smoothie
Legendary
Offline
Activity: 2492
Merit: 1474
LEALANA Bitcoin Grim Reaper
|
|
October 15, 2012, 06:50:07 PM |
|
Sounds like lots of people have questions that aren't being answered and are responded to, mostly by Sunny, as "It is the way it is because it is complex"...
lol
|
███████████████████████████████████████
,╓p@@███████@╗╖, ,p████████████████████N, d█████████████████████████b d██████████████████████████████æ ,████²█████████████████████████████, ,█████ ╙████████████████████╨ █████y ██████ `████████████████` ██████ ║██████ Ñ███████████` ███████ ███████ ╩██████Ñ ███████ ███████ ▐▄ ²██╩ a▌ ███████ ╢██████ ▐▓█▄ ▄█▓▌ ███████ ██████ ▐▓▓▓▓▌, ▄█▓▓▓▌ ██████─ ▐▓▓▓▓▓▓█,,▄▓▓▓▓▓▓▌ ▐▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▌ ▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓─ ²▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓╩ ▀▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▀ ²▀▀▓▓▓▓▓▓▓▓▓▓▓▓▀▀` ²²² ███████████████████████████████████████
| . ★☆ WWW.LEALANA.COM My PGP fingerprint is A764D833. History of Monero development Visualization ★☆ . LEALANA BITCOIN GRIM REAPER SILVER COINS. |
|
|
|
AndyRossy
|
|
October 15, 2012, 10:30:19 PM |
|
Sounds like lots of people have questions that aren't being answered and are responded to, mostly by Sunny, as "It is the way it is because it is complex"...
lol
Who are you quoting?
|
|
|
|
smoothie
Legendary
Offline
Activity: 2492
Merit: 1474
LEALANA Bitcoin Grim Reaper
|
|
October 15, 2012, 10:38:19 PM |
|
Sounds like lots of people have questions that aren't being answered and are responded to, mostly by Sunny, as "It is the way it is because it is complex"...
lol
Who are you quoting? It is more of a paraphrase of what Sunny has said recently on why he has no formula and analysis of PPC. "It's difficult/complex....that's why"
|
███████████████████████████████████████
,╓p@@███████@╗╖, ,p████████████████████N, d█████████████████████████b d██████████████████████████████æ ,████²█████████████████████████████, ,█████ ╙████████████████████╨ █████y ██████ `████████████████` ██████ ║██████ Ñ███████████` ███████ ███████ ╩██████Ñ ███████ ███████ ▐▄ ²██╩ a▌ ███████ ╢██████ ▐▓█▄ ▄█▓▌ ███████ ██████ ▐▓▓▓▓▌, ▄█▓▓▓▌ ██████─ ▐▓▓▓▓▓▓█,,▄▓▓▓▓▓▓▌ ▐▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▌ ▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓─ ²▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓╩ ▀▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▀ ²▀▀▓▓▓▓▓▓▓▓▓▓▓▓▀▀` ²²² ███████████████████████████████████████
| . ★☆ WWW.LEALANA.COM My PGP fingerprint is A764D833. History of Monero development Visualization ★☆ . LEALANA BITCOIN GRIM REAPER SILVER COINS. |
|
|
|
DiCE1904
Legendary
Offline
Activity: 1118
Merit: 1002
|
|
October 15, 2012, 10:54:28 PM |
|
Sounds like lots of people have questions that aren't being answered and are responded to, mostly by Sunny, as "It is the way it is because it is complex"...
lol
Who are you quoting? It is more of a paraphrase of what Sunny has said recently on why he has no formula and analysis of PPC. "It's difficult/complex....that's why" http://youtu.be/C_c7cmeDAOwkind of like a taco, within a taco, within a Taco Bell within YOUR MIND! Its super cool and complex.
|
|
|
|
AndyRossy
|
|
October 15, 2012, 11:49:02 PM |
|
Sounds like lots of people have questions that aren't being answered and are responded to, mostly by Sunny, as "It is the way it is because it is complex"...
lol
Who are you quoting? It is more of a paraphrase of what Sunny has said recently on why he has no formula and analysis of PPC. "It's difficult/complex....that's why" How is that a paraphrase?
|
|
|
|
Etlase2
|
|
October 16, 2012, 06:14:45 AM |
|
Honestly Andy, your knob slobbing is almost as bad as smoothie's trolling. Are you getting paid?
|
|
|
|
smoothie
Legendary
Offline
Activity: 2492
Merit: 1474
LEALANA Bitcoin Grim Reaper
|
|
October 16, 2012, 06:33:54 AM |
|
Sounds like lots of people have questions that aren't being answered and are responded to, mostly by Sunny, as "It is the way it is because it is complex"...
lol
Who are you quoting? It is more of a paraphrase of what Sunny has said recently on why he has no formula and analysis of PPC. "It's difficult/complex....that's why" How is that a paraphrase? How is it not a paraphrase? Edit: Detract...change subject...oh back on topic....."it's difficult/complex....that's why"
|
███████████████████████████████████████
,╓p@@███████@╗╖, ,p████████████████████N, d█████████████████████████b d██████████████████████████████æ ,████²█████████████████████████████, ,█████ ╙████████████████████╨ █████y ██████ `████████████████` ██████ ║██████ Ñ███████████` ███████ ███████ ╩██████Ñ ███████ ███████ ▐▄ ²██╩ a▌ ███████ ╢██████ ▐▓█▄ ▄█▓▌ ███████ ██████ ▐▓▓▓▓▌, ▄█▓▓▓▌ ██████─ ▐▓▓▓▓▓▓█,,▄▓▓▓▓▓▓▌ ▐▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▌ ▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓─ ²▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓╩ ▀▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▀ ²▀▀▓▓▓▓▓▓▓▓▓▓▓▓▀▀` ²²² ███████████████████████████████████████
| . ★☆ WWW.LEALANA.COM My PGP fingerprint is A764D833. History of Monero development Visualization ★☆ . LEALANA BITCOIN GRIM REAPER SILVER COINS. |
|
|
|
smoothie
Legendary
Offline
Activity: 2492
Merit: 1474
LEALANA Bitcoin Grim Reaper
|
|
October 16, 2012, 06:34:32 AM |
|
Honestly Andy, your knob slobbing is almost as bad as smoothie's trolling. Are you getting paid?
No the question is whether it is by the minute or the hour in PPC is he getting paid. LOL
|
███████████████████████████████████████
,╓p@@███████@╗╖, ,p████████████████████N, d█████████████████████████b d██████████████████████████████æ ,████²█████████████████████████████, ,█████ ╙████████████████████╨ █████y ██████ `████████████████` ██████ ║██████ Ñ███████████` ███████ ███████ ╩██████Ñ ███████ ███████ ▐▄ ²██╩ a▌ ███████ ╢██████ ▐▓█▄ ▄█▓▌ ███████ ██████ ▐▓▓▓▓▌, ▄█▓▓▓▌ ██████─ ▐▓▓▓▓▓▓█,,▄▓▓▓▓▓▓▌ ▐▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▌ ▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓─ ²▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓╩ ▀▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▀ ²▀▀▓▓▓▓▓▓▓▓▓▓▓▓▀▀` ²²² ███████████████████████████████████████
| . ★☆ WWW.LEALANA.COM My PGP fingerprint is A764D833. History of Monero development Visualization ★☆ . LEALANA BITCOIN GRIM REAPER SILVER COINS. |
|
|
|
killerstorm (OP)
Legendary
Offline
Activity: 1022
Merit: 1033
|
|
October 16, 2012, 03:10:46 PM |
|
What exact simulation do you want ran, I will run it. I do not want to run anything, I'm merely suggesting a simulation. For example, you can simulate proof-of-stake mining where one malicious miner tries to mine many blocks in one go. Setup is described here: https://bitcointalk.org/index.php?topic=102342.msg1139483#msg1139483Suppose we have N equal 'stakes'. (N-n) stakes belong to honest miners, n belong to a greedy one who wants to do double-spend. You can simulate PoS mining in this way: each block should have some random number X associated with it. Then miner rolls a dice to get random number Xi. If |X-Xi| < coin-days miner has then he signs PoS block. So you go through all miners trying to find one who have solved PoS block. If nobody solves it then next block is PoW block, so you just roll another X. For a malicious miner things are a bit different, though. He tries all his n shares one by one. If one or more shares solve the block, he immediately tries to build another blocks on top of it using his other stakes. If chain of k blocks can be built malicious miner wins a double spend. If his best chain is less than k blocks he doesn't submit his blocks so coin-days of his stake isn't reset. For everybody else, solving the block resets coin-days, not solving it in this round increases it by one. This is a very basic simulation. Ideally you should use parts of PPCoin code to simulate real mining. (Of course, only PoS blocks, you don't need to make valid PoW blocks.) E.g. CTransaction::CheckProofOfStake https://github.com/ppcoin/ppcoin/blob/master/src/main.cppIt isn't easy, it might take a couple of days, or maybe a week of work. But it's not a rocket science either...
|
|
|
|
cunicula
Legendary
Offline
Activity: 1050
Merit: 1003
|
|
October 16, 2012, 03:28:48 PM Last edit: October 16, 2012, 03:40:17 PM by cunicula |
|
How hard would it be to modify the PPC coin client so that it attempts to generate a stake block for not just the main chain, but also for any forks from the main branch?
Adoption of such a modified client would seem to slightly increase stake income. (i.e. in the event of an orphaned block, you get your stake earlier. This means you accumulate coin age more quickly. This means your next block comes slightly earlier too.)
Complete adoption of this modified client would seem to make all forks equivalent in terms of stake content. Therefore only proof-of-work would determine chain selection, correct?
Also, as more people adopt this client forks become more frequent. Therefore, the rewards from adopting the updated client increase. Right?
|
|
|
|
pyra-proxy
|
|
October 16, 2012, 04:08:26 PM |
|
How hard would it be to modify the PPC coin client so that it attempts to generate a stake block for not just the main chain, but also for any forks from the main branch?
Adoption of such a modified client would seem to slightly increase stake income. (i.e. in the event of an orphaned block, you get your stake earlier. This means you accumulate coin age more quickly. This means your next block comes slightly earlier too.)
Complete adoption of this modified client would seem to make all forks equivalent in terms of stake content. Therefore only proof-of-work would determine chain selection, correct?
Also, as more people adopt this client forks become more frequent. Therefore, the rewards from adopting the updated client increase. Right?
Would that not nullify any perceived advantage of PoS though and then you might as well go back to PoW? PoS in this case would really only be serving the purpose of transaction processing between PoW which would again contain all the security responsibility no?
|
|
|
|
AndyRossy
|
|
October 16, 2012, 04:11:55 PM |
|
What exact simulation do you want ran, I will run it. I do not want to run anything, I'm merely suggesting a simulation. For example, you can simulate proof-of-stake mining where one malicious miner tries to mine many blocks in one go. Setup is described here: https://bitcointalk.org/index.php?topic=102342.msg1139483#msg1139483Suppose we have N equal 'stakes'. (N-n) stakes belong to honest miners, n belong to a greedy one who wants to do double-spend. You can simulate PoS mining in this way: each block should have some random number X associated with it. Then miner rolls a dice to get random number Xi. If |X-Xi| < coin-days miner has then he signs PoS block. So you go through all miners trying to find one who have solved PoS block. If nobody solves it then next block is PoW block, so you just roll another X. For a malicious miner things are a bit different, though. He tries all his n shares one by one. If one or more shares solve the block, he immediately tries to build another blocks on top of it using his other stakes. If chain of k blocks can be built malicious miner wins a double spend. If his best chain is less than k blocks he doesn't submit his blocks so coin-days of his stake isn't reset. For everybody else, solving the block resets coin-days, not solving it in this round increases it by one. This is a very basic simulation. Ideally you should use parts of PPCoin code to simulate real mining. (Of course, only PoS blocks, you don't need to make valid PoW blocks.) E.g. CTransaction::CheckProofOfStake https://github.com/ppcoin/ppcoin/blob/master/src/main.cppIt isn't easy, it might take a couple of days, or maybe a week of work. But it's not a rocket science either... Thanks.
|
|
|
|
cunicula
Legendary
Offline
Activity: 1050
Merit: 1003
|
|
October 16, 2012, 04:18:59 PM |
|
Would that not nullify any perceived advantage of PoS though and then you might as well go back to PoW? PoS in this case would really only be serving the purpose of transaction processing between PoW which would again contain all the security responsibility no?
Yes, that is the point. Proof-of-stake allows stakeholders to send a signal that one fork is correct. However, conditional on you having the necessary stake, each signal is costless and you can simultaneously signal for multiple forks (i.e. you can take both sides of the bet without any additional cost). Each signal will earn a reward if the fork turns out to win. Therefore you might as well signal for as many forks as possible. I've been agitating for costly signals to avoid this problem. If each signal is costly, then you would only send it out for chains that are likely to succeed. The cost would be paid in work. For some reason, only my proof-of-stake proposal incorporates costly signaling. I don't understand why. I'm trying to provoke an argument about whether costless signaling is a major problem. I think it is. Therefore, I think PPC coin should be modified to make signaling costly.
|
|
|
|
pyra-proxy
|
|
October 16, 2012, 04:36:27 PM |
|
Would that not nullify any perceived advantage of PoS though and then you might as well go back to PoW? PoS in this case would really only be serving the purpose of transaction processing between PoW which would again contain all the security responsibility no?
Yes, that is the point. Proof-of-stake allows stakeholders to send a signal that one fork is correct. However, conditional on you having the necessary stake, each signal is costless and you can simultaneously signal for multiple forks (i.e. you can take both sides of the bet without any additional cost). Each signal will earn a reward if the fork turns out to win. Therefore you might as well signal for as many forks as possible. I've been agitating for costly signals to avoid this problem. If each signal is costly, then you would only send it out for chains that are likely to succeed. The cost would be paid in work. For some reason, only my proof-of-stake proposal incorporates costly signaling. I don't understand why. I'm trying to provoke an argument about whether costless signaling is a major problem. I think it is. Therefore, I think PPC coin should be modified to make signaling costly. Now that I truly understand where you were going with that I agree :-)
|
|
|
|
markm
Legendary
Offline
Activity: 3010
Merit: 1121
|
|
October 16, 2012, 04:39:04 PM |
|
Right now its not a proof of stake coin at all, its just a free coins for rich folk coin.
-MarkM-
|
|
|
|
Sunny King
Legendary
Offline
Activity: 1205
Merit: 1010
|
|
October 16, 2012, 06:37:45 PM Last edit: October 16, 2012, 07:00:53 PM by Sunny King |
|
How hard would it be to modify the PPC coin client so that it attempts to generate a stake block for not just the main chain, but also for any forks from the main branch?
Adoption of such a modified client would seem to slightly increase stake income. (i.e. in the event of an orphaned block, you get your stake earlier. This means you accumulate coin age more quickly. This means your next block comes slightly earlier too.)
Complete adoption of this modified client would seem to make all forks equivalent in terms of stake content. Therefore only proof-of-work would determine chain selection, correct?
Also, as more people adopt this client forks become more frequent. Therefore, the rewards from adopting the updated client increase. Right?
Yes, that is the point. Proof-of-stake allows stakeholders to send a signal that one fork is correct. However, conditional on you having the necessary stake, each signal is costless and you can simultaneously signal for multiple forks (i.e. you can take both sides of the bet without any additional cost). Each signal will earn a reward if the fork turns out to win. Therefore you might as well signal for as many forks as possible.
I've been agitating for costly signals to avoid this problem. If each signal is costly, then you would only send it out for chains that are likely to succeed. The cost would be paid in work.
For some reason, only my proof-of-stake proposal incorporates costly signaling. I don't understand why. I'm trying to provoke an argument about whether costless signaling is a major problem. I think it is. Therefore, I think PPC coin should be modified to make signaling costly.
You could try to do that, but other nodes may only take the first block you send due to duplicate stake detection (see design paper for the description of duplicate stake detection). That means you would end up on one fork anyway. Also the proof-of-stake mint is based on coin age consumed by minter. You don't lose much if your block is on the wrong fork, as then the coin age wasn't consumed. So there isn't much incentive to try to prevent mint loss by getting on multiple forks.
|
|
|
|
markm
Legendary
Offline
Activity: 3010
Merit: 1121
|
|
October 16, 2012, 06:44:24 PM |
|
And that is the problem.
Voting for the wrong fork should be costly, not a freebie.
Failing to consume your coindays means you can vote for every fork.
So stake ends up not helping at all, its just free coins for rich folk and does not protect against attacker's forks.
-MarkM-
|
|
|
|
cunicula
Legendary
Offline
Activity: 1050
Merit: 1003
|
|
October 17, 2012, 03:21:07 AM |
|
You could try to do that, but other nodes may only take the first block you send due to duplicate stake detection (see design paper for the description of duplicate stake detection). That means you would end up on one fork anyway.
Also the proof-of-stake mint is based on coin age consumed by minter. You don't lose much if your block is on the wrong fork, as then the coin age wasn't consumed. So there isn't much incentive to try to prevent mint loss by getting on multiple forks.
Is it rational for miners to try to detect duplicate stake? I don't understand this well, so please correct any errors I make. Say we have two forks (A and B) with a common history H. Each fork has the probability pA and pB of becoming the main chain. Chain B is one block longer, containing an extra block Sb. They share a duplicated stake block Sd. (A) H-Sd (B) H-Sb-Sd Some unlucky miners are going to see fork A first. They perceive chains A and B to be of equal length. They will either extend fork A or add another fork to B. Some lucky miners see fork B fist and thus perceive fork B as longer. The lucky miners only extend fork B. Aren't the unlucky miners at a disadvantage because their blocks are more likely to be orphaned. Wouldn't they be better off ignoring duplicate stake detection and just extending the longer chain, B? If so, wouldn't miners prefer a modified client that drops duplicate stake detection?
|
|
|
|
Sunny King
Legendary
Offline
Activity: 1205
Merit: 1010
|
|
October 17, 2012, 02:54:35 PM |
|
You could try to do that, but other nodes may only take the first block you send due to duplicate stake detection (see design paper for the description of duplicate stake detection). That means you would end up on one fork anyway.
Also the proof-of-stake mint is based on coin age consumed by minter. You don't lose much if your block is on the wrong fork, as then the coin age wasn't consumed. So there isn't much incentive to try to prevent mint loss by getting on multiple forks.
Is it rational for miners to try to detect duplicate stake? I don't understand this well, so please correct any errors I make. Say we have two forks (A and B) with a common history H. Each fork has the probability pA and pB of becoming the main chain. Chain B is one block longer, containing an extra block Sb. They share a duplicated stake block Sd. (A) H-Sd (B) H-Sb-Sd Some unlucky miners are going to see fork A first. They perceive chains A and B to be of equal length. They will either extend fork A or add another fork to B. Some lucky miners see fork B fist and thus perceive fork B as longer. The lucky miners only extend fork B. Aren't the unlucky miners at a disadvantage because their blocks are more likely to be orphaned. Wouldn't they be better off ignoring duplicate stake detection and just extending the longer chain, B? If so, wouldn't miners prefer a modified client that drops duplicate stake detection? The current algorithm is for the unlucky miner to try to extend fork A, but if B gets extended by others first then the unlucky miner would accept fork B and reorganize. Once again I don't see much incentive here to try to disable duplicate stake detection and open yourself to serious DoS attacks. You just get your 1% later, it's not lost.
|
|
|
|
cunicula
Legendary
Offline
Activity: 1050
Merit: 1003
|
|
October 17, 2012, 03:20:09 PM Last edit: October 17, 2012, 04:00:33 PM by cunicula |
|
The current algorithm is for the unlucky miner to try to extend fork A, but if B gets extended by others first then the unlucky miner would accept fork B and reorganize.
Once again I don't see much incentive here to try to disable duplicate stake detection and open yourself to serious DoS attacks. You just get your 1% later, it's not lost.
You do lose a little due to compound interest. I get 1% interest a year from PPCoin. This is compounded every time I get a block. Getting the block earlier increases the compounding frequency. I concede that the benefit is minuscule. You could reduce the benefit to 0 by compounding interest continuously rather than just calculating the block reward using simple interest. My problem is as follows: 1) There is a positive incentive to adopt modified code. 2) The modified code invalidates the proof-of-stake mechanism. A cheap attack is to release modified code and pay new users a small amount to adopt it. Stake contributed by these corrupted clients would no longer secure the network. You depend on the residual users who decide to use the original code out of altruism. Again, admittedly just a tiny bit of altruism would suffice to motivate them. Anyways, the broader point is that security should be created by block validity rules. These rules are enforceable. Modifiable code should not be the basis for security. The blockchain-based solution is to require stakeholders to submit work when they submit signatures. This rule can be enforced in the blockchain.
|
|
|
|
|