продолжение обсуждения из #tanglemath
Micah Zoltu [2017.06.14 10:06 PM]
It seems that the Iota equilibrium requires the majority of participants behaving in a way that is "good for the network" rather than in a way that is purely selfish. I did not believe that there would be a large enough share of non-selfish individuals to prevent selfish individuals from taking over the network while it seemed like others believe that being selfish was likely too hard for most people to bother.
My primary argument was that there exists a parent selection strategy that is as-good or better than the recommended parent selection strategy but hurts the network. Because there is no selfish incentive to use the recommended strategy over this strategy, over time participants will tend towards the competing strategy, which will continually degrade network health to the point where those participating in the selfish strategy can take over the network and change the effective rules.
In particular, I believe the equilibrium is around large participants charging "transaction" fees to smaller participants for inclusion.
Thinking on it even more over the past few days, I'm concerned that this selfish strategy will actually reach the point where confirmation isn't possible because there are too many isolated sub-tangles that aren't merging regularly.
Sunny Aggarwal [10:15 PM] Yes. Precisely. @micah.zoltu’s point is exactly what I was trying to get at as well. Those orphaned subtangles will only be able to merge back into the main tangle by paying computationally powerful actors to confirm them.
Sunny Aggarwal [10:28 PM] Furthermore, this is exacerbated by the fact that the selfish parent selection strategy doesn’t need to be dominant in the network overall. It just has to be dominant amongst active users of the network at any given moment.
Chat-for-Ban [10:39 PM] Give me example of selfish strategy.
Micah Zoltu [10:39 PM] The selfish strategy I believe is to never choose a parent that isn't something you personally care about. There is no selfish incentive that I have seen to choose anything other than your own transaction as your parent.
Chat-for-Ban [10:41 PM] We assume that 67% of _nodes_ stick to one of the good strategies
Micah Zoltu [10:41 PM] :point_up: This is what I believe is hugely dangerous.
That requires 67% of participants (by _computing power_ - since one can simulate a node with computing power) to not be self interested and instead be altruistic participants to some degree.
Chat-for-Ban [10:44 PM] This {to simulate a node with computing power} is a bold claim for IoT, are you familiar with LoRa? {mesh https://en.wikipedia.org/wiki/LPWAN}
Chat-for-Ban [10:52 PM] My words can be narrowed down to this phrase: _Omnipresence can't be achieved easily_
Micah Zoltu [10:53 PM] I don't believe omnipresence is necessary for what I described above?
Chat-for-Ban [10:53 PM] A lot of meshnets will go via classical internet, we probably even be unable to distinguish where IoT ends and classical Internet starts
I believe it's necessary because of mesh-like nature of the IOTA network. How would the network react to your attack in slow-motion?
...
Micah Zoltu [11:06 PM] Unless you can prevent me from putting my supercomputer on the network, you can't prevent me from spoofing nodes.
Chat-for-Ban [11:06 PM] At this point bandwidth starts playing role. I don't even need to, you can't connect to most of nodes
Chat-for-Ban [11:11 PM] how can you spoof some node? you need to go to some spot on the earth and place your radiotransmitter, there are no wires going to some superhub
Micah Zoltu [11:12 PM] Sure, I go to some spot on earth drop down a radio transmitter and a supercomputer. I tell all my neighbors, "I'm connected to a billion neighbors behind me." No node can disprove that I am not actually connected to a billion neighbors.
Chat-for-Ban [11:12 PM] You cannot do it physically. Because of bandwidth restrictions.
Micah Zoltu [11:13 PM] So that means the network doesn't have enough bandwidth to actually support the network. A mesh network needs enough bandwidth to route everything.
Sunny Aggarwal [11:33 PM] Sure so any transactions that happen within that 1000-node cluster are “safe”. But anything coming in from outside that cluster (through the 10 gateway nodes) are susceptible to the supercomputer
Chat-for-Ban [11:34 PM] alright, now we need @micah.zoltu to agree with you and we will move to another attack scenario where supercomputer attacks other clusters
Micah Zoltu [11:34 PM] agree with that statement
Chat-for-Ban [11:35 PM] great, I was thinking you were going to attack transactions inside the cluster, this is what caused the misunderstanding, it seems. so, 1000 nodes, 10 nodes on the edge, how would you attack transactions generated by other clusters?
Micah Zoltu [11:36 PM] You don't attack transactions, you just run a supercomputer that is generating > 34% transactions.
Chat-for-Ban [11:40 PM] you connected to 10 edge nodes and push a lot of txs?
Micah Zoltu [11:40 PM] Yeah.
Chat-for-Ban [11:41 PM] but these 10 nodes can't push your txs with the same rate. only 10% of your txs will be pushed thru
Micah Zoltu [11:41 PM] That means that those 10 nodes can't support connecting to the network unless their sub-mesh makes up the majority of the network.
That 1000-node mesh network with 10 edges must be able to handle traffic from the rest of the network, which is very likely bigger than them. They need to be able to connect to the larger network as a whole. They can't assume that their mesh is the largest part of the network.
Chat-for-Ban [11:49 PM] you can connect to some part of cluster, start spamming, and bringing _several_ nodes down
Micah Zoltu [11:50 PM] If they can't handle traffic from the global network, they aren't actually part of the network. Either your cluster can handle the traffic of the global network via its 10 edges or it can't. If it can't, then it isn't part of the global Iota tangle and doesn't matter. Its effectively running a fork of the network and we don't care about it. If it can keep up via those 10 edges then it is susceptible to supercomputer node simulation via those edges.
Micah Zoltu [2017.06.14 11:52 PM] <-- https://iotatangle.slack.com/archives/C3V610ULS/p1497473569196293
* Isolated cluster of 1000 mesh nodes, 10 of which are edge nodes.
* Edge nodes connect to global Iota network over something like IP (or similar high bandwidth centralized route that anyone can get on).
* Cluster can handle bandwidth requirements of the global network via those edge nodes. <-- Either your cluster can handle the traffic of the global network via its 10 edges or it can't. If it can't, then it isn't part of the global Iota tangle and doesn't matter. Its effectively running a fork of the network and we don't care about it.
If it can keep up via those 10 edges then it is susceptible to supercomputer node simulation via those edges.
Sunny Aggarwal [11:53 PM] And the thing is, this itself in a way is the exact attack we were suggesting. If the supercomputer can force a mesh into being isolated from the tangle, it can then start charging fees in order to allow it to communicate with the rest of the larger network
Chat-for-Ban [11:57 PM] Guys, I need your both to say only AGREE or DISAGREE to https://iotatangle.slack.com/archives/C3V610ULS/p1497473775265357 :
"Your attack works if our cluster can't cover 90% of the earth. Your attack does NOT work if our cluster can cover 90% of the reath." Agree?
Micah Zoltu [12:46 AM] I have no intention of spending my time thinking about how Iota will function in the face of Unicorns. Either you can argue that Unicorns are real and if successful I will consider it, or we can just end the conversation, or we can discuss Iota in a world without unicorns.
Micah Zoltu [12:51 AM] @Chat-for-Ban You are making the following logical fallacy: https://en.wikipedia.org/wiki/Existential_fallacy
Micah Zoltu [12:51 AM] @Chat-for-Ban You are making the following logical fallacy: https://en.wikipedia.org/wiki/Existential_fallacy
Chat-for-Ban [12:52 AM] @sunnya97 Do you remember I mentioned that we use manual tethering? The purpose of that tethering (instead of peer autodiscovery) was to get the same properties as IoT meshnets get
Micah Zoltu [12:54 AM] What you are proposing is a global web of trust. "I will only peer with people I trust." The problem is, it only takes _one_ break in the entire global web of trust chain to undermine the trust network. All I need to do is get one other "edge" node to trust me and I can now simulate an entire network.
Chat-for-Ban [12:55 AM] @sunnya97 apply the supercomputer attack on it, please. In mind of coz, not in reality. Will your attack be successful?
Sunny Aggarwal [12:56 AM] Essentially this is close to a permissioned system then.
David S?nsteb? [12:56 AM] Can either of you just prove your attacks and collect major bug bounties? alternatively shut the fuck up? It's pretty simple; if you think you got an attack vector, then prove it
Micah Zoltu [2017.06.14 1:05 AM] The whitepaper describes a _particular_ parent selection strategy and then defends a number of attacks based on that assumption. I started the argument by asserting that the parent selection strategy would not be the dominant one because there are more selfish parent selection strategies available.
Kamal Mokeddem [1:07 AM] I'm looking at how you secure the network against a denial of service attack. What prevents someone from only selecting their own tips and spamming the network with transactions such that the honest tips are orphaned?
Fahad Sheikh [1:18 AM] @david @Chat-for-Ban there is no point publishing a white paper if it is not going to be defended. Asking for a physical manifestation is not a logical defense. Which is why many devs complain that IOTA dev just go hostile but don't give a proper argument in defense.
Dominik Schiener [1:40 AM] if given the resources, who would feel comfortable in coming up with the attack? @micah.zoltu @sunnya97
Micah Zoltu [1:45 AM] @dom I have way too many projects on my plate.. Though, the definition of the "attack" is simply: "every node selects its own transactions as parents only."
Alon Elmaliah [1:50 AM] that's a dead-lock by design
Micah Zoltu [1:50 AM] @alon.elmaliah Yeah, exactly. But that is where things end up if actors behave selfishly. Avoiding the deadlock requires a significant amount of network resources (hashpower) to behave altruistically.
Micah Zoltu [2:01 AM] If IOTA depends on people acting non-selfishly "for the greater good" then most of my arguments go away. I do not think that is a healthy assumption in a pseudoanonymous world though.
Micah Zoltu [2:15 AM] TL;DR of the natural death of the network:
* Selfish client spams network with transactions. These transactions have parents that are transactions this actor wants promoted. They never promote anything that doesn't benefit them.
* Altruistic actors will randomly select parents (or MCMC or whatever).
* Given enough selfish actors, you end up with a situation where there are a bunch of heavy weight sub-tangles (which matters for confirmation) that include almost nothing else except the selfish actor's own transactions (and transactions where someone else sends them something).
* The altruistic actors are constantly trying to merge sub-tangles but they don't have enough weight to make it stick (confirm).
David S?nsteb? [2:24 AM] I don't think you guys quite grasp the full vision of IOTA. IOTA enables streams of transactions (due to no fees). IOTA came about after considering the hardware environment, not the other way around IOTA exist soley due to hardware.
David S?nsteb? [2:38 AM] Micah: if I offer you 10K to demontrate this, will you do it tomorrow? <-- https://iotatangle.slack.com/archives/C3V610ULS/p1497483482510115
Micah Zoltu [2:38 AM] @david As I have said many times, I am way too busy to go and engineer a solution to your problem. I came here trying to be helpful, not to actively attack your network. If I am going to engineer something it will be an actual attack against the network because that is worth way more than $10k.
David S?nsteb? [2:39 AM] @micah.zoltu so essentially 10K is 'nothing to you', you want to be a malevolent actor and earn more? Ok, I am looking forward to it now that you admitted you're looking for a bigger pay out
Serguei Popov [2:47 AM] re:"By selecting your own transactions as parents, you increase the chances ..." - I doubt that "selecting your own transactions as parents" is a good strategy even for a "completely selfish" (whatever it means) node. Because (1) other selfish nodes won't reference your transactions because they owe nothing to you; (2) "honest" nodes won't reference your transactions because the random walk is very unlikely to choose them (see the "lazy tips" on figure 6 in the whitepaper). Therefore, if your goal is to get your transaction confirmed by the network, you should better do something that would cause at least the honest nodes to reference it. Because you'll reference tx's that are deep inside the tangle, and the RandomWalks's transition probabilities are chosen in such a way that it is extremely unlikely that the walker jumps from "deep inside" directly to a tip.
re:"The altruistic actors are constantly trying to merge sub-tangles but they don't have enough weight to make it stick (confirm)." - "No! What will happen, is that the "altruistic" actors will build "their" subtangle, and all these "selfish" guys will selfishly fall to limbo.
Serguei Popov [2:48 AM] Ah, and a concluding remark. Of course, it would be nice to have a proof that iota is secure. Believe me, I would really like to be able to obtain it. But I couldn't. Well, sometimes things get too complicated. So, all I have for now is my Markov chains' intuition, about which I humbly think it deserves some respect. Besides, do you realise that the entire modern public-key cryptography relies on unproven assumptions?! Should we stop using it until they prove that P?NP?"
Serguei Popov [2:50 AM] re:Chat-for-Ban's "We assume that 67% of nodes stick to one of the good strategies." - Don't think this assumption is necessary (I don't believe in "magic numbers"). Rather, the assumption is that "a good proportion of nodes follows a 'canonical' strategy", which is a perfectly reasonable assumption in the IoT environment, at least in the beginning.
re: "I fear that everyone using a selfish strategy will result in the network falling apart. A tragedy of the commons." - At this point, I feel that some people try to apply intuition from Game Theory 101 to our situation, when quite a lot of (approximately) independent actors interact. Yes, it is true that, in general, if a system has unique stable state, it eventually gets there, and there remains. However, the time until it happens can be really large; things of this kinds are called metastability in the literature. Let us maybe consider a simple toy model. Assume that there are 100 nodes whose states can be 0 or 1; initially, there are 37 nodes in state 1, and 63 nodes in state 0. Then, at each (discrete) moment of time each node randomly chooses 50 other nodes, and (1) if at least one of these nodes is in state 1, then the state of our node will be 1 with probability 0.8 and 0 with probability 0.2, independently of the others; (2) if all these nodes are in state 0, then our node also becomes 0. This is an example of a metastable situation. The only stable state is obviously "all zeros". Eventually, it will be reached (after all, the state space of the system is finite). However, the time until it happens will be really huge. I'm too lazy to do the calculations, but I'm quite sure it will be much bigger than the lifetime of the Universe... Please, think about this example. That "slow heat-death" can be really slow :slightly_smiling_face:
Micah Zoltu [2:51 AM] You are asserting that random selection _is_ the selfish strategy. Based on the whitepaper ("honest" nodes randomly choose n transactions from some time-window in the past and then walk randomly until they reach a tip. Then the tips of the 2 "longest" paths are selected as parents.) I am unconvinced of this assertion and I would really like to focus on that. / Why honest nodes won't select my selfish transactions?
Serguei Popov [2:58 AM] because we're assuming that you cannot outperform all the others in the number of tx's (this answers why they won't be chosen as a starting point of the walk. Or did you mean smth else?)
Micah Zoltu [2:59 AM] Why do I need to outperform all others in number of transactions to be selected? Remember, we are talking about parent selection, not confirmation.
Serguei Popov [3:01 AM] Are we talking about the selection of the starting point for the walk? Or its final point?
Micah Zoltu [3:11 AM] So... with "longest-path-to-tip" walker pathing algorithm the insertion gets very expensive after a while. Anyway, I'm willing to glaze over the fact that pathfinding longest-path is hard and accept it since I don't think it matters. If path selection is longest-path, the selfish miner simply generates really long paths to optimize for inclusion by others.
Serguei Popov [3:12 AM] re:"with "longest-path-to-tip" walker pathing algorithm" - No, it is not. It is the one described in the paper, with transition probabilities calculated using the cumulative weights (= sum of weights of the tx's that approve the given one, directly or indirectly).
Serguei Popov [3:16 AM] Please, do listen to me. The algorithm is not "select the longest path". I'm just claiming that in "normal" situation it will select a long path (not necessarily the longest one). However, if you try to game it by producing a "long-path-of-yours", you'll fail.
Micah Zoltu [3:42 AM] So.. We have a bucket of all transactions in the tangle. Parent selection is based on a subset of that set, I'm calling this "eligible population". You indicated that eligible population is based on height (trunk distance from genesis). So how the code decides where (at which tx) to place the walkers for parent selection process?
Alon Elmaliah [3:51 AM] currently each tx has a given height. you can select the starting point based on height - which height is given by the user (using depth param)
Alon Elmaliah [3:52 AM] height == max_trusted_height-depth. you can set any address to give you a sense of height. you can also give a specific tx to start walking from.
Micah Zoltu [3:55 AM] If you _have_ a selection algorithm, then that selection algorithm is what a selfish participant wants to target.
Chat-for-Ban [11:18 AM] I'm not going to answer @micah.zoltu 's questions, now he is an example of my attitude towards those who don't have courage to admit when they lose a dispute.
Chat-for-Ban [8:10 PM] @micah.zoltu you were caught on evading accepting losing in a dispute. At this point I treat you as a troll. Anything you want to tell as the last word before I ban you? I can wait for 5 mins.
Chat-for-Ban [11:49 AM] System is protected via voting. Voting is shielded against Sybil attacks with help of resource-testing measures (done during attaching to tangle). If you imagine an attack as a swinging sword then network topology is the water. To swing with a sword being in the water you need much more strength to deliver the same blow.
As it was said numerous times: unlike other coins, in IOTA users don't do PoW all the time, so to do 34% attack you need to outpace only hashrate of active users. IoT environment increases leverage of the protection thus transforming 34% to 3400%.
Serguei Popov [3:21 PM] re:"selfish is to get fast confirmation, so ppl will go to use that selfish client" - What he proposed so far as "selfish strategies" would actually lead to slower confirmation times for the one who uses them, not faster. The basic idea is: if you want to be accepted by others, do what they expect you to do. You know there is a complicated probability distribution on the set of tips, according to which the "honest" nodes choose their tips to reference. This probability distribution is effectively concentrated on "good tips", but there seem to be no way to discover which tips are (slightly) better other than running the MCRW many times. However, if a node is so selfish that he wants to really reference the tips whose weight (according to that distribution) is maximized, he would need to run MCRW really many times, and even then the gain would be marginal. However, running MCRW many times requires time/resources; after you spend some time on it, the state of the tangle will already change, so you'll have to start anew. In a way, it's like playing blitz in chess: if you want to win, you don't have to always play best moves; you need to play (reasonably) good moves, but fast ...
:
Micah Zoltu утверждает, что Ёто-whitepaper неполноценна:
Micah Zoltu [2017.06.14 1:05 AM] Whitepaper описывает одну конкретную стратегию выбора родительских транзакций, и затем опровергает ряд атак на эту стратегию.
то есть whitepaper не доказывает, что эта стратегия оптимальна для всех участников.
Micah Zoltu высказывает предположение, что раз не доказано обратное, то может существовать эгоистическая стратегия, ведущая, например, к преимущественному подтверждению транзакций эгоиста.
Это предположение Micah Zoltu никто из ётовцев, включая автора whitepaper, опровергнуть не смог.
Serguei Popov честно и без логических софизмов
признаёт:
Serguei Popov [2:48 AM] Конечно, было бы здорово иметь доказательство безопасности Ёты. Поверьте, мне бы очень хотелось его получить. Но иногда сложность зашкаливает. Поэтому всё что у меня есть пока - это интуиция о
Цепях Маркова, которая, по моему скромному мнению, заслуживает некоторого уважения. Кроме того, вы же понимаете, что вся современная криптография открытых ключей основана на недоказанных утверждениях? Что нам теперь, прекратить её использование, пока не будет доказано, что
P≠NP ?"
: Некоторое продолжение - здесь:
https://bitcointalk.org/index.php?topic=1298661.msg20597225#msg20597225UPD2: Ещё продолжение:
https://bitcointalk.org/index.php?topic=1298661.msg20924233#msg20924233UPD3: IOTA vulnerability report:
https://bitcointalk.org/index.php?topic=1298661.msg21611754#msg21611754 UPD4: атака расщепления и неподтверждения:
https://bitcointalk.org/index.php?topic=1298661.msg23965152#msg23965152UPD5: описание уязвимостей Ёты:
https://casey.github.io/iota/+++++++++
EDIT: CfB о безопасности Ёты
TL;DR:
Chat-for-Ban [2017.08.28 10:33 PM] IOTA should not be confused with Tangle concept. The both use different security assumptions
Chat-for-Ban [10:14 PM] IOTA uses network-bound PoW
N.E.T.W.O.R.K-bound, because radiospectrum is limited
Chat-for-Ban [10:20 PM]
IOTA is unattackable as long as bandwidth (traffic between nodes = radio spectrum) is ~100% consumed
if only 10% of bandwidth is consumed it's not hard to attack
luckily, bandwidth is consumed 100% most of time
Chat-for-Ban [10:25 PM] attacker can't have so much bandwidth coz he is not omnipresent
you need _physical_ omnipresence to conduct a successful attack
Chat-for-Ban [10:31 PM] Botnet can do an attack if it got 1/3 of the radiospectrum in that area
см. также:
https://forum.helloiota.com/627/CfB-discusses-advanced-future-IOTA-stuff-on-tanglemath (26.10.17)
+++++++++
EDIT: Вопросы
From the whitepaper:
From the above discussion it is important to observe that, for the system to be secure, it should be true that λw > µ (otherwise, the estimate (14) would be useless); i.e., the input flow of “honest” transactions should be large enough compared to the attacker’s computational power.
What this means to me logically is that in IOTA, every user is a miner, and they are only mining when they are sending transactions. A 51% double-spending attack then becomes as simple as an attacker with sophisticated hardware having more computing power than normal users with general purpose hardware (and not all of the normal users, only the ones who are currently online and making transactions).
<Re: "IOTA has infinite scalability">
Assume two devices have a subset of all transactions
Thus a subset of unspent output
Two new conflicting transactions are generating and sent to two different devices
These devices attempt to build off of these different transactions
End result is that unless you have the complete tangle you can never be sure you have current state.
Peers cannot confirm other transactions withous access to the history of those transactions.
Thus IOTA does nothing for sharding network load.
------------------
As far as I understand IOTA makes each transaction a block that refers to two prior transactions and adds proof of work to each transaction. The requirement of proof of work is a proof that it doesen't scale infinitely because the difficulty of the work will have to rise to prevent spam.
Rutger van Haasteren [2017.09.02 7:41 AM] I'm mulling over the subject over IOTA security, and how it is based on a combination of the PoW, the tip selection process, and the mutual tethering (not having omnipresence). In essence the network topology becomes part of the security ... none of this really is enforced by the protocol itself.
For example, I could create a version of the client that is compatible with the protocol, but that has automatic peer discovery (perhaps of other people running my modified client), with another tip selection algorithm. My version will be much more user friendly -- no mutual tethering required ...
IOTA gives a protocol, but it doesn’t do so very formally so it is very hard to analyze. .. So we had concerns about, I guess, the white paper, but it could be just that we are misreading what the protocol does because it is not stated formally enough for us.
PoW successfully secures blockchains like Bitcoin and Ethereum because it isn’t tied to the transaction rate[/b], or any other factor besides the economic value of the network. ...
With IOTA, in contrast, there is no economic incentive to secure the network. Moreover, the hashpower securing the network is tied directly to the transaction rate, which naturally has some upper limit dependent on bandwidth and network topology.
I strongly disagree with many of IOTA's technical decisions (trinary, custom hash functions, POW on transactions), and find some of their behavior deeply egregious to the point where it goes beyond mere negligence. The "security flaw as copy protection" thing is particularly offensive, and makes it difficult to trust the current dev team.
OK, what are advantages of Tangle?
Tangle requires to download all transactions to validate it, as PoW is contained within transactions themselves.
On the other hand, in blockchain you only need block headers to validate PoW.
So, for example, to validate the latest Bitcoin block you need to download 39 MB of data.
The newest version of the white paper added a paragraph that partially addresses .. concern about the split tangle:
As an additional protecting measure, we can first ran a random walk with a large α (so that it is in fact “almost deterministic”) to choose a “model tip”; then, use random walks with small α for actual tip selection, but verify if the (indirectly) referenced transactions are consistent with the model tip.
The argument is that this modified algorithm would very quickly select one of the two subtangles to "win," and the other would quickly get orphaned, minimizing the number of transactions that need to be resubmitted (i.e., because they chose the losing subtangle).
Personally, though, I'm a bit skeptical of this solution. While I think it would make a double-spend more difficult (see also section 4.2 of the white paper), I think it could unfortunately make it easier to execute a denial-of-service attack that continuously splits the tangle to prevent most transactions from ever being confirmed with high probability:
https://www.reddit.com/r/Iota/comments/73zyzj/how_does_iota_protect_against_a_dos_attack_that/I still haven't heard an argument for why tangle doesn't require every node to download and verify every transaction to be secure.
Since IOTA doesn't have an incentive mechanism for attracting honest hash power, what reason is there to think it will ever have much?
So how is IOTA supposed to achieve enough honest hash power to fend off double spending attacks?
Today, you have to find peers by soliciting strangers' IP addresses from a slack channel. Besides being inconvenient, this is insecure because a malicious person can create multiple accounts, and host multiple full nodes. IoTA has none of the protections against a sybil attack that is built into bitcoin core's addrman class.
IOTA is fundamentally broken.
It's a PoW crypto that uses a dag (ok). Hype aside it's a minor change that's equivalent to transaction chains in Lightning Network or Raiden, offering exactly the same advantages (asynchronous) and disadvantages (lower security). Where iota breaks down is assuming a model with everyone mining their own transactions can work.
What PoW means in practice is that cost spent on mining = security. Ie. $100 fees per hour? Spend >$100 (in energy used for mining) to rewind these transactions. It's better with asics as that adds 'has access to asics'.
The reason PoW currencies currently work is because cost is shared among every owner due to inflation - with it, total cost per tx in bitcoin is $81.91. Iota is economically exactly like Bitcoin without any block reward, which requires every transaction to pay a very high fee (in energy used for mining) for any reasonable security.
Firstly, it requires every iota sender to be _able_ to do that - which means high-speed hardware capable of mining and access to required energy. A premise fundamentally incompatible with light IoT devices.
Secondly, the fee market doesn't work due to the free rider problem. Everyone is going to use low fees (=low PoW expenditure) hoping that a high-fee transaction confirms it, or lots of other low-fee tranactions. Which means no high-fee transactions, which means no security at all.
That's why there's a coordinator. It's never going away. The fundamental design is hopelessly broken.
... First of all, practically zero IOT devices will have the resources to act as a full node on a public cryptocurrency network. Even without storage requirements, how do you feel to know that your fridge is using 99% of your internet bandwidth because it is acting as a node on the IOTA network listening and relaying transactions? ...
+++++++++
Coordicide - вопросы
They have solved the problem relating to peers not always having a global view of the network by assigning them a value which is derived from a function requiring a global view of the network ...
You can't solve "nodes can conceal transactions from other nodes" through transaction-based reputation
