this skill as a money-making microservice API. Apparently the Bouncy Castle cryptography library I use has a time stamp protocol server that I will evaluate.

Keyless Signature Infrastructure is interesting. I understand Merkle trees and this is similar. I will stay with self-signed X.509 certificates for identification, digital signatures for messages, and message channel encryption.

I did not see the interview, but be careful to distinguish between side-chains and tree-chains. The former is a method of funding a new crytpocurrency from sequested bitcoins. A side chain is not mined rather it gets its value from the sequestered bitcoins. The sidechain is a public ledger but is not the bitcoin blockchain and can accept different sorts of transactions that does bitcoin. A tree chain is a method of mining bitcoins such that attacks are more difficult. Tree chains use the bitcoin blockchain and no other. Peter Todd is most interested in tree chains. Adam Back is most interested in side chains. Both ideas require changes to Bitcoin Core and those developers are conservative with regard to radical changes unless their paid staffing increases - I think.

Accelerating Bitcoin’s Transaction Processing, Fast Money Grows on Trees, Not Chains

I would wait until the next bubble peak to adjust the model, or 2015 whichever is first. The left end of the logistic function is constrained to fit through the first recorded price. The right end of the model, I try to fit so that the recent variation is balanced above and below the line. If I were to fit the line today, I would balance the current price against the peak last November, and the trend line would likely pass through the low price in April 2014.

Thanks to all of you for watching this model unfold.

Here is the chart of adjusted number of bitcoin transactions. I chose a two-year duration, with seven day smoothing, and with a log scale. Note that the current value is now higher than all but a few days at the November 2013 peak. Should this trend in transaction volume continue, I expect that bitcoin prices will rise also.

Here is the chart from Blockchain.info showing the Number of transactions excluding popular addresses. It is for a two-year duration, with a log scale, and includes the data points. Note that the latest value is higher than any preceding point except for a few days at the peak last November. Should this data series continue to climb, I expect that bitcoin prices will also move upwards, perhaps within a couple of months.

Here is the one-week resolution chart for Litecoin vs Yuan from the liquid OKCoin exchange. Note that the rightmost candle, which just started its week, is relatively close to the resistance line that I drew from the December 2013 peak. It would be notable if LTC punches up through this trendline as did Dogecoin recently.

Here is the one-week resolution chart for Dogecoin vs CNY as presented by Bitcoin Wisdom. Note the strong upwards breakout from the bubble collapse resistance trendline that I drew from the January peak. Merged mining with Litecoin appears to have convinced speculators that the risk of a 51% attack has greatly diminished.

Thanks! This thread has numerous nuggets of wisdom for cryptocurrency developers.

My latest thinking is a coin with the same parameters as Bitcoin. Verified turn-taking replaces proof-of-work. Block rewards are shared among high-availability full node operators, who must join the Bitcoin foundation, ultimately as voting members, or local equivalent in order to support Bitcoin Core developers.

Here is the link to the academic reference used in my white paper: Remote Attestation on Program Execution . Essentially, the idea is to embed digital signatures of the log's hash to that point by attesting remote peers into a given peer's own log. The researchers call this technique entanglement, but I understood it more readily as peer-notarized logs that prove whether or not a particular log has been tampered with.


As a result of my rewarding conversation with CIYAM above, I recently decided to have each node operator be their own certificate authority. My scheme does not rely on a chain of trust from a central certificate authority, indeed I want to preserve that part of the Satoshi Social Contract which says there are no trusted third parties in Bitcoin. I need X.509 certificates to identify a peer solely by their published public key, and to encrypt traffic between nodes via TLS 1.2.  I do not need a chain of trust to tie a real name and address to the system nor to the certificate holder.

There is a security concept called Trust On First Use (TOFU), which allows peers to record received self-signed certificates and trust them from that point forward. That is a relatively weak method which I plan to eventually augment by providing an easy to use method of emailing peer self-signed certificates from the peer to an archiving Texai software agent before first use. To identify a peer in the Texai network, I would  use the certificate, which cannot be forged due to the public/private key math, together with the IP address of the peer and to use encrypted email for out-of-band communication with the peer. For example a peer operator should receive a periodic digitally signed email from the system detailing their fair share of the  mining reward paid to their supplied address. This manual oversight by the operator precludes man-in-the-middle attacks that would divert the reward to another address.

Sybil attacks may occur in Satoshi's Bitcoin . . .

Weaknesses


Full nodes in Satoshi's bitcoin identify themselves only by IP address. In the Texai network, that weak identity is strongly augmented by X.509 certificates. Software agents keep track of the uptime and verified good behavior of the network nodes.

Satoshi's proof-of-work method makes it hard for an attacker to obtain 51% of the hashing power to attack the network. I plan for the occasional voting among Texai peers to be weighted according to respective peer stakes and each such vote shall be paid for by the system in proportion to the stake. Thus an attacker would have to obtain 51% of the aggregate stake, which has been proven to be more expensive for the attacker than obtaining 51% of the hashing power in a proof-of-work coin. To my knowledge, no proof-of-stake coin has been compromised in a 51% attack, in comparison ...

List of Historical 51% Attacks on Altcoins

I am working on the minimal set of Texai software agents that will operate a bitcoind instance on my Ubuntu laptop for hallway demonstration at the Hashers United Conference to be held in Las Vegas in October.

Meanwhile, I learned about the Raft distributed consensus algorithm that provides an off-the-shelf solution to how to robustly select the mint agent from among the set of candidate peers. There is an implementation in Java at GitHub that I linked in the OP. And here is an animated illustration of the algorithm as prepared by Ben Johnson ...

http://thesecretlivesofdata.com/raft/

This algorithm is robust against failing nodes and partitioned networks, but not against byzantime, e.g. malicious peers. I will handle the latter using Nick Szabo's method of remote attestation of peer behavior by inspecting their respective tamper-evident log files.

I was not aware that Dan will be at this conference. Awesome. Good that the conference organizers are reaching out to altcoins and treating cryptocurrency infrastructure provisioning and operation as an industry segment, e.g. at current prices, bitcoin mining revenue is $1.7 million daily.

I shared ideas with Dan a few months ago and look forward to meeting him in person as well as Charlie Lee (Litecoin), Phil Mayer (Mastercoin), Poramin Insom (Vertcoin) and Vitalik Buterin (Ethereum).

Whitepaper: Bitcoin Cooperative Proof-of-Stake Stephen Reed

Note that the May 2013 whitepaper above describes a hard fork of bitcoin. That cannot possibly happen unless TexaiCoin is successful and subsequently convinces the Bitcoin community that a good alternative exists for the current industrial mining method. Furthermore, the current approach is not proof-of-stake. Now the block rewards are used to pay for network infrastructure, developers and community support, e. g. through institutions such as the Bitcoin Foundation.

I will briefly speak, describing my approach, at the Hashers United Conference in Las Vegas next month on the mining algorithms panel.

I wrote a whitepaper back in May describing a simple solution to this problem that also has the advantage of providing instant acceptance of transactions. One nomadic mint agent creates the new blocks on a non-branching blockchain. Peers verify the result and copy new blocks to their own copies of the canonical blockchain. A single writer to the immutable blockchain should be very fast. Full nodes share the block rewards without proof-of-work mining effort. Fewer than one hundred lines of code are modified in Bitcoin Core, provided that suitable software agents operate the distributed network.

All core devs I speak to are skeptical, but some encourage my project anyway to see if there is a better way than Satoshi's proof-of-work.

NFC bitcoin payment applications from mobile devices will likely be paid for, directly or indirectly, by the merchant. Even considering the cost of currency exchange, BitPay, for example, is less expensive for merchants than say Visa. Once a tipping point is reached after which merchants prefer to retain bitcoin revenue to pay some of their own expenses with bitcoin, then exchange to fiat is not required.

I will not be performing remote attestation at the BIOS and kernel level until such time as the project is successful enough to employ a specialist.

TrouSerS FAQ

Rather, my approach is to perform remote attestation at the application level. Peers inspect each other's tamper-evident logs verifying expected good behavior and detecting faults.


The Texai system works as you describe it as each node has an X.509 certificate. The system has a self-signed root certificate and is its own certificate authority. De-centralized Intermediate certificates are used to create the end-entity certificates for the nodes/roles. These intermediate certificates are widely distributed in the system. Each node has a copy of the root certificate, but not its private key.


Note that Bitcoin Core allows TLS and X.509 certificates already for RPC calls and for the new Payment Protocol. Texai does not need certificates for nodes to ensure third-party verification of the association of a public key with either a web domain name nor an operator's real name. The certificate is used to contain and publish the public key and to permit TLS authorization and encryption of the network traffic. Each operator, indeed each communicating role in the network has a unique UUID that is its identity. The certificate guarantees that whoever uses it has the private key in their possession. I believe that each user could hypothetically create a self-signed certificate and the Texai system would still work OK.

When generating x509 version 3 certificates I use RSA with a key length of 3072 bits and SHA256 with RSA as the signature algorithm. This works on Java 1.8 with the high encryption strength policy enabled, and also works to encrypt websocket traffic to Android and IOS clients. As certificate validation is entirely in my control, e.g at both endpoints of a TLS version 1.2 connection and with all the entries of the certificate available, I believe that the Texai network is resistant to Sybil attacks.

5000 posts is a lot of man hours. I have written only about 1200 and been logged in 26 days, 23 hours and 27 minutes since 2010. Wow.

In your position I would follow the advice given to effectively deactivate your own account by faking the email and randomly changing the password.

Regards and best wishes on your projects!

-Steve

Correct me if I am wrong, but unique change addresses have been used for a while with the bitcoin-qt wallet to help preserve anonymity. The rise in popularity of a particular wallet indicates some sort of economic progress, minimally an improvement in ease of use.

Metcalfe's Law, as interpreted in the context of the Bitcoin network, says that the network is more valuable to each user as more nodes are added. Accordingly, the network now with more SPV client users is more valuable to bitcoin purchasers than was the same network back in April at $339 on Bitstamp.

Do you rent your lodging now? Just curious.

The number of unique daily addresses used does measure a degree of economic activity, making it a fundamental measurement rather than a technical trading measurement. The amount of new money coming in is unfortunately proprietary information kept by exchanges.

The importance of the two fundamental indicators of adjusted transaction quantity and daily unique addresses, as calculated by Blockchain.info, is that there is a good fit between the square of these fundamental indicators and the bitcoin price. We may be witnessing Metcalfe's Law of network effects unfolding before us. Thanks to Peter R whose charts appear here.

And by the way, you might explain whether you are serious about your byline "Sell your house to short BTC". Short position margin calls at Bitfinex could be ruinous if you are all-in.