Bitcoin Forum
September 21, 2017, 07:19:18 AM *
News: Latest stable version of Bitcoin Core: 0.15.0.1  [Torrent]. (New!)
 
   Home   Help Search Donate Login Register  
Pages: « 1 ... 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 [59] 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 ... 560 »
  Print  
Author Topic: IOTA  (Read 971818 times)
This is a self-moderated topic. If you do not want to be moderated by the person who started this topic, create a new topic.
tromp
Hero Member
*****
Offline Offline

Activity: 494


View Profile
December 21, 2015, 06:32:25 PM
 #1161

PoWs requiring billions of bits are pretty safe from QC quadratic speedup,
which is still struggling to work for mere dozens of qubits.

We have stopped on time-memory trade-off...

Not all TMTOs are linear...

You don't even need a PoW with superlinear TMTO.
A simple and practical PoW like Cuckoo Cycle suffices.

They key insight is that the longer a single proof attempt takes,
relative to the block interval, the smaller the advantage of the QC.

Let's say the block interval only allows for a 100 proof attempts (nonces) by a single miner.
(e.g. 10 second block interval, and 0.1 second proof attempt).

A QC can use quadratic speedup to search those 100 nonces in 1/10 the time,
but this will small 10x advantage will be completely wiped out by

1) the TMTO slowdown and penalty (already a factor 10^3 for a million qubit QC running cuckoo on 2^27 nodes)

2) cycle time of QC being way longer than that of classical computers

3) constant factor overhead in running Grover algorithm.


1505978358
Hero Member
*
Offline Offline

Posts: 1505978358

View Profile Personal Message (Offline)

Ignore
1505978358
Reply with quote  #2

1505978358
Report to moderator
1505978358
Hero Member
*
Offline Offline

Posts: 1505978358

View Profile Personal Message (Offline)

Ignore
1505978358
Reply with quote  #2

1505978358
Report to moderator
1505978358
Hero Member
*
Offline Offline

Posts: 1505978358

View Profile Personal Message (Offline)

Ignore
1505978358
Reply with quote  #2

1505978358
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1505978358
Hero Member
*
Offline Offline

Posts: 1505978358

View Profile Personal Message (Offline)

Ignore
1505978358
Reply with quote  #2

1505978358
Report to moderator
1505978358
Hero Member
*
Offline Offline

Posts: 1505978358

View Profile Personal Message (Offline)

Ignore
1505978358
Reply with quote  #2

1505978358
Report to moderator
Come-from-Beyond
Legendary
*
Offline Offline

Activity: 1708

Newbie


View Profile
December 21, 2015, 06:50:45 PM
 #1162

Let's say the block interval only allows for a 100 proof attempts (nonces) by a single miner.

How will you protect nodes against DoS attacks sending junk bytes pretending that they contain a valid nonce?
tromp
Hero Member
*****
Offline Offline

Activity: 494


View Profile
December 21, 2015, 07:03:41 PM
 #1163

Let's say the block interval only allows for a 100 proof attempts (nonces) by a single miner.

How will you protect nodes against DoS attacks sending junk bytes pretending that they contain a valid nonce?

Cuckoo Cycle proofs are instantly verifiable, just like Bitcoin nonces.
eragmus
Newbie
*
Offline Offline

Activity: 7


View Profile
December 21, 2015, 07:08:13 PM
 #1164

FYI: I would still appreciate a reply to my argument about Bitcoin Lightning (payment channels) solving IoT problem, and how the fees are by design going to be less than 1 satoshi & Lightning's infinite transaction capacity...
> https://bitcointalk.org/index.php?topic=1216479.msg13311118#msg13311118
Come-from-Beyond
Legendary
*
Offline Offline

Activity: 1708

Newbie


View Profile
December 21, 2015, 07:13:20 PM
 #1165

Cuckoo Cycle proofs are instantly verifiable, just like Bitcoin nonces.

Bitcoin nonces are not verifiable instantly, but they require only very little memory. How much memory is required to verify Cuckoo Cycle nonce?
tromp
Hero Member
*****
Offline Offline

Activity: 494


View Profile
December 21, 2015, 07:28:33 PM
 #1166

Cuckoo Cycle proofs are instantly verifiable, just like Bitcoin nonces.

Bitcoin nonces are not verifiable instantly, but they require only very little memory. How much memory is required to verify Cuckoo Cycle nonce?

336 bytes.

Quoting from https://github.com/tromp/cuckoo:

"Proofs take the form of a length 42 cycle in a bipartite graph with N nodes and N/2 edges, with N scalable from millions to billions and beyond.

This makes verification trivial: compute the 42x2 edge endpoints with one initialising sha256 and 84 very cheap siphash-2-4 hashes, check that each endpoint occurs twice, and that you come back to the starting point only after traversing 42 edges.
A final sha256 hash on the sorted 42 nonces can check whether the 42-cycle meets a difficulty target.

This is implemented in just 157 lines of C code (files src/cuckoo.h and src/cuckoo.c).

From this point of view, Cuckoo Cycle is a very simple PoW, requiring hardly any code, time, or memory to verify."

The verify() function uses 2*42 ints of memory.
For graph sizes up to 2^32, those can be 32-bit ints, so that's 336 bytes.

Come-from-Beyond
Legendary
*
Offline Offline

Activity: 1708

Newbie


View Profile
December 21, 2015, 07:53:40 PM
 #1167

FYI: I would still appreciate a reply to my argument about Bitcoin Lightning (payment channels) solving IoT problem, and how the fees are by design going to be less than 1 satoshi & Lightning's infinite transaction capacity...
> https://bitcointalk.org/index.php?topic=1216479.msg13311118#msg13311118

For LN to work in IoT industry we need an efficient routing algorithm for one billion nodes forming a quasi-homogeneous network. Do you have one that doesn't require expensive bandwidth? How does LN incentivize to share routing metadata that could be used for detours? What is the most efficient leverage of available funds (too little will require to update routing metadata very often, too much is too expensive because locked coins don't "earn" profit)? How routing metadata are verified for non-neighbors and how dishonest nodes are punished? Can't a payment route be used to deanonimize payment recipients? What if a payment hub doesn't support payment network neutrality? What possibilities does a successful MITM attack give (it's an extra level, hence it's extra possibilities)?
Come-from-Beyond
Legendary
*
Offline Offline

Activity: 1708

Newbie


View Profile
December 21, 2015, 07:57:41 PM
 #1168

336 bytes.

Is there an algorithm that requires very little memory to verify a nonce but without cons mentioned in https://www.cs.cmu.edu/~dga/crypto/cuckoo/analysis.pdf?
Come-from-Beyond
Legendary
*
Offline Offline

Activity: 1708

Newbie


View Profile
December 21, 2015, 08:30:29 PM
 #1169

I've known that someone is working on a node explorer for Iota. Iota protocol doesn't allow to share nodes, IoT devices will likely use radio to broadcast transactions to other devices around them. There will be no a way to reach nodes out of the range*, Iota on UDP transport mimics such behavior by requiring to manually type a list of the nodes, only these nodes will be used. From the start there will be a short list of nodes, later users should exchange their node IPs/domains with each other via any means of communication forming a https://en.wikipedia.org/wiki/Small-world_network.

---
* - Well, it's possible to do routing from one point of the globe to another even for devices with short-range radio modules, but Iota relaxes requirement to hardware by using only bare minimum.
child_harold
Hero Member
*****
Offline Offline

Activity: 812



View Profile
December 21, 2015, 09:01:07 PM
 #1170

I've known that someone is working on a node explorer for Iota. Iota protocol doesn't allow to share nodes, IoT devices will likely use radio to broadcast transactions to other devices around them.

Forgive my brevity but I'm short on time
Short answers preferred, thanks.

1. Will there be an explorer for IOTA?
2. Is IOTA susceptible to double-spends?
3. Is there any kind of scripting language in IOTA? (Ethereum style)
4. Does IOTA afford better anonymity than Bitcoin?
5. Does IOTA require/benefit from decentralized nodes? (Bitcoin-style)
6. Where do JINN and ternary procs fit in?
7. When are we "Quantum Secure"? After XMAS?

 

tromp
Hero Member
*****
Offline Offline

Activity: 494


View Profile
December 21, 2015, 09:09:20 PM
 #1171

336 bytes.
Is there an algorithm that requires very little memory to verify a nonce but without cons mentioned in https://www.cs.cmu.edu/~dga/crypto/cuckoo/analysis.pdf?

What's cons?

Everything in that paper by dga is addressed in more recent versions of the Cuckoo Cycle whitepaper (e.g. the version published in BITCOIN'2015 from Jan 2015).
Come-from-Beyond
Legendary
*
Offline Offline

Activity: 1708

Newbie


View Profile
December 21, 2015, 09:28:57 PM
 #1172

What's cons?

Everything in that paper by dga is addressed in more recent versions of the Cuckoo Cycle whitepaper (e.g. the version published in BITCOIN'2015 from Jan 2015).

Good, you should send it to the next tradeoff-resistant algorithm competition.

So the only problem left is necessity to have top-tier hardware to be able to mine quantum-proof blockchain, i.e. even worse centralization of mining?
Come-from-Beyond
Legendary
*
Offline Offline

Activity: 1708

Newbie


View Profile
December 21, 2015, 09:32:01 PM
 #1173

Forgive my brevity but I'm short on time
Short answers preferred, thanks.

1. Will there be an explorer for IOTA?
2. Is IOTA susceptible to double-spends?
3. Is there any kind of scripting language in IOTA? (Ethereum style)
4. Does IOTA afford better anonymity than Bitcoin?
5. Does IOTA require/benefit from decentralized nodes? (Bitcoin-style)
6. Where do JINN and ternary procs fit in?
7. When are we "Quantum Secure"? After XMAS?

1. Yes
2. Depends on merchant policy
3. No
4. No
5. Didn't get the question
6. Iota works with trits instead of bits
7. From the very beginning
tromp
Hero Member
*****
Offline Offline

Activity: 494


View Profile
December 21, 2015, 09:44:24 PM
 #1174

What's cons?
Everything in that paper by dga is addressed in more recent versions of the Cuckoo Cycle whitepaper (e.g. the version published in BITCOIN'2015 from Jan 2015).

Good, you should send it to the next tradeoff-resistant algorithm competition.

There are no PoW competitions. But I will be happy to submit once there are.

The only thing left is to note that your statement

"PoW blockchains are inherently vulnerable to QCs"

only applies to PoWs where a huge range (at least billions) of nonces is searched
(by one miner in one block interval).
I-Love-Iota
Newbie
*
Offline Offline

Activity: 5


View Profile
December 21, 2015, 09:57:42 PM
 #1175

What is the most popular and common settings file format?

HTTP basic authentication should be considered.  In actual practice though, it's more work for web developers to figure out how to specify the password through some extra parameter in the HTTP or JSON-RPC wrapper than to just stick an extra parameter at the beginning of the parameter list.  What do you think?  Does HTTP basic authentication get us any additional benefits?  Moving it off the parameter list but then you still have to specific it in a more esoteric place I'm not sure is a net win.
Come-from-Beyond
Legendary
*
Offline Offline

Activity: 1708

Newbie


View Profile
December 21, 2015, 09:58:26 PM
 #1176

There are no PoW competitions. But I will be happy to submit once there are.

The only thing left is to note that your statement

"PoW blockchains are inherently vulnerable to QCs"

only applies to PoWs where a huge range (at least billions) of nonces is searched
(by one miner in one block interval).

If you "solve" PoW blockchain vulnerability by making mining centralized then I can't accept this as a solution. If we allowed any solution then I would claim that Bitcoin blockchain is completely insecure in some insane conditions.
Come-from-Beyond
Legendary
*
Offline Offline

Activity: 1708

Newbie


View Profile
December 21, 2015, 10:00:31 PM
 #1177

What is the most popular and common settings file format?

"Key = value" in text form.
Come-from-Beyond
Legendary
*
Offline Offline

Activity: 1708

Newbie


View Profile
December 21, 2015, 10:01:33 PM
 #1178

Let's test address generation - http://188.138.57.93/addressgenerator.html. The seed must contain up to 81 chars. Lower case latin letters and "9" are allowed.

PS: The task is to find such seed that gives the longest English word inside the address. For example, "q" gives "CCWW9NBQGIRGVUGBMXWNYXSYUSKOJYNIUUMPHFLGQNXQJEPSMMNVWCMYNRXYCBOOMYANFC9CRRDRXFVYA".
I-Love-Iota
Newbie
*
Offline Offline

Activity: 5


View Profile
December 21, 2015, 10:11:55 PM
 #1179

satoshi :OSDETSKWBFNLRNNJ9NWV99KMVSSFKHGJSQZJXXYGGBSETHGVRXFFMYPCAHOORNEJSTYUWZGGAMBNVYHBJ

iota :LEDNLBLOWSIEZZWCSSPTLKMRB9FZNXNCYNFKFAOUZPEVYA9UOUAB9NTWZPICKLYWYXRUGXQAM99CTMQQB
tromp
Hero Member
*****
Offline Offline

Activity: 494


View Profile
December 21, 2015, 10:15:57 PM
 #1180

There are no PoW competitions. But I will be happy to submit once there are.

The only thing left is to note that your statement

"PoW blockchains are inherently vulnerable to QCs"

only applies to PoWs where a huge range (at least billions) of nonces is searched
(by one miner in one block interval).

If you "solve" PoW blockchain vulnerability by making mining centralized then I can't accept this as a solution.

Cuckoo Cycle reduces the gap between commodity and custom hardware by being memory bound, making mining less centralized.
Pages: « 1 ... 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 [59] 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 ... 560 »
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!