51% trust filtering.. just read the thread ;)

[Realpra]

Alright so I thought of something better than "Proof of Work" AND "Proof of Stake": "Proof of Trust".

Well really more a complimentary idea to Proof of Work (and no fork etc. needed).

The primary purpose is to remove the possibility of a 51% attack entirely, but it may also lower the "CPU burning" a little and reduce the need for it almost entirely. (It wont be needed, but people will alas compete for the fees)

So how does PoT work?
1. PoT miners will include a 1 satoshi tx to themselves going from the coinbase/fees.
2. PoT clients can then tell exactly "who" a block belongs to.
3. The 1 satoshi address/tx will be the same for all blocks from a particular miner/pool.
4. PoT clients will add a bunch of the large pools "ids" to their trusted list.
5. PoT clients will reject and not relay blocks IF:
6. It is not on the trusted list AND the last ~50 blocks were 49+% from untrusted sources.

Will it work with the current chain?
-> Yes, since they accept untrusted sources too unless there is a 51% attack everything will go smoothly.

Wont this create forks between different trust-lists?
-> No, because I don't hard-block anyone, I (a PoT client) just want to see a minimum from my trusted sources.
You can have your own trust-list and as long as we have just a little overlap we will be fine with each other and relay everything to each other.

Wont this require a Bitcoin-wide upgrade?
-> No, since PoT clients could simply regard non-conformers as "untrusted". Only the top 4 pools would need to be PoT.

Now lets throw a 51% attack against this system; ECB holds 60% and the top 20 various pools hold almost 40% (before the attack 100%):
1. The first 50 blocks the ECB makes go through no problem.
2. The world realizes something is happening.
3. It is accepted for a while and the ECB even added to PoT trust-lists.
4. The ECB now charge insane fees and reverses transactions.
5. PoT clients remove them from their trust-lists and start rejecting their blocks until trusted blocks are allowed also by the ECB.
6. PoT clients are now widespread among miners and BTC merchants/pros.
7. While a "hard fork" exists a while between PoT and non-PoT since merchants/pros accept only the PoT chain it becomes the standard chain.
8. The ECB remain in control of 49% of blocks, but by waiting a little longer your txs go through with no hassle.
9. Unicorns for everyone...

[1715151221]

1715151221

[1715151221]

1715151221

[1715151221]

1715151221

[MoonShadow]

While this is an interesting idea for another form of secondary security, it's not really a necessary event.  You could literally do this already, simply by altering your client to only forward valid blocks that have a known & trusted block award address.  You don't even need to include a special transaction here.  Or, for a softer form of this as a defense against a 51% attack, simply delay the forwarding of an untrusted, but otherwise valid, block for a very short time.  If any significant minority of miners/users adopt your non-breaking-protocol change, the cumulative effect of forwarding delays would give any trusted miner enought of an advantage that even a 51% attack from an unknown entity would be severely limited in scope or effect.  However, you'd also have to be aware of the possiblity that this method of favoritism can be an attack vector itself; if the attacker were willing to simply forgo the block reward and use the addresses of trusted entities.  The new clients would have to have some way of detecting a significant jump in the hashrate of a trusted address, and decomissioning that trust level automaticly.  This could be done with a watchdog process, monitoring the last couple hundred blocks for significant changes in the running hashrates, to make sure it's not seeing significant changes in the hashrates of any trusted entities, or that any trusted entities have garnered over 40% or so of the total hashrate, just to make sure that, should a mining pool come by a simple hashrate majority honestly, the new protocol wouldn't be helping them do it anymore.

BTW, there are other, largely undisclosed, secondary security measures in effect that with similar goals aleady in use by some clients, that are also 'soft' & non-breaking changes that do not require that all clients participate to have a real effect.  So it's not unrealistic that such a new, secondary security method could be adopted by some of the non-standard client developers; but don't expect it to enter into the standard client in any near-term.  It'd have to prove it's worth a great deal in other ways before that would be considered seriously.

[Realpra]

While this is an interesting idea for another form of secondary security, it's not really a necessary event.  You could literally do this already, simply by altering your client to only forward valid blocks that have a known & trusted block award address.  You don't even need to include a special transaction here.  Or, for a softer form of this as a defense against a 51% attack, simply delay the forwarding of an untrusted, but otherwise valid, block for a very short time.

I doubt delays would do all that much as the longer chain would still win.

Also:

However, you'd also have to be aware of the possiblity that this method of favoritism can be an attack vector itself; if the attacker were willing to simply forgo the block reward and use the addresses of trusted entities.

By requiring they also know the signature this is avoided - hence the special tx
An trust-faking attacker would not know the key.

All stuff with hash monitoring then also becomes unnecessary

BTW, there are other, largely undisclosed, secondary security measures in effect that with similar goals aleady in use by some clients, that are also 'soft' & non-breaking changes that do not require that all clients participate to have a real effect.

What?

[MoonShadow]

While this is an interesting idea for another form of secondary security, it's not really a necessary event.  You could literally do this already, simply by altering your client to only forward valid blocks that have a known & trusted block award address.  You don't even need to include a special transaction here.  Or, for a softer form of this as a defense against a 51% attack, simply delay the forwarding of an untrusted, but otherwise valid, block for a very short time.

I doubt delays would do all that much as the longer chain would still win.


EDIT: The delay could also be automaticly expanded upon the detection of an attack, all the way to infinity, if appropriate.

Delays would dis-favor the attacker in a block race, with the practical effect of reducing his hashrate by a few percent, depending upon how widespread this method is used in practice.

Also:

However, you'd also have to be aware of the possiblity that this method of favoritism can be an attack vector itself; if the attacker were willing to simply forgo the block reward and use the addresses of trusted entities.

By requiring they also know the signature this is avoided - hence the special tx
An trust-faking attacker would not know the key.

That's true, but also adds unnecessary volume to the block, think about how many miners are going to want to be on as many trust lists as possible if this workds, and they would have to produce a trasaction for every block.  Granted, tehy could only produce the transaction lcaly for when they capture a block, but then how do they get onto a trusted list to begin with?

All stuff with hash monitoring then also becomes unnecessary

I question that premise.  A watchdog proces is a good idea for other reasons, and is likely to be implimented eventually anyway.

BTW, there are other, largely undisclosed, secondary security measures in effect that with similar goals aleady in use by some clients, that are also 'soft' & non-breaking changes that do not require that all clients participate to have a real effect.

What?

Well, for example there is a list of hard coded checksums in teh regular client, with a new checksum added to the list with each minor release.   When the client is bootstrapping, it will check it's progress against each of these checksums as it encounters them, and then considers that section of blockchain unalterable.  This has the effect that any attempts to alter that part of a blockchain (globally or locally) would have to match that checksum, even if a full rescan is forced.  This puts a limit to how far back an ongoing 51% attack could go as well as prevents an isolation attack.  Other cleints use different checksum lists as well, so even knowing the checksum list for the vanilla client and managing to brute force another matching solution of altered blocks (already astronomically unlikely) becomes more complicated by the introduction of the fact that different clients have different lsits of checksummed block numbers.  This one serves many purposes, and doesn't really prevent a 51% attack as much as limit it's scope (and thus it's practial viability as well).  This one is not un-documented, per se, as it's documented on this very forum in many places, but it's not part of the core prtocol, thus it's not part of the whitepaper or any other such document, as far as I know.  Methods of favoritism, but different than you proposal & with different goals, have been sugested in the past.  I wouldn't be surprised to discover that something similar already exists in one or more alternate clients.

[flower1024]

some pools (e.g. deepbit prop) dont want to be identified as it would putting them on risk to get pool hopped.
but i do like your idea. it would show who made which block.

btw. if i would plan to attack your pot system: wouldn't it be enough to just add a 1 satoshi transaction to one of the known "trust" addresses? i dont think an attacker would really miss the satoshi.

if you want to force pools to use a fix conbase-address: this does not work with pools like eligius which pay from a coinbase transaction.

[Realpra]

some pools (e.g. deepbit prop) dont want to be identified as it would putting them on risk to get pool hopped.
but i do like your idea. it would show who made which block.

btw. if i would plan to attack your pot system: wouldn't it be enough to just add a 1 satoshi transaction to one of the known "trust" addresses? i dont think an attacker would really miss the satoshi.

if you want to force pools to use a fix conbase-address: this does not work with pools like eligius which pay from a coinbase transaction.

No, no; they have to prove they own the trusted address with a signature no one else could have.

Maybe they could just put data in the block like Satoshi did and the POT clients can read from that. It doesn't have to be a tx just some kind of cryptographically secure sig.

EDIT: Maybe just a signature of the hashed block put in blocks free text. POT clients could then easily re-use existing code to verify the true originator.