Qubic - Quorum-Based Coin

[Come-from-Beyond]

Here is a re-post from http://qubic.boards.net/

What Qubic is
Qubic is a medium of exchange in the Information Age. It is money that can be created, controlled and used by anyone.

Why Qubic was invented
Inspired by Bitcoin and its forks, the author of Qubic began to think of a currency that would have advantages of Bitcoin but would not have its disadvantages. After a while he came to a concept that was named "Qubic".

Where name "Qubic" came from
An idea of quorum-based coins is the core of the concept. These coins are created and controlled by arbitrary nodes on the Internet without any central authority. Name "Qubic" came from acronym "QBC" which stands for "Quorum-Based Coin". The coins are called "qubics" to distinguish them among other types of coins.

What qubics are
Qubics are binary data stored in computers. These data contain information about value of qubics, their public and private keys. A private key is known only to a qubic's owner and is used to prove ownership.

How qubics are created
Qubics are created ("minted") by nodes ("providers") that run special software. Every provider does work necessary for normal existence of the Qubic network. Periodically every provider receives new qubics as a reward for its support of the network and this reward is proportional to quality of provided service.

What service is provided
Providers mint new qubics. They let qubics to be split, combined and refreshed, providers also prevent double-spending of qubics. Splitting is used to split a qubic to ones with lesser values to get specific amount. Combining is used to combine qubics to make them easier to store. Refreshing is used to change private keys, it is also used to stress-test the network to keep it healthy.

How qubics are transferred
To transfer qubics during a trade between parties it is necessary to transfer private keys. After the keys are accepted by the seller the qubics are destroyed and new ones with the same values are created. Private keys of the new qubics are known only to the new owner. Transfer of keys occurs outside the Qubic network (via e-mail or special software), so it is impossible to track transactions made with qubics. Destroying of qubics and creation of new ones is a common occurrence and noone can prove that this happened due to a trade.

What features Qubic has
- Value of a qubic varies from 0.000000001 (10^-9) to 999999999.999999999 (almost 10⁹), it is 9 decimal places before and after the point.
- Supply of qubics is theoretically unlimited. Every provider decides how many qubics it lets to be rewarded to the other providers. In the future the system can come to a state when total value of minted qubics becomes less than total value of qubics lost during the same period of time. (Some loss of qubics is expected due to lost keys and other causes.)
- No fees are supposed to be charged for transactions as they occur outside the Qubic network. Providers obtain qubics by providing the service.
- Transactions can not be tracked.
- Noone needs to reveal theirs real identities to be able to use Qubic.
- There are no "accounts" in Qubic, only "coins" which can be lost but can not be nullified.

Implementation of the concept
The author is working on an implementation of the concept. Constructive suggestions and help in testing are very welcome.


Quick comparison with Bitcoin:

- No fees
- Transactions can't be scrutinized
- Network-bound proof-of-work instead of CPU-bound one is used
- New coins are produced at the rate determined by quorum of miners, not by developers (good ole Greek democracy)
- Coins "look" like real coins (not a ground-breaking feature but a neat one)
- No need to download gigs of data from "a blockchain", every miner is allowed to handle only fraction of the Qubic network
- Transfer of money in Qubic is supposed to be much faster than in Bitcoin
- Qubic is more eco-friendly as it doesn't require a lot of electricity to be spent
- (I'll add more if anything comes to mind)

[Etlase2]

From what I gather this is somewhat based off of the Chaumian-style digital cash.

1. How does the system prevent sybil attacks without proof of work?
2. How is consensus reached on how many and what coins exist?
3. What the hell does "Coins "look" like real coins" mean?
4. How long do you expect it to take consensus to be reached to prevent double spending?

[Come-from-Beyond]

1. How does the system prevent sybil attacks without proof of work?

Any provider can consider any other provider to be trusted with some weight. 1000x, for example, means that an attacker has to create at least 1000 faked providers visible to the attacked provider to make a successfull Sybil attack (not all providers are visible to the others, so practically it is necessary to have more than 1000 faked ones). All data received from such a trusted provider should be carefully logged and audited (to prevent qubics to be minted out of thin air), but it is necessary only in the beginning. When more providers join the Qubic network, Sybil attack will become less dangerous. So after a while it can be possible to get rid of all trusted providers. As every provider itself marks other providers trusted and choses appropriate weights and noone else knows this information, Sybil attack doesn't seem to be an issue. Anyway I'm concerned about it and plan to simulate such kind of attack during pre-launch tests.

2. How is consensus reached on how many and what coins exist?

Everytime when a new transaction appears (SPLIT, COMBINE, REFRESH) providers distribute it each to other. When a provider receives a new transaction it increases the rating of the provider the transaction was received from. Periodically every provider asks the others if they wish to mint new qubics and receives public keys of these qubics. There are 19 keys for qubics with values of 0.000000001, 0.000000009, 0.00000009, 0.0000009, ..., 0.9, 9, 90, ..., 900000000 are published by every asked provider. Every provider makes decision what total value of qubics it lets to be minted by every other provider and this is based on the rating.

Let's imagine that provider A lets 100 QBC to be minted by provider Z. Provider B lets 10 QBC by Z and provider C - 10 QBC by Z as well. A stores qubics with keys corresponding to values 90, 9, 0.9, 0.09, ... (total = 100 QBC). B and C store keys corresponding to values 9, 0.9, 0.09, ... (total = 10 QBC) both. Now if Z try to do anything with qubics with values higher than 90 QBC it will be rejected by everyone. Transactions with 90 QBC will be accepted only by 1 of 3 providers (no quorum) so it means that the qubic [90 QBC] wasn't minted. Transactions with 9 QBC and less will be accepted by the quorum of providers.

There could be a situation when every provider refuses to accept qubics minted by the others. In this case the Qubic network will start to lose its providers (no point to work for free) and credibility of the rest of the world. So the price of 1 QBC will go down which will lower profits of remaining providers. Similar scenario is expected even in case when values of minted qubics are higher than zero but still too low. On the other hand it's undesirable for the network to mint a lot of qubics, coz in this case due to inflation the price of 1 QBC will go down as well. I suppose that the whole system will find a point of dynamic balance, just like the market does.

The same with already existing qubics. It's necessary to ask some providers if this particular qubic exists. If u asked 100 providers and more than 50 said "yes", than u should consider it's legit qubic. If u r not satisfied with numbers than just ask 1000 providers and keep asking as long as u wish.

3. What the hell does "Coins "look" like real coins" mean?

Bitcoin has accounts and their balances. Qubic doesn't have accounts. Qubics are very similar to real coins as there are no connections between a purse (a wallet in Bitcoin) and a qubic.

4. How long do you expect it to take consensus to be reached to prevent double spending?

Something within 60 seconds. Need to make experiments though as this depends on an implementation.

[Etlase2]

The same with already existing qubics. It's necessary to ask some providers if this particular qubic exists. If u asked 100 providers and more than 50 said "yes", than u should consider it's legit qubic. If u r not satisfied with numbers than just ask 1000 providers and keep asking as long as u wish.

You've got a lot of work ahead of you if you think this can be used as a way to bring consensus. In a decentralized system, there has to be a way for everyone to eventually come to an agreement on what has happened.

As every provider itself marks other providers trusted and choses appropriate weights and noone else knows this information, Sybil attack doesn't seem to be an issue.

No one else knows this information including people who want to transact on the network. Determining who to trust will be impossible and sybil attacks will be easy.

[Come-from-Beyond]

You've got a lot of work ahead of you if you think this can be used as a way to bring consensus. In a decentralized system, there has to be a way for everyone to eventually come to an agreement on what has happened.

Minting algo can be adjusted. Or completely changed. And then we'll see if it works.

No one else knows this information including people who want to transact on the network. Determining who to trust will be impossible and sybil attacks will be easy.

It's not necessary to choose whom to trust when there are thousands providers and Sybil attack can't be implemented easily. At early stage with a few providers only small amount of qubics can be minted and it's easy to audit every qubic. Real qubics can be minted starting from the point when the network will have enough providers to overcome attackers.

[Etlase2]

You claim a sybil attack can't be mounted easily, but the only defense you seem to have is that honest people will have more. One botnet could have thousands or hundreds of thousands of IP addresses. Once IPv6 is the norm, governments and ISPs will have easy access to billions of IP addresses. The trust system might work among providers that know and trust each other, but this does nothing for people trying to use the network. They will be inundated with all kinds of providers and have no clue as to which ones are trustworthy. Not to mention since each provider will likely have a different idea about who is trustworthy, trust can't be used to weigh votes on how many coins are created. So someone with tens of thousands of IPs can just say "I want 9999999" tens of thousands of times (good lord the data consumption) and destroy any value to the currency.

you gotta solve this too: http://en.wikipedia.org/wiki/Byzantine_generals

You might be interested in this: https://github.com/FellowTraveler/Open-Transactions/wiki

[Sunny King]

- Network-bound proof-of-work instead of CPU-bound one is used

Is there more to the 'network-bound proof-of-work' other than ip addresses?

I assume if you call it 'proof-of-work' there must be more than unique ip addresses? Number of transactions received?

Can't say for sure if you have at least mitigated sybil attack with just the sketch you provided but Etlase has some good points here.

Also the inflation model seems to be wide open.

[Come-from-Beyond]

You claim a sybil attack can't be mounted easily, but the only defense you seem to have is that honest people will have more.

It's enough to defend. Sybil attack is like 51% attack in Bitcoin world. Do we have a lot of problems with anyone 51%-attacking Bitcoin?

you gotta solve this too: http://en.wikipedia.org/wiki/Byzantine_generals

No need. Bitcoin ignore such an issue and works perfectly (I'm talking about bitcoin clients that retransmit transactions, who makes them doing this correctly?). If at some step this becomes a problem, than Paxos will be added to implementations.

You might be interested in this: https://github.com/FellowTraveler/Open-Transactions/wiki

Thx. I've seen this long time ago. It's quite different.

[Come-from-Beyond]

- Network-bound proof-of-work instead of CPU-bound one is used

Is there more to the 'network-bound proof-of-work' other than ip addresses?

I assume if you call it 'proof-of-work' there must be more than unique ip addresses? Number of transactions received?

Can't say for sure if you have at least mitigated sybil attack with just the sketch you provided but Etlase has some good points here.

Also the inflation model seems to be wide open.

Faster u send transactions - more qubics will be rewarded to u.

Etlase indeed has good points regarding Sybil attack. This kind of attack can't be completely avoided without a central authority, but Bitcoin has similar issue (51% attack) and still works fine. If we grow in numbers the attack won't bother us.

Regarding inflation model... It depends on quorum of providers.

[Etlase2]

It's enough to defend. Sybil attack is like 51% attack in Bitcoin world. Do we have a lot of problems with anyone 51%-attacking Bitcoin?

No, we don't have a lot of problems with anyone 51% attacking bitcoin because it costs a lot of money. IP addresses do not.

No need. Bitcoin ignore such an issue and works perfectly (I'm talking about bitcoin clients that retransmit transactions, who makes them doing this correctly?). If at some step this becomes a problem, than Paxos will be added to implementations.

:sigh: Bitcoin does not ignore byzantine fault tolerance. It's part of that whole distributed-consensus block chain thingy you might have heard of.
"If u asked 100 providers and more than 50 said "yes", than u should consider it's legit qubic. If u r not satisfied with numbers than just ask 1000 providers and keep asking as long as u wish." - This reeks of byzantine failure. I am not familiar with Paxos, but by a brief overview it looks like it is made for a centralized service with distributed fault tolerance, not a distributed network protocol.

[Come-from-Beyond]

No, we don't have a lot of problems with anyone 51% attacking bitcoin because it costs a lot of money. IP addresses do not.

Maintaining a lot of providers doing a lot of work during long period of time is expensive too. U can't just launch 100500 providers and say "I have 1000000000 QBC".

:sigh: Bitcoin does not ignore byzantine fault tolerance. It's part of that whole distributed-consensus block chain thingy you might have heard of.
"If u asked 100 providers and more than 50 said "yes", than u should consider it's legit qubic. If u r not satisfied with numbers than just ask 1000 providers and keep asking as long as u wish." - This reeks of byzantine failure. I am not familiar with Paxos, but by a brief overview it looks like it is made for a centralized service with distributed fault tolerance, not a distributed network protocol.

If number of "good" providers is higher than number of "evil" ones then I see no problem. When a qubic is destroyed "good" providers erase its data and won't say "it still exists". If u ask 100 providers then 51+ will say "it doesn't exist". Every provider keeps records about existing qubics itself. We (users of Qubic) need to ask providers only to get recent info to avoid double-spending.
Perhaps I can't get ur question, could u paraphrase it?

[markm]

How many bots does a botnet tend to have? Maybe only a few hundred thousand for a not particularly huge/notable botnet?

So botnets should be easily able to "51% attack" you until you have a few million "good" nodes, presumably?

Maybe you are yourself in control of one of the several million bots botnets, thus expect to easily defeat a few smaller (few hundred thousand nodes) botnets yourself to secure this coin? (Why else would you design a system explicitly ensuring botnets a massive advantage over normal folk?)

-MarkM-

[Come-from-Beyond]

How many bots does a botnet tend to have? Maybe only a few hundred thousand for a not particularly huge/notable botnet?

So botnets should be easily able to "51% attack" you until you have a few million "good" nodes, presumably?

Maybe you are yourself in control of one of the several million bots botnets, thus expect to easily defeat a few smaller (few hundred thousand nodes) botnets yourself to secure this coin? (Why else would you design a system explicitly ensuring botnets a massive advantage over normal folk?)

-MarkM-

We should distinguish a concept and its implementation. Depending on an implementation number of bots required to overtake legit providers could vary from 1 to 1000000000.

Perhaps u will laugh but I design this system to make the world better. U shouldn't trust me of coz. I'll publish source code, so anyone can audit it. Or make his own implementation.

[Come-from-Beyond]

In addition to the valid concerns and questions in this thread, a quick look at the recent post history for Come-from-Beyond shows that it contains very little beyond FUD attempts.

Thx. I was waiting for a reply like urs. To just to make statement that I understand that there are a lot of bitcoiners and litecoiners who are against any possible competitor of their lovely Coin. So I'll ignore all replies which r non-constructive ones.

[markm]

OK so what implementation details will you be including in order to ensure that being out-numbered by botnet nodes will not be a problem?

-MarkM-

[Come-from-Beyond]

OK so what implementation details will you be including in order to ensure that being out-numbered by botnet nodes will not be a problem?

-MarkM-

Weighted trust built on history. Longer a provider stays (and send correct responses) on the network - more weight it has. Every provider has its own IP address which identifies it. Most of zombie computers popup and disappear on the Internet, so they r unable to earn noticeable weight.

[kjj]

In addition to the valid concerns and questions in this thread, a quick look at the recent post history for Come-from-Beyond shows that it contains very little beyond FUD attempts.

Thx. I was waiting for a reply like urs. To just to make statement that I understand that there are a lot of bitcoiners and litecoiners who are against any possible competitor of their lovely Coin. So I'll ignore all replies which r non-constructive ones.

No, no.  We welcome competitors.  If not for the corpses of the dead alternate coin systems covering the field, how would we have any way to tell how great bitcoin is?

[Come-from-Beyond]

No, no.  We welcome competitors.  If not for the corpses of the dead alternate coin systems covering the field, how would we have any way to tell how great bitcoin is?

Good point of view. But some hoarders r still not happy with new coins appearing around.

[kjj]

No, no.  We welcome competitors.  If not for the corpses of the dead alternate coin systems covering the field, how would we have any way to tell how great bitcoin is?

Good point of view. But some hoarders r still not happy with new coins appearing around.

Meh.  If inflation was a desirable property, one of the many, many attempts to create inflateacoin would have taken off.  None have.  Not exactly QED, but highly suggestive.

[Come-from-Beyond]

Meh.  If inflation was a desirable property, one of the many, many attempts to create inflateacoin would have taken off.  None have.  Not exactly QED, but highly suggestive.

Qubic can deflate too. Depends on the quorum.

I don't really care of inflation/deflation, I wish to create money without disadvantages of Bitcoin, some extra advantages would be good bonus also.