Bitcoin Forum
July 12, 2020, 03:03:29 PM *
News: Latest Bitcoin Core release: 0.20.0 [Torrent]
 
   Home   Help Search Login Register More  
Warning: One or more bitcointalk.org users have reported that they believe that the creator of this topic displays some red flags which make them high-risk. (Login to see the detailed trust ratings.) While the bitcointalk.org administration does not verify such claims, you should proceed with extreme caution.
Pages: « 1 2 3 4 5 6 7 [8] 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 ... 758 »
  Print  
Author Topic: IOTA  (Read 1463406 times)
This is a self-moderated topic. If you do not want to be moderated by the person who started this topic, create a new topic.
petko
Newbie
*
Offline Offline

Activity: 12
Merit: 0


View Profile
October 23, 2015, 08:06:04 AM
 #141


This looks good for the edge case of a tangle degenerated to a chain. It should be the same for a tangle with arbitrary topology for transactions that have already been considered confirmed, but intuition says that it's incorrect for transactions that haven't passed their adaptation period (i.e. there are a lot of tips not referencing them) yet.

OK, guess the transactions will get entangled fast enough. Let's and do a quick calc considering they do:

  • Let J be the average Joe hash rate
  • You cannot ask Joe to wait more than 60 sec to issue a single transaction, so the minimal PoW cannot be more than 60 * J
  • Let E be the attacker's hash rate

The minimal number of transactions per second that you need in order to keep the system secure is N = E / (60 * J)

So for SHA-256 (in fact, what hashing do you consider?):

  • Let's take the Core 2 Duo hash rate for Joe
    J = 2.5 MH/s
  • Today's hash rate of the Bitcoin network is around 430 PH/s. It is plausible to assume that a single entity owns 1% of that hash power
    E = 4.3 PH/s = 4 300 000 000 MH/s

 => The minimal number of transactions per second is the astonishing N = 28 666 666

Did I misunderstand something?
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1594566209
Hero Member
*
Offline Offline

Posts: 1594566209

View Profile Personal Message (Offline)

Ignore
1594566209
Reply with quote  #2

1594566209
Report to moderator
1594566209
Hero Member
*
Offline Offline

Posts: 1594566209

View Profile Personal Message (Offline)

Ignore
1594566209
Reply with quote  #2

1594566209
Report to moderator
1594566209
Hero Member
*
Offline Offline

Posts: 1594566209

View Profile Personal Message (Offline)

Ignore
1594566209
Reply with quote  #2

1594566209
Report to moderator
Come-from-Beyond
Legendary
*
Offline Offline

Activity: 2128
Merit: 1009

Newbie


View Profile
October 23, 2015, 08:12:50 AM
 #142

So when can a tx be considered unreversable ?

Never, look at formula #14 in http://188.138.57.93/tangle.pdf. Just like in Bitcoin there is always a chance of doublespending.
patmast3r
Hero Member
*****
Offline Offline

Activity: 980
Merit: 1001


View Profile
October 23, 2015, 08:21:00 AM
 #143

So when can a tx be considered unreversable ?

Never, look at formula #14 in http://188.138.57.93/tangle.pdf. Just like in Bitcoin there is always a chance of doublespending.

Not even when the weight cap is reached ? (The paper mentions the cap but I'm not sure it ever states if the cap will actually be applied)

tonych
Hero Member
*****
Offline Offline

Activity: 903
Merit: 858


View Profile WWW
October 23, 2015, 08:25:03 AM
 #144

Got it. But I still doubt it is secure. With roughly constant flow of transactions, we have roughly constant PoW generated on the legit branch.
In Bitcoin, we always have better, more power efficient ASICs. The miner who is first to install a new ASIC, obtains temporary advantage over other miners (assuming all other variables equal). A new ASIC basically redistributes the constant flow of wealth (25BTC/block) among miners, ordinary users don't care.
In Iota, I'm afraid, it'll be profitable to use ASICs against users. If minimal PoW per transaction is small enough then a small battery of ASICs might be enough to outPoW the whole legitimate network armed with CPU PoW.

Bitcoin has constant PoW during a week too, I don't see how constant PoW leads to an insecure state. Would anyone create ASICs for Bitcoin mining if there was no subsidy (25 BTC) nor transaction fees?
While it is true that Bitcoin has constant PoW during two weeks, it is adjusted every two weeks in response to changes in the total hash power available. It is able to adapt. There is no reason to assume that the flow of transactions in Iota will increase in response to more hash power being available.

Will anyone create ASICs or build botnets specifically to attack Iota users? If Iota token becomes valuable enough, why not?

Security of Iota relies on assumption that an adversary controls less than 50% of hashing power. This is a standard assumption in cryptoindustry. Bootstrapping period will be protected by checkpoints.
It is not just an assumption, it is carefully designed incentives that drive people to behave honestly rather than try to attack other users. Satoshi writes this in section 6 of Bitcoin whitepaper:
Quote
The   incentive   may   help   encourage   nodes   to   stay   honest.     If   a   greedy   attacker   is   able   to
assemble more CPU power than all the honest nodes, he would have to choose between using it
to defraud people by stealing back his payments, or using it to generate new coins.  He ought to
find it more profitable to play by the rules, such rules that favour him with more new coins than
everyone else combined, than to undermine the system and the validity of his own wealth.
In Iota, there is no mining that would have absorbed any surplus hashpower. Where will this wild hashpower go?

Thanks, terminology definitely helped.
So you allow to duplicate a transaction as long as PoW is also duplicated.
What about attempts to rewrite history by rewriting the envelopes?



In this example from the whitepaper, if I wanted to censor envelope F and the corresponding transaction (because e.g. it contained a spend that I want to roll back), could I "route around" it by spending some electricity and rewriting references in envelopes of E and B so that they no longer point to F but somewhere else? Then there are no references to F in the graph any more, I can safely delete it and share my version of the history with other nodes. How will they know which history is right?

The history with the heaviest tangle is right. To rewrite the history you need to control most of the hashing power.
Why? I'm guessing after I rewrite envelopes of E and B, I have to also rewrite all envelopes that reference them (A and C), then the envelopes that reference those who reference, and so on until the tips, correct?


Simplicity is beauty
Come-from-Beyond
Legendary
*
Offline Offline

Activity: 2128
Merit: 1009

Newbie


View Profile
October 23, 2015, 08:27:38 AM
 #145

The minimal number of transactions per second that you need in order to keep the system secure is N = E / (60 * J)

So for SHA-256 (in fact, what hashing do you consider?):

  • Let's take the Core 2 Duo hash rate for Joe
    J = 2.5 MH/s
  • Today's hash rate of the Bitcoin network is around 430 PH/s. It is plausible to assume that a single entity owns 1% of that hash power
    E = 4.3 PH/s = 4 300 000 000 MH/s

 => The minimal number of transactions per second is the astonishing N = 28 666 666

Did I misunderstand something?

Looks good, it's just unclear why you picked Bitcoin hashrate which is generated by ASICs working a million times faster than a computer.
Come-from-Beyond
Legendary
*
Offline Offline

Activity: 2128
Merit: 1009

Newbie


View Profile
October 23, 2015, 08:31:40 AM
 #146

Not even when the weight cap is reached ? (The paper mentions the cap but I'm not sure it ever states if the cap will actually be applied)

No. The cap is related to another issue.
Come-from-Beyond
Legendary
*
Offline Offline

Activity: 2128
Merit: 1009

Newbie


View Profile
October 23, 2015, 08:43:41 AM
 #147

Got it. But I still doubt it is secure. With roughly constant flow of transactions, we have roughly constant PoW generated on the legit branch.
In Bitcoin, we always have better, more power efficient ASICs. The miner who is first to install a new ASIC, obtains temporary advantage over other miners (assuming all other variables equal). A new ASIC basically redistributes the constant flow of wealth (25BTC/block) among miners, ordinary users don't care.
In Iota, I'm afraid, it'll be profitable to use ASICs against users. If minimal PoW per transaction is small enough then a small battery of ASICs might be enough to outPoW the whole legitimate network armed with CPU PoW.

Bitcoin has constant PoW during a week too, I don't see how constant PoW leads to an insecure state. Would anyone create ASICs for Bitcoin mining if there was no subsidy (25 BTC) nor transaction fees?
While it is true that Bitcoin has constant PoW during two weeks, it is adjusted every two weeks in response to changes in the total hash power available. It is able to adapt. There is no reason to assume that the flow of transactions in Iota will increase in response to more hash power being available.

Will anyone create ASICs or build botnets specifically to attack Iota users? If Iota token becomes valuable enough, why not?

Security of Iota relies on assumption that an adversary controls less than 50% of hashing power. This is a standard assumption in cryptoindustry. Bootstrapping period will be protected by checkpoints.
It is not just an assumption, it is carefully designed incentives that drive people to behave honestly rather than try to attack other users. Satoshi writes this in section 6 of Bitcoin whitepaper:
Quote
The   incentive   may   help   encourage   nodes   to   stay   honest.     If   a   greedy   attacker   is   able   to
assemble more CPU power than all the honest nodes, he would have to choose between using it
to defraud people by stealing back his payments, or using it to generate new coins.  He ought to
find it more profitable to play by the rules, such rules that favour him with more new coins than
everyone else combined, than to undermine the system and the validity of his own wealth.
In Iota, there is no mining that would have absorbed any surplus hashpower. Where will this wild hashpower go?

Thanks, terminology definitely helped.
So you allow to duplicate a transaction as long as PoW is also duplicated.
What about attempts to rewrite history by rewriting the envelopes?



In this example from the whitepaper, if I wanted to censor envelope F and the corresponding transaction (because e.g. it contained a spend that I want to roll back), could I "route around" it by spending some electricity and rewriting references in envelopes of E and B so that they no longer point to F but somewhere else? Then there are no references to F in the graph any more, I can safely delete it and share my version of the history with other nodes. How will they know which history is right?

The history with the heaviest tangle is right. To rewrite the history you need to control most of the hashing power.
Why? I'm guessing after I rewrite envelopes of E and B, I have to also rewrite all envelopes that reference them (A and C), then the envelopes that reference those who reference, and so on until the tips, correct?



Min transaction PoW will naturally increase over time mimicking Moore's law when more powerful hardware appears. Multiply this by TPS increase caused by increased popularity.

ASICs indeed will be created.

Satoshi's assumption was shown to be incorrect - http://www.cs.cornell.edu/~ie53/publications/btcProcFC.pdf.

Necessity to absorb surplus hashpower is not obvious, also what numbers do you have in mind (1% of not used hashpower, 10%, 99%)?

There is no such thing as rewriting of envelopes, you can only add new ones unless you conducted a global eclipse attack.
patmast3r
Hero Member
*****
Offline Offline

Activity: 980
Merit: 1001


View Profile
October 23, 2015, 08:47:50 AM
 #148

So what's the plan to bootstrap this thing ? Just pump "useless" transactions into it until the market/actual usage can sustain a constant flow?

Come-from-Beyond
Legendary
*
Offline Offline

Activity: 2128
Merit: 1009

Newbie


View Profile
October 23, 2015, 08:53:11 AM
 #149

So what's the plan to bootstrap this thing ? Just pump "useless" transactions into it until the market/actual usage can sustain a constant flow?

The plan is to do checkpointing every 5 minutes. Initial holders will vote proportionally to amount owned in the very beginning. Checkpoints are not mandatory and can be disabled by any node.
tobeaj2mer01
Legendary
*
Offline Offline

Activity: 1103
Merit: 1000


Angel investor.


View Profile
October 23, 2015, 10:45:39 AM
 #150

Is there any code/prototype now or only a whitepaper?

Sirx: SQyHJdSRPk5WyvQ5rJpwDUHrLVSvK2ffFa
iotatoken
Hero Member
*****
Offline Offline

Activity: 714
Merit: 500


View Profile
October 23, 2015, 10:53:01 AM
 #151

Is there any code/prototype now or only a whitepaper?

It's in development.

tobeaj2mer01
Legendary
*
Offline Offline

Activity: 1103
Merit: 1000


Angel investor.


View Profile
October 23, 2015, 10:59:52 AM
 #152

How can we get IOTA? Can we mine it or buy it?

There will be a crowdsale, yes.

At about what time? Will it hold before or after testing IOTA release?

Sirx: SQyHJdSRPk5WyvQ5rJpwDUHrLVSvK2ffFa
TPTB_need_war
Sr. Member
****
Offline Offline

Activity: 420
Merit: 255


View Profile
October 23, 2015, 12:17:39 PM
 #153

Come-from-Beyond has been very cordial to me, so I don't want to defecate on his effort. I have my doubts about viability for the following reason. The ramifications of this probably needs to be discussed more. But it seems to me that having users who send transactions viewing all the transactions before they can send is the antithesis of instant microtransactions and also places a burden on who can send a transaction. You need certain minimum level of connectivity and bandwidth on your connection just to send a transaction. It is an interesting concept and maybe DAG can be integrated in other ways into cryptocurrency. Maybe he needs to figure out how to eliminate this apparent weakness with some paradigm shift. Note it appears to me that Lightning Networks is in some facets (not all) similar to a DAG concept. Perhaps thinking about those two different paradigms will lead to some epiphany.

Hey cool name Iota (IoT)! Good one!

Can you explain to me why this doesn't require every connected IoT that wants to sign a transaction to not have to listen to every transaction on the network?

Doesn't the bandwidth requirements of that limit which sort of devices can participate?

Can a IoT device proxy its request a well powered server?

Are you talking about on- or off-tangle payments?

Lol I don't know. I guess I mean on-tangle, those participating in your algorithm?

For on-tangle payments a device needs to see majority of the transactions. Good news is that it needs this only if it's about to make or check a payment, most of time it can store and broadcast transactions without their verification (only PoW needs to be verified to avoid spam attacks).

petko
Newbie
*
Offline Offline

Activity: 12
Merit: 0


View Profile
October 23, 2015, 12:24:18 PM
 #154

Looks good, it's just unclear why you picked Bitcoin hashrate which is generated by ASICs working a million times faster than a computer.

I picked it in a search for a maximum possible hash rate owned by an attacker.

In fact here I assume the biggest ASICs farm is like a billion times faster than a computer. You are correct that ASICs farms wouldn't exist without the Bitcoin economic model. I.e. the ratio E/J wouldn't have grown to billions. But even if it was smaller, you still need a minimal number of transactions per second with the magnitude of E/J.

Anyways, good luck!

PS: Smiley Iota is like a russian car: if it stop, it cannot start, but once it start, it cannot be stopped Cheesy

mthcl
Sr. Member
****
Offline Offline

Activity: 376
Merit: 300


View Profile
October 23, 2015, 12:26:07 PM
 #155

So when can a tx be considered unreversable ?

Never, look at formula #14 in http://188.138.57.93/tangle.pdf. Just like in Bitcoin there is always a chance of doublespending.

Not even when the weight cap is reached ? (The paper mentions the cap but I'm not sure it ever states if the cap will actually be applied)

That cap is only for the own weight of a tx (in fact, as far as I know, the plan is to set it to constant). The cumulative weight may (and will) grow.
Come-from-Beyond
Legendary
*
Offline Offline

Activity: 2128
Merit: 1009

Newbie


View Profile
October 23, 2015, 12:44:50 PM
 #156

Come-from-Beyond has been very cordial to me, so I don't want to defecate on his effort. I have my doubts about viability for the following reason. The ramifications of this probably needs to be discussed more. But it seems to me that having users who send transactions viewing all the transactions before they can send is the antithesis of instant microtransactions and also places a burden on who can send a transaction. You need certain minimum level of connectivity and bandwidth on your connection just to send a transaction. It is an interesting concept and maybe DAG can be integrated in other ways into cryptocurrency. Maybe he needs to figure out how to eliminate this apparent weakness with some paradigm shift. Note it appears to me that Lightning Networks is in some facets (not all) similar to a DAG concept. Perhaps thinking about those two different paradigms will lead to some epiphany.

Hey cool name Iota (IoT)! Good one!

It's not needed to see all the transactions before sending a payment, one could have a few days old snapshot and still get their transaction included into the tangle. This is an advantage of the tangle over the blockchain - consistency requirement is much lower than in Bitcoin. Lightning Networks approach (more precisely its improvement made by Christian Decker and Roger Wattenhofer in "A Fast and Scalable Payment Network with Bitcoin Duplex Micropayment Channels") is already utilized in Iota.
Fuserleer
Legendary
*
Offline Offline

Activity: 1050
Merit: 1005



View Profile WWW
October 23, 2015, 01:46:46 PM
 #157

Come-from-Beyond has been very cordial to me, so I don't want to defecate on his effort. I have my doubts about viability for the following reason. The ramifications of this probably needs to be discussed more. But it seems to me that having users who send transactions viewing all the transactions before they can send is the antithesis of instant microtransactions and also places a burden on who can send a transaction. You need certain minimum level of connectivity and bandwidth on your connection just to send a transaction. It is an interesting concept and maybe DAG can be integrated in other ways into cryptocurrency. Maybe he needs to figure out how to eliminate this apparent weakness with some paradigm shift. Note it appears to me that Lightning Networks is in some facets (not all) similar to a DAG concept. Perhaps thinking about those two different paradigms will lead to some epiphany.

Hey cool name Iota (IoT)! Good one!

It's not needed to see all the transactions before sending a payment, one could have a few days old snapshot and still get their transaction included into the tangle. This is an advantage of the tangle over the blockchain - consistency requirement is much lower than in Bitcoin. Lightning Networks approach (more precisely its improvement made by Christian Decker and Roger Wattenhofer in "A Fast and Scalable Payment Network with Bitcoin Duplex Micropayment Channels") is already utilized in Iota.

^ this

Its one of the strengths of a tangle/DAG/whatever you want to call it as I explained further up.

I too though am a little unsure about the use of POW as you describe it, I have the anticipation that this "race" if the network loses could have some serious consequences.  I plan to dig into the theory -> practice of it more over the weekend as a break from regular eMunie stuff before I make any judgements.

Radix - DLT x.0

Web - http://radix.global  Forums - http://forum.radix.global Twitter - @radixdlt
Come-from-Beyond
Legendary
*
Offline Offline

Activity: 2128
Merit: 1009

Newbie


View Profile
October 23, 2015, 01:52:52 PM
 #158

I too though am a little unsure about the use of POW as you describe it, I have the anticipation that this "race" if the network loses could have some serious consequences.

We have an ace up our sleeve, but it's too early to reveal it.
Fuserleer
Legendary
*
Offline Offline

Activity: 1050
Merit: 1005



View Profile WWW
October 23, 2015, 02:53:03 PM
 #159

I too though am a little unsure about the use of POW as you describe it, I have the anticipation that this "race" if the network loses could have some serious consequences.

We have an ace up our sleeve, but it's too early to reveal it.

Fair enough.  In that case I wont waste any time until you've divulged what that is Smiley

Radix - DLT x.0

Web - http://radix.global  Forums - http://forum.radix.global Twitter - @radixdlt
TPTB_need_war
Sr. Member
****
Offline Offline

Activity: 420
Merit: 255


View Profile
October 23, 2015, 03:07:39 PM
 #160

Come-from-Beyond has been very cordial to me, so I don't want to defecate on his effort. I have my doubts about viability for the following reason. The ramifications of this probably needs to be discussed more. But it seems to me that having users who send transactions viewing all the transactions before they can send is the antithesis of instant microtransactions and also places a burden on who can send a transaction. You need certain minimum level of connectivity and bandwidth on your connection just to send a transaction. It is an interesting concept and maybe DAG can be integrated in other ways into cryptocurrency. Maybe he needs to figure out how to eliminate this apparent weakness with some paradigm shift. Note it appears to me that Lightning Networks is in some facets (not all) similar to a DAG concept. Perhaps thinking about those two different paradigms will lead to some epiphany.

Hey cool name Iota (IoT)! Good one!

It's not needed to see all the transactions before sending a payment, one could have a few days old snapshot and still get their transaction included into the tangle. This is an advantage of the tangle over the blockchain - consistency requirement is much lower than in Bitcoin. Lightning Networks approach (more precisely its improvement made by Christian Decker and Roger Wattenhofer in "A Fast and Scalable Payment Network with Bitcoin Duplex Micropayment Channels") is already utilized in Iota.

I haven't dug into the core issues of the breadth of tree and its implication on convergence versus divergence and as pertains to double-spends and other metrics. So I am limited in terms of making insights at this time until I do.

I thought you replied to me up thread that the payer needs to accumulate a significant portion of the breadth of the tree (even historically) in order to evaluate where strategically to optimally insert his/her node in the DAG. Thus it seems to me that each payer has to see some N other payers, so this bandwidth and computation load on the payer is scaling as N x N for payers versus to a normal PoW system where the payer's signature is autonomous from the network. The latter is the end-to-end principle because the intermediaries—between the originator and the construction of a transaction to the destination—are incapable of harm, substitutable, and fungible. Put more abstractly, the intermediaries are idempotent, referentially transparent, transitive, and commutative.

I understand conceptually the global consistency requirement is lower than a more deterministic traditional PoW or even PoS system (although these diverge on reorganizations and total divergence at 51% attack), but doesn't that come with the tradeoff of a risk of divergence of the tree's *final* conclusion about a double-spend (two reasonably balanced leaves each with a double-spend)?

I guess what I am after in terms of characterizing the tradeoffs is some quantification or conceptualization of the frequency/probably (or characteristic principles) of divergence as we have succinctly with PoW (selfish mining, 51% attack, orphaned chains, etc). Something expressed in the English language and not requiring differential equations models to comprehend.

Pages: « 1 2 3 4 5 6 7 [8] 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 ... 758 »
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!