Bitcoin Forum
April 04, 2020, 09:48:10 AM *
News: Latest Bitcoin Core release: 0.19.1 [Torrent]
 
   Home   Help Search Login Register More  
Pages: [1] 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 ... 64 »
  Print  
Author Topic: DECENTRALIZED crypto currency (including Bitcoin) is a delusion (any solutions?)  (Read 90840 times)
TPTB_need_war
Sr. Member
****
Offline Offline

Activity: 420
Merit: 255


View Profile
January 08, 2016, 06:58:11 PM
Last edit: January 20, 2016, 01:20:37 AM by TPTB_need_war
 #1

Let's have a frank discussion about the technical realities of crypto-currency.

Apologies in advance to all those who have worked so hard on trying to advance crypto currency. I am not doing this to spite you. I don't want to waste more time. If we can convince ourselves we have a solution worth working on, then let's do it. Otherwise let's be honest with ourselves.



Edit: for those who want to jump straight to understanding how Iota's DAG works, click here and also here.



Upthread in my discussion with monsterer, I mentioned that I thought I could solve the problems Satoshi's Proof-of-Work by crediting all block solutions instead of the just the first one that arrives. When I went quiet on Jan 3, it was because I realized my design was faulty because there would still be an ambiguity around when the block solutions to be credited were propagated. I was trying to rush out a first iteration when while programming, I realized the detail that wasn't clear to me before.

I went off on several days of just thinking all day. I contemplated all the possible designs (including Iota's DAG, Lightning Networks, DPOS, Proof-of-Stake, Masternodes, Raiblocks/Blocklattice, etc), and I can't think of any design that uses a block chain or a DAG (or any other form of determining the longest chain of truth) which doesn't either centralize (factoring in society's ability to regulate the consistent partition) or diverge into inconsistent truths. Due to the CAP theorem it is fundamentally impossible for there to exist any block chain or consistent DAG design that won't centralize (even without regulation once you require scaling). Worse yet, it is impossible to attain any sort of end-to-end principled, decentralized scaling of transaction processing, because consistency is lost without centralization (even Proof-of-Work centralizes economically due to the Power Law distribution of capital).

The CAP theorem is fundamental. There will be no way to solve it. You all can spend the next 1000 years fooling yourself will all sorts of designs, but they will also end up either inconsistent or centralized or unable to scale. PERIOD. PERIOD.

I realized that Bitcoin and everything else so far is destined for failure. We are only mining each other here. We are not producing any fundamental breakthrough on the problem of decentralized electronic money. I do not like to work on things that I feel are misdirected and destined for failure in the end. I don't want to get rich by fooling other people (or fooling myself). All of you including the core Bitcoin developers are fooling themselves. I've been through all the designs. It is fundamental. There won't be any solution in any of the directions being pursued by any of the current and upcoming crypto projects. It is all delusional bullshit.

I felt rather hopeless about this, and so spent a few days thinking about other potential directions for my life, work, etc..

After all that, I decided the only way to get a breakthrough on electronic money is to admit the CAP theorem and decide which of the three, Consistency, Access, Partitioning to forsake in a design. Bitcoin can't tolerate any Partitioning, thus Access is and will be centrally controlled. Iota allows Partitioning and thus forsakes Consistency (watch it blow up).

Specifically Iota forsakes Consistency in a very chaotic way, where there can be multiple Partitions of truths and so no one will know which truth is valid. Or they will have to centralize to force a consistent truth.

[...]




Edit: the idea I proposed as a solution is also flawed.

I will be starting a new unmoderated thread to discuss in detail all the flaws in crypto currency.

So this can be explained well so that everyone can understand what they are investing in.

I'm confused.

One second you're stating you have the holy grails, the next you are starting a thread to point out there aren't any? :|

As you wrote, temporary chargebacks (inconsistent channels a.k.a. partitions) can be allowed and resolved with a proof-of-work scheme. Any other schemes you are contemplating won't work and I will tear them apart once you detail them.

They can not be resolved in a DAG scheme (e.g. Iota) without some centralized control.

Proof-of-work is centralized at 51% control. This encourages the nation-states to organize into cooperation on regulation of the internet in order to regain control over money. Governments and society will not give up this control and will instead decide to cooperate so the system described below can control to move us towards the 666 system which is rapidly taking form. Bitcoin is designed to drive us towards a world governance.

Centralized control is loss of permissionless principle. It means the government takes control (because the Power law distribution of capital always drives a collusion amongst government and big capital in a winner take all paradigm).

There is no POW required to secure a CL (channeled ledger), nor is it a block chain, or a DAG. Neither are there any charge backs in a CL design because the state of truth never gets to a point where you have to revert to them to resolve inconsistencies...which also means the risk of any centralization required to resolve said issues is next to nil, the network can always resolve itself.  

If block chains or DAGs or Ripple style ledgers could do what a CL allows, well, I wouldn't of wasted 3 years reinventing the wheel and tearing it apart myself and starting over.

The truth of each channel still has to be a consensus. It doesn't change the fundamental issues of how to prove consensus about double-spends within the partition. Even there are chosen nodes who are signatories for determining the truth of the channel, this then not permissionless because the government can attack those specific nodes.

Detail your design and I will rip it to shreds.

Not intending to be unfriendly, but I am tired of bullshit (especially bullshitting myself because I don't want to waste any programming effort). I have done all these designs in my head.

If there is a design that can improve upon Bitcoin, then I want to work on programming it. If not, then I want to not waste effort. It would be better for me to make some fast transaction addon for Bitcoin than to waste effort on designs that won't improve upon what is.

1585993690
Hero Member
*
Offline Offline

Posts: 1585993690

View Profile Personal Message (Offline)

Ignore
1585993690
Reply with quote  #2

1585993690
Report to moderator
AWARD-WINNING
CRYPTO CASINO
ASKGAMBLERS
PLAYERS CHOICE 2019
PROUD
PARTNER OF
1500+
GAMES
2 MIN
CASH-OUTS
24/7
SUPPORT
100s OF
FREE SPINS
PLAY NOW
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1585993690
Hero Member
*
Offline Offline

Posts: 1585993690

View Profile Personal Message (Offline)

Ignore
1585993690
Reply with quote  #2

1585993690
Report to moderator
TPTB_need_war
Sr. Member
****
Offline Offline

Activity: 420
Merit: 255


View Profile
January 08, 2016, 07:11:59 PM
Last edit: March 19, 2016, 09:37:01 PM by TPTB_need_war
 #2

I will start to detail the flaws in each type of consensus system.

Proof-of-Stake

In the thread I quoted from, we had a recent discussion about Proof-of-Stake systems with monsterer, smooth and others.

To summarize, Proof-of-Stake (including Masternodes of Dash and Casper's consensus-by-betting):

  • centralizes control according to stake, which is a finite resource
  • stakes (or even deposits) aren't permanent because they can be sold (withdrawn), thus historic security is indefensible
  • one could profit from attacking the coin by shorting it while never needing to sell your stake
  • even 0.1% stake can attack the coin because block solutions are exclusive to some stake holder so the stake holder can delay transactions[1]
  • can be attacked with less than 50% of the stake, by having more Sybil attack peers to lie to newly online stake peers which are syncing to the network (see quote of monster near bottom of this post)
  • attacking the coin is a one-time cost of stake that sustains forever, whereas for Proof-of-Work the attacker must continue to expend resources on mining to maintain an attack[2]
  • there is no way to distribute new coins (must distribute proportional to stake in order to be fair thus effectively no change in coin distribution)
  • smooth also added the very clever point that in the case Proof-of-Stake devolves to a computation contest for computing Nothing-at-Stake game theory, then this is perhaps a Proof-of-Work system in disguise (and I add but it might still also have some of the bad traits of Proof-of-Stake as well)
  • PoS usually pays dividends to stake holders (and even relays a percentage to the developers thus must register as a Money Transmitter with FinCEN) thus arguably creating investment securities under the Howey test and thus must be registered with the SEC or face possible jail time. I argue this impacts the resilience.
  • PoS doesn't scale nor provide transaction fault tolerance because it is synchronous queue of confirmation nodes, only one of which can confirm for each block

[1]Another scenario is DDoS attack other stake holders when their turn to mine a block, then jack up your transaction fees sky high when its your turn to mine a block. Note this has many variants as follows:

I do not think the following is possible in dPoS (I'm not sure about other forms of PoS), because delegates cannot change or set transaction fees by themselves. Transaction fees can only be changed by committee members which are elected by stakeholder vote. Not including a transaction because it doesn't have a certain amount in transaction fees seems silly, because the next honest delegate will do so and the honest delegate will get whatever fees are associated with the transaction. They would basically be giving up free money, putting a big red flag on their witness campaign, and it would be very likely that would get them voted out. Part of the incentive for delegates to stay honest is the future income of blocks produced in the future, although as I stated earlier... even if they are dishonest there is not much they can do other than withhold transactions from blocks (and the transaction would be included in the next block produce by an honest delegate.) The way I understand it, DPoS' main weakness is that all consensus algorithms suffer from.. a 51% attack.
Quote
[1] Another scenario is DDoS attack other stake holders when their turn to mine a block, then jack up your transaction fees sky high when its your turn to mine a block.

You forgot my point that the attacker can short the coin. And that delaying transactions is an attack that could cause the share price to crater. Or DDoS attack all the others and then force all transactions on to your block. This is the problem with PoS and DPOS, because the ordering of who will mine is known before the transactions are sent. That is a major flaw compared to PoW.
[2]Except when top-down society is the attacker it loses this advantage over Proof-of-Stake.
[3]
The other flaw of PoS, and especially DPOS and Dash masternodes (as pointed out by smooth et al) is you are paying yourselves via the shares from an enterprise that issued unregistered investment securities and which also requires each stakeholder to register as a money transmitter with FinCIN. I can't fathom how you convinced yourself that you are not going to jail in the future or end having to lick the boots of the SEC as Erik Voorhees did to wiggle out of jail time.

Some have argued that one would need to buyout the stake of the others in order to attack, thus implying it would be a good speculation for investors. But an insecure or centralizing paradigm for money is not going to inspire nor enable adoption, thus like all the altcoins the price is likely to perpetually decline after the initial hype pump moonshoot and crash. If we are just talking about mining each other, in a zero-sum greater fool game, then I am not interested. I am okay with profiting on speculation if there is some fundamental value for society created in the process, not just fooling others.

Point is I don't want to work on bullshit that I know won't be adopted by the world.

My upthread argument is that if Bitcoin loses DECENTRALIZATION then it no longer has the autonomous property of cash. Thus it loses much of its advantages as compared to fiat currency.

Also realize that DECENTRALIZATION is a key aspect to gaining adoption, because no one is going to trust it (e.g. have a self life / store-of-value function) if they think some group can take control of the coin. This is why I think Proof-of-Stake coins can never gain wide adoption.

Proof-of-work has a better chance because it requires 50% control to fail (or as low as 25 - 35% with selfish mining). But as I explained upthread, Proof-of-work is also failing economically because it costs $16 per transaction in electricity to mine it and mining is becoming ever more and more centralized over time. I have proposed some ideas to improve these problems (potentially fix them).



Proof of stake is biggest innovation in crypto since invention of bitcoin.

Proof of stake creates more problems than it solves. I'm quoting from another post of mine, but here are several attacks which are not present in POW:

Quote
I would add the following POS attacks to your list:

* Custodial stake

Exchanges and other large services which store user funds in their own wallets gather a very large stake, which often would give them majority power of POS block generation if they were to abuse it.

* Chain freeze

Once a majority stake holder becomes the dominant block producer, they can withhold all blocks forever, bringing the entire chain to a permanent halt, correctable only with a hard fork.

* Shorting attack

A whale takes out a large short of a POS coin at the same time he buys an equal portion of stake, such that his overall position is neutral.

He then uses his stake to double spend by creating blocks continuously (whenever he is permitted to do so) thereby driving the price of the currency down until he is ready to close his short in profit.

In addition, I would say the chief disadvantage of POS over POW is that the security model in POS is much weaker than POW; block generation probability/cost is a constant in the amount of stake you own, whereas in POW the cost of block generation is super linear in the number of blocks. This makes attacking a POS chain cost free under the shorting attack described above.

ref: https://bitcointalk.org/index.php?topic=1316024.msg13489124#msg13489124



PoS(hit) can never be secure, because if it has a functioning markets (which it must in order to be widely adopted and liquid), then one can borrow stake, attack the coin (which requires much less than 51% to for example delay transactions by some N blocks where N is a function of percentage of coin supply held), and then pay back the borrowed coin with cheaply bought coin as the price collapses due to attacks. You could simultaneously short it (i.e. which you did when you borrowed the coins, but sell some for fiat before you attack) for profits. Also PoS can't distribute new coins, thus eventually the coin supply shrinks asymptotically to 0.

With PoW, your borrowed mining hashrate would eventually reach end of contract and the coin would repair itself. And you'd need much closer to 51% to do damage. You would hope to be able to purchase the coin at cheap prices, wait for it to rise back up and then sell it for fiat to pay back your loan. Much less plausible.

However if you are up against the corrupt State that charges cost of PoW mining to the collective, then we're screwed with profitable PoW also, except I have the idea to use the unprofitable PoW of every person's computer in the world (with latency preventing them from farming out to ASIC), which seems might be even too much of an expense for China to hide the subsidization of.



Also PoS can't distribute new coins, thus eventually the coin supply shrinks asymptotically to 0.
You are wrong here. There are PoS variants that distribute new coins.

No variants can. And the last time you debated me, I defeated you on every single point. Are we going to have to do it again?

See Bitshares, genius.

Again the point is that with PoS, there is no FAIR or EQUITABLE way to distribute new coins that doesn't mimic the proportionality of the existing stakes, thus this is the same as the divisibility that is already built into the existing coins. No new distribution was achieved, just offsetting inflation.

If you have any other gimick in mind, please cite it specifically, so I can identify the flaw for you. You have been hoodwinked.
The amount of say you get in the company is compared to the amount of stake that you own. Corporations have been thriving on such practices for years now. Executives get nice stock options and benefits and the larger shareholders have more say, yet all stakeholders profit (if it is a well ran business of course.) If that is known before someone invests in a company/cryptocurrency that whoever has more stake will get more say in the company, then it is ridiculous to call it not fair.

You are also assuming that everyone votes in their best interest only and not the company's best interest, which is not always the case. If you go have a look at what each paid witness is doing for Bitshares then it becomes clear it is not the case.

You mean either:

  • Larger stakeholders get more (either because they can outvote the smaller ones, or because the smaller ones are somehow convinced the coin will gain more value if they give away their coins).
  • Corporations are created, new shares are created, production in this economy makes these shares more valuable, minority shareholders agree to give more shares to those who run or work for the company.

I assume you mean #2, since #1 is idiotic.

But by definition the shares have to be non-fungible with shares of other corporations. So unless you make Bitshares one corporation for every productive venture, then the new shares can't be Bitshares.

So there is the flaw. You can't have one corporation that produces everything for the world. It lacks degrees-of-freedom. It is same as tying yourself to your sister and trying to each go about your daily life tied together.

Dumb shit like this is why I do not respect the Larimer incest.

Bitshares ... people will even stab or murder each other eventually ... It's also going to have elements of corporate fascism



Following is written by David Mazières a PhD professor at Stanford who is the Chief Scientist at Stellar.

An alternative to proof of work is proof of stake [King and Nadal 2012], in which
consensus depends on parties that have posted collateral. Like proof of work, rewards
encourage rational participants to obey the protocol; some designs additionally penal-
ize bad behavior [Buterin 2014; Davarpanah et al. 2015]. Proof of stake opens the pos-
sibility of so-called “nothing at stake” attacks, in which parties that previously posted
collateral but later cashed it in and spent the money can go back and rewrite history
from a point where they still had stake. To mitigate such attacks, systems effectively
combine proof of stake with proof of work—scaling down the required work in pro-
portion to stake—or delay refunding collateral long enough for some other (sometimes
informal) consensus mechanism to establish an irreversible checkpoint.



With PoS/PoI/DPoS a sybil attack can come without any notice and with potentially much cheaper costs. (No, an attacker need not have to "buy" coins to attack, They can create an exchange/bank that pays interest/dividends to corner a good chunk of coins 5-30% needed depending upon the algo, Or they can create a popular wallet with a backdoor, Or they can compromise several large bagholders computers, Or a few large holders could short and attack their own coin, ect..)

These are social engineering attacks, of course.  I guess the equivalent in POW would be to 'borrow' someone's server farm.

Some of it does involve Social engineering, yes. The distinction between PoW and PoS/PoI/DPoS is that several of these attack vectors cannot be accomplished with PoW. With PoW all you can do is steal the account holders coins with a mtgox, ponzi scheme, or when a large bagholder is compromised. With PoS you can also attack the network and steal other peoples coins as well. Additionally, a compromised wallet cannot attack the network with a 51% attack with PoW as in PoS.

I suppose one could social engineer their way into Ant-pools mine and covertly reflash the firmware on all the miners. This attack would be much more difficult to do because large farms have multiple engineers who look over things and they have to constantly check their equipment and have large incentives to keep ontop of everything because of razor thin profit margins.  

It is no surprise that many PoS coins use checkpoints to add another security layer which is essentially centralization by a few developers approval. Checkpoints don't prevent these attacks just narrow the window of attack which is absolutely no problem. Developers Like Vitalik have studied these security weaknesses long and hard and despite desperately wanting to use some form of TaPoS for security still have not found an acceptable solution to mitigate these threats.

[...]



Just a heads-up...   I don't have anything specific to say about it:

https://www.youtube.com/watch?v=StMBdBfwn8c

I am 7 minutes into the video, and Vlad Zamfir (developer of Casper) has already not underst00d that proof-of-stake has externalities. I mentioned that to jl777 today:

You have no economically viable attack.

Only of we ignore externalities (external economic motivation). The same applies to the erroneous claim that proof-of-stake is as secure as proof-of-work.

Just because something is possible, that doesnt mean it is certain to happen, especially when it is economically non-viable.

As non-viable as Nxt being controlled by a dictator and Bitshares being controlled by two centralized exchanges.

Also Vlad doesn't seem to fully appreciate that a validator will not be betting against himself if he bets against his historic validation:

To summarize, Proof-of-Stake (including Masternodes of Dash and Casper's consensus-by-betting):

  • stakes (or even deposits) aren't permanent because they can be sold (withdrawn), thus historic security is indefensible

Also around the 22 - 23 minute point Vlad makes a reasonable point that having no block reward incentivizes miners to not do game theories that would destroy transaction rate, but he is wrong to assume that is the only possibility. For example a cartel on mining could limit block sizes and thus drive transaction fees higher. Also he is incorrect to imply that proof-of-stake is orthogonal to monetary policy because proof-of-stake can only distribute coins proportionally to stake, which thus the same as no distribution. Vlad has so many myopias, I don't have time to comment on all of them. The myopias are pervasive through the entire interview.

Btw, the interviewing female seems to be quite intelligent. I'm shocked because first female I've seen in crypto currencies and she seems to be a quick thinker.



Also, how can a PoS coin be attacked using this? Does this mean that PoS coins are more secure as atomic altcoins than PoW?

Unlike hashrate (electricity), stake only has to be purchased once and attack forever, so therefor rental prices for stake should be much lower (since stake costs less than hashrate).

"stake costs less than hashrate" this appears to be the same as saying donuts cost less than springs.

Sometimes the stake required to attack will cost more than hashrate and vice versa. So it all depends on the specific coins being talked about.

I am making a mathematical asymptotic argument similar conceptually to the arguments about Big O and Big Theta computational complexity classes (wherein at any particular/small values the conclusion might be opposite of the asymptotic reality). The point is mathematical structure in that stake only has to be purchased once, whereas electricity has to be paid continuously. Thus in terms of mathematical structure (all other variables the same, e.g. market cap, etc), then hashrate will be structurally more expensive than stake. Stake is not as secure as hashrate because stake is paid once for an eternal attack and hashrate must be paid continuously else the attack ends (is finite in duration). In short, stake enables an infinite duration attack (at no extra cost) and thus stake is free and hashrate is finite and thus it is not free. If you don't believe that, then just consider that one can short a PoS coin (thus recovering the cost of the stake making it less than free) and the market is likely to sell off the coin during any stake-based attack because the market understands the only way to overcome the attack is to fork the coin. Whereas with PoW, the market may ignore the attack because it will be ephemeral unless the attacker can profit from the attack enough to pay for the ongoing cost of the electricity.

This is the fundamental reason that PoS is not secure. Apparently some PoS coins have been attacked with stake, and the common case are the exchanges which control huge amounts of stake.

And I am not thinking it is so easy to cause deep reorgs at will. It could be that the DE for low security coins needs to be done over longer periods of time and in small increments, ie overlapped micropayment channels.

I presume I did not adequately explain the economic argument. The point is that once you incentivize profitable PoW attacks, the attacker can now sustain an attack indefinitely (or the DE is abandoned). Thus there is no longer period of time which is sufficient (from a mathematical structural perspective, although there might be particular cases that are secure, you can't state them with equations that enable reliable decisions). I understand you want to find some reasonable middle ground, but I presume you would play with fire if you pursued this similar to those who argued that PoS was an acceptable middle ground (yet even today we see that Bitshares' DPOS is probably controlled by a few exchanges and I think someone told me Nxt is controlled by a dictator).

I comprehend and am aware of the stance that says nothing is perfect and choose some practical middle ground. But I argue we can do better than some muddled middle ground where for example Bitcoin is already controlled by a Chinese mining cartel that has 65% of the hashrate and is provably lying about the Great Firewall of China being a hindrance for them (their motivation is obviously to make higher profits with higher transaction fees by constraining block size). This outcome I predicted in 2013, even I nailed in 2013 the block size as the specific failure mode, and everyone was arguing at that time that I was loony. Their % of the hashrate will increase on the next block reward halving this year, because the marginally profitable miners are the first to go (and I suspect the Chinese mining cartel is getting subsidized electricity with political connections/corruption).

You can make the reasonable argument that the insecurity of the proposed cut & choose algorithm only impacts those altcoins without CLTV and thus it is better than no DE for those coins. In that case, maybe I can agree with that. But do fully acknowledge the Pandora's box security threat so enabled (but at least isolated to those who trade for those altcoins). Thus I don't think it will be a very popular case, if proper disclosures are made. Who would trade BTC for an altcoin where they might lose their funds due to an attack (particularly even a long-range lie-in-wait attack) and where the developers of that altcoin are unable to add the CLTV op code.

I am not conviced by general statements, especially when they have counterexamples that prove they are incorrect. I can easily name many PoS coins that are more expensive to obtain stake enough to attack against a set of PoW coins whose hashrate is lower.

Of course there are scenarios where a PoW coin pays less % of debasement to mining thus requires less cost for a short-term attack than a PoS coin with a huge market cap. This is primarily because Satoshi's PoW design is incorrect. I have a solution to this by making mining unprofitable so that no debasement is paid for mining.

Both the current PoS and PoW designs are flawed. That is one of the major innovations I am working on.

Sorry, general scare statements dont work on me.

The generative essence statement I made upthread was referring to the fact that given no reference point, DE would not be secure,. Without a reference point, nothing can be proven about crypto currency (e.g. double-spends can't be prevented, etc), thus the requirement for a reference point is essential (even Satoshi's PoW suffers from the fact that it is probabilistic and didn't solve the Byzantine General's Problem because it can't identify an attack from a non-attack because the longest chain rule is self-referential). I can make such a general statement and be 100% certain there is no possible exception, because it is a fundamental inviolable mathematical structural issue.

The reference points are provided by my upthread "Coin Days Destroyed" suggestion a few days ago and the point yesterday in this thread about hard-coding the destination addresses in the CLTV. In order words, those reference points do not depend on future confirmations, but are past history (the age of the UXTOs being spent) and future invariants (the hard-coded destinations).

I was just starting treatment for fatty liver disease over the past 2 days (along with running around getting a diagnosis and other foggy brain matters) so apologies that only this morning did I feel alert enough to write a coherent explanation such as this.

Only specific failure cases, which can then be generalized and solutions usually devised. I know that if I just say, sure in theory it wont work and dont push for a solution, then it would limit things to BTC <-> LTC and gradually more and more, so at worst it is a slow process, but we dont have to outrun the bear, we just need to be more secure than a CE.

There is a distinction between theory and inviolable mathematical structure. I will give you another example that I learned when I started to teach myself cryptography over the past 3 years. That is zero knowledge proofs are impossible without an asymmetric trap door function, i.e. they can't be done with hash functions. That is not theory. It is an inviolable fact due to the mathematical structure.

NXT PoS limits any reorgs to 720 blocks, so for NXT if the timeout is set above 720 blocks, then it will be beyond the reach of any attack.

That seems reasonable since checkpoints are required in PoS due to people selling their stake and then doing a long-range attack with stake they no longer own based on reorganization of historical transactions that create stake. Anyone who is buying NXT should hopefully understand the tradeoffs of a PoS system (centralized governance, advantage of less electrical consumption, my arguments against PoS in my prior post, etc).

Couldnt any coin use data from the BTC blockchain from some hours in the past to create a backstop from massive reorg? By using the massive PoW of BTC, a PoS or weaker PoW would get an externally verifiable reference? Why couldnt that be used as the generative essence you say is required?

[...]

But maybe I misunderstood your objection and the above has a fatal flaw?

I assume you mean writing some meta-data into the stronger block chain, that the weaker block chain could refer to as evidence. The hindrance is that decentralized block chains have no external reference point. There is no way to enforce that a particular block in one chain came before a block (nor within some # of blocks after a block) on another chain. Block chains are self-referential, and that is precisely why we need CLTV to implement decentralized exchange. It is also why Blockstream's side chains have security which is as weak as the weakest side chain (because a reorganization in one chain erases coins that have already been reserved in other chains for maintaining the one-to-one exchange peg), which is btw why afaics Side chains are implausible (hopefully this post won't get deleted by the moderator, hehe).



@TPTB_need_war another way to think about why PoS isn't as secure as PoW in general:

PoS does not reinforce historical consensus. Every subsequent block in a PoW chain makes the history below it more secure because the cost of reversing it is superlinear in the number of blocks built on top. In PoS, this is not the case, the cost of producing a block is a constant, therefore the cost of reversing history is a constant.

so with a 51% + selfish mining attack you would be able to unwind all hist tx in PoS? (with minor costs)

You can arbitrarily re-write history in PoS with <50%; I can produce a valid candidate chain longer than the canonical chain for a constant cost, whcih I then present to nodes which are syncing with the network who are unable to distinguish this objectively from the canonical chain.

edit: Since the cost of providing such information is very small, I can dominate the network with peers containing instances of my fake chain such that any syncing node querying peers at random would find a majority of my fake nodes.

I've added this to the post about PoS on the first page of the thread. You've pointed out that PoS can be Sybil attacked achieving an attack with less than 50% of the stake when the majority of the stake is not always online. In other words, PoS is only secure as a federation, not decentralized consensus.

More about checkpoints:

NXT PoS limits any reorgs to 720 blocks, so for NXT if the timeout is set above 720 blocks, then it will be beyond the reach of any attack.

That seems reasonable since checkpoints are required in PoS due to people selling their stake and then doing a long-range attack with stake they no longer own based on reorganization of historical transactions that create stake. Anyone who is buying NXT should hopefully understand the tradeoffs of a PoS system (centralized governance, advantage of less electrical consumption, my arguments against PoS in my prior post, etc).

It seems cut & choose with a fee is an appropriate DE protocol for any proof-of-stake coins with frequent checkpoints (that don't support CLTV), which in NXT's case appears to be enforced by nodes that are always online and can form objective reality from the chain they've seen while being online. In other words (an issue which we have discussed and identified in the linked threads I mentioned in my prior post), NXT's 720 block rule is ambiguous to nodes who've recently come online (they don't know which chain was first to appear and can be lied to by a node that has always been online, i.e. propagation is not objective reality to offline nodes), but afaik with proof-of-stake typically there are a more permanent set of nodes (dictators or elected delegates in Bitshare's DPoS) who control the chain, i.e. the coins are essentially centralized. Yesterday monsterer pointed out how PoS can be controlled with even less than 50% of the hashrate, so kudos to monsterer for articulating our prior insight with more clarity on the weakness of PoS.

So an imperfect DE protocol is arguably appropriate for an imperfect decentralized consensus algorithm. Seems befitting and allows you James to monetize your work, since PoS coins are still quite popular for the time being (and with hubris I will joke that they will need DE to trade for my superior consensus algorithm invisible vaporcoin).

So what I am saying is I think you can monetize. I don't know how to monetize with the dual CLTV technically sound protocol (with my suggested "coin age" filtering improvement to squelch jamming attacks), as it seems to not require a fee.

Cut & choose seems to be inappropriate for proof-of-work coins due to the longer-range lie-in-wait rented hashrate attack on the probabilistic longest-chain-rule (LCR), unless they too are essentially centralized and have some frequent checkpoints generated by some form (either concentrated hashrate in always online nodes/pools that enforce checkpoints or lead developers who release checkpoints frequently) of centralized control.

You can tell how much stake is used in creating a POS chain.

No you can't if stake has been sold and purchased, because the order of those transactions in time is entirely arbitrary and controlled by whom ever is claiming to have the stake now.

That is why PoS requires checkpoints and always online nodes with > 50% of the stake (who all agree with each other due to Nash equilibrium[1]) to avoid a Sybil attack.

[1] but the Nash equilibrium doesn't exist if one can earn more profit by shorting the coin or attacking an exchange, etc.. PoS is a mess that requires centralization. Note that Satoshi's PoW is also a mess that also centralizes as well due to the economics of mining+verification and wastes a lot of electricity (Bitcoin is already controlled by the Chinese mining cartel), so it is sort of stalemate at this point which explains the popularity of PoS (other reason PoS is popular is it is technically easier to implement and it is much superior for controlling P&D schemes and top-down governance).

The point about checkpoints is that when your protocol depends upon them for security purposes, you might as well just throw the whole thing in the bin and use a 100% centralised service, which will be exactly as secure and a lot faster, cheaper and easier to use.

Bit harsh.. There are many other benefits to a decentralised system, that 'needing-one-32-byte-checkpoint-at-first-logon' doesn't screw up.

Decentralized nodes provide DDoS resistance, higher availability and uptime. But a centralized controller can provide decentralized nodes. The significant advantages of decentralization derives from decentralizing control so that failure modes are removed that revolve around disagreements or vested interests. You can see that PoS has no Nash equilibrium unless it is controlled by one "winner take all".



I'm with spartacusrex.  The ultimate test is for someone to pull of one of these (theoretical) attacks and catastrophically and irreparably damage the network in some way, or at least prove that one of the attacks can be used to consistently and successfully attack the network and/or individual users.  Until this test is completed, I'm going to assume that POS and other variations (DPOS) is sufficiently secure.  

Also, it would be in everyone's best interest if POS was broken sooner rather than later while valuations are low.  So please, if you have a guaranteed attack, go ahead and do it and prove POS useless.

PoS systems have already been attacked, I believe it was by an exchange. But that is not even the main point, which apparently you are also not cognisant of.

The main point is that the centralization required to obtain a Nash equilibrium in PoS is the attack. A centralized system is a political and vested interest leverage against everyone who uses the system. For example, the centralized control can veto feature changes, such as how the Chinese mining cartel has vetoed a block size increase for Bitcoin so they can ostensibly force transaction fees high to fatten their profits.

Still waiting.................

The  ill-informed hubris that n00bs slobber on threads is incredulous.

The 50% attacks have already occurred numerous times for PoS and PoW coins. You are just blinded because you are not looking at all forms of "attack". Typical myopia of n00bs (non-experts) who haven't conceptualized all the issues thoroughly. Live and breathe this stuff for years as monsterer, smooth, and myself have and then you may start to have the foresight that we have. We would simply appreciate a bit more respect for the effort we have invested.

I am respectful to those who respect those who invest effort. This is called a meritocracy. I put the mirror in the face of weekend warriors who disrespect those who have done their homework.



Well you don't need to find historical keys (in order to rewrite the history of PoS block chains), when you can make them for nearly 0 cost.

Simply buy and sell on an exchange, and your cost will only be the spread.

Then short the coin, and start attacking.

Obviously this doesn't apply to illiquid meaningless microfloat altcoins. We are talking about whether PoS is viable for a mainstream decentralized coin. Not.

For a centralized coin, then anything works, you don't even need PoS nor PoW (except to fool people with).

max reorg depth in NXT is 720 blocks

Checkpoints are centralization.

For a centralized coin, then anything works, you don't even need PoS nor PoW (except to fool people with).

If we don't have decentralization, then the entire plot has been lost.

Do you need an example? Here you go (remember the Chinese mining cartel allegedly controls 65% of the Bitcoin hashrate):

https://www.reddit.com/r/btc/comments/48nnaw/the_truth_comes_out_core_devs_have_convinced/



Bitshares instant transactions aren't reliable, because there is only one designated confirmation node for each block period, so the performance of blocks can vary.

Poor performers get voted out, and are no longer permitted to form blocks. Only historically reliable block producers are allowed to mine.

Then it is not decentralized, permissionless. A permissionless system should be able to scale while still permitting slower nodes. In short, yeah you can guarantee anything with total control, but you also insure a power vacuum which is winner-take-all. It is an Iron Law of Political Economics.

But even your reply is technically ignorant, because the point I was making is that no one can guarantee that a node performs well 100% of the time. Nothing on the internet is perfectly reliable. The fault tolerance must be built into the system by allowing many nodes to confirm transactions simultaneously, not a synchronous queue as is Proof-of-Stake's idiotic design.



...

Btw, proof-of-stake will never scale out user adoption, because it is a vested interest paradigm, and thus will be destroyed by its stake holders. No stake holder (in any context or business model) allows a competitor to profit. Only permissionless, decentralized systems scale.

Fuserleer
Legendary
*
Offline Offline

Activity: 1050
Merit: 1005



View Profile WWW
January 08, 2016, 07:17:48 PM
 #3


The truth of each channel still has to be a consensus. It doesn't change the fundamental issues of how to prove consensus about double-spends within the partition. Even there are chosen nodes who are signatories for determining the truth of the channel, this then not permissionless because the government can attack those specific nodes.

Detail your design and I will rip it to shreds.

You forget one critical thing which everyone forgets as soon as they read my consensus document.

The chosen nodes are ever changing in very short time windows (minutes) and are not static.  The fluidity of those nodes is critical to preventing exactly the problem that you are highlighting.

Furthermore the IP addresses of the chosen nodes are never known to the network so malicious agents, government or otherwise, are going to have a real hard time keeping abreast of not only who the next signatories are to resolve consensus issues, but also where to point their attack.

On top of that after a number of growth years there may be 100s or 1000s of signatories voting on consensus, and an attacker would have to take out at least 50% of them to cause even mild disruption. The worst case is transaction processing halts for a few minutes until the next set of nodes are eligible and the network continues operating.  In the mean time an attacker has to identify who the next m voters are, locate n of them and take them out....rinse, repeat a few minutes later.

Radix - DLT x.0

Web - http://radix.global  Forums - http://forum.radix.global Twitter - @radixdlt
TPTB_need_war
Sr. Member
****
Offline Offline

Activity: 420
Merit: 255


View Profile
January 08, 2016, 07:34:52 PM
Last edit: January 08, 2016, 08:21:27 PM by TPTB_need_war
 #4


The truth of each channel still has to be a consensus. It doesn't change the fundamental issues of how to prove consensus about double-spends within the partition. Even there are chosen nodes who are signatories for determining the truth of the channel, this then not permissionless because the government can attack those specific nodes.

Detail your design and I will rip it to shreds.

You forget one critical thing which everyone forgets as soon as they read my consensus document.

The chosen nodes are ever changing in very short time windows (minutes) and are not static.  The fluidity of those nodes is critical to preventing exactly the problem that you are highlighting.

Furthermore the IP addresses of the chosen nodes are never known to the network so malicious agents, government or otherwise, are going to have a real hard time keeping abreast of not only who the next signatories are to resolve consensus issues, but also where to point their attack.

On top of that after a number of growth years there may be 100s or 1000s of signatories voting on consensus, and an attacker would have to take out at least 50% of them to cause even mild disruption. The worst case is transaction processing halts for a few minutes until the next set of nodes are eligible and the network continues operating.  In the mean time an attacker has to identify who the next m voters are, locate n of them and take them out....rinse, repeat a few minutes later.

What I have discovered with all my years of attempting crypto designs, is that adding complexity just obscures the fact that there is a flaw in the design.

Until you provide more detail of your eMunie design, it is impossible to identify the flaw, but I am quite confident that you can not have consensus without Proof-of-Work or Proof-of-Stake. There has to be some resource applied and 50% (or less in some attack scenarios) control of that resource will determine the unambiguous consensus.

Either you are relying on propagation to resolve consensus, which monsterer and I already discussed in my thread (and other threads) as being fundamentally unsound, or you are relying on PoW/PoS to elect signatories. Yes it is possible to change the signatories on a clock (and that clock can be ticked by PoW or PoS), but the problem is that signatories can be lie and be Sybil attack and again the only way to resolve that is with PoW/PoS (which are also centralizing). It always comes back to the same conclusion.

You must use PoW or PoS and thus the problems of centralization and government control are the end result of all of what we are doing here. And helping to force a world government cooperation of regulating the internet, encryption, and Bitcoin mining. Bitcoin is a Trojan Horse that weakens the nation-states and traditional banks, which must fight back by cooperating with a world governance regulation of the internet and Bitcoin mining.

Remember I predicted this when I first joined this forum in March 2013. I tried for the past years to develop a solution and it is quite frustrating to realize the 666 system can't be stopped.

Bitcoin : The Digital Kill Switch

TPTB_need_war
Sr. Member
****
Offline Offline

Activity: 420
Merit: 255


View Profile
January 08, 2016, 07:55:12 PM
Last edit: January 08, 2016, 11:36:14 PM by TPTB_need_war
 #5

DAG (e.g. Iota)

The conceptual idea is that signed transactions reference a prior transaction (which referenced a prior transaction, etc). Thus transactions try to be on the longest chain of transactions. It is also possible to reference multiple chains thus combining chains into one chain.

But since there is no way to determine which chain is the authority, if there is a double-spend on more than one chain then it is not possible to determine which chain to discard. Since chains are not registered in blocks, there is no way to determine which double-spend was issued first.

The only way to resolve this is to have centralized servers which are trusted to cooperate and organize around a single chain. Thus this is just a centralized system (or if not, then a divergent Sybil forked chaos).

In theory if every signer could be an "always on" full node then propagation could be used to order transactions but this again would require all nodes to see the same results from propagation, which is impossible, since an attacker can propagate such that different nodes see different orderings of arrival. Besides not every signer can be online all the time. Again this can be delegated to trusted servers and thus a DAG devolves to a centralized system of cooperating servers.


I did forget to mention on the DAG post, that PoW can be aggregated along with each transaction so that the chain of the DAG with the longest PoW is the unambiguous consensus authority (probably what you mean by "energy"). Then it is a variant of what I proposed as an idea of improving on Satoshi's PoW scheme.

Nevertheless I can't see that this variant has any advantages over the one I am contemplating that uses blocks. For example, you I think wrote before that Iota can't expand the money supply thus the supply of coins will shrink to zero as users lose passwords over time (apparently Bitcoin and all Proof-of-Stake coins have this same flaw, but not all PoW coins have this flaw). And this will become a serious problem with microtransaction coins because many users will be frivolous. Intense deflation is very destructive to currency.

Also as I had mentioned to you in the past in one of the other threads, there is no force driving consensus. It is possible for cliques to decide it is in their advantage to race each other rather than provide clarity by referencing each other (say for example each clique controls roughly the same amount of hashrate). Whereas, blocks force that there can be only one global partition. And I don't see what advantage getting rid of the blocks provides? There are ways to achieve instant transactions and scaling with blocks. With blocks the calculation of irreversibility is more concrete than with DAG. DAG can't guarantee it will always converge quickly thus it doesn't really guarantee instant transactions, yet once it converges then it might be able to "confirm" a transaction faster than blocks (but I not sure about that since Bitcoin's block period could be reduced if not so much data needs to be sent on block announcement so that orphan rate won't be a concern).

I don't see the advantage since full nodes in Iota will still need to watch all the global transactions if they wish to converge on a single longest chain. And if not then chaos and double-spends on multiple partitions.

What am I missing?

suda123
Full Member
***
Offline Offline

Activity: 210
Merit: 100


View Profile
January 08, 2016, 08:37:30 PM
 #6


The truth of each channel still has to be a consensus. It doesn't change the fundamental issues of how to prove consensus about double-spends within the partition. Even there are chosen nodes who are signatories for determining the truth of the channel, this then not permissionless because the government can attack those specific nodes.

Detail your design and I will rip it to shreds.

You forget one critical thing which everyone forgets as soon as they read my consensus document.

The chosen nodes are ever changing in very short time windows (minutes) and are not static.  The fluidity of those nodes is critical to preventing exactly the problem that you are highlighting.

Furthermore the IP addresses of the chosen nodes are never known to the network so malicious agents, government or otherwise, are going to have a real hard time keeping abreast of not only who the next signatories are to resolve consensus issues, but also where to point their attack.

On top of that after a number of growth years there may be 100s or 1000s of signatories voting on consensus, and an attacker would have to take out at least 50% of them to cause even mild disruption. The worst case is transaction processing halts for a few minutes until the next set of nodes are eligible and the network continues operating.  In the mean time an attacker has to identify who the next m voters are, locate n of them and take them out....rinse, repeat a few minutes later.

What I have discovered with all my years of attempting crypto designs, is that adding complexity just obscures the fact that there is a flaw in the design.

Until you provide more detail of your eMunie design, it is impossible to identify the flaw, but I am quite confident that you can not have consensus without Proof-of-Work or Proof-of-Stake. There has to be some resource applied and 50% (or less in some attack scenarios) control of that resource will determine the unambiguous consensus.

Either you are relying on propagation to resolve consensus, which monsterer and I already discussed in my thread (and other threads) as being fundamentally unsound, or you are relying on PoW/PoS to elect signatories. Yes it is possible to change the signatories on a clock (and that clock can be ticked by PoW or PoS), but the problem is that signatories can be lie and be Sybil attack and again the only way to resolve that is with PoW/PoS (which are also centralizing). It always comes back to the same conclusion.

You must use PoW or PoS and thus the problems of centralization and government control are the end result of all of what we are doing here. And helping to force a world government cooperation of regulating the internet, encryption, and Bitcoin mining. Bitcoin is a Trojan Horse that weakens the nation-states and traditional banks, which must fight back by cooperating with a world governance regulation of the internet and Bitcoin mining.

Remember I predicted this when I first joined this forum in March 2013. I tried for the past years to develop a solution and it is quite frustrating to realize the 666 system can't be stopped.

Bitcoin : The Digital Kill Switch


Bitcoin : The Digital Kill Switch


Yea but that's the plan, bitcoin was made by the goverment LOL, IMA BE RICH BOIIIIII
TPTB_need_war
Sr. Member
****
Offline Offline

Activity: 420
Merit: 255


View Profile
January 08, 2016, 08:41:43 PM
 #7

I am still searching for the flaws in another idea I have for an improvement to Proof-of-Work. I had mentioned this is in a prior discussion with monsterer in my thread.

The idea is every transaction must include a PoW share.

There are many details to getting this correct and I believe it ties in with enabling instant transactions as well. But I need to write this all down and make sure there isn't a flaw.

My helicopter perspective thoughts are that it can force the difficulty high enough that mining becomes unprofitable (assuming debasement is a small fixed percentage say 1%). This will drive away the professional miners and thus stop the dumping of coins which drives the price down. It will also limit the electricity cost per transaction to some minuscule amount and not Bitcoin's $16 per transaction electricity cost. I see now my 2013 thread Spiraling Transaction Fees concept is finally getting serious attention.

Thus hopefully it can make it much more difficult for the government to regulate mining.

This is probably my last attempt at a solution. Seems I was thinking about this in the past and I thought it was flawed because servers have to aggregate data for transaction signers and I thought these could be targeted by the government or otherwise centralized. But what remains true is that if the transaction signers have more PoW hashrate than any miners the government can regulate/control, then the permissionless principle seems to hold.

Since mining becomes unprofitable then selfish mining attacks don't matter.

I think this is the most promising direction that still remains for me. Everything else looks like a waste of time.

Come-from-Beyond
Legendary
*
Offline Offline

Activity: 2128
Merit: 1009

Newbie


View Profile
January 08, 2016, 09:53:11 PM
 #8

The only way to resolve this is to have centralized servers which are trusted to cooperate and organize around a single chain.

This looks bold to me.
TPTB_need_war
Sr. Member
****
Offline Offline

Activity: 420
Merit: 255


View Profile
January 08, 2016, 09:56:29 PM
 #9

The only way to resolve this is to have centralized servers which are trusted to cooperate and organize around a single chain.

This looks bold to me.

Feel free to point me to any publication that will explain to me another way of doing it. Since you are about to launch, I assume these details have already been sorted out and thus you should have no trouble providing the details.

I will certain mea culpa if you have found a solution. But I am 99% sure you have not. Once you provide the detailed publication, I can zero in on detailing to you what is your flaw. Or mea culpa if you've discovered something I didn't anticipate.

Note the above quote is a simplified way of stating the many possible ways I've analyzed how a DAG might work, so even if you are doing something slightly different from your pespective, I think I will have already considered what you are doing (I didn't want to write a book here).

Risk Mgmt
Member
**
Offline Offline

Activity: 158
Merit: 16


View Profile
January 08, 2016, 10:09:14 PM
 #10

Whilst I am no expert in bitcoin,  (ACTUALLY THIS IS MY FIRST WEEK ON THIS FORUM) and have never ever in my life seen a BITCOIN and all I know is that its this electronic currency thingy.

 I pose this question as a means to find more.

CURRENT KNOWN GOOD Money or MONEY AS known to mankind from history
 has the following properties, does bitcoin also have these properties?

1) It is in abundance in the market place?
Bitcoin: Yes,  millions/billions in existence and more are being created each day.

2) Is it recognized and accepted by merchants?
Bitcoin: Yes, there are an increasing number of market participants and merchants accepting bitcoin.

3) Is it divisible?
Bitcion: Yes, it is divisible down to 8 decimal places.

4) Does it have a self life?
Bitcoin: Yes bitcoins can be stored indefinitely without affecting their value.

5) Was it created by GOD?  (Example Silver / Gold )

Bitcoin: Well this is were I need advice. Gold and silver are considered GOOD money because it can be argued that they were made by the creator and have intrinsic value, unlike paper money which has a value assigned by man, not the creator.
I mean GOLD/SILVER have been in play since maybe after the Stone Age Era or something when we got a little more civil.


Can one ascribe creation to the prime numbers that bitcoins are based on? Is the prime number 11 any more real than a larger prime number such as 99194853094755497, both can be written in physical form, have always existed and are unique.
Risk Mgmt
Member
**
Offline Offline

Activity: 158
Merit: 16


View Profile
January 08, 2016, 10:11:34 PM
 #11

Problem with BitCoin ~~> just like paper silver/gold ....someone can dilute...someone got that source code
Come-from-Beyond
Legendary
*
Offline Offline

Activity: 2128
Merit: 1009

Newbie


View Profile
January 08, 2016, 10:18:16 PM
 #12

Feel free to point me to any publication that will explain to me another way of doing it. Since you are about to launch, I assume these details have already been sorted out and thus you should have no trouble providing the details.

I will certain mea culpa if you have found a solution. But I am 99% sure you have not. Once you provide the detailed publication, I can zero in on detailing to you what is your flaw. Or mea culpa if you've discovered something I didn't anticipate.

Note the above quote is a simplified way of stating the many possible ways I've analyzed how a DAG might work, so even if you are doing something slightly different from your pespective, I think I will have already considered what you are doing (I didn't want to write a book here).

99% is fine, I thought you had been sure on 100%, this is why I made the post.
Risk Mgmt
Member
**
Offline Offline

Activity: 158
Merit: 16


View Profile
January 08, 2016, 10:21:27 PM
 #13

Dear TPTB

Sent you MESSAGE and link to source ...may shed some light.

GOLD/SILIVER    vs PETRO DOLLAR
GOLD/SILVER    VS FIAT CURRENCIES
GOLD/SILVER      VS BITCOIN


History says....GOLD/SILVER  (Not paperstuff) will prevail.
TPTB_need_war
Sr. Member
****
Offline Offline

Activity: 420
Merit: 255


View Profile
January 08, 2016, 10:41:58 PM
 #14

CURRENT KNOWN GOOD Money or MONEY AS known to mankind from history
 has the following properties, does bitcoin also have these properties?

1) It is in abundance in the market place?
Bitcoin: Yes,  millions/billions in existence and more are being created each day.

2) Is it recognized and accepted by merchants?
Bitcoin: Yes, there are an increasing number of market participants and merchants accepting bitcoin.

3) Is it divisible?
Bitcion: Yes, it is divisible down to 8 decimal places.

4) Does it have a self life?
Bitcoin: Yes bitcoins can be stored indefinitely without affecting their value.

5) Was it created by GOD?  (Example Silver / Gold )

My upthread argument is that if Bitcoin loses DECENTRALIZATION then it no longer has the autonomous property of cash. Thus it loses much of its advantages as compared to fiat currency.

Also realize that DECENTRALIZATION is a key aspect to gaining adoption, because no one is going to trust it (e.g. have a self life / store-of-value function) if they think some group can take control of the coin. This is why I think Proof-of-Stake coins can never gain wide adoption.

Proof-of-work has a better chance because it requires 50% control to fail (or as low as 25 - 35% with selfish mining). But as I explained upthread, Proof-of-work is also failing economically because it costs $16 per transaction in electricity to mine it and mining is becoming ever more and more centralized over time. I have proposed some ideas to improve these problems (potentially fix them).

Please let's not enter a God discussion in this thread. My fault for writing "666" but that is just a short-hand for what I am trying to convey, not necessarily meaning I subscribe to a a divine outcome. I just see the world creeping towards what is described in Revelation, but that doesn't mean I need to add religion. I'd prefer to leave all the religion aside. I am just trying to figure out what is technically possible and thus where we are headed as a world. Trying my best to find my role in all of this. Please again, do not consume my scarce time with the God stuff. Thanks. Bitcoin was created by God, lol.

Please no wild theories stuff in this thread about unicorns, UFOs, Petrodollars, etc.. This is altcoin discussion. Okay my fault for claiming Bitcoin is a Trojan Horse, but I am not tying that into God, Petrodollars, etc.. I am just stating that technically Bitcoin can't be totally centralized and controlled without global coordinated control over the internet, yet simultaneously Bitcoin threatens the nation-state fiats and traditional banking sector thus apparently forcing those sectors to look to world governance as a solution to maintain their hegemony. Thus Bitcoin looks like a Trojan Horse to me. But that is a wild theory and thus my fault for inciting the tangential discussion.

TPTB_need_war
Sr. Member
****
Offline Offline

Activity: 420
Merit: 255


View Profile
January 08, 2016, 11:18:47 PM
Last edit: January 09, 2016, 10:31:57 AM by TPTB_need_war
 #15

Feel free to point me to any publication that will explain to me another way of doing it. Since you are about to launch, I assume these details have already been sorted out and thus you should have no trouble providing the details.

I will certain mea culpa if you have found a solution. But I am 99% sure you have not. Once you provide the detailed publication, I can zero in on detailing to you what is your flaw. Or mea culpa if you've discovered something I didn't anticipate.

Note the above quote is a simplified way of stating the many possible ways I've analyzed how a DAG might work, so even if you are doing something slightly different from your pespective, I think I will have already considered what you are doing (I didn't want to write a book here).

99% is fine, I thought you had been sure on 100%, this is why I made the post.

I did forget to mention on the DAG post, that PoW can be aggregated along with each transaction so that the chain of the DAG with the longest PoW is the unambiguous consensus authority (probably what you mean by "energy" in quoted post below). Then it is a variant of what I proposed as an idea of improving on Satoshi's PoW scheme.

Nevertheless I can't see that this variant has any advantages over the one I am contemplating that uses blocks. For example, you I think wrote before that Iota can't expand the money supply thus the supply of coins will shrink to zero as users lose passwords over time (apparently Bitcoin and all Proof-of-Stake coins have this same flaw, but not all PoW coins have this flaw). And this will become a serious problem with microtransaction coins because many users will be frivolous. Intense deflation is very destructive to currency.

Also as I had mentioned to you in the past in one of the other threads, there is no force driving consensus. It is possible for cliques to decide it is in their advantage to race each other rather than provide clarity by referencing each other (say for example each clique controls roughly the same amount of hashrate). Whereas, blocks force that there can be only one global partition. And I don't see what advantage getting rid of the blocks provides? There are ways to achieve instant transactions and scaling with blocks. With blocks the calculation of irreversibility is more concrete than with DAG. DAG can't guarantee it will always converge quickly thus it doesn't really guarantee instant transactions, yet once it converges then it might be able to "confirm" a transaction faster than blocks (but I not sure about that since Bitcoin's block period could be reduced if not so much data needs to be sent on block announcement so that orphan rate won't be a concern).

I don't see the advantage since full nodes in Iota will still need to watch all the global transactions if they wish to converge on a single longest chain. And if not then chaos and double-spends on multiple partitions.

What am I missing?

What about "energy as money"? The law of energy conservation won't allow to doublespend. And mining is solved in an elegant way - one needs to generate energy instead of wasting it on number crunching...

Come-from-Beyond
Legendary
*
Offline Offline

Activity: 2128
Merit: 1009

Newbie


View Profile
January 08, 2016, 11:35:22 PM
 #16

And I don't see what advantage getting rid of the blocks provides?

Relaxed requirement for "P" part of CAP.


There are ways to achieve instant transactions and scaling with blocks.

Without violating CAP? How?


What am I missing?

Incentives (e.g. economic ones) outside of the model.
monsterer
Legendary
*
Offline Offline

Activity: 1008
Merit: 1000


View Profile
January 08, 2016, 11:40:01 PM
 #17

The CAP theorem is fundamental. There will be no way to solve it. You all can spend the next 1000 years fooling yourself will all sorts of designs, but they will also end up either inconsistent or centralized or unable to scale. PERIOD. PERIOD.

I feel completely relaxed about leaving out partition tolerance in consensus design; it is trivially obvious that there can be no consensus between parties that never have contact with each other.
Come-from-Beyond
Legendary
*
Offline Offline

Activity: 2128
Merit: 1009

Newbie


View Profile
January 08, 2016, 11:41:38 PM
 #18

I feel completely relaxed about leaving out partition tolerance in consensus design; it is trivially obvious that there can be no consensus between parties that never have contact with each other.

Do you mean any kind of contact or only direct one?
monsterer
Legendary
*
Offline Offline

Activity: 1008
Merit: 1000


View Profile
January 08, 2016, 11:46:29 PM
 #19

I feel completely relaxed about leaving out partition tolerance in consensus design; it is trivially obvious that there can be no consensus between parties that never have contact with each other.

Do you mean any kind of contact or only direct one?

To me, bitcoin's approach of longest chain rule is perfectly acceptable.
TPTB_need_war
Sr. Member
****
Offline Offline

Activity: 420
Merit: 255


View Profile
January 08, 2016, 11:47:10 PM
 #20

The CAP theorem is fundamental. There will be no way to solve it. You all can spend the next 1000 years fooling yourself will all sorts of designs, but they will also end up either inconsistent or centralized or unable to scale. PERIOD. PERIOD.

I feel completely relaxed about leaving out partition tolerance in consensus design; it is trivially obvious that there can be no consensus between parties that never have contact with each other.


Well I agreed with Fuseleer that Partitions can be created (for example those who will never have contact with each other or other scenarios), but this doesn't change the problem that consensus still needs to be attained within each partition and a global consensus is still needed for those who wish to spend to another partition; and afaics (after all our discussion and analysis) consensus will always require PoW or PoS. My prior post illustrated that even DAG requires PoW (yet it forsakes blocks which I think makes it more quirky).

Pages: [1] 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 ... 64 »
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!