I am looking at https://en.bitcoin.it/wiki/Weaknesses#Attacker_has_a_lot_of_computing_power. Are you saying that


is not possible?

Completely agree that it's the longest valid chain that wins. But it is not always possible to know if a selfish transaction is invalid. The validity rules embedded in the software can check for some invalid situations but not for every possible invalid situation. If validity rules were able to check for every invalid situation there would be no 51% attack (https://www.investopedia.com/terms/1/51-attack.asp).


Note the use of may purely for that reason 

Let's take example of Bitcoin. Assume all nodes of Bitcoin network go offline for some reason. Now assume an adversary (a party who wants to do harm to Bitcoin) detects the situation and starts mining blocks. Since no one else is mining at that time, the adversary can create selfish (illegal) transactions and include them in his/her blocks. If he is able to build many such blocks on top of each other, when the parties start getting back online, they may have to accept those blocks with selfish transactions (since the longest chain wins). If those blocks are accepted, the adversary has been able to successfully do illegal transactions.

While the answer depends on the exact consensus protocol used by the blockchain, one can expect the following:
1. No transaction will be recorded while all nodes are offline.
2. Previous transactions (in the last few blocks) will not be finalized for longer period if ever.
3. An adversary may be able to gain control of the blockchain with less effort/resources than usual.

The answer depends upon
1. If the offline event is caused by network outage, then the blockchain will likely resume operation when the connectivity is restored.
2. If the nodes have lost interest in the blockchain, it may never come back to life.

I find PyEthereum https://github.com/ethereum/pyethereum to be a great learning resource. Here's why

1. Written in Python which is a lot more readable than C++/OCaml etc
2. It is a real thing - not just a demo app
3. Large amount of Ethereum documentation helps explain many of the concepts used there

Good luck.

Does the client you modified have tests? If yes, run all the tests. If the tests have any good coverage, there should be some failures. That will help you isolate the problem.

Unfortunately, many blockchains are shortchanging the development process by not building a full set of tests with high code coverage. In that case, manual debugging is your only option.

This also might help https://product.hubspot.com/blog/git-and-github-tutorial-for-beginners

Hello Paul,


Yes, it does require that genesis block allocates stake to one or more parties.



Stakes (or stake changes) in any block affect decision process in forks containing that block only, not sibling forks.

A - B0 - C0 - D0
  \ B1 - C1 

Assuming B0/C0/D0 is the "honest" fork and B1/C1 is an adversarial attempt to a long-range revision attack, any stake changes in B1 and C1 do not affect decision process on the fork B0/C0 etc. Stakes for the decision process are calculated just before each block for that specific fork. More details are in Section 3.3.1 of the paper.



By "approval" I meant "approval-message" (Section 2.2.14) where stakeholders rank valid blocks in order of their own preference. Each stakeholder always ranks his/her own block on the top. The question then boils down to whether each stakeholder would approve only his/her block and no other block (approval-message contains a single block header). In that scenario (assuming no single stakeholder has a quorum stake), the blockchain fails resulting in a negative impact on the stakeholders.

In another scenario, some stakeholders may only approve their own blocks in an attempt to tilt the winning chances in their own favor. This is a real possibility. A possible mechanism to deter such an "attack" is to simply "blacklist" such stakeholders temporarily. An honest stakeholder can tell within a few blocks with certainty if another stakeholder is not approving his/her valid blocks. Blacklisting them temporarily for 2x the blocks they failed to approve may work. But they should not be blacklisted permanently since this is likely to result in all stakeholders being blacklisted permanently by other stakeholders.

This deterrence algorithm along with "approval scoring function" (2.2.15) need to be defined for a blockchain implementation.

Regards,
Shunsai

Devx,

Whole night! You are working harder than I did! Really appreciate it!

Shunsai

Hello Cellard,

While "better" is just tongue-in-cheek designed to attract attention, the consensus protocol itself is serious.  

Like many others, I am a huge fan of Satoshi Nakamoto's work. But that doesn't mean it's the final word in that category. In science, it rarely is. Isaac Newton's wonderful work paved way to Albert Einstein's work and others are sure to follow.

Also totally agree that protocol's have made many claims in past, most turning out to be false. While some of it may have been ill-intentioned, I do believe that the majority has been just the scientific process - theory followed by either proof or disproof.

As you said, a protocol does need to be "through hell and back" because any success will invite attacks from all angles. My purpose here is just the first step--peer review. I am looking for flaws in the protocol that I haven't been able to think of. And I do want readers to be skeptic - it's better to find flaws sooner than later. If it does turn out that the protocol has merits, the next steps of implementation and validation will follow.

Thanks,
Shunsai

Hello Anti-Cen,

Thank you for taking time to review this work and providing very valuable feedback and suggestions. I do see scaling to be the key challenge for blockchains and similar technologies.

My day job relates to databases and microservices. Many of the concerns of databases also apply to blockchains. In order for blockchains to be successful, they not only have to store a lot of data fast but also be able to read any stored data (like a needle in a haystack) very fast. Blockchain data structures are not naturally conducive to fast readability.

Proof-of-Approval, like many others, needs to define

1. Data structures that support fast write and read performances without sacrificing security
2. Parallelize the node tasks in order make computational and storage needs manageable
3. Achieve the above 2 and have the code be well designed for correctness and maintainability


Thanks,
Shunsai

Hello Paul,

I appreciate your kind words and your taking time to review this work. Please see rest of my comments inline.


'Permissionless' is an extremely important attribute, especially for the growth aspects of a blockchain and Proof-of-Approval is in fact permissionless. Proof-of-Approval does not require any stake to create blocks, but it does require approvals from parties holding a quorum (>50%) stake. If a party has 0 stake, it's block needs approval from others totaling a quorum stake (>50%). On the other hand, if a party has 10% stake, it's block needs approval from others totaling a quorum stake minus its own stake (>40%). PoS applies for approvals and not for block creation or winning rewards.



Consensus mechanism is based on signed approval messages that are stored in the blockchain to deter long-range attacks. Also note that the approving stake is at the current timeslot, not something in the past. Let's consider a couple of scenarios here.

1. An adversary attempts to create a block n blocks in the past. In order to successfully fork from n block in the past, the adversary needs signed approval, in that timestamp, from >50% stakeholders for every block since the n-blocks in past (blocks -n, -n+1, -n+2...).

2. Past >50% stakeholders (n blocks ago) sell off all their stake and turn adversarial (but current >50% stakeholders are still honest). Again, in order to successfully fork from n blocks ago, they need signed approvals for every block in the past (blocks -n, -n+1, -n+2...). While they may be able to approve some blocks when they did hold > 50% stake, as their stake goes down, they need other parties to approve their more recent blocks. In order to get the newest block approved, they would need adversarial stake > 50% in the present.



As stated above, a party with no stake requires approvals with other parties that can form a quorum. While it is harder to achieve than another party holding a large amount of stake but is definitely achievable.



Yes, Pareto distribution does present centralization concerns just like mining pools for bitcoins. There does not seem to be a known solution for it yet.


I believe it is the same as the scenario 2 described above.

Thanks again.
Shunsai

Hello,

Looking for some feedback on a protocol that I have been working on.

Article describing it https://medium.com/@shunsai.takahashi/proof-of-approval-a-better-blockchain-consensus-protocol-b19a55dc331b

Full technical paper - https://github.com/Takanium/doc/blob/bf8f7934bac20d4ce15d8b611cc3525e18618651/research/proof-of-approval.pdf

Comparison with other protocols:


Other comparisons
1. With 2-hop chain Post#25 of this thread https://bitcointalk.org/index.php?topic=3125137.msg33082148#msg33082148
2. With Tendermint Post #35 of this thread https://bitcointalk.org/index.php?topic=3125137.msg33559358#msg33559358


Thanks,
Shunsai

Hello,

Looking for some feedback on a protocol that I have been working on.

Article describing it https://medium.com/@shunsai.takahashi/proof-of-approval-a-better-blockchain-consensus-protocol-b19a55dc331b

Full technical paper - https://www.academia.edu/36075801/Proof-of-Approval_A_Distributed_Consensus_Protocol_for_Blockchains

Comparison with other protocols:



Thanks,
Shunsai