Bitcoin Forum
September 26, 2017, 09:27:50 AM *
News: Latest stable version of Bitcoin Core: 0.15.0.1  [Torrent]. (New!)
 
   Home   Help Search Donate Login Register  
Pages: « 1 2 3 4 5 6 7 [8] 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 ... 565 »
  Print  
Author Topic: IOTA  (Read 988320 times)
This is a self-moderated topic. If you do not want to be moderated by the person who started this topic, create a new topic.
iotatoken
Hero Member
*****
Offline Offline

Activity: 714


View Profile
October 23, 2015, 07:41:16 AM
 #141

How can we get IOTA? Can we mine it or buy it?

There will be a crowdsale, yes.

1506418070
Hero Member
*
Offline Offline

Posts: 1506418070

View Profile Personal Message (Offline)

Ignore
1506418070
Reply with quote  #2

1506418070
Report to moderator
Satoshi is no god. He did not come down from the mountain with 10 golden rules engraved in stone for no one to question.
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1506418070
Hero Member
*
Offline Offline

Posts: 1506418070

View Profile Personal Message (Offline)

Ignore
1506418070
Reply with quote  #2

1506418070
Report to moderator
1506418070
Hero Member
*
Offline Offline

Posts: 1506418070

View Profile Personal Message (Offline)

Ignore
1506418070
Reply with quote  #2

1506418070
Report to moderator
1506418070
Hero Member
*
Offline Offline

Posts: 1506418070

View Profile Personal Message (Offline)

Ignore
1506418070
Reply with quote  #2

1506418070
Report to moderator
patmast3r
Hero Member
*****
Offline Offline

Activity: 966


View Profile
October 23, 2015, 07:56:57 AM
 #142

So for a transaction to be considered confirmed, the number of approving transactions multiplied by the minimal PoW must exceed the maximal possible adversary's PoW?

No, it's not that easy, if transaction flow drops then an adversary can catch up and double-spend. It's a never ending race.

So when can a tx be considered unreversable ?

petko
Newbie
*
Offline Offline

Activity: 12


View Profile
October 23, 2015, 08:06:04 AM
 #143


This looks good for the edge case of a tangle degenerated to a chain. It should be the same for a tangle with arbitrary topology for transactions that have already been considered confirmed, but intuition says that it's incorrect for transactions that haven't passed their adaptation period (i.e. there are a lot of tips not referencing them) yet.

OK, guess the transactions will get entangled fast enough. Let's and do a quick calc considering they do:

  • Let J be the average Joe hash rate
  • You cannot ask Joe to wait more than 60 sec to issue a single transaction, so the minimal PoW cannot be more than 60 * J
  • Let E be the attacker's hash rate

The minimal number of transactions per second that you need in order to keep the system secure is N = E / (60 * J)

So for SHA-256 (in fact, what hashing do you consider?):

  • Let's take the Core 2 Duo hash rate for Joe
    J = 2.5 MH/s
  • Today's hash rate of the Bitcoin network is around 430 PH/s. It is plausible to assume that a single entity owns 1% of that hash power
    E = 4.3 PH/s = 4 300 000 000 MH/s

 => The minimal number of transactions per second is the astonishing N = 28 666 666

Did I misunderstand something?
Come-from-Beyond
Legendary
*
Offline Offline

Activity: 1708

Newbie


View Profile
October 23, 2015, 08:12:50 AM
 #144

So when can a tx be considered unreversable ?

Never, look at formula #14 in http://188.138.57.93/tangle.pdf. Just like in Bitcoin there is always a chance of doublespending.
patmast3r
Hero Member
*****
Offline Offline

Activity: 966


View Profile
October 23, 2015, 08:21:00 AM
 #145

So when can a tx be considered unreversable ?

Never, look at formula #14 in http://188.138.57.93/tangle.pdf. Just like in Bitcoin there is always a chance of doublespending.

Not even when the weight cap is reached ? (The paper mentions the cap but I'm not sure it ever states if the cap will actually be applied)

tonych
Hero Member
*****
Online Online

Activity: 518


View Profile WWW
October 23, 2015, 08:25:03 AM
 #146

Got it. But I still doubt it is secure. With roughly constant flow of transactions, we have roughly constant PoW generated on the legit branch.
In Bitcoin, we always have better, more power efficient ASICs. The miner who is first to install a new ASIC, obtains temporary advantage over other miners (assuming all other variables equal). A new ASIC basically redistributes the constant flow of wealth (25BTC/block) among miners, ordinary users don't care.
In Iota, I'm afraid, it'll be profitable to use ASICs against users. If minimal PoW per transaction is small enough then a small battery of ASICs might be enough to outPoW the whole legitimate network armed with CPU PoW.

Bitcoin has constant PoW during a week too, I don't see how constant PoW leads to an insecure state. Would anyone create ASICs for Bitcoin mining if there was no subsidy (25 BTC) nor transaction fees?
While it is true that Bitcoin has constant PoW during two weeks, it is adjusted every two weeks in response to changes in the total hash power available. It is able to adapt. There is no reason to assume that the flow of transactions in Iota will increase in response to more hash power being available.

Will anyone create ASICs or build botnets specifically to attack Iota users? If Iota token becomes valuable enough, why not?

Security of Iota relies on assumption that an adversary controls less than 50% of hashing power. This is a standard assumption in cryptoindustry. Bootstrapping period will be protected by checkpoints.
It is not just an assumption, it is carefully designed incentives that drive people to behave honestly rather than try to attack other users. Satoshi writes this in section 6 of Bitcoin whitepaper:
Quote
The   incentive   may   help   encourage   nodes   to   stay   honest.     If   a   greedy   attacker   is   able   to
assemble more CPU power than all the honest nodes, he would have to choose between using it
to defraud people by stealing back his payments, or using it to generate new coins.  He ought to
find it more profitable to play by the rules, such rules that favour him with more new coins than
everyone else combined, than to undermine the system and the validity of his own wealth.
In Iota, there is no mining that would have absorbed any surplus hashpower. Where will this wild hashpower go?

Thanks, terminology definitely helped.
So you allow to duplicate a transaction as long as PoW is also duplicated.
What about attempts to rewrite history by rewriting the envelopes?



In this example from the whitepaper, if I wanted to censor envelope F and the corresponding transaction (because e.g. it contained a spend that I want to roll back), could I "route around" it by spending some electricity and rewriting references in envelopes of E and B so that they no longer point to F but somewhere else? Then there are no references to F in the graph any more, I can safely delete it and share my version of the history with other nodes. How will they know which history is right?

The history with the heaviest tangle is right. To rewrite the history you need to control most of the hashing power.
Why? I'm guessing after I rewrite envelopes of E and B, I have to also rewrite all envelopes that reference them (A and C), then the envelopes that reference those who reference, and so on until the tips, correct?


Simplicity is beauty
Come-from-Beyond
Legendary
*
Offline Offline

Activity: 1708

Newbie


View Profile
October 23, 2015, 08:27:38 AM
 #147

The minimal number of transactions per second that you need in order to keep the system secure is N = E / (60 * J)

So for SHA-256 (in fact, what hashing do you consider?):

  • Let's take the Core 2 Duo hash rate for Joe
    J = 2.5 MH/s
  • Today's hash rate of the Bitcoin network is around 430 PH/s. It is plausible to assume that a single entity owns 1% of that hash power
    E = 4.3 PH/s = 4 300 000 000 MH/s

 => The minimal number of transactions per second is the astonishing N = 28 666 666

Did I misunderstand something?

Looks good, it's just unclear why you picked Bitcoin hashrate which is generated by ASICs working a million times faster than a computer.
Come-from-Beyond
Legendary
*
Offline Offline

Activity: 1708

Newbie


View Profile
October 23, 2015, 08:31:40 AM
 #148

Not even when the weight cap is reached ? (The paper mentions the cap but I'm not sure it ever states if the cap will actually be applied)

No. The cap is related to another issue.
Come-from-Beyond
Legendary
*
Offline Offline

Activity: 1708

Newbie


View Profile
October 23, 2015, 08:43:41 AM
 #149

Got it. But I still doubt it is secure. With roughly constant flow of transactions, we have roughly constant PoW generated on the legit branch.
In Bitcoin, we always have better, more power efficient ASICs. The miner who is first to install a new ASIC, obtains temporary advantage over other miners (assuming all other variables equal). A new ASIC basically redistributes the constant flow of wealth (25BTC/block) among miners, ordinary users don't care.
In Iota, I'm afraid, it'll be profitable to use ASICs against users. If minimal PoW per transaction is small enough then a small battery of ASICs might be enough to outPoW the whole legitimate network armed with CPU PoW.

Bitcoin has constant PoW during a week too, I don't see how constant PoW leads to an insecure state. Would anyone create ASICs for Bitcoin mining if there was no subsidy (25 BTC) nor transaction fees?
While it is true that Bitcoin has constant PoW during two weeks, it is adjusted every two weeks in response to changes in the total hash power available. It is able to adapt. There is no reason to assume that the flow of transactions in Iota will increase in response to more hash power being available.

Will anyone create ASICs or build botnets specifically to attack Iota users? If Iota token becomes valuable enough, why not?

Security of Iota relies on assumption that an adversary controls less than 50% of hashing power. This is a standard assumption in cryptoindustry. Bootstrapping period will be protected by checkpoints.
It is not just an assumption, it is carefully designed incentives that drive people to behave honestly rather than try to attack other users. Satoshi writes this in section 6 of Bitcoin whitepaper:
Quote
The   incentive   may   help   encourage   nodes   to   stay   honest.     If   a   greedy   attacker   is   able   to
assemble more CPU power than all the honest nodes, he would have to choose between using it
to defraud people by stealing back his payments, or using it to generate new coins.  He ought to
find it more profitable to play by the rules, such rules that favour him with more new coins than
everyone else combined, than to undermine the system and the validity of his own wealth.
In Iota, there is no mining that would have absorbed any surplus hashpower. Where will this wild hashpower go?

Thanks, terminology definitely helped.
So you allow to duplicate a transaction as long as PoW is also duplicated.
What about attempts to rewrite history by rewriting the envelopes?



In this example from the whitepaper, if I wanted to censor envelope F and the corresponding transaction (because e.g. it contained a spend that I want to roll back), could I "route around" it by spending some electricity and rewriting references in envelopes of E and B so that they no longer point to F but somewhere else? Then there are no references to F in the graph any more, I can safely delete it and share my version of the history with other nodes. How will they know which history is right?

The history with the heaviest tangle is right. To rewrite the history you need to control most of the hashing power.
Why? I'm guessing after I rewrite envelopes of E and B, I have to also rewrite all envelopes that reference them (A and C), then the envelopes that reference those who reference, and so on until the tips, correct?



Min transaction PoW will naturally increase over time mimicking Moore's law when more powerful hardware appears. Multiply this by TPS increase caused by increased popularity.

ASICs indeed will be created.

Satoshi's assumption was shown to be incorrect - http://www.cs.cornell.edu/~ie53/publications/btcProcFC.pdf.

Necessity to absorb surplus hashpower is not obvious, also what numbers do you have in mind (1% of not used hashpower, 10%, 99%)?

There is no such thing as rewriting of envelopes, you can only add new ones unless you conducted a global eclipse attack.
patmast3r
Hero Member
*****
Offline Offline

Activity: 966


View Profile
October 23, 2015, 08:47:50 AM
 #150

So what's the plan to bootstrap this thing ? Just pump "useless" transactions into it until the market/actual usage can sustain a constant flow?

Come-from-Beyond
Legendary
*
Offline Offline

Activity: 1708

Newbie


View Profile
October 23, 2015, 08:53:11 AM
 #151

So what's the plan to bootstrap this thing ? Just pump "useless" transactions into it until the market/actual usage can sustain a constant flow?

The plan is to do checkpointing every 5 minutes. Initial holders will vote proportionally to amount owned in the very beginning. Checkpoints are not mandatory and can be disabled by any node.
tobeaj2mer01
Legendary
*
Offline Offline

Activity: 1035


Angel investor.


View Profile
October 23, 2015, 10:45:39 AM
 #152

Is there any code/prototype now or only a whitepaper?

INVALID BBCODE: close of unopened tag in table (1)
iotatoken
Hero Member
*****
Offline Offline

Activity: 714


View Profile
October 23, 2015, 10:53:01 AM
 #153

Is there any code/prototype now or only a whitepaper?

It's in development.

tobeaj2mer01
Legendary
*
Offline Offline

Activity: 1035


Angel investor.


View Profile
October 23, 2015, 10:59:52 AM
 #154

How can we get IOTA? Can we mine it or buy it?

There will be a crowdsale, yes.

At about what time? Will it hold before or after testing IOTA release?

INVALID BBCODE: close of unopened tag in table (1)
TPTB_need_war
Sr. Member
****
Offline Offline

Activity: 420


View Profile
October 23, 2015, 12:17:39 PM
 #155

Come-from-Beyond has been very cordial to me, so I don't want to defecate on his effort. I have my doubts about viability for the following reason. The ramifications of this probably needs to be discussed more. But it seems to me that having users who send transactions viewing all the transactions before they can send is the antithesis of instant microtransactions and also places a burden on who can send a transaction. You need certain minimum level of connectivity and bandwidth on your connection just to send a transaction. It is an interesting concept and maybe DAG can be integrated in other ways into cryptocurrency. Maybe he needs to figure out how to eliminate this apparent weakness with some paradigm shift. Note it appears to me that Lightning Networks is in some facets (not all) similar to a DAG concept. Perhaps thinking about those two different paradigms will lead to some epiphany.

Hey cool name Iota (IoT)! Good one!

Can you explain to me why this doesn't require every connected IoT that wants to sign a transaction to not have to listen to every transaction on the network?

Doesn't the bandwidth requirements of that limit which sort of devices can participate?

Can a IoT device proxy its request a well powered server?

Are you talking about on- or off-tangle payments?

Lol I don't know. I guess I mean on-tangle, those participating in your algorithm?

For on-tangle payments a device needs to see majority of the transactions. Good news is that it needs this only if it's about to make or check a payment, most of time it can store and broadcast transactions without their verification (only PoW needs to be verified to avoid spam attacks).

petko
Newbie
*
Offline Offline

Activity: 12


View Profile
October 23, 2015, 12:24:18 PM
 #156

Looks good, it's just unclear why you picked Bitcoin hashrate which is generated by ASICs working a million times faster than a computer.

I picked it in a search for a maximum possible hash rate owned by an attacker.

In fact here I assume the biggest ASICs farm is like a billion times faster than a computer. You are correct that ASICs farms wouldn't exist without the Bitcoin economic model. I.e. the ratio E/J wouldn't have grown to billions. But even if it was smaller, you still need a minimal number of transactions per second with the magnitude of E/J.

Anyways, good luck!

PS: Smiley Iota is like a russian car: if it stop, it cannot start, but once it start, it cannot be stopped Cheesy

mthcl
Sr. Member
****
Offline Offline

Activity: 374


View Profile
October 23, 2015, 12:26:07 PM
 #157

So when can a tx be considered unreversable ?

Never, look at formula #14 in http://188.138.57.93/tangle.pdf. Just like in Bitcoin there is always a chance of doublespending.

Not even when the weight cap is reached ? (The paper mentions the cap but I'm not sure it ever states if the cap will actually be applied)

That cap is only for the own weight of a tx (in fact, as far as I know, the plan is to set it to constant). The cumulative weight may (and will) grow.
Come-from-Beyond
Legendary
*
Offline Offline

Activity: 1708

Newbie


View Profile
October 23, 2015, 12:44:50 PM
 #158

Come-from-Beyond has been very cordial to me, so I don't want to defecate on his effort. I have my doubts about viability for the following reason. The ramifications of this probably needs to be discussed more. But it seems to me that having users who send transactions viewing all the transactions before they can send is the antithesis of instant microtransactions and also places a burden on who can send a transaction. You need certain minimum level of connectivity and bandwidth on your connection just to send a transaction. It is an interesting concept and maybe DAG can be integrated in other ways into cryptocurrency. Maybe he needs to figure out how to eliminate this apparent weakness with some paradigm shift. Note it appears to me that Lightning Networks is in some facets (not all) similar to a DAG concept. Perhaps thinking about those two different paradigms will lead to some epiphany.

Hey cool name Iota (IoT)! Good one!

It's not needed to see all the transactions before sending a payment, one could have a few days old snapshot and still get their transaction included into the tangle. This is an advantage of the tangle over the blockchain - consistency requirement is much lower than in Bitcoin. Lightning Networks approach (more precisely its improvement made by Christian Decker and Roger Wattenhofer in "A Fast and Scalable Payment Network with Bitcoin Duplex Micropayment Channels") is already utilized in Iota.
Fuserleer
Legendary
*
Offline Offline

Activity: 1008



View Profile WWW
October 23, 2015, 01:46:46 PM
 #159

Come-from-Beyond has been very cordial to me, so I don't want to defecate on his effort. I have my doubts about viability for the following reason. The ramifications of this probably needs to be discussed more. But it seems to me that having users who send transactions viewing all the transactions before they can send is the antithesis of instant microtransactions and also places a burden on who can send a transaction. You need certain minimum level of connectivity and bandwidth on your connection just to send a transaction. It is an interesting concept and maybe DAG can be integrated in other ways into cryptocurrency. Maybe he needs to figure out how to eliminate this apparent weakness with some paradigm shift. Note it appears to me that Lightning Networks is in some facets (not all) similar to a DAG concept. Perhaps thinking about those two different paradigms will lead to some epiphany.

Hey cool name Iota (IoT)! Good one!

It's not needed to see all the transactions before sending a payment, one could have a few days old snapshot and still get their transaction included into the tangle. This is an advantage of the tangle over the blockchain - consistency requirement is much lower than in Bitcoin. Lightning Networks approach (more precisely its improvement made by Christian Decker and Roger Wattenhofer in "A Fast and Scalable Payment Network with Bitcoin Duplex Micropayment Channels") is already utilized in Iota.

^ this

Its one of the strengths of a tangle/DAG/whatever you want to call it as I explained further up.

I too though am a little unsure about the use of POW as you describe it, I have the anticipation that this "race" if the network loses could have some serious consequences.  I plan to dig into the theory -> practice of it more over the weekend as a break from regular eMunie stuff before I make any judgements.

Radix - DLT x.0

Web - http://radix.global  Forums - http://forum.radix.global Twitter - @radixdlt
Come-from-Beyond
Legendary
*
Offline Offline

Activity: 1708

Newbie


View Profile
October 23, 2015, 01:52:52 PM
 #160

I too though am a little unsure about the use of POW as you describe it, I have the anticipation that this "race" if the network loses could have some serious consequences.

We have an ace up our sleeve, but it's too early to reveal it.
Pages: « 1 2 3 4 5 6 7 [8] 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 ... 565 »
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!