Nodes vote with their hash-power on the branch of the chain which they consider to be truth. Only correctly functioning nodes do that. Evidence of byzantine failures is the existence of multiple branches; we call these orphans. Each branch presents a different version of truth to observers of the system.
Not really, those are just evidence of latency. If a majority of the CPU power is conspiring to attack the system and all non-cospirator blocks are orphaned then no one will mine outside the conspiracy and there will be no such orphans (there may still be forks within the conspiracy if they still have latency). The system will have failed, but it will have failed because it exceeded stated limits. |
|
|
|
|
"Correctly functioning components of a Byzantine fault tolerant system will be able to provide the system's service, assuming there are not too many faulty components."
In Bitcoin "too many faulty components" = majority of the CPU power.
|
|
|
|
There is no Sybil attack possible on the problem as stated. "A majority of CPU power" is a physical quantity which can't be Sybil attacked. Period.
True, but there are other "attacks". Such as calling up Chinese miners and convince them to do a certain thing. This only works because Chinese miners have a majority of the CPU power. Otherwise you call them up all you want, but would accomplish nothing. You might as well call someone with an old USB miner stick. |
|
|
|
So if the LCR is creating censored transactions is that not a fault/failure? What the hell use of Byzantine fault tolerance if it doesn't guarantee a system that can be used by the participants?
There are no censored transactions unless a majority of the CPU power* is conspiring to attack the system. Bitcoin has a threshold of hostile CPU power that it can tolerate. Below that threshold, it works, above that threshold, it fails. * selfish mining, etc. |
|
|
|
CKG ETF first dividendThe CKG ETF paid out its first pass-through dividend, which ended up being 19 M per share (1900 M per CKG-equivalent). This left a small surplus <1 M per share, held and added to the next dividend. As a reminder we offer deposits of any gold item in exchange for shares with no fee and redeems of shares for any gold item in inventory for a fee of 1% (max 10 CKG). Current inventory here: https://cryptokingdom.me/player/playerItems/251We will be announcing two additional investment products shortly. Stay tuned.
|
|
|
|
The stated problem bounds do not include being able to tell whether someone controls >50% of the hash rate. That isn't in the paper at all. The wording of the paper is "As long as a majority of CPU power is controlled by nodes that are not cooperating to attack the network". It doesn't matter whether they cooperate via pools or otherwise, either way it is outside the bounds.
Without considering the Sybil attack, then one isn't solving the Byzantine fault issue, i.e. isn't solving the Byzantine Generals problem (which is the correct title of this thread). Just because Satoshi failed to mention that he hadn't solved what he was implying to have solved, doesn't make that just having a majority of the hashrate is the only consideration in a PoW solution to the Byzantine Generals problem. There is no Sybil attack possible on the problem as stated. "A majority of CPU power" is a physical quantity which can't be Sybil attacked. Period. The Byzantine Generals problem does not state "A majority of CPU power" as the problem. I already stated that is Satoshi's requirement but as the correct title of this thread points out, Satoshi's stated requirement is not a solution to the Byzantine Generals problem. Period. Okay, but so what? Bitcoin also didn't solve P ?= NP or any number of other problems. And unless I'm mistaken, Satoshi did not say that it did solve the Byzantine Generals problem, especially in the specific manner that problem is formulated (with discrete General-actors, something that doesn't even exist in Bitcoin at all). At best there is a rough similarity. Correction: Satoshi did say it was a solution in this email. But again, he formulated in a very careful manner, stating that each general has a laptop, which ends up making "majority of CPU power" equivalent to a majority of discrete General-actors. He said exactly what it does solve. If a majority of the CPU power is not conspiring to attack the network, then it reaches consensus that is final and secure (though slowly in the case close to 50%). It is up you as a prospective user or investor to decide whether "a majority of the CPU power" is an acceptable requirement. It seems at this point there isn't anything better, and some number of people think it is useful (most of the world does not). |
|
|
|
If you were mining on a pool and received many small transactions then you may find that you need to consolidate them before you are able to send a large transaction. It's an issue with all cryptonote coins have but I think there has been some progress with that issue in other cryptonote coins like Monero and AEON. The only difference I know about in the case of pool mining is the automatic splitting in Monero and AEON, but you can always do that yourself by sending a series of smaller transactions (exactly the same as what splitting does). If you are solo mining Boolberry will behave slightly better because it doesn't have the lowest-value dust output in mining transactions. And I've never seen any crashing issues with the Boolberry wallet, though I only use simplewallet, not the GUI. |
|
|
|
The stated problem bounds do not include being able to tell whether someone controls >50% of the hash rate. That isn't in the paper at all. The wording of the paper is "As long as a majority of CPU power is controlled by nodes that are not cooperating to attack the network". It doesn't matter whether they cooperate via pools or otherwise, either way it is outside the bounds.
Without considering the Sybil attack, then one isn't solving the Byzantine fault issue, i.e. isn't solving the Byzantine Generals problem (which is the correct title of this thread). Just because Satoshi failed to mention that he hadn't solved what he was implying to have solved, doesn't make that just having a majority of the hashrate is the only consideration in a PoW solution to the Byzantine Generals problem. There is no Sybil attack possible on the problem as stated. "A majority of CPU power" is a physical quantity which can't be Sybil attacked. Period. This does not mean that Bitcoin will be a great success and moon to $10 million/BTC, or even that it will survive at all more than another year or two, or anything in between. It is possible to conclude that the consensus algorithm does exactly what Satoshi said it does (putting aside possible selfish mining attacks), and still conclude that such a security margin is too weak to be useful, because of all of the ways the precondition itself can fail (pooling, of course, can contribute to some of them). |
|
|
|
<r0ach> you can't solve byzantine generals problem with a probabilistic model unless you've first solved sybil with a probabilistic model and Bitcoin doesn't do that
<r0ach> because there's no way of telling if all pools are owned by the same person, then it's not collusion or 51% attack, it's a sybil attack
<r0ach> since the essence of the byzantine generals problem is sybil attack, dealing with sybil comes first in the hierarchy before byzantine generals is discussed at all
I made this same point in either 2013 or 2014. Afaics, the only solution is unprofitable PoW which is the design I am now pursuing. Bitcoin solves the byzantine generals problem within the bounds of the assumptions in the model. If one entity controls a majority of hashing power, that is outside of the bounds. Circular logic. Bitcoin didn't solve the Sybil attack problem when pools control 51% and no one can know whether they do and reroute their PoW shares. The stated problem bounds do not include being able to tell whether someone controls >50% of the hash rate. That isn't in the paper at all. The wording of the paper is "As long as a majority of CPU power is controlled by nodes that are not cooperating to attack the network". It doesn't matter whether they cooperate via pools or otherwise, either way it is outside the bounds. |
|
|
|
I really don't know why people insist in trying to compare this two projects, but for whatever reason they do. People compare cars, cell phones (and network operators), cloud computing services, economic theories, laundry detergents, hospitals, stocks, etc. It would very surprising if people didn't compare cryptocurrency projects. |
|
|
|
Can you also explain why these Monero transactions are stuck? Is the issue somehow related to the mixin? I do not see any old transactions with mixin 1 stuck.
There was an issue with version 0.9.0, which is now fixed in 0.9.1, where it was creating transactions that are too large for the current block size. (The cause of the problem is the minimum median block size will increase from 20 to 60 KB after the upcoming fork in late March, but this change incorrectly activated too early in the transaction-construction code of the wallet.) The transactions expire from each node's memory pool but they may get re-added if another node retransmits them. This incorrect re-adding is fixed in an upcoming release. Finally, I think the block explorers continue to display transitions that don't get mined even if they are dropped from the node's pool. The explorers have their own database. How long does it take before the transactions expire from each node's memory pool? Once unconfirmed transactions expire are they spendable again from the party who initially made the transaction? Is this process automatic or does something need to be done to make the coins reappear in the senders wallet? Normally 24 hours. If the transaction was mined but then removed by a reorg, it will stay for 30 days. As far as recovering, there is a rescan_spent command recently added, or the alternative is to recover the wallet from seed/keys, which will also do a rescan. It is not currently automatic. If I understand you correctly the block explorer data is not necessarily evidence of expired transactions being retransmitted. Instead the block explorers may simply be displaying a database of unconfirmed transactions that is not updated upon expiration.
I have seen evidence of that in the past but I really don't know for sure what they do now. |
|
|
|
....oops ! Forgot. and bitcoin's sold out to blockstream. So that leaves Dash as the only non-corporate, unified service & clearing, bitcoin compatible, pure currency investment alternative in the top 20. Bitcoin has vacated the space it was in and Dash is standing facing an open goal.
I don't know what that sentence means but whatever it is you think Bitcoin did before it sold out to Blockstream, LTC and DOGE still do. |
|
|
|
Are my old bitcoin addresses still convertible to Clams?
Why do clams hold their value when so many alts have tanked to oblivion?
You are lucky, claiming is still possible though clamholders might soon disable that feature out of fear. Clams hold their value mostly only because just-dice exists. It's a pretty big casino from a very trusted user. Clamm became some kind of dice site coin and gamblers buy regularly on the exchanges. This makes the price stable. I tried to claim clams once and got nervous because as I remember i had to provide my private key??? Is that still the case... ? Any wiki or help on how to claim me some clams? The recommendation is to ensure that any keys you use to claim are emptied first (and don't reuse them later) |
|
|
|
Monero is meant to be used, not bought and held to be sold for a higher price. If you want to support Monero, all the work that is being done, then use it. Spend it on things. Then if you enjoy the privacy that comes with it, buy back the coins you spent.
There is room for both. Afterall, Monero has to grow in order to allow more expensive transactions on the network. Imagine buying a million dollar house with Monero, you would need nearly 20% of the supply to buy it. Just look back at that network effect graph I posted a month or so ago. All these things work together. |
|
|
|
Can you also explain why these Monero transactions are stuck? Is the issue somehow related to the mixin? I do not see any old transactions with mixin 1 stuck.
There was an issue with version 0.9.0, which is now fixed in 0.9.1, where it was creating transactions that are too large for the current block size. (The cause of the problem is the minimum median block size will increase from 20 to 60 KB after the upcoming fork in late March, but this change incorrectly activated too early in the transaction-construction code of the wallet.) The transactions expire from each node's memory pool but they may get re-added if another node retransmits them. This incorrect re-adding is fixed in an upcoming release. Finally, I think the block explorers continue to display transitions that don't get mined even if they are dropped from the node's pool. The explorers have their own database. |
|
|
|
Zerocash.
The amazing new private coin in which you have to trust the creators will NOT collude to have a power to print any amount of 'cash' in an undetectable way.
From what I remember, they were planning on getting about 10 people together, buying a brand new computer, then recording the entire process of creating the pubkey that the privacy is based on. As long as they document destroying the computer afterward and never connect it to the internet, how could the pubkey be compromised? (800 000 hits) There is also an investment vulnerability here, which is that zero knowledge techniques without a trusted setup exist, they are just not yet efficient enough to use. If such a thing is ever developed it would instantly replace Zcash. I would just get the top five audit firms, the top five law firms and a couple of others, and split the launch set-up between them. You only need one of those to be honest and the set-up is legit. The last time there was a hint of dishonesty from a big five audit firm, a firm with $9billion in annual revenues, it went bust (dishonesty on some of the main points was not proven, but it was too late). This might cost $50k in fees, but anyone who would suggest that these firms would collude to steal from a start-up currency, at the risk of their combined existence, would be seriously deluded. As institutions they certainly would not. Individuals involved, one can be less certain. Even if no one colluded, they could still get pwned. I also don't think you understand the magnitude of what is at stake. A successful exploit is a real option on Zcash being very successful with a payoff of almost limitless free invisible money (you need only not print enough to crash it) at some point in the future with no expiration. Even if it is considered very unlikely that Zcash is successful, that option still objectively has an immense fair value. Scarily-competent and well-resourced adversaries rationally become interested. For this reason I don't really consider the trusted setup method viable at all, for a cryptocurrency trying to be extremely successful on a global scale. People are jumping the gun here, instead of waiting for the science to catch up with the needs of the problem space (though in some ways that could be said of cryptocurrency altogether). With smaller success goals in mind, it might be okay. It certainly might be a good trading opportunity. 'As institutions they would not'. lol. What sort of statement is that. I'm pretty sure there was a published paper on the multi-party set-up process that has been peer reviewed and I don't think it had any push back. One honest party is all that is needed. One honest party and that the equipment, methods, and process used are not in some way exploited. Interestingly there is an added risk if the computers are destroyed as some have suggested, because then there can't even be any investigation after the fact if evidence of a threat or impropriety is uncovered. And seriously, saying that individual people working for top auditors and lawyers from different firms would collude to steal is proper FUD.
Say what you will, I'm reasonably certain that Zcash will not ever become the global standard zero knowledge cryptocurrency because: 1. I'm not as convinced as you are that the immense value of successfully exploiting it will not be recognized and rational decisions made by even insiders with quite a bit to lose, or by outside actors with no such impediment. 2. Even if #1 does not happen, it can't be ever be known with certainty that it didn't, so there will be a significant trust deficit. 3. Better techniques that do not require this degree of vulnerability and trust will very likely be available in the future. This will both undermine Zcash before the fact due to its impending obsolescence and certainly eclipse it once they do become available. Still, as I said earlier it could still be quite successful relative to other tiny cryptocurrencies. |
|
|
|
Zerocash.
The amazing new private coin in which you have to trust the creators will NOT collude to have a power to print any amount of 'cash' in an undetectable way.
From what I remember, they were planning on getting about 10 people together, buying a brand new computer, then recording the entire process of creating the pubkey that the privacy is based on. As long as they document destroying the computer afterward and never connect it to the internet, how could the pubkey be compromised? (800 000 hits) There is also an investment vulnerability here, which is that zero knowledge techniques without a trusted setup exist, they are just not yet efficient enough to use. If such a thing is ever developed it would instantly replace Zcash. I would just get the top five audit firms, the top five law firms and a couple of others, and split the launch set-up between them. You only need one of those to be honest and the set-up is legit. The last time there was a hint of dishonesty from a big five audit firm, a firm with $9billion in annual revenues, it went bust (dishonesty on some of the main points was not proven, but it was too late). This might cost $50k in fees, but anyone who would suggest that these firms would collude to steal from a start-up currency, at the risk of their combined existence, would be seriously deluded. As institutions they certainly would not. Individuals involved, one can be less certain. Even if no one colluded, they could still get pwned. I also don't think you understand the magnitude of what is at stake. A successful exploit is a real option on Zcash being very successful with a payoff of almost limitless free invisible money (you need only not print enough to crash it) at some point in the future with no expiration. Even if it is considered very unlikely that Zcash is successful, that option still objectively has an immense fair value. Scarily-competent and well-resourced adversaries rationally become interested. For this reason I don't really consider the trusted setup method viable at all, for a cryptocurrency trying to be extremely successful on a global scale. People are jumping the gun here, instead of waiting for the science to catch up with the needs of the problem space (though in some ways that could be said of cryptocurrency altogether). With smaller success goals in mind, it might be okay. It certainly might be a good trading opportunity. |
|
|
|
Sorry @ boolberry, posted just a few minutes before our deadline as the move seem to be set. I was just excited to see @ letsplayagame sport an XMR address in his signature  I don't mind at all! Yes it is nice to see more people support CryptoNote. I might even send him a tip:) Tips are not not necessary, I just want to help support CryptoNote development. I did not include a BBR address in my signature because nobody asked me to until today. I do not have a BBR wallet, but will consider downloading one when I have more time. Speaking of Boolberry, is it under a spam or DDOS attack today? I see lots of dust transactions and very irregular block times. If there is a spam attack do the XMR and BBR networks respond in the same way? If not what are the differences? The main difference is XMR has higher fees, and more value (which matters to the mining penalty) so spam is more expensive. It isn't clear what happened with BBR earlier. Some nodes were reported to have crashed but that may have just been pools. I started a node after hearing of the problems to try to help diagnose it but I see no unusual behavior of any kind. |
|
|
|
Zerocash.
The amazing new private coin in which you have to trust the creators will NOT collude to have a power to print any amount of 'cash' in an undetectable way.
From what I remember, they were planning on getting about 10 people together, buying a brand new computer, then recording the entire process of creating the pubkey that the privacy is based on. As long as they document destroying the computer afterward and never connect it to the internet, how could the pubkey be compromised? (800 000 hits) There is also an investment vulnerability here, which is that zero knowledge techniques without a trusted setup exist, they are just not yet efficient enough to use. If such a thing is ever developed it would instantly replace Zcash. |
|
|
|
wtf?
Care to revise your statement? I think volume has about doubled since you said that... OK, I'll revise. WTF?!!! |
|
|
|
|
Show Posts
