DECENTRALIZED crypto currency (including Bitcoin) is a delusion (any solutions?)

[Come-from-Beyond]

The complexity is in the external entropy of the game theory.

What is "external entropy of the game theory"? Was it defined upthread?

[1713951311]

1713951311

[1713951311]

1713951311

[1713951311]

1713951311

[1713951311]

1713951311

[1713951311]

1713951311

[TPTB_need_war]

The means the same transaction can appear every where as spam unless you redo the PoW. I read below you redo the PoW.

So how is this not a jamming attack then? You are forcing users to redo work. The attacker can use botnets. So then you will need to farm PoW out to centralized ASICS, so  now you've become centralized same as Bitcoin.

No matter which direction you go, you will end up at centralization.

If transaction propagation is fast then you have to release the doublespending transaction very soon invalidating work of only a few other transactions. If transaction propagation is slow then only few other transactions will reference your transactions (because majority will see none of your transactions). Looks like you can fool only a little part of nodes in any case. A botnet won't help, when Iota hits IoT industry even several botnets will barely take 1% of total hashpower. In addition, Iota doesn't use Bitcoin topology, it mimics meshnets making it impossible to connect to majority of the nodes to conduct attacks easier.

The point of the botnet is relative costs, not relative total system hashrate. Afaics, this attack doesn't require any percentage of the total system hashrate. From there, afaics all my prior conclusions logically follow.

I need to go run an errand. Be back later or next day. Thanks.

[Come-from-Beyond]

The point of the botnet is relative costs, not relative total system hashrate. Afaics, this attack doesn't require any percentage of the total system hashrate. From there, afaics all my prior conclusions follow.

Ask yourself, what odds that your transaction is referenced if there are 99 other transactions awaiting approval too. Percentage does matter for an attack to have an effect. There will always be legit transactions that are ignored and that need to be re-issued, maybe even several times. Your contribution will change nothing.

[TPTB_need_war]

The complexity is in the external entropy of the game theory.

What is "external entropy of the game theory"? Was it defined upthread?

It is the entropy or Kolmogorov complexity of all possible selection algorithms and the game theory of when to use them. It might even be infinite. There is no way to prove I think. This is a result of not having a single LCR. Thus your algorithm is open to unbounded probabilities analysis.

[TPTB_need_war]

Let me interject a post here for layman to see I can try to explain what CfB and I are discussing about. This won't be comprehensive, just quickly off-the-top-of-my-head.

As monsterer was incorrectly doing, someone coming from analyzing a Satoshi block chain will tend to view a DAG as a plurality of block chains that are interleaved. And they will tend to analyze the security from that incorrect perspective. Even that was my first inclination. Since I've been analyzing my own consensus designs in painstaking detail, I have grown more accustomed to thinking about these matters such that I can quickly understand that a DAG can't be modeled the same way as Satohi's design.

Rather (the math dictates that) a DAG can only be analyzed according the selection rule that payers employ to choose which (two in Iota's case) transactions they point back to from their new transactions. The Iota white paper enumerates a few possible selection algorithms, but it can't be comprehensive because it would require perhaps up to infinite pages to enumerate. And payees play a role also because they decide which probabilistic calculation to trust in terms of the probability that their payment won't be reversed by a double-spend. An added wrinkle which further explodes the complexity is that payers and payees can not be controlled and can use what ever probabilistic algorithm they want (not necessarily the one chosen for them in Iota's default client) because there is no way to enforce this. So we have to add the game theories of what payers and payees might be incentivized to do from the myriad of possibilities of the interplay of all these factors. The complexity is unfathomable. I can't even wrap my head around all those possibilities (and I doubt anyone can) and yet I have already in one day alleged a new flaw that apparently the creators were not aware of before?

In Satohi's design, the selection rule of which transactions to include is only one possibility. That is a block of transactions. And the confirmation rule is the single Poisson distribution probabilistic calculation in Satoshi's white paper. Thus we are able to analyze and prove the performance of Satoshi's PoW. With a DAG, I doubt we can ever prove anything. We can just hope it won't blow up. Sorry but that is not acceptable for money.

From this, you can see why I say no design that doesn't use a block chain will work. I can imagine all the myriad of special cases Fuserleer has been rummaging through and he still won't catch all of them, because without a LCR (single longest chain rule) the number of special cases is unbounded. And this is why I needed all the details of Fuserleer's design, because I can't rely on his own interpretation of what is important to convey in a summary of his design. I have to think for myself the flaws he hasn't found and for that I need all the details.

The distinction is precisely that in Satoshi's design we have a single reference point which is the LCR, which is our clock. And these block less designs we have no reference point, so the possibilities are unbounded in potential complexity.

It is just math.

[TPTB_need_war]

The point of the botnet is relative costs, not relative total system hashrate. Afaics, this attack doesn't require any percentage of the total system hashrate. From there, afaics all my prior conclusions follow.

Ask yourself, what odds that your transaction is referenced if there are 99 other transactions awaiting approval too. Percentage does matter for an attack to have an effect. There will always be legit transactions that are ignored and that need to be re-issued, maybe even several times. Your contribution will change nothing.

If the attack is profitable, the attacker can buy as many botnets as are available on the market. There will probably be hacks on IoT devices too. More devices, more bots.

One way to profit is to short the coin.

Sorry it is looking pretty bleak. I warned you of this when you first announced. So please don't get pissed off. You could have paid me to analyze for you sooner. You could have partnered with me instead.

So many people bitching and complaining about me, yet they don't realize maybe they better start to see me as an important ally instead.

First they ignore you, then they fight you, then they join you.

[r0ach]

It's funny you made this thread now because this is all I've been talking about lately.  The ironic part is, you list all these theoretical attacks that only Bitcoin insiders who sat here and looked at the stuff for hours can think up, but it really doesn't take anywhere close to that much brain power to know what we're dealing with.  Unless you can toss the blockchain up and have it function like a virus with no outside intervention for security updates, etc, then they're all going to be centralized systems straight out of the gate.

These are distributed but not decentralized coins.  We're all basically just investing in shares of Mozilla.  Since Come-from-Beyond's English is a little crazy and he speaks in riddles, maybe he can be a slightly less desirable browser like Opera.

Once you take all these systems to their end game conclusion, Bitcoin with PoW for instance, if it was to become world reserve currency, nation states who already have a bunch of economic treaties with each other are not going to sit there hashing megatons of coal with the sole goal being to prevent Keynesianism.  It's just a laughable thought, and no economy that big is going to exist outside of nation states.  The act of them existing would cause first world governments to implode into something resembling Kevin Costner's Waterworld, while the ultra-authoritarian powers like North Korea would be the last existing and just come along raping everyone.

This is one of the reasons I had an interest in Bitshares before, because it's inevitable these systems will converge with government or rule of law.  Once these systems do converge with governments, they will simply adopt a system like DPoS, appoint each member of the UN or other entity as delegates, and case closed.  So now you ask, why would I be interested in crypto at all if this is what's going to happen?  Because I believe "the" ledger that this eventually occurs to will most likely retain it's finite coin count and resemble something Austrian in nature, possibly killing fractional reserve if everything is done on-chain as well.  

In other words, it's hard to make something worse than what we have now, and if it seems likely to happen, you can either front run it, go move out in the middle of the woods somewhere, or front run it so you can make enough money to then go live out in the middle of the woods.

[sidhujag]

It's funny you made this thread now because this is all I've been talking about lately.  The ironic part is, you list all these theoretical attacks that only Bitcoin insiders who have sat here and looked at the stuff for hours can think up, but it really doesn't take anywhere close to that much brain power to know what we're dealing with.  Unless you can toss the blockchain up and have it function like a virus with no outside intervention for security updates, etc, then they're all going to be centralized systems straight out of the gate.

These are distributed but not decentralized coins.  We're all basically just investing in shares of Mozilla.  Since Come-from-Beyond's English is a little crazy and he speaks in riddles, maybe he can be a slightly less desirable browser like Opera.

There is a reason to not hang up the coat though....continued

And to this day I still prefer opera or firefox over netscape or ie..

Seems annonymint is right that you need longing chain for this to work because otherwise there isnt enough computational power to even detect if a system is deterministic or not.

About totally being decentralized we will never achieve that because the systems it is designed around downto the packet level will always allow for a weak link.. i guess regulation of these technologies so they can hit mass market was the cause of this to prevent anarchy.

[monsterer]

I skipped deep understanding of it and just noted it was for defeating lie-in-wait attack chains

Let me furnish you with a deep understanding of this monte carlo sampling technique; for the uninitiated, monte carlo sampling is a technique which takes a very complex data set, and samples it at random locations in order to build a probabilistic model for the truth of the underlying system, which may itself be intractable to process directly.

An example, here is a monte carlo rendering of a scene at an increasing number of samples:



The idea being that this sampling process is orders of magnitude faster than processing the full data set (in this image, it would be fully raytracing the entire scene, with multiple light bounces / radiosity etc).

In Iota, this technique is simply used to find the tips with the most cumulative weight (as I have been saying all along) but without having to process the entire set of transactions all the way back to genesis from every tip, which would be too slow. This is their game theoretically optimal choice as participants who want timely confirmation of their transactions.

TLDR; Iota uses monte carlo sampling to find the tips with the most cumulative weight in order to decide where to extend the DAG.

[monsterer]

How do you know they won't be double-spent later. Duh. That is the entire point of building a long chain of cumulative PoW so the confirmation is probabilistically more assured. I already wrote this in the prior post.

A to Z are transactions. A is the double spend, there are two competing chains. Here is some sequencing using a deterministic, recursive, longest chain of POW ordering:

Time period X:

Code:

Chain 1:    A<-B<-C
Chain 2: D<-A<-E<-F<-G

Order of transaction application:

D,A (chain 2), A (chain 1, invalid so not applied), E, B, F, C, G

Time period Y:

Code:

Chain 1:    A<-B<-C<-X-<-Y<-Z<-W
Chain 2: D<-A<-E<-F<-G

Order of transaction application:

D,A (chain 1), A (chain 2, invalid not applied), B, E, C, F, X, G, Y, Z, W

Notice how the only transaction which cannot be applied is A in the weaker chain, in both instances? None of the other transactions get invalidated and neither chain is orphaned at any time.

Notice additionally, that the change in chain priority does not affect the relative sequencing of B,C,E,F?
Notice additionally, that the change in chain priority does not affect the temporal sequencing of either chain individually?

All trustless cryptocurrency attempts to achieve is to provide a global ordering for transactions. That's it.

(disclaimer, this is not a description of how Iota works, but a generalisation in DAG/tree transaction ordering)

[Come-from-Beyond]

Let me interject a post here for layman to see I can try to explain what CfB and I are discussing about. This won't be comprehensive, just quickly off-the-top-of-my-head.

As monsterer was incorrectly doing, someone coming from analyzing a Satoshi block chain will tend to view a DAG as a plurality of block chains that are interleaved. And they will tend to analyze the security from that incorrect perspective. Even that was my first inclination. Since I've been analyzing my own consensus designs in painstaking detail, I have grown more accustomed to thinking about these matters such that I can quickly understand that a DAG can't be modeled the same way as Satohi's design.

Rather (the math dictates that) a DAG can only be analyzed according the selection rule that payers employ to choose which (two in Iota's case) transactions they point back to from their new transactions. The Iota white paper enumerates a few possible selection algorithms, but it can't be comprehensive because it would require perhaps up to infinite pages to enumerate. And payees play a role also because they decide which probabilistic calculation to trust in terms of the probability that their payment won't be reversed by a double-spend. An added wrinkle which further explodes the complexity is that payers and payees can not be controlled and can use what ever probabilistic algorithm they want (not necessarily the one chosen for them in Iota's default client) because there is no way to enforce this. So we have to add the game theories of what payers and payees might be incentivized to do from the myriad of possibilities of the interplay of all these factors. The complexity is unfathomable. I can't even wrap my head around all those possibilities (and I doubt anyone can) and yet I have already in one day alleged a new flaw that apparently the creators were not aware of before?

In Satohi's design, the selection rule of which transactions to include is only one possibility. That is a block of transactions. And the confirmation rule is the single Poisson distribution probabilistic calculation in Satoshi's white paper. Thus we are able to analyze and prove the performance of Satoshi's PoW. With a DAG, I doubt we can ever prove anything. We can just hope it won't blow up. Sorry but that is not acceptable for money.

From this, you can see why I say no design that doesn't use a block chain will work. I can imagine all the myriad of special cases Fuserleer has been rummaging through and he still won't catch all of them, because without a LCR (single longest chain rule) the number of special cases is unbounded. And this is why I needed all the details of Fuserleer's design, because I can't rely on his own interpretation of what is important to convey in a summary of his design. I have to think for myself the flaws he hasn't found and for that I need all the details.

The distinction is precisely that in Satoshi's design we have a single reference point which is the LCR, which is our clock. And these block less designs we have no reference point, so the possibilities are unbounded in potential complexity.

It is just math.

Unfortunatelly, your math doesn't contain math notation. It's more philosophy than math. I can't imagine how philosophy would look.

If seriously, Bitcoin forks showed that game theory can't be ignored. For instance, one of the latest forks happened because half of miners didn't have full blockchain. They were sticking to LCR but failed. What does this say to us? It says your math is flawed, doesn't it?

[Come-from-Beyond]

If the attack is profitable, the attacker can buy as many botnets as are available on the market. There will probably be hacks on IoT devices too. More devices, more bots.

What does this change?

[TPTB_need_war]

Reading my newest thread in Altcoin Discussion reveals that none of the other designs improve upon Bitcoin in terms of the decentralization, permissionless attribute. And I strongly expect that designs without a block chain (Iota and eMunie) will be proven fundamentally flawed.

Open-transactions anyone?  

Hey n00b, this white paper is nonsense because no where does it mention "double spend". My comment included the requirement for decentralization. The entire OpenTransactions concept is flawed. I had long ago critiqued it. It is crying shame to see someone waste so much effort implementing something that was not even well researched. Sigh.

[Come-from-Beyond]

Hey n00b, this white paper is nonsense because no where does it mention "double spend". The entire concept is flawed. It is crying shame to see someone waste so much effort implementing something that was not even well researched. Sigh.

I suggested to make this thread self-moderated to keep the discussion civilized. It was acceptable while you were doing bold claims and bragging, but name calling is a little bit too much...

[TPTB_need_war]

Hey n00b, this white paper is nonsense because no where does it mention "double spend". The entire concept is flawed. It is crying shame to see someone waste so much effort implementing something that was not even well researched. Sigh.

I suggested to make this thread self-moderated to keep the discussion civilized. It was acceptable while you were doing bold claims and bragging, but name calling is a little bit too much...

That was a factual statement. He is a n00b as proven by his inability to even comprehend what he was rolling his eyes about.

His post was not in this thread, but it pertains to this thread. So I replied to it here.

Don't be a B lister and conflate fact and ego. That eludication was upthread.

[Come-from-Beyond]

That was a factual statement. He is a n00b as proven by his inability to even comprehend what he was rolling his eyes about.

His post was not in this thread, but it pertains to this thread. So I replied to it here.

Don't be a B lister and conflate fact and ego.

I won't argue about this. I'm going into read-only mode until the quality of this thread comes to a higher level.

[TPTB_need_war]

That was a factual statement. He is a n00b as proven by his inability to even comprehend what he was rolling his eyes about.

His post was not in this thread, but it pertains to this thread. So I replied to it here.

Don't be a B lister and conflate fact and ego. That eludication was upthread.

I won't argue about this. I'm going into read-only mode until the quality of this thread comes to a higher level.

Typical B lister behavior. Now you pout/sulk about reality.

I am "blithely unconcerned that a bystander might think I’m egotistical" or that my comment is uncivil. His rolling eyes was uncivil and all  I spoke are facts. Facts seems to bother you. What am I supposed to refer to him as, "expert", "concerned cordial commentator", ... none of those would be factual. Factual is he demonstrated he is a n00b. He also demonstrated that he is an uncivil asshole with the rolling eyes, but I didn't go that far to be totally uncordial. I attempted to maintain a balance between civility and a hand-slap for his Dunning-Kruger asshole-like posting (in this thread, but in the other thread where he posted, I called him an idiot which is my opinion).

By responding about the single word "n00b" you make a mountain out of a molehill, you create several noise posts, and turn the thread into a noisy female bitch slapping event.

I don't need to justify my behavior. I will not make an explanation like this again to try to explain to B listers why it is their weakness, not mine.

[TPTB_need_war]

If the attack is profitable, the attacker can buy as many botnets as are available on the market. There will probably be hacks on IoT devices too. More devices, more bots.

What does this change?

The attack I described appears to be instead of an all-or-nothing race to be the longest chain competing against the entire network hashrate as considered in the attack models of your white paper, rather a fine-grained attack that can work at any percentage of the network hashrate with increasing deleterious effect.

Also remember my main point is the general one, which is the unprovable nature of the security model.

[TPTB_need_war]

Let me interject a post here for layman to see I can try to explain what CfB and I are discussing about. This won't be comprehensive, just quickly off-the-top-of-my-head.

As monsterer was incorrectly doing, someone coming from analyzing a Satoshi block chain will tend to view a DAG as a plurality of block chains that are interleaved. And they will tend to analyze the security from that incorrect perspective. Even that was my first inclination. Since I've been analyzing my own consensus designs in painstaking detail, I have grown more accustomed to thinking about these matters such that I can quickly understand that a DAG can't be modeled the same way as Satohi's design.

Rather (the math dictates that) a DAG can only be analyzed according the selection rule that payers employ to choose which (two in Iota's case) transactions they point back to from their new transactions. The Iota white paper enumerates a few possible selection algorithms, but it can't be comprehensive because it would require perhaps up to infinite pages to enumerate. And payees play a role also because they decide which probabilistic calculation to trust in terms of the probability that their payment won't be reversed by a double-spend. An added wrinkle which further explodes the complexity is that payers and payees can not be controlled and can use what ever probabilistic algorithm they want (not necessarily the one chosen for them in Iota's default client) because there is no way to enforce this. So we have to add the game theories of what payers and payees might be incentivized to do from the myriad of possibilities of the interplay of all these factors. The complexity is unfathomable. I can't even wrap my head around all those possibilities (and I doubt anyone can) and yet I have already in one day alleged a new flaw that apparently the creators were not aware of before?

In Satohi's design, the selection rule of which transactions to include is only one possibility. That is a block of transactions. And the confirmation rule is the single Poisson distribution probabilistic calculation in Satoshi's white paper. Thus we are able to analyze and prove the performance of Satoshi's PoW. With a DAG, I doubt we can ever prove anything. We can just hope it won't blow up. Sorry but that is not acceptable for money.

From this, you can see why I say no design that doesn't use a block chain will work. I can imagine all the myriad of special cases Fuserleer has been rummaging through and he still won't catch all of them, because without a LCR (single longest chain rule) the number of special cases is unbounded. And this is why I needed all the details of Fuserleer's design, because I can't rely on his own interpretation of what is important to convey in a summary of his design. I have to think for myself the flaws he hasn't found and for that I need all the details.

The distinction is precisely that in Satoshi's design we have a single reference point which is the LCR, which is our clock. And these block less designs we have no reference point, so the possibilities are unbounded in potential complexity.

It is just math.

Unfortunatelly, your math doesn't contain math notation. It's more philosophy than math. I can't imagine how philosophy would look.

If seriously, Bitcoin forks showed that game theory can't be ignored. For instance, one of the latest forks happened because half of miners didn't have full blockchain. They were sticking to LCR but failed. What does this say to us? It says your math is flawed, doesn't it?

You are confusing and conflating CATEGORICALLY separate concerns. As you may know, separation-of-concerns is a critically important paradigm in computer science. In other words, you have a category or ontological error in your response.

Forking in Satoshi's design is tolerated by the protocol. The longest chain wins. Those miners who cheated on verification in order to propagate faster suffered economically by losing block rewards. The protocol security model worked as expected with the correct incentives. The only danger would be due to the Anti-fragile centralization in Satoshi's design, which is what my design attempts to fix.

So the key point is that the recent Bitcoin event was not a protocol violation, because the provable security of the longest chain rule was not violated and the economics of the protocol were not gamed in any way that the single understanding of the protocol expects.

Whereas, a DAG has an unprovable protocol security! Because there is no single characterization of the security or protocol. The protocol and security is unbounded in complexity. Yikes.

If you can't translate the words above into a mathematical understanding, I am sure someone can formalize it for you in the future. I know though you are just being facetious and insincere when you pretend to not understand.

[monsterer]

@Come-from-Beyond in Iota, do branches ever get orphaned? The whitepaper isn't clear on this.

edit: If they do, under what circumstances?