Bitcoin Forum
September 26, 2017, 09:28:01 AM *
News: Latest stable version of Bitcoin Core: 0.15.0.1  [Torrent]. (New!)
 
   Home   Help Search Donate Login Register  
Pages: « 1 2 3 4 5 [6] 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 ... 565 »
  Print  
Author Topic: IOTA  (Read 988324 times)
This is a self-moderated topic. If you do not want to be moderated by the person who started this topic, create a new topic.
Come-from-Beyond
Legendary
*
Offline Offline

Activity: 1708

Newbie


View Profile
October 22, 2015, 08:57:38 AM
 #101

Interesting, but isn't quantum secure cryptography slow in its current form?

No (http://crypto.stackexchange.com/questions/8979/winternitz-one-time-signature).
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1506418081
Hero Member
*
Offline Offline

Posts: 1506418081

View Profile Personal Message (Offline)

Ignore
1506418081
Reply with quote  #2

1506418081
Report to moderator
Jimmy2011
Hero Member
*****
Offline Offline

Activity: 583



View Profile
October 22, 2015, 09:04:07 AM
 #102

ball park eta til you have something in the wild?

By Christmas.

Look forward to the Christmas gift Smiley

BTW, as it doesn't need to get global state of the tangle for the node, so is the tangle possible for decentralized game?


IOTAChina.COM
Come-from-Beyond
Legendary
*
Offline Offline

Activity: 1708

Newbie


View Profile
October 22, 2015, 09:06:16 AM
 #103

BTW, as it doesn't need to get global state of the tangle for the node, so is the tangle possible for decentralized game?

Some players may not see actions of others in time. Not sure tangle is good for games.
jabo38
Legendary
*
Offline Offline

Activity: 1148


mining is so 2012-2013


View Profile WWW
October 22, 2015, 09:12:10 AM
 #104

BTW, as it doesn't need to get global state of the tangle for the node, so is the tangle possible for decentralized game?

Some players may not see actions of others in time. Not sure tangle is good for games.

Is that because of the network being fractured? 

Also, is there a rough estimate of how long a transaction must be in the system to be considered more or less final?

Like in Bitcoin, there is a 3 block confirmation time and a person can be reasonably assured that transaction won't be reversed. 

NEM      Faucet      Slack Invite      Easy API’s      Light Wallet      Amazing White Paper       Supernodes     Telegram Invite     Mijin 
jabo38
Legendary
*
Offline Offline

Activity: 1148


mining is so 2012-2013


View Profile WWW
October 22, 2015, 09:17:19 AM
 #105

999'999'999.999999999 units.

That is a lot of 9's.  Any logic behind picking this number?  Chinese people believe 9 is the "ever lasting number".  

NEM      Faucet      Slack Invite      Easy API’s      Light Wallet      Amazing White Paper       Supernodes     Telegram Invite     Mijin 
Come-from-Beyond
Legendary
*
Offline Offline

Activity: 1708

Newbie


View Profile
October 22, 2015, 09:20:54 AM
 #106

Is that because of the network being fractured? 

Also, is there a rough estimate of how long a transaction must be in the system to be considered more or less final?

Like in Bitcoin, there is a 3 block confirmation time and a person can be reasonably assured that transaction won't be reversed. 

It's because of latency.

Confirmation time depends on TPS rate. Before TPS becomes constant we'll be using checkpoints issued every 5 minutes, so after your transaction gets more than 50% of the votes you can treat it as confirmed.
Come-from-Beyond
Legendary
*
Offline Offline

Activity: 1708

Newbie


View Profile
October 22, 2015, 09:24:18 AM
 #107

999'999'999.999999999 units.

That is a lot of 9's.  Any logic behind picking this number?  Chinese people believe 9 is the "ever lasting number".  

"Iota" is the 9th letter of the Greek alphabet.

I also thought of GUI devs, 1 billion coins would require to extend the field for the amount more, so subtracting the min allowed unit helps a little by saving millions of kilometers of user screen space per year. Smiley
jabo38
Legendary
*
Offline Offline

Activity: 1148


mining is so 2012-2013


View Profile WWW
October 22, 2015, 09:54:16 AM
 #108

999'999'999.999999999 units.

That is a lot of 9's.  Any logic behind picking this number?  Chinese people believe 9 is the "ever lasting number".  

"Iota" is the 9th letter of the Greek alphabet.

I also thought of GUI devs, 1 billion coins would require to extend the field for the amount more, so subtracting the min allowed unit helps a little by saving millions of kilometers of user screen space per year. Smiley

hahahaha, good.

NEM      Faucet      Slack Invite      Easy API’s      Light Wallet      Amazing White Paper       Supernodes     Telegram Invite     Mijin 
martismartis
Legendary
*
Offline Offline

Activity: 950


View Profile
October 22, 2015, 10:11:37 AM
 #109

Maybe really stupid question: Jean-Luc posted roadmap for NXT and one of the planned features will be blockchain "pruning" (next year). Could Iota help using checkpoints not only for security, but also for "pruning" blockchain resulting data size decrease of it? Smiley
In other words, how close NXT and Iota can cooperate?

P.S. Not native English, sorry Smiley


Quote
Tangle-blockchain interoperability

Iota does not seek to replace the blockchain entirely, it also acts as a supplementation to the current blockchain ecosystem by acting as a oracle for smart contract platforms like Ethereum and Rootstock. Additionally it increases security of blockchains by enabling the ability to include checkpoints for transactions.
Come-from-Beyond
Legendary
*
Offline Offline

Activity: 1708

Newbie


View Profile
October 22, 2015, 10:31:14 AM
 #110

Maybe really stupid question: Jean-Luc posted roadmap for NXT and one of the planned features will be blockchain "pruning" (next year). Could Iota help using checkpoints not only for security, but also for "pruning" blockchain resulting data size decrease of it? Smiley
In other words, how close NXT and Iota can cooperate?

They can cooperate on that. Every iota transaction has "attachment" field that can store up to 385.14 bits of data which can be used for checkpointing and other things. One of such thing is the root of a Merkle tree storing a complete snapshot of Nxt ledger at some block height.
Jimmy2011
Hero Member
*****
Offline Offline

Activity: 583



View Profile
October 22, 2015, 10:34:17 AM
 #111

BTW, as it doesn't need to get global state of the tangle for the node, so is the tangle possible for decentralized game?

Some players may not see actions of others in time. Not sure tangle is good for games.

domob published a paper about "Game Channels for Trustless Off -Chain Interactions" the other day, and I think it is also interesting for tangle.

https://bitcointalk.org/index.php?topic=435170.msg12737521#msg12737521
http://extra.domob.eu/gamechannels.pdf

IOTAChina.COM
tonych
Hero Member
*****
Online Online

Activity: 518


View Profile WWW
October 22, 2015, 10:41:15 AM
 #112

Are you going to produce a whitepaper?

Yes, you can see the draft here - http://188.138.57.93/tangle.pdf.

I'm working on a similar DAG based design and it was interesting to read your whitepaper. A few questions/concerns:

1. Could you explain in layman's terms, why capping the amount of work per transaction makes double-spend attacks less likely to succeed? It doesn't sound intuitive.

2. What is the incentive for honest nodes to keep PoW on the legit sub-tangle high enough, so that no single attacker (even ASIC-powered one) can create a fake sub-tangle that has higher cumulative weight and contains his doublespend?

3. The whitepaper says that the subtangle that contains a failed doublespend is discarded. Does it mean that all other transactions that happened to approve the doublespend transaction are also discarded? If so, an attacker would try to inject two conflicting transactions at nearly the same time. Since synchronization is not instantaneous, some users will unknowingly approve one of these two transactions before they learn about the other. If they were unlucky to approve the transaction that eventually dies, their own transactions are also discarded, correct? Then it sounds like poor user experience, since user's transaction can be effectively canceled for reasons that he doesn't control. Next, if the attacker continuously sends penny doublespend transactions, he will split the network into multiple branches, most of them will be discarded, and the network will be effectively stalled. This is DoS attack. Next, observe that when a subtangle is discarded, the PoW invested in its creation is also discarded. Then if the attacker tries to doublespend a more sizable amount at the same time, he will reduce the hashpower of the honest part of the network by DoSing it this way, and he will need less resources to produce a subtangle that overweighs this weak legitimate subtangle.


Simplicity is beauty
Come-from-Beyond
Legendary
*
Offline Offline

Activity: 1708

Newbie


View Profile
October 22, 2015, 11:11:12 AM
 #113

I'm working on a similar DAG based design and it was interesting to read your whitepaper. A few questions/concerns:

1. Could you explain in layman's terms, why capping the amount of work per transaction makes double-spend attacks less likely to succeed? It doesn't sound intuitive.

2. What is the incentive for honest nodes to keep PoW on the legit sub-tangle high enough, so that no single attacker (even ASIC-powered one) can create a fake sub-tangle that has higher cumulative weight and contains his doublespend?

3. The whitepaper says that the subtangle that contains a failed doublespend is discarded. Does it mean that all other transactions that happened to approve the doublespend transaction are also discarded? If so, an attacker would try to inject two conflicting transactions at nearly the same time. Since synchronization is not instantaneous, some users will unknowingly approve one of these two transactions before they learn about the other. If they were unlucky to approve the transaction that eventually dies, their own transactions are also discarded, correct? Then it sounds like poor user experience, since user's transaction can be effectively canceled for reasons that he doesn't control. Next, if the attacker continuously sends penny doublespend transactions, he will split the network into multiple branches, most of them will be discarded, and the network will be effectively stalled. This is DoS attack. Next, observe that when a subtangle is discarded, the PoW invested in its creation is also discarded. Then if the attacker tries to doublespend a more sizable amount at the same time, he will reduce the hashpower of the honest part of the network by DoSing it this way, and he will need less resources to produce a subtangle that overweighs this weak legitimate subtangle.

The author of the whitepaper is in a location with a terrible Internet connection now, I'll try to answer instead of him but keep in mind that I may be wrong.

1. Imagine that you need to do N work to outbalance the rest of the network. A winning strategy is to do number crunching in hope to be lucky and find a solution much earlier than in average. If the network reaches the point where N is not enough to outbalance its work then you simply increase N by some value and keep doing hashing until you find a solution. You may need to move your goal again and again though.

2. Nodes don't need to continue to do hashing once their transaction is accepted, others will do that for them if the majority confirms those transactions that confirm others' ones.

3. If a transaction happens to reference double-spending transactions then anyone can change the references. More likely it will be the issuer themselves if they hasn't got the purchased item yet, or the merchant who has already delivered the item and now is interested in transaction confirmation because otherwise he will be unable to spend these coins. A DoS attack is possible but iota has inherent protection against it because every transaction needs to do some work (PoW) before it becomes valid. Every transaction has 2 parts - essential data signed by the owner and references to other transactions, - the latter can be changed without transaction resigning.
mthcl
Sr. Member
****
Offline Offline

Activity: 374


View Profile
October 22, 2015, 11:17:54 AM
 #114

Though I was invited to review the whitepaper, it seems all my questions remains unanswered. And section "4.1 Resistance to quantum computations" (added after my review?) seems pretty controversial by its reasoning. Anyway, Popov's work is the deepest made on DAG cryptocurrencies(all I've seen before were just forum & blog posts), I'm not sure what's presented enough to make something production-ready though. Let's see what will happen here. Have luck guys!  Smiley
I'm not sure if I understand what exactly your question is. If it's about submitting two conflicting tx's, then there is no problem - one will survive, and the other will die (that is, at some moment it will stop gaining cumulative weight). Besides, if you're buying smth from a merchant and submit a conflicting transaction at the same time, the merchant would call a police  Smiley

The attacker can leave after he received the good and then issue the double spend as said in the Whitepaper. So the merchant will not see anything until the attack succeed ( if it succeed )


EDIT : I love IOTA. Good luck guys ! Cheesy
That's exactly the point: if it succeeds. If the legit tx already got enough cumulative weight, then the probability of a successful attack will be very small. Exactly as in bitcoin and other cryptos.
mthcl
Sr. Member
****
Offline Offline

Activity: 374


View Profile
October 22, 2015, 11:32:54 AM
 #115



1. Could you explain in layman's terms, why capping the amount of work per transaction makes double-spend attacks less likely to succeed? It doesn't sound intuitive.


Consider two situations:
1. You need to generate 1 block with 10 zeros in front,
2. You need to generate 1024 blocks with 1 zero.

Let T be the time you need in the 1st case, R is the time you need in the 2nd. T, R are random variables, of course. Now, it is true that T and R have the same expectation, but it is *not* true that their distributions are the same. In particular, the variance of T will be much bigger. What is even more important, is the difference in large deviation probabilities.


 Assume that you need to complete you task within time (expected time)/10. What would you choose, 1 or 2, to maximize your chances? Well, better choose 1. That's quite intuitive. What is not intuitive, is how different these chances are. In situation 1, you will succeed with probability around 10% or so. However, in situation 2, it will be *very* low. Don't want to calculate, but it will be smth like 0.0000000000001... anyhow, practically zero. That's why, if you want to beat the rest of the network, it's much better to bet on "heavy" tx's, and so we avoid this kind of attacks by putting an upper limit on the own weight.
tonych
Hero Member
*****
Online Online

Activity: 518


View Profile WWW
October 22, 2015, 12:00:37 PM
 #116



1. Could you explain in layman's terms, why capping the amount of work per transaction makes double-spend attacks less likely to succeed? It doesn't sound intuitive.


Consider two situations:
1. You need to generate 1 block with 10 zeros in front,
2. You need to generate 1024 blocks with 1 zero.

Let T be the time you need in the 1st case, R is the time you need in the 2nd. T, R are random variables, of course. Now, it is true that T and R have the same expectation, but it is *not* true that their distributions are the same. In particular, the variance of T will be much bigger. What is even more important, is the difference in large deviation probabilities.


 Assume that you need to complete you task within time (expected time)/10. What would you choose, 1 or 2, to maximize your chances? Well, better choose 1. That's quite intuitive. What is not intuitive, is how different these chances are. In situation 1, you will succeed with probability around 10% or so. However, in situation 2, it will be *very* low. Don't want to calculate, but it will be smth like 0.0000000000001... anyhow, practically zero. That's why, if you want to beat the rest of the network, it's much better to bet on "heavy" tx's, and so we avoid this kind of attacks by putting an upper limit on the own weight.

Excellent! This is perfectly clear now.

Simplicity is beauty
tonych
Hero Member
*****
Online Online

Activity: 518


View Profile WWW
October 22, 2015, 12:26:15 PM
 #117

2. Nodes don't need to continue to do hashing once their transaction is accepted, others will do that for them if the majority confirms those transactions that confirm others' ones.
Still I can't see why nodes would try to put more PoW into their transactions. Looks like it is enough to submit minimal PoW and have others confirm my transaction with their PoW. It is in the common interest of all users to have more PoW on the legit branch to secure the network against doublespends, but individual interest, it seems, is not aligned with the common one.

3. If a transaction happens to reference double-spending transactions then anyone can change the references.
I hope the change is deterministic? Otherwise we'll end up having many conflicting "fixes" of references.

Every transaction has 2 parts - essential data signed by the owner and references to other transactions, - the latter can be changed without transaction resigning.
This raises another concern. What if a malicious node changes references of a third-party transaction before forwarding it to peers? Different nodes will receive different versions of the same transaction that differ only in references to parents. Also, if references are not secured by signatures, nor by anything else, is it possible to reorder and even censor old transactions, thus changing the graph structure?



Simplicity is beauty
jcksteve
Hero Member
*****
Offline Offline

Activity: 586



View Profile
October 22, 2015, 12:29:47 PM
 #118

What this...Huh 50 billion TOKEN..??
Come-from-Beyond
Legendary
*
Offline Offline

Activity: 1708

Newbie


View Profile
October 22, 2015, 12:52:16 PM
 #119

Still I can't see why nodes would try to put more PoW into their transactions. Looks like it is enough to submit minimal PoW and have others confirm my transaction with their PoW. It is in the common interest of all users to have more PoW on the legit branch to secure the network against doublespends, but individual interest, it seems, is not aligned with the common one.

Minimal PoW is enough, we assume that there exist a constant flow of new transactions which is a pretty reasonable assumption.


I hope the change is deterministic? Otherwise we'll end up having many conflicting "fixes" of references.

The change is not deterministic. No conflicts are created if there are several fixes, because the transaction data are not changed. It's just copied several times.


This raises another concern. What if a malicious node changes references of a third-party transaction before forwarding it to peers? Different nodes will receive different versions of the same transaction that differ only in references to parents. Also, if references are not secured by signatures, nor by anything else, is it possible to reorder and even censor old transactions, thus changing the graph structure?

Several copies of a transaction increase security of the network, not decrease it. I think there is a confusion caused by different terminology. Let's call data required to be signed (amount, beneficiary, etc.) a transaction and the part that contains references and the transaction an envelope. Envelopes reference each other, their sole purpose is to help to achieve consensus, transactions do reference each other indirectly by using outputs of parent transactions as inputs of child transactions. An adversary can't change references inside transactions, anyone can change references inside envelopes but this will only create the 2nd envelope. To be able to censor transactions you need to conduct a successful global eclipse attack, if you only change envelope then you contribute to network security increase. Note, that references inside envelopes are secured by PoW. If you spend electricity on PoW you just make tangle more tangled, which is good.
Come-from-Beyond
Legendary
*
Offline Offline

Activity: 1708

Newbie


View Profile
October 22, 2015, 12:59:34 PM
 #120

What this...Huh 50 billion TOKEN..??

Where have you seen "50 billion"?
Pages: « 1 2 3 4 5 [6] 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 ... 565 »
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!