Bitcoin Forum
May 24, 2024, 02:22:51 AM *
News: Latest Bitcoin Core release: 27.0 [Torrent]
 
  Home Help Search Login Register More  
  Show Posts
Pages: « 1 2 3 4 [5] 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 ... 184 »
81  Bitcoin / Development & Technical Discussion / Re: Proof of Stake Bitcoin? on: February 01, 2018, 10:20:13 AM
There isn't a way to achieve one without it. Without a profit motive, the rational behaviour to maimise gains is to attack the system, this is the opposite of a nash equilibrium.

You cannot attack a system that doesn't rewind.  But for that, you simply need online presence, or trust other online presence not to wind back.  It is much much easier to assume that there will be online systems that don't rewind, or remain online yourself, than to want to reach a Nash equilibrium with "offline rules".  There's no long-term Nash equilibrium to be reached if decisions are never rewound.  The only attack possible would consist in a "sustained split of the internet".

The unneeded difficulties caused is that one wants to prove in a trustless way to an offline participant that the consensus decision has to be unique.  That is devoid of any real-world meaning as I tried to explain.  In practice, nobody does so for anything else.  If I'm online, and I just record the successive online hashes of successive consensus decisions published by half-trusted peers, I don't need any proxy of past time (I was there) and I won't rewind (I know the hashes of consensus).  As my attacker cannot know what different peers I check, he cannot present me any consistent alternative history, even if I leave my online presence for a short while.  And that goes for most participants.  I can find them later, because they have unique keys, somewhat akin to a web of trust with mutually signed public PGP keys.  When using the network, I will learn about more and more network nodes, and learn to half-trust them.  Some will go, some will come.  I will regularly check their histories with mine (we will in any case all be voting over the last consensus when we are online).  It would be extremely difficult, for an attacker, to convince me of another history even if I were offline for a while.  And if I got tricked because I'm offline, my fault.  Let the attacker win.

Quote
Quote
They can only tell the difference because they trust or were online.  They have to trust the signatures of the "true" rule manifest (usually a piece of software).

No, they don't need to do anything. Their client, which can be offline, then online, will always know whether it is being presented with a candidate blockchain on the right hard fork, in the right blockchain.

You seem to be suggesting that the attack vector is to convince someone who's never had a bitcoin, or ethereum client before to install an impostor client. This is a social engineering attack, not a technical one.

Absolutely not.  As that agent who doesn't trust anyone cannot distinguish between both and doesn't trust any digital signature, how is he to make the difference ?  He won't believe the name "bitcoin core" (obviously).  He won't believe the name "ethereum".  He won't believe anything signed or published.  There is no such thing as "imposter" in a trustless system.    He will only cryptographically find out that some ledger includes more proof of economic waste than the other.    He will only find suggestions in software "out there" that seems to work with certain ledgers, and not with others.  He can establish that some ledgers contain "remarkable results".

I don't have to tell you that when you have a pair of numbers, one of which is the pre-image through hashcash of a near-zero number, that that pair of numbers is remarkable.  I can suggest you to look at that pair of numbers with different hash functions, and if you find out that the hashcash function maps one of the numbers on a very small number, that in itself is a remarkable feat.  In as much as you can establish yourself that the hashcash function is not reversible, and in as much as you can figure out yourself how much electronics and electricity it would take to find that remarkable pair, you can estimate how much wasted economical effort went into this, without having to know in advance that you should look at "hashcash".  

So you simply find ledgers.  You have no client.  But you find different clients on the internet.  You don't trust their authors.  But you see that some ledgers you find, "work" with some clients, and not with others. You can easily map untrusted ledgers to untrusted clients.  Through analysis of these clients, you realize that some ledgers contain "remarkable pair of numbers".  You can estimate the relative efforts that have been wasted to find those.  From that, you determine the highest-PoW ledger, and automatically, the client that goes with it.

If it turns out that amongst all untrusted ledgers you found, the one with the most remarkable pair of numbers, was the ethereum chain, and you found that the untrusted ethereum client "worked" with it, then that must be the right ledger and client.

The absolute trustless cryptographic unique signature is the discovery of that document (ledger) that contains that remarkable couple of numbers that has needed most economic effort wasted to find it.  In order to find out how remarkable it is (and hence, how much effort was wasted on it to find it), you can use untrusted SUGGESTIONS, but you don't have to trust them.  The document is moreover sufficiently complex to allow you to discover, amongst all possible suggestions, the only pieces of code that actually work with the uniquely tagged ledger of maximum waste.  That must be the "rule set" then, the right "client".
82  Bitcoin / Bitcoin Discussion / Re: Who is Satoshi Nakamoto? on: February 01, 2018, 09:54:13 AM
He is the creator of bitcoin, someone intelligent and seem to have the appropriate expertise as an expert on Cryptography.

There's one evident cryptographic foolishness in bitcoin's original proposal that makes me think Satoshi cannot be a brilliant cryptographer.  In the original bitcoin protocol, even though Satoshi explained correctly that Elliptic Curve signatures are much more compact in bytes than the equivalent RSA style signatures, he nevertheless makes people sign by giving their FULL public key AND their signature.  Now, any good cryptographer knows that you can restore the full public key in ECC from half of it (plus one bit).  There was no reason to waste half of the room with the full key.
(technically, the full key is a pair of numbers (x,y).  But if you know x, there are only two y possible: y1 and y2, which are easily calculable.  If you want to be compact, you only transmit x and one bit - but even that is not needed, because we know the hash of the full key (in the previous output we're spending.  If you just give x, you calculate y1, you see if the hash fits.  If it does, it is (x,y1).  If not, you calculate the other y2, you see if the hash fits.  If it does, it is (x,y2).  If not, the public key is not the right one).
Every professional cryptographer, and certainly Nick Szabo, knows that.  There's strictly no need to waste block chain space by giving x and y.  You waste 32 bytes for nothing.  But even more.  If you give an ECC signature, and you know the original signed document, you can DERIVE the public key from the document that was signed and the signature.  So there is not even a reason to publish the key: you can derive it from the signature.  Another 32 bytes wasted.  Nick Szabo knows this.  He wouldn't have wasted 64 bytes for nothing on the block chain for every input, claiming he wanted to make it compact.

83  Bitcoin / Bitcoin Discussion / Re: Who is Satoshi Nakamoto? on: February 01, 2018, 09:35:48 AM
I defo think if it was not Hal Finney then since he did Recive the first transaction then he may know exactly who (bless his soul) / developed bitcoin with the real satoshi (I don’t think that is / was dorian)


You never transacted to yourself ?
84  Bitcoin / Development & Technical Discussion / Re: Proof of Stake Bitcoin? on: February 01, 2018, 09:27:22 AM
The power law of economics says that anything which has a profit motive will centralise. But, there is no other way (yet discovered) to achieve a nash equilibrium than establishing a profit motive, so we're stuck with it.

This is the error: there's no *monetary* profit motive necessary to get a Nash equilibrium.  As you say, monetary profit centralizes by economies of scale which result, as you say, in a power law distribution.   There's no reason to motivate people to participate in consensus.  They can.  They don't have to.  If they don't, they accept others to vote in their place.  If that goes "wrong", their problem.   The motivation is to keep your share, or to risk that others will push you out of the consensus.  If that happens, too bad for you.  You weren't there.  You've lost your stash because you failed to be online ?  Your problem, not mine.  So, fear of missing consensus is a good motivation.

Quote
Are you honestly saying that the LCR rule doesn't distinguish between blockchains? Obviously it only functions within a single blockchain and yes, clients can tell the difference between an ethereum chain and a bitcoin one.

They can only tell the difference because they trust or were online.  They have to trust the signatures of the "true" rule manifest (usually a piece of software).

If there's a Martian visiting earth, how is that Martian going to know what is the true bitcoin block chain if he's not going to trust anyone and never was online before ?  He'll look at all block chains around, and find the one with the highest PoW in economic waste.  "that must the unique true consensus document".  From the moment you require OTHER extra rules, as I said, you have to trust those who said it were the right rules, or you must have been there when they were established, or you must trust someone that was there when they were established.

If someone saw bitcoin's protocol in early 2010, left for Jupiter for 8 years and came back, and imagine that BCH has more PoW, he would say that the true bitcoin ledger is BCH, and BTC is a tentative to fraud.

If someone had seen just Satoshi's paper in 2008, only remembering "maximum PoW", left for Saturn, and came back, realizing that rules may have changed completely, and ethereum would prove more PoW, he'd say that the only true ledger is the ethereum ledger, and all the rest is fraud.

In order to "know" that it isn't so, he will have to use and trust recent online information, or they "had to be there".

Other example.  Suppose that earth is hit by a catastrophe and for 500 years, we're back in the middle ages, even though the legend of bitcoin is orally transmitted.  500 years from now, technology is again developed, and some people go to look after that Satoshi of the Round Table and his trustless Ledger, some ledgers are finally discovered.  Which one is the "true" one ?  If the rule "maximum PoW" is recognized as the sole unique totally trustless rule, if ever the ethereum chain has more PoW to it, it will be said that it was bitcoin.

Finally "trustlessness and money" is an oxymoron. Money is about belief in value.  If you don't trust anyone, you don't believe that others believe in money.
85  Bitcoin / Bitcoin Discussion / Re: Who is Satoshi Nakamoto? on: February 01, 2018, 08:16:36 AM
Mine is that it was John Nash   Roll Eyes

I don't believe that, because Nash wouldn't have invented a non-ideal money.  Nash would never have written the following;

http://satoshi.nakamotoinstitute.org/posts/bitcointalk/65/

Nash ideal money has constant value.

I tend to think that Satoshi Nakamoto is, well, Dorian Satoshi Nakamoto.  But maybe Hal Finey was "holding his hand".  The best way to hide is in open daylight.  When I learned that Dorian lived near Hal Finey, that both of them were libertarians, it seems obvious to me.  How the hell do you invent a name such as Satoshi Nakamoto ?  I've thought for a while that it was Dave Kleiman, but I don't think it fits after all.  Dave's life dream was to work for law enforcement, go figure.  When Satoshi started out, he couldn't know how it would go.  There was no reason to be anonymous.  If it failed, but inspired others, he would not have the honour of having contributed something.  Nick Szabo and others never hid behind an anonymous pseudo.  If you've simply an idea, why would you use a name of a real living person, and not an avatar like "truemoneyguy" or something ?  

You need a figure that is a profound libertarian, someone with some limited understanding of monetary economics (that's why it cannot be Nash), someone that is not necessary a cryptographer, but has knowledge about cryptography (Satoshi put together existing schemes, some of which are less than rational, for which a professional cryptographer wouldn't fall - which is why it cannot be Szabo) and is an amateur programmer but not a professional (his code was quite "amateur" even though functional).  Of course, what I'm writing is blasphemy in the ears of true believers for which Satoshi is a god and genius, but he truly wasn't - unless he was full of deceit.   True, it was a bright guy (or girl or group).  But he was also profoundly wrong on different aspects in as much as he was sincere.  These errors couldn't be made by other candidates, because they knew better.  I'm inclined to think that Hal Finey has a much bigger role in this thing than he told us.

Right now, nobody can admit to be Satoshi, without exposing one-self to huge danger.  Imagine that people know that you may have the secret keys to 20 billion dollars or more.  You would be extremely exposed to danger, and you would put all your relatives at danger too.  Who wouldn't hijack your wife, children, .... in return for a transaction ?  Worse, imagine you don't have the keys any more !  You cannot prove that !   Hijackers would kill your kids and there's nothing you can do about it.

86  Bitcoin / Bitcoin Discussion / Re: Bitcoin is garbage. on: February 01, 2018, 07:08:38 AM
Fees hitting $55 per transaction killed the goose that laid the golden egg because the miners got too greedy and the greed is far from
over since they are the ones running hubs on the lightning network that charge fees and interest on BTC need

Actually, this is the "fake news" that has been spread.  In reality, the miner consortium is the consortium that pushed hard for BCH,with bigger blocks and smaller fees, EXACTLY because they knew it would kill their golden goose and they had a lot of hardware stake in it.  And BCH was accused of being "a Chinese miner consortium attack on bitcoin" in a completely bogus narrative that worked.

In reality, the miners tried to save bitcoin, and a totally different group killed the golden goose with a deceptive narrative.

The deceptive narrative was:

1) the lie that bitcoin needed many full nodes for "decentralization" (even though Satoshi designed bitcoin to RESIST a sybil attack by many nodes, and introduced proof of work exactly for that reason), and that "big blocks" would kill "many full nodes".

2) that 1 MB was largely enough but that bitcoin was a victim of evil spam by "the miner consortium" (even though, if you look at the evolution of block size on blockchain.info, it was clear that we were hitting the 1 MB limit for real).

3) that in any case, the 1MB limit was a hard limit in the protocol, and that a hard fork would be the end of the world, too dangerous.

And who was at the origin of that deceptive narrative ?  The inventors of the Lightning Network.   The Lightning network can only work, if fees are high and people keep their computers running.  If fees on the block chain are low, nobody will go through the hassle of the LN.  One has to be convinced that the direct block chain transactions don't work, before one is even going to consider using this second layer.  Also, in order for the LN to work well, people need to be trained to "keep their PC running all the time".  Otherwise, it doesn't work.  So the narrative of the necessity of many full nodes was also a good story here.

Now, miners have high stakes in bitcoin, through their hardware investment.  The inventors of the LN, none.  Miners like fees, but they like even more  a high bitcoin market price, because they are mainly still paid by block reward.  The inventors of the LN don't care about bitcoin's market price.  They are financed to get their LN working, and it can't work if the block chain transactions work well.  

This is why they needed a narrative that will get the block chain congested with high fees and little room.  Satoshi's mistake in 2010 of programming a 1MB limit was leveraged to a holy principle to do this, with 2 bogus reasons: the need of many full nodes, and the fear of a hard fork.  And their narrative to put the fault on exactly their detractors worked well.

Lies and deception.  Works amazingly well.
87  Bitcoin / Development & Technical Discussion / Re: Proof of Stake Bitcoin? on: February 01, 2018, 05:41:51 AM
The justification is asymptoticly secure, trustless, decentralisation. Take it or leave it.


Well, it fails on decentralization already, and "asymptotically" means wasting more than half of human's resources.  
It is true that it solves trustless UNIQUENESS if we waste more than half of humanity's resources.  But it doesn't even guarantee that that unique document has been made according to the rules.  You cannot have it both ways: if the document is unique, you have to accept it.  You cannot put another requirement, because it is unique.  If you can put another requirement to select amongst possible candidates, obviously, it is not going to be unique.  So PoW only proves trustless uniqueness if that's the sole condition.
If tomorrow, the single entity that has more than half of world's power, decides to produce a unique document with the most PoW that has entirely different rules than bitcoin, you still have to accept it as the "unique true consensus".  Like I said, if ever it is the ethereum block chain, you would have to accept that bitcoin is now ethereum, and your bitcoin addresses are worthless.

Because if you are presented with different block chains, and the ethereum block chain contains more proof of economic waste than what people used to call the bitcoin block chain, according to your rule, you have to accept the ethereum block chain as the sole true consensus document ; if it contains a proof that more than half of human's resources have been wasted on it, you know that there cannot be any other such document around, and you have your unique consensus.  Too bad your addresses of your coins don't work on it.

If you are going to say: it is the highest PoW chain "within a certain set of documents that satisfy other rules" then you have the ambiguity from the moment there are forks.  Suppose that BCH overtakes the BTC chain.  Is bitcoin then from one day to another BCH, and should we reject BTC as a false document ?  No, of course not.  They are different crypto currencies.

The foolishness of uniqueness of PoW breaks down entirely when there's a crypto currency market.  Because there's no such thing as uniqueness.
88  Bitcoin / Development & Technical Discussion / Re: Proof of Stake Bitcoin? on: February 01, 2018, 05:14:38 AM
Why do I get the feeling that you and dinofellis are the same person?  Sad

Nope.  Anti-cen has visibly the same relatively critical opinion as I do on PoW, but we're not the same person.  People can be different persons, and share an opinion.  Alas, it is impossible to prove that we're not the same, and the irony is that that's why Satoshi used PoW as a way to try to dismantle Sybils.  We're touching here the fundamental reasons of all these things.

Unfortunately, it didn't work, which is exactly why PoW fails.  It didn't work in the following sense: Satoshi presented PoW as a way to "make sybilling the network" expensive.  He presented PoW in his paper as a way so that each participant (human participant) would have "one vote".  He used "CPU" as a proxy for "human", with the idea that you could cheat a little bit, by using not one, but 10 CPU for instance, and get 10 votes, but if you wanted to have 10 000 votes, that would become quite expensive.  However, in Satoshi's presentation of things, votes didn't need to be EXACTLY right.  What Satoshi needed was that there were SUFFICIENT different voters, even if some had more weight than others ; as long as the majority wouldn't be in the hands of a small colluding club.  Whether Joe had 3 votes or 100 votes didn't matter, if in total there were 1 million votes.  The majority, that is to say, 500 000 votes, would still be distributed over enough different non-colluding entities for the system to acquire trustlessness by decentralization.

Trustlessness by decentralization is the brilliant idea behind bitcoin (which turned out to fail, exactly because PoW failed).  It is the game-theoretical "super-Nash" equilibrium, where the equilibrium is "follow the common set of rules", and where, contrary to a simple Nash equilibrium, which takes potentially a simple collusion of two players to be broken (in the typical example, the Prisoner's Dilemma, if the two prisoners collude, they can leave their Nash equilibrium), in this "super-Nash" equilibrium, it takes a collusion of majority of many, many players to be able to be broken ; which is so impractical to be done, that we can assume that every player stays in the equilibrium (that every player follows the same rule set).  This is the inverse "tragedy of the commons".

Satoshi said that one couldn't count on "different IP addresses" to do so, because it would be quite easy for an attacker to become the single controlling human of a large majority of IP numbers.  That's why "one node one vote" wasn't possible (and this is also why all this nonsense of "decentralization by full nodes" is bullshit: bitcoin was designed not to take this into account!) However, "holding the majority of CPU voting" would be much harder to do, which is why Satoshi presented PoW as a fairly robust way to defend against "having a majority of voting power in the hands of a small clique".

Well, it failed.  PoW IS in the hands of a small clique.  3 entities have majority, to be precise.  You can see it in the hash rate distribution of the mining pools.  Worse: even though we KNOW this now, there's nothing we can do about it.  The "majority vote by CPU" IS now in the hands of a few, and yes, they really do have control over the majority of CPU, even more so than would have been the case with IP numbers.

It is quite funny that Satoshi presented PoW as a way to avoid Sybils in his paper, and nevertheless was able in 2008 to explain that "mining would be left to specialists with farms of specialized hardware".  There's a slight contradiction here, because that is already admitting that his PoW system would not be a good approximation of "one human, one vote" by "one CPU one vote".  It is true that Satoshi seems to have thought that it would nevertheless be "hundreds or thousands" of "specialists", not 10, or 4.  However, that by itself doesn't make sense: the same dynamics (economies of scale) that would bring the "home CPU vote" into the "hands of specialists with farms" would continue to bring together "specialists with farms" into a few big farms.   His position simply doesn't make sense.

The fundamental reason why his "making sybilling the network expensive" didn't make sense, is that in his system, the more you sybil, the higher your costs, but also the higher your rewards !   His explanation that it would, nevertheless, remain profitable to "play by the rules" even if you have majority (that there's no reason to attack the network, while you can profit from your hash rate) is begging the question.  Remember the super-Nash equilibrium.  If you have majority, you DICTATE THE RULES.  Of course you will be following your own, dictated rules !   The error in all this is that if you reward voters, there's no way to remain decentralized, because all difficulties and costs of sybilling are compensated.  However, PoW requires compensation because it generates economic waste by definition.

All this is lies and deception.  This is why it works so well.  Like world religions.  They too, started out often with some good intentions.

I wouldn't mind this, if it weren't so wasteful.
89  Bitcoin / Development & Technical Discussion / Re: Proof of Stake Bitcoin? on: January 31, 2018, 07:21:03 PM
If you're talking about trustlessness, you cannot include hypotheses like this.   After all, this is very well not true, especially when there are possibilities to short bitcoin outside of the system.  It may very well be profitable to kill bitcoin, because, as you say, there's competition in the larger market too.

To use PoS proponents mostly commonly used counter argument to this claim - why would anyone with huge stocks of highly expensive mining hardware risk making all their inventory worthless by carrying out this attack?

Even if they somehow make this a profitable attack, their chances of pulling it off are minimal because they still need to outpace the rest of the world in producing the longest chain.

The point is that if you have to apply this kind of arguments, your system is, in the end, not as secure as you may want to believe, and hence the necessity of its monstrous waste, and even its danger to human economy, not justified.  If we need to risk to blow up human economy to avoid something, that can in fact in principle happen, but of which you argue that the attacker will not be motivated and it will not happen in practice, I call bullshit.  Because PoS like systems are also, for all practical purposes, secure (especially those that are based on on-line no-rewind principles).  In fact, these systems are even more secure for all practical purposes, from the moment that there are sufficient "slightly-to-be-trusted" entities online, because in that case, no attack is even possible.

If it is necessary for a system to waste GW of electricity as its fundamental "security" principle, as compared to systems that can be made as economical as technologically possible, there's no justification for that huge waste, which engenders a lot of OTHER problems, like the power concentration (the centralization of decision).  A PoS system that gets as centralized as bitcoin's PoW structure would economically be useless in any case, because it would mean that the majority of coins are held by just a few participants.  If that's the case, they can play amongst themselves, which is their good right, and the others will leave.  It is then a closed club, and they play their greater-fool game amongst themselves.  If we would be 10 people to possess 99% of a crypto currency, that currency would be worthless in the market.  Well, bitcoin's PoW is for 99% in the hands of 10 deciders.  To have a similar distribution in PoS, 99% of the coins would have to be in the hands of 10 entities, at which point, they can have it.  

Another problem with PoW is that you get a separation between the users/stake holders on one side, and the "consensus industry" on the other.  Users have to ask the consensus industry to please include their transaction, and have to pay that industry.  PoS kind of systems are do-it-yourself systems, where the users decide amongst themselves, with no need for an external industry.

The cost of a PoW system makes the system leak value.  What's wasted on PoW is value extracted from the system.  It is not even a zero-sum game, it is a lossy negative-sum game, because piles of waste have to be bought with inflation and fees.

And all these problems, plus the ecological/economical danger and damage of converting limited resources into huge quantities of waste do not even give us an absolute cryptographic guarantee of security.  In fact, an attack is even provably effective: use 3 times more resources, and you can blow up the system for sure.  There's not even a DOUBT that the attack will work, it will work FOR SURE.

Let us suppose bitcoin at $10 000, and let us suppose current technology, and mining equilibrium, that is: cost of waste = mining reward.  Let us assume total block reward + fees 20 BTC.  Let us assume antminer S9 hardware: 0.1 J/GH, $5000 per 13 TH/s.  Let us assume electricity price $0.1 per KWhr.

20 BTC per block is $200 000 per 10 minutes, is $1.2 M per hour.  It means one has to waste 12 GWhr per hour to arrive at a cost of $1.2M per hour.  If all this were smoked up in electricity, we would need to burn 12 GW.  But of course, hardware needs to be paid too.  We can take it that the life time of hardware is 2 years (I'm nice here: who is still competitive with 2 year old miners ?).  The price of an "antminer-hour" in hardware is hence: 5000/(2*8760) = $0.28  ; the power used in one hour is 1.3 KWhr which is a cost of $0.13.
Running an antminer for an hour hence costs $0.41.  The number of antminers needed hence to waste $1.2 M in electricity and hardware is grossly 3 million.  We need 3 million antminers to be at equilibrium.  We hence have an equilibrium power consumption of about:
4 GW, and a hash rate of about 39 million TH/s (twice the actual rate).

The total hardware investment is hence $15 billion dollars over two years.  Well, with a budget of $45 billion, you can successfully attack bitcoin.  You will have almost 3 times the hash rate, so you can redo the chain 3 times faster than it is advancing, giving you a net factor of 2.  You will have to consume 12 GW for the time of the attack.  Suppose you want to redo the last two months.  That will be scary enough, no ?  All transactions of the last two months erased, what do you think ? Funny idea, no ?  You will have to run for a month to do that.  One month at 12 GW will cost you grossly $0.8 billion in electricity, say $1 billion.

For the price of $46 billion dollars, bitcoin is entirely destroyed.  You publish a higher PoW chain that has totally screwed up the last 3 months, one month from now.  The big peak included in December !  My attack is guaranteed to work.

In reality, cost would be half of that, because bitcoin is now out of equilibrium as we saw.  Hash rate is only 20 million TH/s while equilibrium is 40 million TH/s.  So right now, destroying bitcoin could be done for $23 billion.  Which I can get out of the market by shorting bitcoin.

Now, $46 billion is quite an amount of money, but less than bitcoin's market cap.   I might short $50 billion in the futures market.  There will be a lot of takers of my offer for bitcoin at $20.  My expenses are covered.  But I might get subventions from states, and, most likely, even from climate change actions.  After all, I'm going to blow a big electricity waster to pieces.  This is not an "impossible" attack at all.

The argument that "it most probably won't happen because miner incentive" is very, very, very weak as compared to all the problems it brings.

There is of course something that might save bitcoin from such a devastating blow: people might restore the block chain before the attack was published, .... from a trusted source with a digital signature !  Say, a few Core devs that publish the "correct" block chain tag in an urgency release of the Core code.... mmmm...  maybe digital signatures of trusted entities is not such a bad idea, is it ?  Grin
90  Bitcoin / Development & Technical Discussion / Re: Proof of Stake Bitcoin? on: January 31, 2018, 04:09:07 PM
You don't have to. If you're presented with two candidate blockchains with different genesis blocks, the one you accept is the longer chain of PoW.

So I take it that if ethereum overtakes bitcoin one day, and is still on PoW, you will think that ethereum is bitcoin now because it is a document that proves more PoW ?  And you're quite frustrated that you've been had with former transactions that do not exist on the unique ledger with most PoW ?

And you realize that all this talk on this forum, all the code signed by Core, and all the rest was just a big fraud, and the real bitcoin is made by software from Switzerland ? Or do you nevertheless trust some digital signatures and "old stuff" you've seen when you were on line ?
91  Bitcoin / Development & Technical Discussion / Re: Proof of Stake Bitcoin? on: January 31, 2018, 04:07:14 PM
Because if not, the other half may be used to produce that famous B.   How do you know that in fact, bitmain doesn't have 8 times the amount of mining hardware they have sold on the market, in a secret place somewhere, ready to be switched on to produce a "false" block chain ?  Maybe they get subventions from the Chinese government to screw bitcoin, who knows ?  

We've discussed this before. There is a competition to mine; it is more profitable to mine than it is to sit on mining hardware, therefore you can be pretty sure this isn't the case.

If you're talking about trustlessness, you cannot include hypotheses like this.   After all, this is very well not true, especially when there are possibilities to short bitcoin outside of the system.  It may very well be profitable to kill bitcoin, because, as you say, there's competition in the larger market too.  If bitmain has a long-ranging plan to kill bitcoin (say, because the Chinese gov wants it to and has convincing arguments), it is NOT going to join the competition with its extra hardware, because it would like to take bitcoin by surprise.  And they can even make a big benefit in the market if they know when they will do it.  Game theory arguments with limited game rules are not a solution to trustlessness.  Trustlessness is a lure.  It is a mirage.  It doesn't exist.  From the moment you have to use such arguments, your system is in any case not watertight.  

As such, having hundreds or thousands of "on line consensus spectators" see the consensus arrive, and sign it, and not accepting any form of major "rewind" is a more secure practical way of doing things for much less effort.  If you think that major exchanges all over the world are going to accept a major rewind for instance, together with all online amateur users, exactly when YOU were offline, that's just as improbable.  Because of the same reasons of game theory, benefits and losses.
And we'll not need to waste earth's electricity.

92  Bitcoin / Development & Technical Discussion / Re: Proof of Stake Bitcoin? on: January 31, 2018, 03:27:17 PM
Here's the problem bitcoin's proof of waste tries to solve:

"show me that, amongst X different possible states of consensus, consensus proposal "A" is the unique right one, even if I wasn't there, and even if I don't trust ANYBODY".  Moreover, "show me that just any other entity like me, not trusting anyone, and not having been online when these decisions were made either, will come to the same conclusion that it was A, and not B, even if that other person is presented another collection Y of possible states of consensus.".

That is indeed correct. And, in fact, any consensus design which doesn't have this condition at it's core is utterly pointless, because once you remove any of these conditions, you might as well just use Visa, which is much faster and more widely accepted than any cryptocurrency.

And as I said, the only fully secure proof of that is a proof of waste of more than half of humanity's resources.

Because if not, the other half may be used to produce that famous B.   How do you know that in fact, bitmain doesn't have 8 times the amount of mining hardware they have sold on the market, in a secret place somewhere, ready to be switched on to produce a "false" block chain ?  Maybe they get subventions from the Chinese government to screw bitcoin, who knows ? 

If you tell me "people would see it" then you've shown that *in reality* you are counting on people's past online presence to have "old copies of the block chain".  If you count on old fixed points of the block chain in Core's software, then you'trusting Core's digital signatures.  So the sole proof that is fully secure is if you have a document, a block chain that proves more than half of the worlds' resources wasted on it.  Otherwise, it is not secure and a "B type document" may be made.

But this is entirely idiotic.  After all, how are you going to check that in a trustless way ?
Are you going to build your own silicon foundry and make your own chips by your own design to make your own computer ?  Are you going to write your own operating system and writing your own bitcoin software to verify it ?  Because if not, you're trusting some entity.  You're trusting Intel, your computer OEM, Linus Thorwalds' signature if you install linux (you're not using Windows or Mac, are you ??),  you trust the world's assessments you find on the internet of the world's capacity in electricity, you trust miner hardware specifications, etc...

Hey, how come that you trust the genesis block ?  Because it is written in software that some dudes signed with their signatures on centralized Github ?  Maybe it is not the right one !  Maybe what that piece of software tells you, is actually not the "true" bitcoin block chain !  Who knows !  You trusted Core's signatures ?

So you're not doing something trustless.  If you try, you starve before you get half way.

So wasting humanities resources on a mirage of absolute trustlessness that you can't have in any case, is complete and utter madness.  Good for the asylum.

In reality, you have to trust some entities.  You have to trust some signatures.  You have to trust some functionality.  Blind trust in one entity is not good enough.  But if you can find several indications, at different places, that you have most probably the right data set, that's good enough to be practical.  

For instance, if there are a few hundred resources scattered all over the world that give you the same hash list of block headers, and if you can be online some time and see that some tracks of block headers do correspond to what they publish, that's good enough to have trust that you have the right block chain.  It cannot be 2 or 3 websites.  But if you have a few hundreds of them, and you "know" them by digital signature for a while, you can assume that they are not all "sybils surrounding you".  You start to build your "social cercle" in that environment, you start to know peers.  And after sufficient time, as with real people, you start to put some partial trust in them.  If all of them tell you the same thing independently, then you can accept that as the truth.  Like with everything else: if sufficient sources tell you something, you take it as real.   Because that's the practical compromise between blind trust and the madness of full trustlessness.
93  Economy / Speculation / Re: Bitcoin could drop 80% due to possible tether fraud, experts say on: January 31, 2018, 02:33:01 PM
"Experts" have been saying a lot of things, most of them incredibly stupid.

Have you forgotten already about what the "expert" Mark Williams said in 2013?

Quote
Williams, a former trader and bank examiner for the Federal Reserve, argues that in 2013 the 47 powers coordinated to push prices up. They counted on what economists call Greater Fools. Investors make money when someone is willing to pay a higher price for a security than you did -- Greater Fool Theory states that there is always someone willing to pay a higher price. But Williams sees the broader market wising up to Bitcoin’s limitations and taking back control in 2014.

Quote
As the currency-commodity-technology’s true character comes to light, however, at least one finance expert feels it is set to drop to as low as $10 by the middle of this year.

Of course, as we all know, it never happened.

The only reason Bitcoin could drop %80 is if the idiots believe these news, and unfortunately there are lot of idiots holding bitcoins which do not deserve to hold them, so if they sell and pass it on onto someone smarter that will not panic sell them it will be a good thing.

Tether is irrelevant and only a small amount of the bitcoin economy. Tether isn't backed by real dollars? dollars aren't backed by real money, it's all the same.

Williams, back in 2013, underestimated the amount of greater fools that can be mobilized... and we're counting on still many, many, many more in a few years...

He should know, he was a professional of the greater fool business.  We're not stopping at geeks, or at house fathers.  We want the whole planet finance as greater fools !

94  Economy / Speculation / Re: Bitcoin could drop 80% due to possible tether fraud, experts say on: January 31, 2018, 02:31:30 PM
More and more doubts are being cast regarding Tether being actually backed by real dollars.

Muha !    Cheesy  Bitcoin, the entirely unbacked token to do away with "fiat fraud that is backed by nothing", is at risk because another crypto token, tether, is not entirely backed by real dollars !  ROFL  Grin
95  Bitcoin / Development & Technical Discussion / Re: Proof of Stake Bitcoin? on: January 31, 2018, 01:25:28 PM
Truely trustless, decentralised technologies will always be slower and more wasteful than centralised alternatives, that's a fact I don't dispute.

Wasteful to the point of using up a significant portion of earth's energy ?

The problem PoW tries to solve in bitcoin is bordering on the limit of madness and can indeed only solve it if it wastes provably more than half of human's resources.  As such, it solves a problem that needs not to be solved, because it is self-defying.

Here's the problem bitcoin's proof of waste tries to solve:

"show me that, amongst X different possible states of consensus, consensus proposal "A" is the unique right one, even if I wasn't there, and even if I don't trust ANYBODY".  Moreover, "show me that just any other entity like me, not trusting anyone, and not having been online when these decisions were made either, will come to the same conclusion that it was A, and not B, even if that other person is presented another collection Y of possible states of consensus.  The only condition is that both X and Y do contain the "right" consensus A.".

Bitcoin's PoW system has indeed found a way to solve this entirely idiotic problem: it is that consensus proposal that has shown most proof of waste, and that it is not possible that anyone ever has wasted more than the one that wrote proposal A.

With that rule, I don't need any trust in nothing.  I only need to find a document that is cryptographically linked to the biggest proof of waste, and if that document contains a proof of more waste than half of human's resources, I know that this document is unique. Simply because no other human has ever been capable of making another such document: there weren't sufficient resources on earth to do so.

From the moment that document A contains a HUGE amount of proof of waste, but humanity has still more resources, I cannot be sure that no document B exists that has MORE waste to it ; but if it has been wasting more than half of human's resources, this document must be unique.  There is no other way.

This is indeed, the ultimate solution to the consensus problem, that allows someone that doesn't trust ANYBODY, and HASN'T BEEN THERE during the consensus decision, to know that this is the unique consensus.

Moreover, proof of waste is unique in this respect, because no other cryptographic technique can hold and do the same.  Anything based upon digital signatures will require me to trust the owner(s) of those keys, and by definition, I don't want to.  And if you don't use more than half of human's economic output, you don't really know if some entity didn't put in more proof of waste, to override the "true" consensus.

But this is pure lunacy.  Needing more than half of human's economic output to be able to prove to Joe the Cavemen that doesn't trust anyone and never was online that his ledger is the true one, is silliness to the point of being criminal.

This is why, in practice, you have to relax some of these absolute consensus proof requirements.  And if you bring this down to something much more reasonable, the so-called advantages of proof of waste melt away.   In our society, total trustlessness is ridiculous.   People use devices they didn't design themselves, they didn't check the functioning, they install software they trust, they use name spaces they trust, they use digital signatures of entities they trust....
You cannot base your system on total trustlessness. There is a right balance to be found between cryptographic protections against scammers, and trust you can have.  Otherwise you run into ridiculous and potentially dangerous systems, excluding reasonable solutions on the basis of religious dogmas.

Proof of waste is such a case.

If, however, you relax the condition that consensus must be proven without any form of trust to someone that wasn't there when the decision was taken, you can reach reasonably solid consensus decisions without ANY waste.  That means that you have to accept to be "online" when consensus is reached, OR that you have to accept some form of trust in those that were online when consensus was reached.  This will hurt dogma's, but it is in practice just as workable, and you don't have to use a big part of human's resources to do so: a smart phone can do it.  That trade off is worth while, because in any case, all the rest of our human existence is also needing trust.

Note also that PoW trustlessness doesn't even need decentralization any more.  Indeed, like is almost the case in bitcoin, the consensus DECISION is taken by 3 or 4 mining pools holding majority, and at best, by some 10 mining pools making most of the chain.  PoW only serves to prove that that decision is graved in stone, not that it was taken according to some or other rule set.  PoW only proves the uniqueness of the document, and hence of the consensus, not that its rule set was respected.  At this moment, bitcoin's consensus decision based on PoW is quite more centralized, as I said jokingly, than the Euro, that needs 15 ministers to come to agreement.
96  Bitcoin / Development & Technical Discussion / Re: [LN] What is the typical payment channel expiration time? on: January 31, 2018, 12:58:55 PM
Btw how channel closure procedure is initiated? I believe if either party want to close channel they don't really need other party to agree - they just need to post latest channel state to blockchain and it's done.

Maybe I'm telling you the obvious, but, a transaction is a "piece of data" that potentially can go into the block chain ; however, in order to get into the block chain, it must be sent to a mining node.  That mining node will check its validity, and if it likes your transaction, it likes your fee, it might decide to include it in a block that it will try to calculate proof of work for, publish to other mining nodes, who may accept it and put their blocks on top of it etc...  

In other words, a transaction, sent to a mining node, that can be included in the block chain, and hopefully will be included in the block chain, is a "broadcast" transaction.  
In order for a transaction to be acceptable, it needs all the right signatures as specified in the output scripts corresponding to its inputs.  

The whole idea of the LN network is that the users of a channel exchange transactions amongst them, but don't broadcast them.  So they are not included in the block chain ; but anyone of them having these pieces of data could decide to broadcast them.  However, given that these pieces of data are limited to the partners of the channel, only they have them, and only they can broadcast them.  Nobody else knows them.  On  top of that, most of these exchanged pieces of data have still a missing signature.  At every moment, each of the partners has the piece of data, ready to be broadcast, except that their own signature is missing.  So at any moment, they can decide to sign that piece of data, at which point it becomes a genuine transaction, and can be broadcast to a mining node, that can include it in one of its next blocks, like just any transaction in bitcoin.  That act of signing and broadcasting this transaction is exactly the "closure procedure".

Because from the block chain PoV, there was only a transaction when the channel was opened, from both partners' addresses to a specific address, then nothing, and then the closing transaction from that specific address back to the addresses of the participants.

The whole thing of the LN network is that the participants can exchange amongst themselves POTENTIAL, half-signed transactions that UPDATE the state of the channel in such a way that at no moment, someone can trick his partners, and that the sheer possession of these potential transactions is enough to guarantee that they can obtain their coins by settling if they want to.

This is slightly akin to both "placing their coins in a common vault", and then keeping the books of who owns what, without the need of getting the coins out of the vault, just updating the books, because each partner has the cryptographic guarantee that he can, at any moment, demand that the vault is opened, and that each gets their share as it was specified during the last update of the books.

The only thing with the "timing" is that nothing stops someone from settling by broadcasting a previous transaction that was the right balance a week back, but is not the right balance any more.  One cannot "erase" data from other computer's memories: at one moment, that settlement was possible, and without doing anything, that remains still valid.  So there must be a time frame to "contest the settlement" if it isn't the last one, by the other partner.  Once that time is expired, the time to complain is over and the settlement is final.

97  Bitcoin / Bitcoin Discussion / Re: Bitcoin is creating money out of thin air on: January 31, 2018, 12:42:42 PM
Ex-RBI chairman said "Bitcoin is creating money out of thin air". It is biggest scam of all.   Angry

He's wrong.  Bitcoin is created out of hot air (of ventillators of proof of waste machines).
98  Bitcoin / Bitcoin Discussion / Re: What if bitcoin wasn't created? on: January 31, 2018, 12:41:21 PM
What if bitcoin wasn't created?
I was just wondering what would happen to the crypto world or would still cryptocurrency be this popular this day if bitcoin wasn't created?

Someone else would have done something similar.  Time was ripe.  Almost all elements were lying on the table.  However, history might have been quite different if the first inventor of a trustless token had not made certain choices that Satoshi has made.  In fact, there would have been smarter choices than making a speculative pyramid game ; on the other hand, maybe it is only because of the greed unlocked by such a pyramid game that it caught on. 

It's something you can't do twice.  The missed opportunities with bitcoin are missed for ever I think. 
99  Economy / Speculation / Re: Bitcoin worth $25k in 2018 on: January 31, 2018, 12:36:08 PM
I've been just studying Bitcoin graph from 2013 till today and it seems like a good rule that once the btc price skyrockets, it always falls 50% back before it grows another 100% and more. I expect this trend to repeat in following months when the recovery should start reaching $25k for 1 btc by the end of the year.

Your thoughts on that?

I don't know where you get that.  In 2013, bitcoin reached nearly $1200.  In 2015, it has been falling down to $200.

In the summer of 2011, bitcoin was $30.  A year later, it was at $3.


I've been looking at more long term curves than this

Before 2010 ?  Grin
100  Bitcoin / Development & Technical Discussion / Re: Proof of Stake Bitcoin? on: January 31, 2018, 10:37:42 AM
Largely a very long rant about money being the root of all evil, isn't it?

Not at all.  Read it.  It is about the amount of waste produced by a successful PoW asset, eating up a significant part of earth's economy in electricity and hardware to produce waste and nothing else.  It has nothing to do with money, but all with Proof of Waste.

BTW, couldn't resist: https://ideas.repec.org/p/edn/esedps/110.html
Pages: « 1 2 3 4 [5] 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 ... 184 »
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!