Satoshi didn't solve the Byzantine generals problem

[TPTB_need_war]

Since Bitcoin can not detect faultiness (consistently provable to all observers), then that means you are claiming it is Byzantine fault tolerant with up to 100% of the hashrate faulty. Which obviously violates the fundamental research about what is theoretically plausible. Which thus proves to you that your claim is incorrect.

Bitcoin is the Power Law of Economics, not Byzantine fault tolerance.

Apply that logic to any of the attempts to solve the BGP, you will find that none of them solve it, which suggests that your definition is incorrect. Each and every attempt at solving the BGP defines bounds on the failure tolerance; beyond these bounds, all bets are off.

Simple logic will tell you that you are making a false statement. Given a centralized solution to the Byzantine fault tolerance where messages can't be forged because there is no Sybil attack because all participants' signing key is known, then if a less than or equal to 50% of the replicas agree, then there is a fault of consensus divergence which is provable to all observers.

One might argue that if some of the replicas don't respond, it is impossible to prove they did not respond or will not. But all observers will see the same symptoms which is the definition of Byzantine fault tolerance, because they can all relay the messages (and it is assumed a P2P network can have a fully connected network if necessary).

Arguing that nothing solves BGP is irrelevant. Yeah you made a typo (you meant Byzantine fault tolerance not BGP). That is the point of this thread. Bitcoin didn't solve BGP either. Nothing does because the problem is open to Sybil attacks.

I will repeat, Bitcoin provides a Power Law distribution (winner takes all) consensus. That is all it does.

Again I think this another evidence that Bitcoin was created by the DEEP STATE with evil intentions. It is a fools gold.

As smooth said, since the system has failed once it passes the tolerance, how can it possibly detect anything? That defies logic.

Oh really. Whose illogic is that.

[1715469325]

1715469325

[1715469325]

1715469325

[1715469325]

1715469325

[1715469325]

1715469325

[1715469325]

1715469325

[TPTB_need_war]

It is a seemingly very intractable problem it is to solve the BGP in a decentralized context open to Sybil attacks.

One can create Power Law winner takes all as Satoshi did, but that isn't a solution. That is the equivalent to saying who ever can kill all the generals wins.

Making mining unprofitable as I propose to do, removes the incentive to kill all the generals except where externalities can generate gains, e.g. shorting the coin, advantages to the State of censoring transactions, but the security must be considered in the context of the costs to do so as well as any objectivity about faults that can be added to the system. I will need to think this through all again to compose a white paper and maybe then I will find a flaw in my proposed solution.

[r0ach]

I will repeat, Bitcoin provides a Power Law distribution (winner takes all) consensus. That is all it does.

Again I think this another evidence that Bitcoin was created by the DEEP STATE with evil intentions. It is a fools gold.

I don't really define it in such harsh terms as being completely invalid or fool's gold, just that because Sybil protection doesn't exist, it's security through obscurity, where the only way anyone actually knows the security of the system at any given time is for you to know the total hash rate and acquire 51% of it yourself.  I think there's a distinction to be made between provably secure, provably bad or invalid security, or in the case of Bitcoin, an unknown level of security to most or all parties at all times.

As Smooth said, such a system can still have value.  You don't have to be a perfect system, just better or competitive with the others.  Not hard to do when your competition is a Federal Reserve enslavement scheme.  It's like asking a prisoner would you rather be tortured with a chainsaw or be given a cell phone with bad reception.

[smooth]

Bitcoin didn't solve BGP either. Nothing does because the problem is open to Sybil attacks.

What you keep denying is that there are solutions (all solutions, and provably so in the case of BGP) that solve the problem within a specified range. Generally up to 33%-of-generals in the case of BGP and maybe 50%-of-hash rate for Bitcoin.

There is no solution that solves the problem up to <100% of participants. If you introduce identities then you have made it worse in a sense because now a failure of just one component -- the certificate authority -- breaks the entire system, instead of many (33%/50%/etc.) failures.

On the topic of the thread, I consider Bitcoin and BGP as distinct, but related, problems. The setup is quite different, and I haven't seen anything close to a method (including Satoshi's email) to reduce one to the other.

It is possible you can define another related problem that is in turn more useful than both Bitcoin or BGP solutions for some practical application. You still have to overcome Bitcoin's network effect even if your approach is somewhat more useful.

[smooth]

Again I think this another evidence that Bitcoin was created by the DEEP STATE with evil intentions

Another? As far as I know such an argument is the only evidence.

[iCEBREAKER]

As Smooth said, such a system can still have value.  You don't have to be a perfect system, just better or competitive with the others.  Not hard to do when your competition is a Federal Reserve enslavement scheme.  It's like asking a prisoner would you rather be tortured with a chainsaw or be given a cell phone with bad reception.

If we are talking Sprint-bad reception, I'll take the chainsaw plx.  

[David Rabahy]

All systems are ultimately vulnerable, period; comet strikes, bloating sun, heat death.  That anything operates even a little well for even just a little while is the miracle we call this universe.  We are spoiled by the illusion of stability.  Still, Bitcoin appears to be going along sort of ok for now; I will not withdraw my investment yet.

If there is a malevolent entity behind Bitcoin then please be advised that you aren't getting more than you've already got from me so please end the charade now.  Hmm, perhaps it hopes to ensnare more unwitting fools.  Bummer.

Then again if there isn't then maybe Bitcoin's shortcomings can be patched up before they are exploited.  Hmm, I think I will know when there's a problem because I won't be able to extract value.

ASIC-resistant PoW seems like a delightful idea to me.  Is memory latency the barrier to stand upon for the ages?  Hmm, that sounds familiar.

[TPTB_need_war]

Again I think this another evidence that Bitcoin was created by the DEEP STATE with evil intentions

Another? As far as I know such an argument is the only evidence.

Well r0ach is correct. You are slippery like Bill Clinton and will argue disingenuously on a point due to stubbornness and vested interests rather than applying balanced reason.

One guy in his basement created Bitcoin.  

And used clever psychology to cause geeky Libertarian hard money folks to lose their reason and wet their pants by claiming Bitcoin is a better gold because it has 0%  debasement (when in fact anyone with a functioning brain stem can see the debasement has been in the double-digits for the duration which Bitcoin can obscure its coming failure). I wrote these observations when I first joined this forum in March 2013.

Inserted edit: He disappeared without a trace, yet the entire world is hunting for him. No mere mortals can do that.

Your other post is a lie (or a persistent will to misconstrue facts). I will explain when I get back from running errands outside.

I did not sleep last night and it was 9am when I was debating you guys. When I get back, you can deal with me with a fresh mind where I am not trying to write delirious due to a lack of sleep.

[monsterer]

Bitcoin didn't solve BGP either. Nothing does because the problem is open to Sybil attacks.

For the third time: byzantine faulty nodes can be colluding in the BGP; this means that sybil nodes are permitted as faulty nodes and come under the bounds of the model.

[monsterer]

On the topic of the thread, I consider Bitcoin and BGP as distinct, but related, problems. The setup is quite different, and I haven't seen anything close to a method (including Satoshi's email) to reduce one to the other.

The main difference is that PoW chains use an amortized byzantine consensus. Nodes vote individually (rather than all at once) with their hashing power on the branch of the chain which they consider to be truth. A 'no' vote results in the branch getting orphaned, a 'yes' vote has that branch become (or stay) the canonical branch.

[TPTB_need_war]

Bitcoin didn't solve BGP either. Nothing does because...

What you keep denying is that there are solutions (all solutions, and provably so in the case of BGP) that solve the problem within a specified range. Generally up to 33%-of-generals in the case of BGP and maybe 50%-of-hash rate for Bitcoin.

ASIC-resistant PoW seems like a delightful idea to me.  Is memory latency the barrier to stand upon for the ages?  Hmm, that sounds familiar.

Of course no PoW proving algorithm (of any design) can be as efficient on less optimized consumer hardware and retail electricity (10 - 20 cents per KWH) as compared to highly optimized ASIC mining farms on 0 - 4 cents per KWH electricity (hydropower colocated or China's collectivized corruption). Even distributing ASICs to consumers won't level the playing field and not only because of differences in electricity costs, yet also due to economies-of-scale, access to lower interest loans, better connectivity to the major pools of the P2P announcement network, amortization of block chain verification over great income, etc..

Profitable PoW will always centralize, because there is a "selfish mining" attack always ongoing and there is no such thing as a minimum requirement for 25 or 33% of the hashrate, because (a conceptual variant of) "selfish mining" is built into the economics of Bitcoin (e.g. the amortization of verification costs, etc).

That is why I designed an UNprofitable PoW system. There is no other hope.

Edit: the reason I am interested in narrowing the margin between PoW prover computation on consumer hardware and mining farms, is because in an UNprofitable mining design then the aforementioned ratio dictates from the ratio of UNprofitable hashrate to profitable hashrate determines how high that block reward can be and not be profitable to any miner. Obviously a coinbase reward of 0 is always UNprofitable (unless transaction fees are considered which is another detail I covered in the Decentralization thread).

[David Rabahy]

That is why I designed an UNprofitable PoW system. There is no other hope.

Hmm, I can be dense.  Unprofitable PoW; seems like it will be pretty hard to get folks to participate.  That said, I do run an unprofitable full node without mining.  So, maybe we would get some altruistic folks to do it *but* aren't they at risk of being over-taken by bad guys willing to run unprofitably?

[TPTB_need_war]

That is why I designed an UNprofitable PoW system. There is no other hope.

Hmm, I can be dense.  Unprofitable PoW; seems like it will be pretty hard to get folks to participate.  That said, I do run an unprofitable full node without mining.  So, maybe we would get some altruistic folks to do it *but* aren't they at risk of being over-taken by bad guys willing to run unprofitably?

The details, incentives, and potential pitfalls are deeper than that and are partially covered in the Decentralization thread (perhaps start reading from page 20 forward). No offense intended, but I am too weary to repeat again.

[David Rabahy]

That is why I designed an UNprofitable PoW system. There is no other hope.

Hmm, I can be dense.  Unprofitable PoW; seems like it will be pretty hard to get folks to participate.  That said, I do run an unprofitable full node without mining.  So, maybe we would get some altruistic folks to do it *but* aren't they at risk of being over-taken by bad guys willing to run unprofitably?

The details, incentives, and potential pitfalls are deeper than that and are partially covered in the Decentralization thread (perhaps start reading from page 20 forward). No offense intended, but I am too weary to repeat again.

I sincerely appreciate your efforts; I sincerely wish you the best.  I don't think you can do it (but that's almost certainly due to my shortcomings) but please do try; nothing would make me happier than to see you succeed.  If there's anything I can do to help then please do not hesitate to ask me and I will try my best.  For example, I would be delighted to review your white paper when it is ready.

[TPTB_need_war]

Bitcoin didn't solve BGP either. Nothing does because...

What you keep denying is that there are solutions (all solutions, and provably so in the case of BGP) that solve the problem within a specified range. Generally up to 33%-of-generals in the case of BGP and maybe 50%-of-hash rate for Bitcoin.

... amortization of block chain verification over great income...

Profitable PoW will always centralize, because there is a "selfish mining" attack always ongoing and there is no such thing as a minimum requirement for 25 or 33% of the hashrate, because (a conceptual variant of) "selfish mining" is built into the economics of Bitcoin (e.g. the amortization of verification costs, etc).

I explained upthread the Tragedy of the Commons (not just in the quote above) that the miner with more hashrate wins more of the blocks thus has a greater income yet all miners have to do the same verification (of all transactions). Thus, (and most certainly egregious as the transaction rate scales to Visa scale and block rewards decline to 0 with transaction fees declining to costs in a non-oligarchy free market), the miners possessing greater hashrate will have a much higher profit (regardless whether their mining hardware is more efficient or their electricity is less expensive) because their transaction verification costs are amortized across all their income. Thus Bitcoin is always reducing miners with lower hashrate's relative capital (to purchase more hashrate) relative to those with higher hashrate (all other factors held constant, which is the same stipulation that must be made in the case of the selfish mining attack).

The official selfish mining attack applies when the attacker has 33% of the hashrate (or 25% with better propagation) is one where block solutions are withheld while the attack remains 1 block ahead of the rest of the network and then propagated immediately if the network catches up, thus mathematically/statistically forcing the rest of the network to waste some of their mining hashrate relative to the selfish miner (and do note all miners waste some hashrate due to the natural orphan rate caused by the ratio of propagation to block period but selfish mining is to the advantage of the selfish miner).

So when I wrote that the inequality between block mining income and verification costs (a.k.a. amortization of verification costs Tragedy of the Commons) is another form of "selfish mining", I mean in the sense that miners with more hashrate cause those with less hashrate to be less profitable, which thus drives centralization of mining because less profitable miners can buy less hashrate relative to more profitable miners. And note there is no minimum requirement for 25% or 33% of the hashrate, as this economic attack is implicit in PoW mining. And thus just like selfish mining it will cause mining to trend towards centralized until an oligarchy can form which agrees to share (centralize) verification costs and not selfish mine each other (because the official selfish mining can be a stalemate loss for both if they both have > 25% of the mining hashrate, thus they are forced to form an oligarchy or fight to the end in a "winner take all").

For the curious, I showed the math from the selfish mining white paper with a tweak to pay all orphaned chains block rewards and it fixed the official selfish mining attack (but not the amortization of verification costs centralizing economics problem). But I think later I found a flaw with convergence of consensus but I forget and that detail is some where in my vaporcoin thread (in a discusssion between monsterer and myself).

Edit: one might claim that the ratio of disparity in profit is equivalent to the ratio of the hashrate and ratio of amortized verification costs (since income is proportional to hashrate if variance is not considered), thus proportional hashrate would remain unchanged and thus my claim of trending to centralization would be invalid in this case of amortized verification costs. However that would only be true if the profitability was proportional to the relative hashrate without any verification costs, which is not true due to ASIC, electrical, and other efficiencies. These other efficiencies are the fundamental issue. Then add the variance and propagation cost (wasted hashrate mining an orphan for those with lower hashrate) issues and thus pools with greater hashrate have a disproportionate profitability relative to proportional verification costs.

Also note that verification costs are constant for any hashrate, thus is a larger proportion of income given lower hashrate.

[TPTB_need_war]

...it's security through obscurity, where the only way anyone actually knows the security of the system at any given time is for you to know the total hash rate and acquire 51% of it yourself.  I think there's a distinction to be made between provably secure, provably bad or invalid security, or in the case of Bitcoin, an unknown level of security to most or all parties at all times.

I will elaborate/reinforce on your point below...

As Smooth said, such a system can still have value.  You don't have to be a perfect system, just better or competitive with the others.

What is the value of a system that must become an oligarchy? I have better things to do with life than waste it building a copy of the Federal Reserve that is global and puts all our transactions in the clear text on the block chain.


smooth and monsterer continue to repeat over and over the claim that Satoshi's PoW design is Byzantine fault tolerant in the case that some % of the hashrate is not "faulty" (and they've proposed 33% to 51%, or even 25% in a special case of official selfish mining).

I have explained in the prior post that there is no % at which Satoshi's PoW design is not economically driven to centralize due to "selfish mining" (official and the Tragedy of the Commons case I explained).

ArticMine also pointed out in my Decentralization thread another Tragedy of the Commons  in Satoshi's PoW that is economically driven to centralization because block size can't be controlled algorithmically thus it will either be driven to a fixed size set by 51% control over mining (with infinite transaction fees a possibility due to centralized control) or to infinite block size with zero transaction fees but the latter of course will bankrupt mining so only the former can be the outcome. I then argued/showed that Monero's proposed algorithmic block size scaling feature has a mathematical flaw, thus I argued/showed it doesn't solve the issue.

I believe my contemplated decentralized UNprofitable PoW design (with intra-block partitioning and centralized verification) fixes the above problems with Satoshi's PoW design, but I need to work on it more to become more confident/certain there isn't an unacceptable flaw/tradeoff.


I am explaining to smooth and monsterer that Satoshi's PoW design has no asymptotic security because it must economically centralize. David Mazières a PhD Computer Science professor at Stanford who is the Chief Scientist at Stellar, co-authored Kademlia DHT (Distributed Hash Transform), and is an expert in this field of Byzantine fault tolerant decentralized/distributed systems has explained that Bitcoin doesn't have asymptotic security (and he argues that is because the hashrate is in control and thus there is no conclusive objectivity in the system and the entire block chain can be erased and replaced by a longer chain that comes along any time in the future).

I don't really buy into the argument that the entire block chain can be replaced; because I believe the community will create social checkpoints.

Rather my upthread argument is that Byzantine fault tolerance requires the ability to distinguish between a fault and a non-fault, because otherwise the system does not present the same symptoms to all observers (which is a requirement of Byzantine fault tolerance). Satoshi's PoW can't distinguish a fault (attack) from a non-fault (non-attack).

smooth and monsterer retort that it doesn't matter and the system is non-faulty up to some % of the hashrate being non-faulty. But again we can't detect faulty from non-faulty, so we don't know if the system is faulty or non-faulty. And I have further shown there is no % at which the system is stable and will maintain non-faulty (because trend is to centralization) indefinitely.

Whereas, all other solutions to the Byzantine fault tolerance must have an element of centralization in order to be able to distinguish faults from non-faults.

This is why I said I focused my design on including some centralization but controlling it via UNprofitable decentralization of PoW from payers. Whereas, Satoshi's PoW design lies and claims decentralization and fault tolerance, but instead has asymptotic centralization and Sybil attacked truth (because no one can prove the faults distinct from the non-faults).

Thus Satoshi's PoW is a winner take all design, not a stable Byzantine fault tolerant design which can tell us when it is limits have become faulty.

The undetectable Sybil attack on pools combined with the economic incentive to pool more hashrate to amortize verification costs and lose less hashrate on mining fewer orphans, is another example of how Satoshi's PoW design is not Byzantine fault tolerant  because observers can't all observe the same symptoms w.r.t. to faulty or non-faulty progression of the system.

One of the attack vectors in solving the Byzantine Generals is the Sybil attack. The Byzantine Generals problem is all about the need to trust that 2/3 of the generals are loyal without centralization where all generals are the same person, i.e. that there is no Sybil attack.

Anyone who has studied all the variants of consensus algorithms (as I have) will know clearly that Sybil attacks are always resolved via centralization of the protocol.

This is why as I looked for an improvement over all of what has already been tried, I was cognizant of that I would need to accept centralization in some aspect and so I began to look for the possibility of controlling centralization with decentralization, i.e. a separation of orthogonal concerns which is often how paradigm shifts arise to  solve intractable design challenges.

Every consensus design creates centralization. This will always be unavoidable due to the CAP theorem. The key in my mind is to select carefully where that centralization should be.

• Satoshi's PoW consensus design centralizes because a) SHA256 has orders-of-magnitude lower electrical cost on ASICs, b) full nodes must centralize (maximize pooled hashrate) to win the battle over who will have the most profitable verification costs (which can be accomplished with a Sybil attack), and c) variance of block rewards require maximizing pooled hashrate (at least up to double-digit percentages and Sybil attack incentives kick in from there).
• Stellar's SCP consensus design centralizes because although it can't diverge, it requires that slices are not Sybil attacked to avoid eternal preemption (being jammed stuck forever).
• Ripple's consensus algorithm diverges unless it is centralized trust, as confirmed by Stellar's divergence before it switched to the SCP algorithm.
• Iota's (any DAG's) consensus diverges unless centralization can force the mathematical model that payers and recipients encode in their interaction with the system.
• Ethereum never solved the issue that verification of long running scripts can't be decentralized. They are now off another deadend tangent (consensus-by-betting, Casper, shards) trying to deny the CAP theorem.
• PoS is centralization.

[Come-from-Beyond]

Iota's (any DAG's) consensus diverges unless centralization can force the mathematical model that payers and recipients encode in their interaction with the system.

I followed the link and saw "I was very clear upthread." Could you show more respect to the readers and replace https://bitcointalk.org/index.php?topic=1319681.msg13777769#msg13777769 with the direct link to a post that contains more information? For example, a post that contains the proof (or its beginning if it's scattered among several posts) would be a better option.

[monsterer]

Rather my upthread argument is that Byzantine fault tolerance requires the ability to distinguish between a fault and a non-fault, because otherwise the system does not present the same symptoms to all observers (which is a requirement of Byzantine fault tolerance). Satoshi's PoW can't distinguish a fault (attack) from a non-fault (non-attack).

Byzantine agreement is the process of forming a consensus decision on truth in the face of faulty network participants; bitcoin achieves this. Your definition of fault is incorrect in this context; a fault is information which the majority doesn't accept as truth, which manifest themselves as orphaned branches in bitcoin. Obviously all observers of the network can see orphaned branches.

[TPTB_need_war]

Rather my upthread argument is that Byzantine fault tolerance requires the ability to distinguish between a fault and a non-fault, because otherwise the system does not present the same symptoms to all observers (which is a requirement of Byzantine fault tolerance). Satoshi's PoW can't distinguish a fault (attack) from a non-fault (non-attack).

Byzantine agreement is the process of forming a consensus decision on truth in the face of faulty network participants; bitcoin achieves this. Your definition of fault is incorrect in this context; a fault is information which the majority doesn't accept as truth, which manifest themselves as orphaned branches in bitcoin. Obviously all observers of the network can see orphaned branches.

Please respect canonical definitions. Byzantine 'agreement' is not what we are talking about in this thread. We are talking about Byzantine fault tolerance. The definitions are on Wikipedia:

A system which doesn't objectively (from the perspective of all observers) know when it is failing is not Byzantine fault tolerant.

Refer again to the Wikipedia definitions:

The following practical, concise definitions are helpful in understanding Byzantine fault tolerance:[3][4]

Byzantine fault
    Any fault presenting different symptoms to different observers
Byzantine failure
    The loss of a system service due to a Byzantine fault in systems that require consensus

This circular logic of yours is getting redundant.

A fault is clearly defined above as any inability for all observers to be mutual objective about all symptoms. I already explained that censoring transactions or double-spends can occur where some observer is harmed but other observers can't be objective about whom has been harmed or whether the harm is really taking place or which hashrate to blame the fault on.

smooth's retort is such a fault doesn't occur until a % of the network is faulty (and he swears "I didn't inhale" but he did swallow and "that woman was never under my desk" but she was on top[1]), but again we can't measure nor prove when the network is faulty. If one says "yeah it is fault tolerant but I can't ever know when it is fault tolerant" that is not telling us any state where we know that observers are observing the same symptoms. The state can never be known. It is akin to arguing that yeah if the sealed box contains X then Y, but the box can never be opened.

Thus per the definition, Satoshi's PoW design is not Byzantine fault tolerant, because the metric of when it is fault tolerant is ill defined (can't be measured). An unknowable state is as reliable (fault tolerant) and a random result, thus no reliability exists.

smooth and r0ach said that Satoshi's PoW may still have value even without being strictly Byzantine fault tolerant. I pointed out it economically must become an oligarchy and asked what advantages are those? (note I have argued the advantage of Bitcoin is it drives R&D in crypto)

[1]

It depends on what the meaning of the word 'is' is. If the—if he—if 'is' means is and never has been, that is not—that is one thing. If it means there is none, that was a completely true statement. … Now, if someone had asked me on that day, are you having any kind of sexual relations with Ms. Lewinsky, that is, asked me a question in the present tense, I would have said no. And it would have been completely true.

[monsterer]

Please respect canonical definitions. Byzantine 'agreement' is not what we are talking about in this thread. We are talking about Byzantine fault tolerance. The definitions are on Wikipedia:

I'm tired of repeating myself. Here is an entire paper which proves that bitcoin did solve the BGP: http://nakamotoinstitute.org/static/docs/anonymous-byzantine-consensus.pdf