Qubic - Quorum-Based Coin

[socrates1024]

How qubics are created
Qubics are created ("minted") by nodes ("providers") that run special software. Every provider does work necessary for normal existence of the Qubic network. Periodically every provider receives new qubics as a reward for its support of the network and this reward is proportional to quality of provided service.
...
Quick comparison with Bitcoin:

- No fees
- Transactions can't be scrutinized
- Network-bound proof-of-work instead of CPU-bound one is used
- New coins are produced at the rate determined by quorum of miners, not by developers (good ole Greek democracy)
- Coins "look" like real coins (not a ground-breaking feature but a neat one)
- No need to download gigs of data from "a blockchain", every miner is allowed to handle only fraction of the Qubic network
- Transfer of money in Qubic is supposed to be much faster than in Bitcoin
- Qubic is more eco-friendly as it doesn't require a lot of electricity to be spent
- (I'll add more if anything comes to mind)

1. Why "Quorum" is a loaded word:
     (Anonymous Global Quorum) The most important quality of Bitcoin is that it gets global consensus while being anonymous in the sense that it does not try to identify individuals among "the miners." Any public system that uses identifiers (e.g., an IP address, or self-reported public keys) is vulnerable to a sybil attack. Bitcoin's central innovation is using a proof-of-work competition to coordinate consensus without needing to distinguish between the participants.

      (Global Quorum with Identifiers) Ben Laurie described a quorum system where a network of globally 'trusted' providers performs a consensus voting protocol. http://www.links.org/files/decentralised-currencies.pdf The "Greek democracy" scheme also works this way, just with a large number of identities. The mapping of identifiers to nodes has to be decided ahead of time, which usually implies a central administration (e.g., to assign IP addresses, voter IDs, or to certify public keys). This is the "traditional" way to do distributed consensus, but it's at least partially centralized, which is dissatisfying.

If u asked 100 providers and more than 50 said "yes", than u should consider it's legit qubic. If u r not satisfied with numbers than just ask 1000 providers and keep asking as long as u wish.

     Now I think you're getting confusing - is the "quorum" considered 51% of the entire network, or just among the 100 providers that a single individual asks? If Alice in the US talks to 100 providers, and Bob in China talks to a different 100, will they get different answers than the other 800/1000? How does a single provider among all the providers receive rewards? I get the idea that you are no longer talking about "global" consensus at all. If that's true, then this might resemble Ripple http://ripple-project.org/paymentrouting.pdf which is a p2p currency system about local currencies (for example each individual issues their own notes). On the other hand, there's no expectation that your credits are valuable to a random other person on the other side network though (who has no reason to trust the issuer). It's not "money" though because it's not universal. I'm interested because you said that the rate of new coins is set by some mechanism other than developer-fiat. If it's set by a quorum, then is it by a global quorum, or some local kind (i.e., you ask 100 providers what the rate of new coins is?)

    I think you're being very vague about how the quorum is defined, what its boundaries are, and how individuals observe its responses. If you try to make a clear statement of the assumptions and objectives for the technical components of your system, then we can probably get to the bottom of how it works.

2. "Network-bound proof-of-work instead of CPU-bound one is used"
    I'm interested in this, can you give more details about the network-bound proof-of-work scheme?

[1715697749]

1715697749

[1715697749]

1715697749

[1715697749]

1715697749

[1715697749]

1715697749

[1715697749]

1715697749

[1715697749]

1715697749

[Come-from-Beyond]

Ben Laurie described a quorum system...

I've seen a lot of similar papers on the Internet and have not met any mathematically strong proof that such a system can't work. There is a way to find the solution by proving its in practice. I can fail, but I can succeed.

If u asked 100 providers and more than 50 said "yes", than u should consider it's legit qubic. If u r not satisfied with numbers than just ask 1000 providers and keep asking as long as u wish.

     Now I think you're getting confusing - is the "quorum" considered 51% of the entire network, or just among the 100 providers that a single individual asks? If Alice in the US talks to 100 providers, and Bob in China talks to a different 100, will they get different answers than the other 800/1000? How does a single provider among all the providers receive rewards? I get the idea that you are no longer talking about "global" consensus at all. If that's true, then this might resemble Ripple http://ripple-project.org/paymentrouting.pdf which is a p2p currency system about local currencies (for example each individual issues their own notes). On the other hand, there's no expectation that your credits are valuable to a random other person on the other side network though (who has no reason to trust the issuer). It's not "money" though because it's not universal. I'm interested because you said that the rate of new coins is set by some mechanism other than developer-fiat. If it's set by a quorum, then is it by a global quorum, or some local kind (i.e., you ask 100 providers what the rate of new coins is?)

It's where Statistics works. U don't need to ask all providers coz even part of them will have almost the same percentage. Everyone decides themselves how many providers they wish to ask. And I'm talking about global consensus. A single provider receives reward as described here - https://bitcointalk.org/index.php?topic=112676.msg1219095#msg1219095. The rate of new qubics is set by the Qubic network, the same as prices set by the market.

    I think you're being very vague about how the quorum is defined, what its boundaries are, and how individuals observe its responses. If you try to make a clear statement of the assumptions and objectives for the technical components of your system, then we can probably get to the bottom of how it works.

I don't know how it will exactly work. I have no ready answer. That's why I asked for help. I'm developing an implementation of the concept and I'm planning to change algorithms of the implementation until I get a working system.

2. "Network-bound proof-of-work instead of CPU-bound one is used"
    I'm interested in this, can you give more details about the network-bound proof-of-work scheme?

There is no real proof-of-work. I used a term that is understandable by this community. I could say "Qubic is mined by network cards". "Weighted trust" idea looks like network-bound proof-of-work but I'm not sure it's correct to call it so.

[Syke]

It's nice to see someone trying something really different from Bitcoin. I think the idea of getting votes from peers has some merit. It'll be interesting to see how well it works.

[Come-from-Beyond]

I've published my implementation of Qubic with its source code. Not a complete one, right now i'm testing how providers find each other on the Internet. More info on http://qubic.boards.net/index.cgi?board=technicalbase&action=display&thread=2. If u could help to test that would be great.

U can monitor activity of my own provider here - https://78.47.168.188/provider?123.

[FuzzyBear]

ok i downloaded the zip files... unpacked them all,

then went to change the 10* and replaced them with "https://myprovider.com/provider"

Is this wrong?? should i put my own website?? or what do i put here??

I then ran CMD and invoked the command      "java -jar start.jar"

Output I get is then:

2012-09-27 16:16:44.542:INFO:oejs.Server:jetty-8.1.7.v20120910
2012-09-27 16:16:44.589:INFO:oejdp.ScanningAppProvider:Deployment monitor C:\Doc
uments and Settings\ME\My Documents\Downloads\qubic\jetty\webapps at in
terval 0
2012-09-27 16:16:44.589:INFO:oejd.DeploymentManager:Deployable added: C:\Documen
ts and Settings\ME\My Documents\Downloads\qubic\jetty\webapps\root
2012-09-27 16:16:44.792:INFO:oejw.StandardDescriptorProcessor:NO JSP Support for
 /, did not find org.apache.jasper.servlet.JspServlet
2012-09-27 16:16:44.839:INFO:oejsh.ContextHandler:started o.e.j.w.WebAppContext{
/,file:/C:/Documents%20and%20Settings/ME/My%20Documents/Downloads/qubic
/jetty/webapps/root/},C:\Documents and Settings\ME\My Documents\Downloa
ds\qubic\jetty\webapps\root
2012-09-27 16:16:44.839:INFO:oejsh.ContextHandler:started o.e.j.w.WebAppContext{
/,file:/C:/Documents%20and%20Settings/ME/My%20Documents/Downloads/qubic
/jetty/webapps/root/},C:\Documents and Settings\ME\My Documents\Downloa
ds\qubic\jetty\webapps\root
2012-09-27 16:16:46.135:INFO:oejus.SslContextFactory:Enabled Protocols [SSLv2Hel
lo, SSLv3, TLSv1, TLSv1.1, TLSv1.2] of [SSLv2Hello, SSLv3, TLSv1, TLSv1.1, TLSv1
.2]
2012-09-27 16:16:46.276:INFO:oejs.AbstractConnector:Started SslSelectChannelConn
ector@0.0.0.0:443


I take it i am being stupid on the URI of my provider... but was wanting to help u test so give me a shout and point me in the right direction and I should be able to have this running for u on a stand alone server i have spare

[markm]

As its a jetty app will people be able to put it into their I2P "eepsite" so it runs over I2P? This saves them all the problems of having a known IP address, opening a port in their router and so on, plus of course provides anonymity...

-MarkM-

[Come-from-Beyond]

ok i downloaded the zip files... unpacked them all,

then went to change the 10* and replaced them with "https://myprovider.com/provider"

Is this wrong?? should i put my own website?? or what do i put here??

Thank u for ur attempt to help.

To know what to place instead of "myprovider.com" u need to know IP address that allows to connect to ur computer from the outside. Go to http://www.whatismyip.com/ and watch ur IP. Let's assume it's "111.222.333.444". Replace the asterisks with "https://111.222.333.444/provider". That's it.

[Come-from-Beyond]

As its a jetty app will people be able to put it into their I2P "eepsite" so it runs over I2P? This saves them all the problems of having a known IP address, opening a port in their router and so on, plus of course provides anonymity...

-MarkM-

Yes. It should work via I2P "eepsite". Never tryed this technology but according to its description everything should be ok.

[killerstorm]

Ben Laurie described a quorum system...

I've seen a lot of similar papers on the Internet and have not met any mathematically strong proof that such a system can't work. There is a way to find the solution by proving its in practice. I can fail, but I can succeed.

Mathematically, IPv6 has 2^128 address space. Standard size of subnet is 2^64. You can register /56 net for free from Freenet6: http://www.gogo6.com/freenet6/tunnelbroker

It has 2^(128-56) = 2^72 addresses.

If you want to base security on IP addresses, it seriously is not going to work. A serious attacker can impersonate practically unlimited number of nodes.

You have a reputation system based on time? Attacker can impersonate, say, 10^6 nodes for, like, a month. And then he will pwn you. It won't cost him much, a couple hundred bucks, maybe.

Ben Laurie's design is based on explicit trust: providers are organizations, officially registered by government, and they'll check each other's existence and trustworthiness. Sybil attacks are practically impossible in this way.

Fully decentralized alternative to that is Ripple-like designs. They are based on explicit trust (i.e. among people who know each other), but global trust is not required since you route payments among trusted individuals.

So there are designs which are theoretically sound.

Yours, however, seem to be based on idea that IP addresses are scarce and costly. Which simply isn't true.

[Come-from-Beyond]

If you want to base security on IP addresses, it seriously is not going to work. A serious attacker can impersonate practically unlimited number of nodes.

You have a reputation system based on time? Attacker can impersonate, say, 10^6 nodes for, like, a month. And then he will pwn you. It won't cost him much, a couple hundred bucks, maybe.

Yours, however, seem to be based on idea that IP addresses are scarce and costly. Which simply isn't true.

I do not want to base security on IP addresses. I want to base it on a reputation system. And this reputation can't be easily earned during staying online for, like, a month. All these 10^6 nodes have to process and transmit a lot of traffic. This does cost much, very much. Not only traffic, but CPU power as well, coz u can't just set up 1 computer and use 10^6 aliases.

[markm]

So how will you identify each site? A keypair, like the way I2P sites and Freenet stuff and Tor services etc are identified?

Also seems like you are pretty close to being back to proof of work, since your only defence it seems is to throw more CPU power and IP addresses (or identities) and bandwidth into it than any attacker.

That being so, it seems like a very complicated way of blowing just as much energy/expense as bitcoin much less elegantly and very likely much more prone to errors problems bugs etc simply due to all the extraneous complexity.

(How much more cost-effective is bandwidth than CPU? Is a big datacentre more cost-effective than a distributed botnet? Etc etc etc...)

-MarkM-

[killerstorm]

I do not want to base security on IP addresses. I want to base it on a reputation system. And this reputation can't be easily earned during staying online for, like, a month. All these 10^6 nodes have to process and transmit a lot of traffic. This does cost much, very much. Not only traffic, but CPU power as well, coz u can't just set up 1 computer and use 10^6 aliases.

Perhaps I have missed something... What traffic?

[Come-from-Beyond]

So how will you identify each site? A keypair, like the way I2P sites and Freenet stuff and Tor services etc are identified?

ALso seems like you are pretty close to being back to proof of work, since your only defense it seems is to throw more CPU power and IP addresses (or identities) and bandwidth than any attacker.

That being so, it seems like a very complicated way of blowing just as much energy/expense as bitcoin much less elegantly and very likely much more prone to errors problems bugs etc simply due to all the extraneous complexity.

(How much more cost-effective is bandwidth than CPU? Is a big datacentre more cost-effective than a distributed botnet? Etc etc etc...)

-MarkM-

Each provider is identified by its URI. Right now only "https://" scheme is supported.

Yes, I'm very close to network-bound proof-of-work as bandwidth is intensively used. CPU is used also but not those enormous GHash/s as in Bitcoin, Qubic needs only to check a nonce, not to find it.

Big datacentre is much more cost-effective than a botnet which, likely, unable to earn much reputation or reward.

[markm]

Okay, so something like https://provider.knotwork.i2p could be a URI for a provider I run in I2P.

Then only others who run I2P and have set up some kind of system at their end to make .i2p addresses work would be able to connect to my node.

Will others hear of mine through those and credit me accordingly?

(https is kind of redundant over i2p but whatever...)

-MarkM-

[Come-from-Beyond]

Perhaps I have missed something... What traffic?

To earn reputation u have to respond with actual data (what qubics r valid, what transactions r processed). Qubic has a built-in mechanism that doesn't let the network to sleep when there are no transactions from users of the system. Every second every provider has to receive, process and transmit data at 99+% rate of available resources.

[Come-from-Beyond]

Will others hear of mine through those and credit me accordingly?

No. If I2P doesn't allow to access inner nodes from outside then this technology can't be used to "mint" qubics. I thought I2P was something like Port Mapping and allowed to connect to computers behind firewall.

[killerstorm]

To earn reputation u have to respond with actual data (what qubics r valid, what transactions r processed). Qubic has a built-in mechanism that doesn't let the network to sleep when there are no transactions from users of the system. Every second every provider has to receive, process and transmit data at 99+% rate of available resources.

Replying to 1000 queries per second won't be a problem even for a cheapo box. So I'll emulate 1000 nodes for some time to get reputation and then will attack you.

As markm said, you just have a weird form of proof-of-work which requires CPU power, network bandwidth and IP addresses. But it doesn't make it stronger, it makes it harder to analyze.

With Bitcoin proof-of-work, miners are incentivized to do hashing as fast as possible, so you get no unexpected hacks.

With your proof-of-work an attacker might find some cheaper way to process queries, get some cheap bandwidth and IP addresses. (For example, he might be an ISP himself.) Other nodes do not have an incentive to do things in an optimal way, so you don't know how much attack costs.

Attack on bitcoin is estimate to cost millions of dollars. Attack on qubics might cost thousands of bucks. Or perhaps it would be essentially free for organizations who have access to resources. (Providers always have some spare capacity which isn't used for anything else.)

[Come-from-Beyond]

Replying to 1000 queries per second won't be a problem even for a cheapo box. So I'll emulate 1000 nodes for some time to get reputation and then will attack you.

Right. 1000 queries per second won't be a problem. For legit providers also. Calculate what fraction of reputation will u earn in the network of 1000 nodes that process 1'000'000 queries per second. Can ur node process 1 million queries per second? Yes? Then legit nodes can do it too, so u have to overcome 1'000'000'000 queries per second. Qubic is designed a way that doesn't allow to have 1 provider doing work of 1000 legit providers, u need 1000 computers for that. Is it cheap? Multiply this on weeks u have to remain online, coz if u went offline for long period of time then u'll lose all ur reputation. Btw, that's why u can't use botnets for Sybil attack.
I followed the path of the Great Satoshi. U must have 51% of all resources to hack Qubic. The only noticed difference in defenses of Bitcoin and Qubic is CPU-bound VS network-bound proof-of-work.

As markm said, you just have a weird form of proof-of-work which requires CPU power, network bandwidth and IP addresses. But it doesn't make it stronger, it makes it harder to analyze.

With Bitcoin proof-of-work, miners are incentivized to do hashing as fast as possible, so you get no unexpected hacks.

With your proof-of-work an attacker might find some cheaper way to process queries, get some cheap bandwidth and IP addresses. (For example, he might be an ISP himself.) Other nodes do not have an incentive to do things in an optimal way, so you don't know how much attack costs.

I wouldn't say it's weird. We used to use CPU-bound proof-of-work, so network-bound one is just not so familiar.

It's impossible to receive and transmit data at faster rate than allowed by a channel throughput.

ISP can attempt an attack. If they have spare bandwidth. Just like any computer center/cluster can attempt to attack Bitcoin. ISPs have to cooperate each with other, coz in Qubic nodes r supposed to be distributed randomly around the globe.

Attack on bitcoin is estimate to cost millions of dollars. Attack on qubics might cost thousands of bucks. Or perhaps it would be essentially free for organizations who have access to resources. (Providers always have some spare capacity which isn't used for anything else.)

Attack on Qubic might cost just a couple of bucks. Or billions. It depends on an implementation.

[Come-from-Beyond]

I posted more info related to defense against sybil attack.

http://qubic.boards.net/index.cgi?action=display&board=theconcept&thread=3

[Come-from-Beyond]

Very important info about freedom-centric nature of Qubic that could be interesting for true libertarians - http://qubic.boards.net/index.cgi?action=display&board=theconcept&thread=4.