Я тут гдето читал, что Крипту можно верить!
Верить можно, но лучше перепроверять, благо он, Крипт, всегда приводит цитаты или ссылки.
Раз уж речь зашла о верить/неверить, ссылках и цитатах.
Как-то я
цитировал слова одного из трёх основателей Ёты - профессора математики Сергея Попова:
Serguei Popov честно и без логических софизмов признаётSerguei Popov [2:48 AM] Конечно, было бы здорово иметь доказательство безопасности Ёты. Поверьте, мне бы очень хотелось его получить. Но иногда сложность зашкаливает. Поэтому всё что у меня есть пока - это интуиция о
Цепях Маркова, которая, по моему скромному мнению, заслуживает некоторого уважения. Кроме того, вы же понимаете, что вся современная криптография открытых ключей основана на недоказанных утверждениях? Что нам теперь, прекратить её использование, пока не будет доказано, что
P≠NP ?"
Сегодня в слэке в ответ на упоминание о некотором недостатке формальных доказательств в IOTA Whitepaper он привёл следующие эвристические аргументы:
Serguei Popov [1:21 AM]
Well, as you know, I'm a research mathematician. I know how to formalize things. I _would_ _like_ to have done it in the IOTA's whitepaper. The problem is that it is nearly impossible to rigorously prove anything about that random walk which does the tip selection - its state space is _random_, and it has complicated structure anyway. The whole idea of the (general) MCMC method is that you have some object that you can't access directly, and you let a suitable Markov chain to approach it for you. What I can say, is that the Markov chain's intuition that I have tell me that the thing would work as expected. But we need to confirm all that experimentally (by running simulations), and this is something that is taken care of now. _______________________________________________________________________________ __________ (edited)
[1:22]
1. What does a node want? It wants his transactions be confirmed by others.
2. To be approved by the society, you have to behave the way the society expects you to behave. In our case, specifically, you tips must be "good", in the sense that they are (relatively) likely to be chosen by others.
3. So, suppose that our node is so selfish that it doesn't care at all about following the protocol, it just wants its transaction to be confirmed. But for this he has to discover where to place it in such a way that it maximizes the probability that other nodes will choose it for confirmation.
4. Now, how does he discover that place? Assuming that at least a good proportion of others follow the default algorithm (which is quite a reasonable assumption in IoT) the better way seems to be just running the default MCMC algorithm several times and see where it gets you. This is a very important point: when you deal with a complex MC, the best way to understand how does it behave is just to run it and see what happens.
5. So, we kind of arrive to the conclusion that even a very selfish node should better use the default algorithm. Well, yes, a node with good knowledge of the current state of the tangle and good computing power may be able to really optimize its choice and choose the two tips to approve in such a way that the probability that others choose it will be maximized. But the gain from this won't be so large, probably quite marginal. Besides, such an optimization requires time and resources, and the state of the tangle changes rapidly...
6. Thus, any "selfish" strategy should be in some sense close to the default MCMC. The latter acts as an attractor, in some sense. (edited)
[1:23] ^ that's a heuristic argument, but not a rigorous proof, of course
А между тем ранее я
приводил ссылку на контраргумент от Micah Zoltu на эту эвристику ("
To be approved by the society, you have to behave the way the society expects you to behave."):
Micah Zoltu [4:03 AM] ... a selfish miner's goal is to make his tip _most-likely_ to be selected by others while also (if possible) not selecting anyone else's tips.
... So, the question is, is there a tip selection strategy that a miner can take such that he will bias tip selection of the common strategy actors towards his tips without having to include anyone else's tips in his selection.
... someone could release such a client to high-hash-power individuals that would yield same rewards if no one else uses it, and _better_ rewards if others _do_ use it.
Выше в цитате синим текстом Сергей отмахивается ("
the gain from this won't be so large") от этой возможности, но я, например, эвристически совершенно убеждён, что такой (повышающий шансы подтверждения своих транзакций) модифицированный ёто-клиент будет пользоваться не маргинальной, а широкой популярностью. Хотя, в конечном счёте, в соответствии с "
Трагедией общин" и запутает
пастбище Путаницу в совсем путанное состояние.
Ранее Сергей
отвечал на этот контраргумент другой эвристикой (шахматного блица):
Serguei Popov [3:21 PM] re:"selfish is to get fast confirmation, so ppl will go to use that selfish client" - What he proposed so far as "selfish strategies" would actually lead to slower confirmation times for the one who uses them, not faster. The basic idea is: if you want to be accepted by others, do what they expect you to do. You know there is a complicated probability distribution on the set of tips, according to which the "honest" nodes choose their tips to reference. This probability distribution is effectively concentrated on "good tips", but there seem to be no way to discover which tips are (slightly) better other than running the MCRW many times. However, if a node is so selfish that he wants to really reference the tips whose weight (according to that distribution) is maximized, he would need to run MCRW really many times, and even then the gain would be marginal. However, running MCRW many times requires time/resources; after you spend some time on it, the state of the tangle will already change, so you'll have to start anew. In a way, it's like playing blitz in chess: if you want to win, you don't have to always play best moves; you need to play (reasonably) good moves, but fast ...