Can you elaborate on how you can do that ?

You can tell how much stake is used in creating a POS chain.

If you have less than 50% of the total coins, but more than 50% of the staking coins (the ones used for mining), ok. Rewrite away.

If you have less than 50% of the staking coins, then how is your chain going to show it is more valid than a chain that has more POS stake involved ?

Also, any node that has already connected to the network, can distinguish an attack chain, by checking for a block hash checkpoint, that it knows from previous connections to the network. Even if the attacker has more than 50% of the staking coins.

This attack would apply to those who have never connected before. And in that case, some checks would be required.

The simplest check, ask someone who is connected to the network already.

If you have never connected before, and don't know anyone who is on the network, then it's more complicated..  (although you could say that downloading the software is a risk in itself - is it legit or hacked, and any legit version would include some checkpoints)

..

POS has it's pros and cons, for sure.

Yep - I can't see a clean solution to this issue of double spends in the current DAG chain approach.

Other than ONLY building on chains that have no double spends in them. So that there is a valid version of history.

A user would not build on top of a txn-chain that has inconsistencies and can always go back through history and build on top of the last 'fully' valid txn-chain he finds.

Would this simply cause the chain to explode 'width-wise' ?

Actually Ethereum uses the EVM. Ethereum Virtual Machine.

Solidity is compiled into EVM code (assembly) and then run. Much like java is compiled into classes that run on a JVM.

Any language could theoretically be compiled to EVM code.

Someone just needs to write a JavaScript to EVM compiler, and you have the same thing as LISK.

Actually, Solidity is pretty similar to JavaScript anyway.


From the WIKI :


I don't know a lot about LISK so it may have other useful features. I'm sure it does..

But in this DAG system there are no miners ? Just users building on top of each other. (Unless we class all the users as 'momentary' miners)

And yet there is still a consensus building process.

I am saying that there is an incentive for the users to act in the best interest of the whole network, even without paying them.

They receive security for their funds.

And that this is shown in the btc sphere, where people still run full nodes, for no financial reward.

What about the 'Security' incentive ?

People run full nodes because it is more secure and they don't need to trust anyone. They don't get paid.

I suppose it could be classed as financial, as their funds are more secure.

I think I see where you're coming from..

If you could 'muck about' with the protocol a bit, this might work :

In each transaction you would need to but a block hash ID which would need to be in the final chain that this txn is eventually added to. (This has been discussed before as a way for users to vote for their preferred chain. This is not currently a feature of Bitcoin.)

This way your txn could only be added to one fork. Not both.

Then, if someone can show you have signed a txn for a fork chain, you balance on the other chain, goes to zero.

Example :

Bob has 10 btc.

Then there is fork and 2 chains appear.

Bob now has 10 btc on each chain.

Bob spends his coins and chooses 1 of the chains. (By choosing a block hash ID in the chain he wants) 

Sam posts Bob's txn on the other fork chain, and this sets Bob's address to zero, by burning the coins. hehe..

Now both chains can exist, without everyone getting double their money. And txns on 1 chain are not valid on the other.

..

ps.. Just thinking out loud really.. can see some timing issues rearing up..

pps.. Just wondering if you could then trade/exchange from 1 fork chain to the other.. hmm..

The Lightning Network for Beginners [previous topic]

https://bitcointalk.org/index.php?topic=1243165.0

And to boil it down to a simple example :

2 users (could be more) send money to a multi-sig address, with a special script.

Once the money is at that address, those users can interact with each other, sending txns backwards and forwards up to the amounts they each control. This is off chain, instant, fee-less, and trust free.

At any point, a user can cash out the coins they have.

..

None of this requires a 3rd party, BUT if you want to transact with someone not in your initial group, there are 2 options

1) Start a new 'Lightning' group with that individual included.

2) You can transact via a member of your initial group, who is also in the group with the person you wish to transact with.. This service 'may' have a fee.

Good thread.


I have read most of the threads on this topic.. (There's a lot to digest)

Is this the conclusion :

1) You can launch a coin that uses POW mining to distribute the coins.

2) Private ICO's, but only to investors that the SEC recognises as institutional.

3) By PUBLIC air-drop - say if you gave them away to every bitcointalk user, for free.

4) Register with FinCEN.. jump through all their hoops.

5) Use a Bank to do it.

And -basically- any coin that has so far done any ICO is a valid target. No one has done it right.

..

Is this where we are at ? I'll be honest. The US of A sucks balls at the moment.

Thanks TPTB.. What would Bitcointalk be without you.. !?

I know you think all this crypto-coin-stuff is doomed unless you jump in and save us.

I've been lucky to know many very smart people in my 30 years programming. And you know what I always notice about them. They say the stupidest things.

..

We do agree on 1 thing. Please don't reexplain yourself. Life's too short (unlike your posts).

In a previous thread I proposed a very simple idea.

https://bitcointalk.org/index.php?topic=1149993

Basically, imagine an altcoin that enforced this simple rule :

1) You can only pay to an empty/non-existent address. A new address.

2) Each address can only spend once.

( This is how Satoshi originally envisaged people using bitcoin )

and then

3) CoinShuffle your txns.

I am now going to make another simple addendum to the scheme.

Let us say you are using Lamport Signatures (quantum secure). These are hash based signatures that can only be used once. To use them again is cryptographically insecure.

So once you have spent an output in some txn, you can never use that key again. Therefore, delete that public/private key from your wallet..

Keys are generated in a non-deterministic way. You cannot re-create all of them with a brain wallet. This would destroy the whole point.

Once that key has been used, and then deleted, it will never, EVER, appear anywhere again. It is mathematically impossible. You cannot retrace, recreate or restore it.

In conclusion :

We have a coin that always spends from addresses that have never been used before, sending coins to addresses that have never been seen before. The TXNs are coin shuffled, and once you have spent those inputs/outputs, the private keys are deleted (permanently) so that there is no evidence that they ever belonged to you in the first place. Your wallet would only have the private keys for unspent txn outputs you control.

I contend a very high level of anonymity could be achieved using just this simple design.

LOL, am I so old already.. (strokes his grey-ish beard..)


ADDENDUM :

And even if your txn is in an orphan block, it can still, and almost certainly WILL, be added to the new chain. Your counterpart would actively need to be trying to cheat you.. for this not to be the case.

Mathematically - yes. Real World, nowhere near.
..

A lot of comments keep coming up where a user says - Bitcoin is SLOWW! You need to wait an hour (6 confirmations) before your txn is confirmed!

This is simply not backed up by the data.

When you look at the orphan block rate, Bitcoin has, on average, about 2-3 orphans a day. A DAY.. out of 144 blocks.

https://blockchain.info/charts/n-orphaned-blocks

AND - these are not consecutive blocks. So every few hours, 1 block gets orphaned. That means that there has been a mini-fork, but that it only lasts 1 block.

I would love to see a graph that showed the longest orphan chain per day, if someone knows where to get this ?

What this all boils down to, is that anyone who is waiting longer than 2 confirmations (just to be ULTRA sure) for a btc txn, is wasting their time. Since the BTC chain has consistently shown that after 2 confirmations your txn is going to be accepted 4 more blocks down the line..

And quite frankly, 1 confirmation is fine. (3/144 = 2% chance of being in an orphan block = 98% safe)

( And lets not even get started on how long it takes to send money across the world using conventional methods. That's a blood bath.. )

Enjoy!

Onkel - I like.


How about, if he kept the complete last block of data, as well as the last signed statement, so it would not be possible for him to cheat. Since he can show that it does actually hash to the final hash which is signed by Alice. And he can't change that block of data without performing a successful pre-image attack.

Actually I'm not sure how much of the final block of data he would need to keep. Maybe just the final 64 bytes. Since that alone would also require a pre-image attack to break?

Polo is definitely one of the better exchanges.

All exchanges have their quirks and faults.

Yes Polo's 'engine' could be sped up a tad, but I never have any issues 99.9% of the time. Only at crazy high volume, like ETH lately, and then my stop-limit orders come into play.

AND - best of all - their support staff 'exist' and there is always an ADMIN dude in the trollbox to lay into / question. (not to be underestimated) 

ok... not that I want to rain on anyone's parade... but..

I think there are huge misunderstandings about POS vs POW.

What I mean is this :

If you have a POW coin, the money spent on POW by the miners, gives the mined coins a price floor. In the long run, miners cannot sell for less or they will go out of business. Simple. Just like real miners mining Gold.

POS is FREE! (comparatively) Yipee!.. BUT.. there is no price floor.

A POW network, cannot be replicated with the same security, unless you also have all the hashing power as well. Costs a lot. This is important.

A POS network, can be replicated with exactly the same security. Costs almost nothing.
 
..

I like them BOTH, but they play very different roles in the crypto scheme of things..

The issue seems to be that no-one has come up with a way of distributing POS coins without an IPO / ICO.

For instance, you could, if you wanted, just hand them out  evenly to every 'Legendary' Bitcointalk user.. Would that annoy people less ?

Yep.

CT is Confidential Transactions. It's his system for showing that the sum of the inputs of a txn add up to the sum of the outputs, without revealing any of the values. He's implemented it in his Elements sidechain.

https://bitcointalk.org/index.php?topic=1085273.0

And the bit that I thought might be helpful to you is :


..

Yes he would. He's bad ass.

What about some kind of homomorphic hash functon ?

Hash(X+Y) = Hash(X) + Hash(Y) (Doesn't Paillier do something like this.. ? Or whatever hash function gmax uses in his CT.)

Then Alice signs the Hash(X+Y+...) and you can show that the sum of all your little hashed pieces, adds up to the hash of the big piece. Which is signed by Alice.

Keep at it Fuserleer! Always nice to see something new.. 


So - accounts can have the total amount of EMU increased, to ensure that the overall price stays stable ?

I may have 10 EMU, and that is worth $1. But if the price of EMU halves, I will have 20 EMU, but still $1..  (I think ?)

Can you only increase EMU per user, and remove EMU from the Buffer ?

What happens if the Buffer is empty and you still need to remove more coins.. ? (global demurrage ?)

I just hope we don't lose some of the truly great minds in this process.

Anyone who thinks removing gmaxwell from the 'able-to-commit' list was a good idea, is insane.

Thinking about it, I suppose this is what the Bitcoin Foundation, or whatever it was called, should have been dealing with. The protocol. And just that.  Deciding in a far more academic way what should be forked in, and what not to. Or whether to just leave it be altogether. Might have been a far easier pill to swallow.

Then everyone could be working on implementations of said protocol.

Bottom line, if Classic takes over, and we don't get CT, LN, Sidechains, SegWit etc etc .. that would be a very great shame.

Actually - I'm going to say - yes you can. Seriously.

To perform a double spend attack, costs. It costs a lot.

NO ONE is going to try and cheat you, and attempt to rewrite/outrun the blockchain, for 99.999% of txns.

Sure - a 1 million BTC transfer, wait for 6 confirmations. 1 hour. Big Deal.

But for the rest of us, you are absolutely, 99.9999% fine, the single split second after you have received the funds. Which is probably about 1 second after they were sent.

I don't know why no one ever seems to realise this.

If you want to be 'UBER' paranoid, 1 confirmation, 5 mins on average, is all we will ever need. But even that is completely unnecessary for the hum drum low value txns most of us make.

I transferring FIAT money to an exchange, took 7 days (9 including the weekend).. and 8%.

Bitcoin is light years ahead of that.