[NXT] Vitalik B. confirms the NXT algo is secure.

[EvilDave]

Just taken a look at Vitalik Buterins latest paper, which contains a couple of pages devoted to NXT and its algo:
 
Notes on Scalable Blockchain Protocols (v 0.0.2)

Pages 10 and 11 are interesting for NXT:

Example 3.0.2. The cryptoeconomically secure entropy source used in
NXT[16] is defined recursively as follows:
E(G) = 0

Lemma 3.0.3. The NXT algorithm described above satisfies the conditions
for being a cryptoeconomically secure entropy source.
Proof. To prove unpredictability, we note that the NXT blockchain pro-
duces a block every minute, and so the update

I must admit that most of this paper (and all of its math) go straight over my head, but VB does seem to regard Nxt as being 'cryptoeconomically secure' which sounds like  a good thing to me.... anyone got any more expert input on this paper and it's implications for NXT ?

[1715329787]

1715329787

[1715329787]

1715329787

[1715329787]

1715329787

[1715329787]

1715329787

[1715329787]

1715329787

[Daedelus]

None techies, just read the last line for explanation 

Lemma 3.0.3. The NXT algorithm described above satisfies the conditions
for being a cryptoeconomically secure entropy source.

Proof. To prove unpredictability, we note that the NXT blockchain produces
a block every minute, and so the update v ← sha256(v, V (β)) takes
place once a minute. During each round of updating, there is a probability
1 − po(60) that the primary signer will be online, and po(60) that the
signer will be offline and thus a secondary signer will need to produce the
block. Hence, after 1
−log(po(60)) blocks, there is a probability p ≈
1
2
that the
resulting value will be the “default value” obtained from updating v with
the primary signers’ public keys at each block, and a p ≈
1
2
probability that
the resulting value will be different. We model 512 iterations of this process
as a tree, with all leaves being probability distributions over sequences
of 512 public keys of signers, where all probability distributions are disjoint
(ie. no sequence appears with probability greater than zero in multiple
leaves). By random-oracle assumption of sha256, we thus know that we have
a set of 2512 independently randomly sampled probability distributions from
{0, 1}
256, and so each value will be selected an expected {0, 1}
256 times, with
standard deviation 2128. Hence, the probability distribution is statistically
indistinguishable from a random distribution.
To show that the first uninfluenceability criterion holds true, note that
the only way to manipulate the result is for the block proposer to disappear,
leading to another proposer taking over. However, this action is costly for
the proposer as the proposer loses a block reward. The optimal strategy
is to disappear with probability 0 < q <= 1 only when the predicate will
be unsatisfied with the proposer participating but will be satisfied with
the next proposer partipating; if a predicate has probability p this entails
disappearing p ∗ (1 − p) ∗ q of the time, meaning that the predicate will be
satisfied p + p ∗ (1 − p) ∗ q of the time instead of p of the time, a probability
increment of p∗(1−p)∗q will have a cost of p∗(1−p)∗q∗R if R is the signing
reward (whose real value is proportional to the quantity of transaction fees, a
reasonable metric of economic activity). Hence, the desired condition holds
true with b = 1.
To show that the second uninfluenceability criterion holds true, note that
when one is not the signer, one has no influence on the entropy, and when
one is the signer one has the ability to not sign and instead defer to the
next signer. Hence, an attacker controlling 1
k
of all signing slots will be able
to defer to the second signer 1
k
of the time, to the third signer 1
k
2 of the
time (by being in the first two slots simultaneously), etc, so in total such an
attacker will on average be able to choose between 1 + 1
k−1
values and thus
multiply the probability of a desired predicate by a factor of 1 + 1
k−1
. If the
attacker controls 1
3
of all signing slots, the result will thus be increasing the
probablity by a factor of 3
2
.

***********
it seems vitalik made a proof about NXT algo

[tokeweed]

I wonder what J.Garzik has to say.   

[boomboom]

I must admit that most of this paper (and all of its math) go straight over my head, but VB does seem to regard Nxt as being 'cryptoeconomically secure' which sounds like  a good thing to me.... anyone got any more expert input on this paper and it's implications for NXT ?

Someone buy VB a VB! Worth celebrating

[cloudboy]

I wonder what J.Garzik has to say.   

Hashes don't match.

[LeChatNoir]

WOW, this is huge people!

[From Above]

I wonder what J.Garzik has to say.  

actually it would be pretty cool if dem garizk dude could say anything other then just spit out utter BS as usual
LOL!!

[bitme]

what a relief...
Now all we need to do is gather all the folks in the world and start to use the damned thing.

[GTO911]

WOW, this is huge people!

What is so huge in that? Often developers talk about other projects. He even said Monero technology is cool, so what?

[Daedelus]

WOW, this is huge people!

What is so huge in that? Often developers talk about other projects. He even said Monero technology is cool, so what?

You don't see a difference between "cool" and "cryptoeconomically secure"?

[ShroomsKit_Disgrace]

Recognition from 3rd parties are not usual in cryptoworld. This is BIG NEWS for NXT.

[Daedelus]

Come-from-Beyond seems satisfied too 

In the paper - https://raw.githubusercontent.com/vbuterin/scalability_paper/master/scalability.pdf, the authors used Nxt algo as an example. It seems a confirmation of Nxt security (But I am not a expert)

Example 3.0.2. The cryptoeconomically secure entropy source used in NXT[16] is dened recursively as follows:
 E(G) = 0
 E( +) = sha256(E()+V ()) where V () is the block proposer of
.
Assumption 3.1. For any time internal I, there exists some xed probabil-ity po(I) such that a node randomly selected according to the weight functionused to measure a cryptoeconomic state machine's Byzantine fault tolerancecan be expected to be oine for at least the next I seconds starting from anyparticular point in time with at least probability po.Note. We can derive the above assumption from an altruism assumption bysimply stating in the protocol that nodes \should" randomly drop oinewith low probability; however, in practice it is simpler and cleaner to relyonly on natural faults.Note. Combining the two uninuenceability criteria into one (\it is impos-
sible to increase the probability of P from p to p  (1+k) without expendingat least b L k resources") is likely very dicult; it is hard to avoid having
ways to cheaply multiply the probability of low-probability predicates byonly acting when you are sure that your action will have an inuence on theresult.
......

Lemma 3.0.3. The NXT algorithm described above satises the conditionsfor being a cryptoeconomically secure entropy source.Proof. To prove unpredictability, we note that the NXT blockchain pro-duces a block every minute, and so the update v   sha256(v; V ()) takesplace once a minute. During each round of updating, there is a probabil-ity 1 ...........

BCNext's idea not to provide the whitepaper to force an independent analysis has finally worked. Good, now this page can be turned.

[allwelder]

haha,POS of Nxt is future.

[EmoneyRu]

If anybody wants to play with Nxt, I can manage Nxt node for you (for free). Post there or PM me here.

[HCLivess]

Nice, especially when taking into consideration Vitalik's generic (earlier) skepticism towards NXT

[vlad12]

Wait for peer review (at least in the community). There's this weird reverence towards certain individuals in this community from people who don't understand shit. Let the experts evaluate and criticize and withhold your opinion until something reaches some sort of expert consensus.

Everyone now-days in crypto see a fucking PDF paper in academic format and treat it like a fucking bible. Speaking from a scientific background I've seen plenty of beautiful looking papers which 'look' like they got a lot of good stuff to say only to be complete and utter bullshit. Too bad this isn't my field of expertise.

[Daedelus]

Let the experts evaluate and criticize and withhold your opinion until something reaches some sort of expert consensus.

Isn't this thread a step towards this?

[Come-from-Beyond]

Let the experts evaluate and criticize and withhold your opinion until something reaches some sort of expert consensus.

Jeff "HashesDoNotMatch" Garzik is the only expert I know. And he already evaluated Nxt. Do you know any other experts?

[From Above]

Let the experts evaluate and criticize and withhold your opinion until something reaches some sort of expert consensus.

Jeff "HashesDoNotMatch" Garzik is the only expert I know. And he already evaluated Nxt. Do you know any other experts?

maybe David Latapie of Munero is a good match

[aurtur215]

Wait for peer review (at least in the community). There's this weird reverence towards certain individuals in this community from people who don't understand shit. Let the experts evaluate and criticize and withhold your opinion until something reaches some sort of expert consensus.

Everyone now-days in crypto see a fucking PDF paper in academic format and treat it like a fucking bible. Speaking from a scientific background I've seen plenty of beautiful looking papers which 'look' like they got a lot of good stuff to say only to be complete and utter bullshit. Too bad this isn't my field of expertise.

No scientist's paper is worth shit unless its been "peer reviewed", which means a big gang of experts all need to have checked it out and agreed with it before it gets published. Most scientific journals are peer reviewed and all the papers in them have been checked by a gang of experts beforehand. We need more experts to check out NXT.

[TaunSew]

Wait for peer review (at least in the community). There's this weird reverence towards certain individuals in this community from people who don't understand shit. Let the experts evaluate and criticize and withhold your opinion until something reaches some sort of expert consensus.

Everyone now-days in crypto see a fucking PDF paper in academic format and treat it like a fucking bible. Speaking from a scientific background I've seen plenty of beautiful looking papers which 'look' like they got a lot of good stuff to say only to be complete and utter bullshit. Too bad this isn't my field of expertise.

No scientist's paper is worth shit unless its been "peer reviewed", which means a big gang of experts all need to have checked it out and agreed with it before it gets published. Most scientific journals are peer reviewed and all the papers in them have been checked by a gang of experts beforehand. We need more experts to check out NXT.

"Experts" don't even look at Bitcoin or it's only been a small handful.  Can't really blame them as Bitcoin is very insignificant in the broad picture: only 250,000 users.  There's more people with subscriptions to online dating sites than people using Buttcoin

[vlad12]

What I meant was a bit more meta than just evaluating NXT directly. In fact, it's evaluating the evaluation... So someone to criticize Vitalik's paper, either in a good way or bad way is the way to go here. As the community evolves, I hope we will have more of this in the future.

Just saying that unconditional 'trust' is especially bad and goes against the whole concept of decentralized currencies. While Vitalik's opinion might be more informed or relevant than another's, it should still be met with the same criticism as a new opinion.

What happened here is that some unqualified people just took their favorite part from the paper and present it as FACT.

[TaunSew]

What I meant was a bit more meta than just evaluating NXT directly. In fact, it's evaluating the evaluation... So someone to criticize Vitalik's paper, either in a good way or bad way is the way to go here. As the community evolves, I hope we will have more of this in the future.

Just saying that unconditional 'trust' is especially bad and goes against the whole concept of decentralized currencies. While Vitalik's opinion might be more informed or relevant than another's, it should still be met with the same criticism as a new opinion.

What happened here is that some people just took their favorite part from the paper and present it as FACT.

Neither Garzik nor Buterin would be able to peer review or submit anything on a cryptography (or anything computer) peer-reviewed academic database.  Vitalik's credentials are even worse than Garzik's, Vitalik's call for fame was editing an obscure magazine read by almost no one and only recently became the mascot of a $18 million vaporware consortium.

That's crypto for you.  Even Andreas Antonopoulos has refused to prove his credentials when demanded to by judges.   It'll be a popcorn moment when an investigative journalist finally goes after Andreas Antonopoulos and they find out he was a hotdog vendor or a starbucks employee before becoming Bitcoin's orator.

[Tobo]

Wait for peer review (at least in the community). There's this weird reverence towards certain individuals in this community from people who don't understand shit. Let the experts evaluate and criticize and withhold your opinion until something reaches some sort of expert consensus.

For people interested in knowing more about the peer to peer and line by line review of Nxt code - https://bitcointalk.org/index.php?topic=397183.0

by the way, most of devs who participated in the Nxt code review had started to create their own Nxt like PoS cryptos after the reviewing. Nxt original code has become a school, which alone is a huge contribution to the crypto society.

[Daedelus]

What happened here is that some unqualified people just took their favorite part the parts relevant to Nxt from the paper and present it as FACT Vitalik Buterins opinion.

FIFY

Reread the OP and title.

[EvilDave]

or, better yet, do your best to read the paper.....I've gven it a try, and the sections on NXT seem to be generally positive. But I'm certainly not qualified to make any judgements here. Much peer review is what is needed......

Wait for peer review (at least in the community). There's this weird reverence towards certain individuals in this community from people who don't understand shit. Let the experts evaluate and criticize and withhold your opinion until something reaches some sort of expert consensus.

Everyone now-days in crypto see a fucking PDF paper in academic format and treat it like a fucking bible. Speaking from a scientific background I've seen plenty of beautiful looking papers which 'look' like they got a lot of good stuff to say only to be complete and utter bullshit. Too bad this isn't my field of expertise.

No scientist's paper is worth shit unless its been "peer reviewed", which means a big gang of experts all need to have checked it out and agreed with it before it gets published. Most scientific journals are peer reviewed and all the papers in them have been checked by a gang of experts beforehand. We need more experts to check out NXT.

[From Above]

But I'm certainly not qualified to make any judgements here.

so Dave, why is that?

[EvilDave]

Hmmm...let me think about that one for a moment.

Oh, yeah, that would be down to the complete lack of a PhD in cryptography, (left it in my other suit) or even a basic grasp of the maths involved in VB's paper.

That, old son, is precisely why we need peer review.
Me saying: "Looks fine, mate, she'll be right" is not a solid basis for a system of crypto currency, even if I am completely correct.

[choochimil]

Too intellectual for me, but good to see an independent compliment for nxt

[Ingatqhvq]

It's a good news that finally a independent people confirm NXT is secure.
it was borned almost one and half a year.

[Lorenzo]

Didn't Sunny King once say that NXT's PoS algorithm was lifted from Peercoin? I'll see if I can find the quote...

EDIT: Found it:

I thought you were the one coded the PoS in NXT. As far as I know at least the first version of NXT's PoS is a direct clone of PPC's with some modifications, appeared lacking a good understanding of the security involved in PPC's PoS. Cunicula instead always wanted a 'hybrid' system involving proof-of-work in security, whereas PPC's security is 100% proof-of-stake.

That said, you are certainly welcome to try some new ideas in the following versions of NXT.

WOW, this is huge people!

What is so huge in that? Often developers talk about other projects. He even said Monero technology is cool, so what?

I was surprised to see Vitalik talk positively about NXT since Ethereum's features and NXT's features overlap considerably more than that of Ethereum and Monero. NXT is more of a direct competitor to Ethereum than Monero is.

Wait for peer review (at least in the community). There's this weird reverence towards certain individuals in this community from people who don't understand shit. Let the experts evaluate and criticize and withhold your opinion until something reaches some sort of expert consensus.

Everyone now-days in crypto see a fucking PDF paper in academic format and treat it like a fucking bible. Speaking from a scientific background I've seen plenty of beautiful looking papers which 'look' like they got a lot of good stuff to say only to be complete and utter bullshit. Too bad this isn't my field of expertise.

Wait for peer review (at least in the community). There's this weird reverence towards certain individuals in this community from people who don't understand shit. Let the experts evaluate and criticize and withhold your opinion until something reaches some sort of expert consensus.

Everyone now-days in crypto see a fucking PDF paper in academic format and treat it like a fucking bible. Speaking from a scientific background I've seen plenty of beautiful looking papers which 'look' like they got a lot of good stuff to say only to be complete and utter bullshit. Too bad this isn't my field of expertise.

No scientist's paper is worth shit unless its been "peer reviewed", which means a big gang of experts all need to have checked it out and agreed with it before it gets published. Most scientific journals are peer reviewed and all the papers in them have been checked by a gang of experts beforehand. We need more experts to check out NXT.

What about white papers? Are they typically peer reviewed? I know it's good practice to peer review academic papers published in journals (which is what this one seems to be minus the journal part) but what about white papers?

Hmmm...let me think about that one for a moment.

Oh, yeah, that would be down to the complete lack of a PhD in cryptography, (left it in my other suit) or even a basic grasp of the maths involved in VB's paper.

That, old son, is precisely why we need peer review.
Me saying: "Looks fine, mate, she'll be right" is not a solid basis for a system of crypto currency, even if I am completely correct.

Aren't you a NXT dev? Or are you more involved in the low-level programming side of things? And Vitalik is barely 20. I doubt he has a PhD. He's still probably one of the best in the field though.

[Daedelus]

Didn't Sunny King once say that NXT's PoS algorithm was lifted from Peercoin? I'll see if I can find the quote...

EDIT: Found it:

I thought you were the one coded the PoS in NXT. As far as I know at least the first version of NXT's PoS is a direct clone of PPC's with some modifications, appeared lacking a good understanding of the security involved in PPC's PoS. Cunicula instead always wanted a 'hybrid' system involving proof-of-work in security, whereas PPC's security is 100% proof-of-stake.

That said, you are certainly welcome to try some new ideas in the following versions of NXT.

He may have begun with a plan of implementing Peercoin's POS but no Nxt release has ever included it. He thought it was flawed due to being able to accumulate coin age with lots of low stakes. I think this is what led to the dev checkpoints in Peercoin. I'll find his quote...

Not the quote I was looking for but it serves the purpose:

Block generation is determined by previous blocks.  If you are doomed to generate next block in 3 hours you can prepare a block instantly, but you have to wait for 3 hours before you can reveal it (otherwise it will be ignored by the network).  You can build millions blockchains in parallel to find the best one for an attack, but at some point you will need someone else to generate a block (or wait again).  Nxt uses a novel PoS algorithm, not the one PPC, NVC and other altcoins do.  Nxt doesn't have their flaws.

[Lorenzo]

Didn't Sunny King once say that NXT's PoS algorithm was lifted from Peercoin? I'll see if I can find the quote...

EDIT: Found it:

I thought you were the one coded the PoS in NXT. As far as I know at least the first version of NXT's PoS is a direct clone of PPC's with some modifications, appeared lacking a good understanding of the security involved in PPC's PoS. Cunicula instead always wanted a 'hybrid' system involving proof-of-work in security, whereas PPC's security is 100% proof-of-stake.

That said, you are certainly welcome to try some new ideas in the following versions of NXT.

He may have begun with a plan of implementing Peercoin's POS but no Nxt release has ever included it. He thought it was flawed due to being able to accumulate coin age with lots of low stakes. I think this is what led to the dev checkpoints in Peercoin. I'll find his quote...

Not the quote I was looking for but it serves the purpose:

Block generation is determined by previous blocks.  If you are doomed to generate next block in 3 hours you can prepare a block instantly, but you have to wait for 3 hours before you can reveal it (otherwise it will be ignored by the network).  You can build millions blockchains in parallel to find the best one for an attack, but at some point you will need someone else to generate a block (or wait again).  Nxt uses a novel PoS algorithm, not the one PPC, NVC and other altcoins do.  Nxt doesn't have their flaws.

You mean this quote right?

Alice has 2500 nxts on her account.  Last time she found a block 4 days ago.  Her money is like a mining rig with hashpower equal to 2500 * 4 = 10000 GH/s.
Bob has 1000 ntx on his account.  He was on vacation and hasn't opened his account for 20 days.  His money is like a mining rig with 1000 * 20 = 20000 GH/s hashpower.
Each time Alice or Bob opens their account they have a chance to generate a block.  More money they have, higher a chance to do it.  More time passed since the previous generated block, higher a chance to generate a new one.
Even a small amount can generate a block by accident.
An exchange that holds coins of its customers can afford to provide the service with 0% fee.  It will still earn money via block generation.

After thinking about the mining algorithm I came to conclusion that original proof-of-stake used by PPC and NVC is a bit flawed.  Bob could accumulate small amounts on different accounts during a long period of time and then attempt a 51% attack.  Artificial limits like max 90 days don't seem to work as intended.  Nxt will use a different proof-of-stake approach, I need time to nail some details and then I'll post them here.

I thought by "first version", he meant the first release. Upon further examination, it seems that he chose to move away from PPC's model and use his own implementation of PoS before the first release.

[Daedelus]

Yes, that is the one.

[vlad12]

Wait for peer review (at least in the community). There's this weird reverence towards certain individuals in this community from people who don't understand shit. Let the experts evaluate and criticize and withhold your opinion until something reaches some sort of expert consensus.

Everyone now-days in crypto see a fucking PDF paper in academic format and treat it like a fucking bible. Speaking from a scientific background I've seen plenty of beautiful looking papers which 'look' like they got a lot of good stuff to say only to be complete and utter bullshit. Too bad this isn't my field of expertise.

No scientist's paper is worth shit unless its been "peer reviewed", which means a big gang of experts all need to have checked it out and agreed with it before it gets published. Most scientific journals are peer reviewed and all the papers in them have been checked by a gang of experts beforehand. We need more experts to check out NXT.

What about white papers? Are they typically peer reviewed? I know it's good practice to peer review academic papers published in journals (which is what this one seems to be minus the journal part) but what about white papers?

What about whitepapers? Especially whitepapers! Everything needs to go through a bullshit filter. Right now, this community is young, so it will take some time to build up a bunch of experts with actual achievements to back up their criticisms. Until then, I wouldn't be so on-board with believing the first positive thing you hear about your favorite coin.

[Peter R]

This was posted in a different thread, but here are some comments I made in regards to Vitalik's analysis of the Nxt algorithm:

Vitalik may have just done the proof you were looking for for Nxt...

Thanks for the info and I applaud efforts like this to formalize the consensus problem.  My take on what Vitalik has done is that he's defined a term "crypto-economically secure entropy source" and then provided what he claims is a proof that the Nxt algorithm¹ satisfies this.  But note that even if the proof is correct, and even if the definition of "crypto-economically secure entropy source" is useful, it is still a far cry from convincingly showing that "Nxt is as secure as Bitcoin."

Let's take a closer look: Vitalik specifies that a "crypto-economically secure entropy source" should posses (a) unpredictability and (b) uninfluenceability.  In plain words, his definition of "unpredictability" just means that, given enough time, the "state" of the currency system at some finite time in the future cannot be determined with information available in the present moment.  Regardless of whether the system became fully unpredictable 10 minutes or 100 years in the future, his condition would be satisfied.  Also note that his proof is only valid in the case where p0(60) is non zero, which is not true at least in the trivial case where an attacker is in control of 100% of the active accounts.  

His definition for uninfluenceability (I) just says that there's a minimum cost for an attacker to influence the probability of some blockchain event.  Even if the cost is very small, and even if the event he's influencing is very significant, his definition would still be satisfied.

His definition for uninfluenceability (II) is confusing to me.  He says that an attacker controlling k of the stake should be unable to change the probability of some event to more than p' = p*(1+b) for some constant b.  But there's always a constant value of b that would make p' = 100%.  Perhaps I'm misinterpretting something, but if an attacker controlled 0.1% of the stake and could influence the outcome 100% of the time, his definition of uninfluenceability would still be satisfied [although such as system would be very influenceable].

Anyways, I'm not trying to be critical of Vitalik's efforts, I'm just pointing out that the results applied to Nxt may not be very significant in terms of Nxt's actual security properties.

¹Neglecting the algorithm for how nodes that were previously offline determine the best blockchain out of many valid candidate blockchains upon rejoining the network.

[Daedelus]

^that's a good thread