DECENTRALIZED crypto currency (including Bitcoin) is a delusion (any solutions?)

[TPTB_need_war]

Centralization is killing Bitcoin, just as I was warning in 2013 and everyone said I was crazy.

Although Bitcoin has a serious scaling and Tragedy of the Commons issues, which is arguably stalling it. Note those are paradigmatic issues I am working on.

http://www.coindesk.com/scalability-debate-bitcoin-xt-proposal-stalls/

"Bitcoin can't be credibly described any longer as a decentralised system. In how it operates and how much influence users and merchants have, it is indistinguishable from any other proprietary payment network," he argued.

https://www.cryptocoinsnews.com/mike-hearn-says-bitcoin-has-failed-and-sees-a-price-plunge-in-the-future/

"The fundamentals are broken"

“the block chain is controlled by Chinese miners, just two of whom control more than 50% of the hash power.”

“Imagine an entire country connected to the rest of the world by cheap hotel wifi, and you’ve got the picture. Right now, the Chinese miners are able to — just about — maintain their connection to the global internet and claim the 25 BTC reward ($11,000) that each block they create gives them. But if the Bitcoin network got more popular, they fear taking part would get too difficult and they’d lose their income stream. This gives them a perverse financial incentive to actually try and stop Bitcoin becoming popular.”

Mike Hearn is now lead platform engineer at R3 after joining the startup in November 2015. R3 is a New York-based startup that leads a consortium of 42 global banks pooling in their resources to focus on the potential of blockchain technology for the financial industry.

[1713997375]

1713997375

[1713997375]

1713997375

[Come-from-Beyond]

Argumentum ad verecundiam (Hearn) is not a kind of an argument we expect in such thread.

[TPTB_need_war]

Argumentum ad verecundiam (Hearn) is not a kind of an argument we expect in such thread.

I am not appealing to his authority and I in fact criticized him by quoting the part about he is working for/with 42 big banks, which says something about his motives and biases.

However it is a fact that what he says about China controlling Bitcoin mining and this having potentially very negative impacts. Whether you want the block size to increase or stay the same, you can't argue that is decentralization when miners in China will decide for the rest of the world.

And the "fundamentals are broken" in numerous ways.

It will get very interesting when the block reward halves this year. If the price doesn't move up, the Chinese miners might start extracting high transaction fees. By constraining the protocol block size (by refusing to adopt large block sizes and controlling 51% of the PoW), they can do this without causing the market to think Bitcoin has fallen to an attack. Otherwise they'd need to do an active 51% attack on the longest chain to enforce higher transaction fees. But really it is no distinction and Bitcoin has already fallen to a 51% attack.  

Edit: what Hearn has discovered is what the upthread discussion between CoinCube and I concluded. That is the world government and he and his bankster buddies want can't be obtained with centralization of mining. They will be forced to admit to decentralization, else everything fails (Dark Age).

[Come-from-Beyond]

However it is a fact that what he says about China controlling Bitcoin mining and this having potentially very negative impacts.

China controlling Bitcoin mining is not an argument. China is 20% of the population, not surprising that China outnumbers here. One could claim that Bitcoin is completely centralized because Earth controls 100% of its hashing power.

[TPTB_need_war]

However it is a fact that what he says about China controlling Bitcoin mining and this having potentially very negative impacts.

China controlling Bitcoin mining is not an argument. China is 20% of the population, not surprising that China outnumbers here. One could claim that Bitcoin is completely centralized because Earth controls 100% of its hashing power.

If what you wrote were logical, then decentralization would always be the same as centralization.

Decentralization is where the decision making power is spread out to as many actors as possible. A few miners in China making the decisions for all the users of Bitcoin, is not decentralization. You are conceptually conflating the sham of representative democracy (or in this case taxation without representation because we don't even get the illusion of voting) with decentralization.

[Come-from-Beyond]

If what you wrote were logical, then decentralization would always be the same as centralization.

Decentralization is where the decision making power is spread out to as many actors as possible. A few miners in China making the decisions for all the users of Bitcoin, is not decentralization. You are conceptually conflating the sham of representative democracy (or in this case taxation without representation because we don't even get the illusion of voting) with decentralization.

I recall those days when GHash.io was controlling 51% and people were saying that it's not decentralization, because miners will leave the pool should it abuse its power. Are you sure it's few miners making decisions, not few pool operators?

[TPTB_need_war]

If what you wrote were logical, then decentralization would always be the same as centralization.

Decentralization is where the decision making power is spread out to as many actors as possible. A few miners in China making the decisions for all the users of Bitcoin, is not decentralization. You are conceptually conflating the sham of representative democracy (or in this case taxation without representation because we don't even get the illusion of voting) with decentralization.

I recall those days when GHash.io was controlling 51% and people were saying that it's not decentralization, because miners will leave the pool should it abuse its power. Are you sure it's few miners making decisions, not few pool operators?

As I explained upthread, moving between pools doesn't necessarily enable decentralization, because marginal cost of mining will dictate that miners MUST seek out a pool with significant portion of the system PoW hashrate, otherwise the miner will be unprofitable. For the professional miners not at the margins of profitability, they are already centralization.

Even the Chinese claim their mining is highly concentrated by pools not by each miner, and observe how the Chinese government was able to force those pools to adopt a policy of not supporting a block chain increase.

[Come-from-Beyond]

As I explained upthread, moving between pools doesn't necessarily enable decentralization, because marginal cost of mining will dictate that miners MUST seek out a pool with significant portion of the system PoW hashrate, otherwise the miner will be unprofitable. For the professional miners not at the margins of profitability, they are already centralization.

Well, I don't have numbers on profitability of mining, will stop this dispute.

[TPTB_need_war]

As I explained upthread, moving between pools doesn't necessarily enable decentralization, because marginal cost of mining will dictate that miners MUST seek out a pool with significant portion of the system PoW hashrate, otherwise the miner will be unprofitable. For the professional miners not at the margins of profitability, they are already centralization.

Well, I don't have numbers on profitability of mining, will stop this dispute.

I believe it can be shown to be a insoluble mathematical fact that the distribution of profitability of mining will not be uniform and will be more Gaussian-shaped distributed. Thus the more decentralized the miners (in a mining for profit design such as Satoshi's design), the greater the need for the additional profitability of less variance of rewards.

[TPTB_need_war]

Daniel Larimer @ Bitshares is now stating our point that PoS is a one time resource cost:

If we are going to talk about the benefits of proof-of-work, then it helps to have a useful definition of work. In terms of physics, work is defined as power X time.

In proof-of-stake systems we only have power, aka stake.

But then he goes loony creating futures contracts so that mining can be centralized to whom ever can effectively lend long-term and borrow short-term:

I would like you to consider that committing to hold a token for a period of time in the future is work. No one gives up liquidity or locks funds up without expecting interest. The value of the interest paid is therefore proportional to the work required to earn it.

He is essentially trying to create a coin with 0 liquidity.

And his points about voting and politics seem to be unaware of the design I am proposing in this thread. Appears he had discovered that politics and centralization are negatives in his DPOS design, so now he reaches into his closet-Keynesian Bag-O-Tricks for another sloppy slurp.

[monsterer]

If you keep using "orphaned" talking about DAG you'll never get the core idea of this new concept. Even those transactions that reference "double-spends" are useful, because they also reference legit transactions. I'll repeat again, if you send a normal payment and a double-spending then you increase security of the system. Validation of transactions is similar to https://en.wikipedia.org/wiki/Billet_reading, you mess with very young transactions but secure elder ones.

Sorry, I wasn't clear enough - I was not referring to any DAG design at all, not related to Iota. The design I had in mind is a tree, but for all intents and purposes, it might as well be linear.

[TPTB_need_war]

Mike Hearn has an interesting new article on some of the failures of Bitcoin...

https://medium.com/@octskyward/the-resolution-of-the-bitcoin-experiment-dabb30201f7

He makes some very valid points and he is of course right about the negative impacts of the 1 MB blocksize. He is also correct in saying the "bloat" is not the issue, in fact the small blocksize in Bitcoin may have led to the massive concentration of the Bitcoin hash rate in China effectively allowing the Government of China to control Bitcoin. On the other hand I do not agree at all with the criticism of people such as Gregory Maxwell, who I must say has also made many very valid points on the matter of scaling Bitcoin. The simple reality is that the Bytecoin solution of adaptive blocksize limits without a tail emission is also a prescription for disaster.

The problem with Bitcoin is that nobody has found and it may well be impossible to find a way to develop a fee market, in the, absence of a block subsidy, that does not over time converge to one of two undesirable results: Fixed blocksize and infinite fees or infinite blocksize and zero fees. Mike Hearn has made a very persuasive argument as to why a fixed blocksize and infinite fees is such an undesirable outcome; however I am sure that Gregory Maxwell can make an equally persuasive argument as to why an infinite blocksize and zero fees is an equally undesirable outcome.

Maybe the real reason why there has not been a solution to Bitcoin blocksize debate is that a solution may in fact not be possible, if one keeps the 21,000,000 maximum number of XBT limit in place, rather than because of the personalities involved.

So in all of this where does Monero stand? Well Monero is the highest capitalization coin that has solved this problem in a pure proof of work coin. My philosophy on this is that when one takes care of the long term the short term will take care of itself. On the other hand focus on the short term and expect grief over the long term. Monero has taken care of the long term, unfortunately Bitcoin and for that matter most other crypto currencies have not.

Excellent insight. The problem of hash concentration could still be something that needs to be smartly tackled. Otherwise XMR has got some pretty solid design for a crypto currency. I am a big believer in PoW but hash concentration is a potential problem (down the road)

On the markets, seeing some minor positive action even at this hour for a change.

The problem of Bitcoin hash concentration in China was paradoxically a direct result of keeping the blocksize small. This happened because ASIC production is most economical in China. With an adaptive blocksize limit in Bitcoin this likely would not have happened since The Great Firewall of China would have placed miners in China at a very significant disadvantage due to latency. This would have forced Chinese ASIC manufacturers to sell their devices for export. The lesson I see here is that a well designed crypto currency will route around censorship and drive mining to those jurisdictions that do not engage in Internet censorship. Monero is way less vulnerable here since it is likely that both China will be the most cost effective place to manufacture electronics and will also continue to censor the Internet.

Well the myth that "bloat" leads to centralization has been debunked.

Edit: Monero has also other ways to mitigate this risk such as an ASIC resistant algorithm, and initiatives such as smart mining; nevertheless I do agree that this risk will need to be addressed and minimized.

We already discussed these issues upthread[1], and I already explained to ArticMine upthread that tail emission (i.e. Monero's erroneously claimed solution) to insure that block rewards do not come entirely from fees, does not solve the Tragedy of the Commons issue w.r.t. to choosing an optimum block size or transaction fee. Apparently he didn't fully understand what I wrote upthread, or I didn't explain my point clearly enough, because he repeats the incorrect information again above after we had already discussed the issue upthread.

The point is that for any given level of block rewards (whether they come from debasement and/or transaction fees is irrelevant!), if the block size is hard-coded in the protocol then there is some level of transaction rate in which mining becomes unprofitable. Also since a miner is paying all transaction fees to himself when he wins a block, he can spam the network with unlimited block sizes if the block size is not hard-coded in the protocol. This is insoluble dilemma that has no solution for as long as PoW mining is profitable. Monero's claimed solution does nothing to resolve the dilemma and thus ArticMine is making an erroneous claim that Monero solved the dilemma.

The only solution is the one in my design, where I make mining unprofitable and thus mining is forced by the protocol and miners can't pay transaction fees to themselves and they also must include a PoW share with each transaction. Iota makes mining unprofitable too, but it doesn't prevent outsourcing of the PoW to ASICSs, thus centralization of the PoW hashing is the threat in Iota[2] because Iota's mathematical model of consensus can't converge without centralized enforced of that model.

My design also solves the concern about centralization of the PoW hash due to the greater efficiency of ASICs, because in my design I explained how using latency is the only way to prevent the PoW from being outsourced to ASICs[mining is unprofitable]. Monero claims that by using a PoW hash designed to be efficient on CPUs that they have solved the problem, but the fact is there is no way to design a PoW hash that is immune to not being more efficiently implemented on an ASIC (which is the concern correctly expressed by tifozi).

Satoshi's design (including Cryptonote coins such as Monero) can't solve these issues. Period. They are all dead ends. My design potentially solves these issues.

However it is a fact that what he says about China controlling Bitcoin mining and this having potentially very negative impacts.

China controlling Bitcoin mining is not an argument. China is 20% of the population, not surprising that China outnumbers here. One could claim that Bitcoin is completely centralized because Earth controls 100% of its hashing power.

If what you wrote were logical, then decentralization would always be the same as centralization.

Decentralization is where the decision making power is spread out to as many actors as possible. A few miners in China making the decisions for all the users of Bitcoin, is not decentralization. You are conceptually conflating the sham of representative democracy (or in this case taxation without representation because we don't even get the illusion of voting) with decentralization.

I recall those days when GHash.io was controlling 51% and people were saying that it's not decentralization, because miners will leave the pool should it abuse its power. Are you sure it's few miners making decisions, not few pool operators?

As I explained upthread, moving between pools doesn't necessarily enable decentralization, because marginal cost of mining will dictate that miners MUST seek out a pool with significant portion of the system PoW hashrate, otherwise the miner will be unprofitable. For the professional miners not at the margins of profitability, they are already centralization.

Even the Chinese claim their mining is highly concentrated by pools not by each miner, and observe how the Chinese government was able to force those pools to adopt a policy of not supporting a block chain increase.

[1]

[...] This paper analyzes the flaws in Bitcoin's algorithm which: * effectively make it centralized over time * limit scalability and transaction rate * cause an irresolvable tension over the ideal block data size * induce a Tragedy of the Commons on the economics of funding mining * deny instant confirmations * allow less than 50% Byzantine fault tolerance (due to selfish mining) I propose a new design to resolve all these issues that retains the core principle of a proof-of-work block chain. Monero ...POW ensures permissionless behaviour PoW doesn't insure permissionless nor decentralized if mining is inherently centralizing. In Satoshi's formulation of it and every other one I have seen, it is. Please for example refer to my prior reply to monsterer. Also the upthread post I made about how adding instant transactions via LN (or any transaction rate scaling) forces further centralization. There are many reasons that Satoshi's design is centralizing. One is for example that mining is profitable, thus there is a competition to drive difficulty higher and higher such that EACH transaction costs ~$10 in electricity (which is currently paid by mining the investors as professional miners who have loans from the oligarchy+banksters mine with huge farms near hydropower at $50 per BTC cost and sell all that they mine). Even if no debasement was paid to miners, they have a monopoly on transactions added to blocks, so they can charge what ever transaction fees they want if they control 51% of the hashrate. It begs for a oligarchy on mining to develop (which is the direction it appears to be headed and normally government steps in with regulation to aid the oligarchy). And increasing the transactions per block also forces centralization, thus furthering a trend towards oligarchy control, so saying cost per transaction will fall as transaction rate increases is only true if the resultant oligarchy decides to go for market share first (perhaps as a longer-term strategy of 666 enslavement and world government trend). Also since mining is only done for profit, then pools are required to deal with huge variance of winning a block for typical (non oligarchy) miners. Pools centralize mining, even if we argue that miners can switch pools, the government can more easily target the pools even if miners switch since by definition there will never be as many pools as miners (not even close). There are many flaws in Satoshi's design which make it entirely broken from my view. I can't support Bitcoin (nor Monero). I support things that I feel enthusiastically could work out well for mankind and be successful. Bitcoin will succeed only because it is fitting in well with the existing oligarchy's (e.g. Peter Thiel) plans for world domination (and that includes that an illusion of decentralization will persist long enough for the centralization to finally take hold). It seems like you have hit an impasse, but without knowing the details of the problem I had thought so, but I think I explained in this thread how to break the impasse I thought I had hit. But I reiterate I will go over all the details when I am offline to see if I haven't missed something in my thought process while I am writing here online. First I  do agree that Satoshi's design is flawed for the following two reasons: 1) Mining cannot be paid for entirely by fees, so a tail emission is a must. Mining can be paid for by users who must add PoW to submit their transactions. The other reason for tail emission is because otherwise the coin supply is shrinking towards 0 as users lose coins, which will be much more likely once doing microtransactions and more frivolous widescale adoption. The reason is that a fee market cannot properly develop in the absence of a block subsidy. One has either a fixed blocksize with a mining oligarchy and infinite fees or an infinite blocksize where competition between miners drive fees to zero. For layman technophobes, your astute point (which many of us technophiles already aware of and I wrote Spiraling Transactions Fees thread in 2013) is that when the block size is unlimited then anyone can include all the transactions that were excluded by a miner that was trying to force higher transaction fees. But if block size is unlimited then transaction spam can be unlimited, so a mining oligarchy must form to constrain block size. The problem is not due to relative block size (so compression wouldn't fix it), but due to the fact that someone centralized needs to decide which transactions are spam or not (otherwise in decentralization at least in Satoshi's design then all spam transactions are allowed). But you are incorrect to assert that tail emission fixes this. This is a fundamental flaw in Satoshi's design which is not fixed with tail emission. It is fundamental problem of a design that includes blocks. This is one of the flaws that Iota is attempting to correct by eliminating blocks, but then I have conjectured in this thread that Iota has other flaws because it eliminates flaws. This is why crypto gets so frustrating because it seems every design always ends up with centralization, because the CAP theorem can not be avoided! My idea for fixing all of this, has to do with the way the temporal intrablock partitioning is done. [...] There is a cost to censorship which has already been demonstrated in Bitcoin. It is manifested in the opposition to an increase in the blocksize by those miners that are based in China. The reason for this is the latency introduced by the Great Firewall of China puts a centralized data centre in China at a significant disadvantage with respect to say a residential connection in Canada. The irony here is that if Bitcoin had allowed for larger blocks earlier on this situation would not have developed since the Chinese ASIC manufacturers would have been forced to sell their devices for export leading to a much more decentralized Bitcoin mining situation. The lesson from Bitcoin is that a small blocksize can actually lead to mining centralization by accommodating censorship rather than the other way around. Astute, well stated, and agreed. The block size is a double-edge sword no matter which direction it is increased or decreased. Real solutions will change entirely the design. The second factor of PoW that must be taken into account is PoC (Proof of Cold). The key is that in a situation where electricity is used for space heating the marginal cost of mining is zero; however the heat is only valuable if it is decentralized. The key here is that one can easily distribute electricity but not heat forcing decentralization. This in effect gives the small player a very significant cost advantage over the large centralized operation. Heat from electricity is the most inefficient way to heat (better to use wood, gas, or any carbon). Besides Larry Summers' 21 Inc is dreaming up ways to hook users into being slave oligarchy miners by giving them free heaters and cell phones in exchange for using their device to mine on behalf of 21 Inc (last time I looked 21 Inc was already a significant % of the global Bitcoin hashrate and climbing fast). Note I added point #3 as why PoS is MUCH less secure than PoW. Basically this boils down to the same conceptual tradeoff as the post where I replied to ArticMine, in that allowing decentralized participation enables unbounded conditions (which is a flaw) but centralizing participation also leads to another set of flaws. Decentralization is the normal mode of society. It is when the normal oscillating balance between decentralization and top-down control entirely fails in one extreme direction that society enters a Dark Age for 600 years. Without a balance of decentralization and top-down control, nothing functions and everything collapses. We don't want entirely decentralization and no centralization as that is just as bad as entirely centralization, e.g. see the reply I made to ArticMine upthread and how 100% decentralized control over what goes in the block chain means a choice between unbounded spam or oligarchy control. Thus the problem is the lack of balance and Bitcoin flip flops either to too much decentralization forcing too much centralization (a Tragedy of the Commons). Here is that linked post: The reason is that a fee market cannot properly develop in the absence of a block subsidy. One has either a fixed blocksize with a mining oligarchy and infinite fees or an infinite blocksize where competition between miners drive fees to zero. For layman technophobes, your astute point (which many of us technophiles already aware of and I wrote Spiraling Transactions Fees thread in 2013) is that when the block size is unlimited then anyone can include all the transactions that were excluded by a miner that was trying to force higher transaction fees. But if block size is unlimited then transaction spam can be unlimited, so a mining oligarchy must form to constrain block size. The problem is not due to relative block size (so compression wouldn't fix it), but due to the fact that someone centralized needs to decide which transactions are spam or not (otherwise in decentralization at least in Satoshi's design then all spam transactions are allowed). [...] My idea for fixing all of this, has to do with the way the temporal intrablock partitioning is done. I will probably find some flaw in my design too, but I will spend more time thinking about it. Correction: my idea for temporal intrablock partitioning doesn't solve the problem above, but rather it makes block announcements a constant size (and enables instant transactions). The problem above remains and remains for Iota too in the sense that sending unlimited transactions is still an unbounded load on all the full nodes in the system. Remember that market based transaction fees are not a solution to the problem. My proposed solution (ditto for Iota) is again that every transaction has to include a PoW share. Since PoW is unprofitable (or if the PoW share provided is not computing a block solution), then this solution can be employed. However note it works much better in my (and also Iota's) design because in a Satoshi design it is possible your transaction won't get included in the current block so then you need to recompute your PoW share and resubmit your transaction. This is one of the details I was referring to. I think my design doesn't have that problem. Again I don't want to detail it entirely yet. I will get some rest now. Those naive who are contemplating making their own copycoin lack exposure to level of unresolved problems in crypto land, and the intense level of arcane details they would have to become knowledgeable about. Thus my idea for permissionless improvement is to make mining unprofitable by limiting the debasement rate yet requiring each transaction to include a level of PoW difficulty. The goal is to keep the PoW power in the hands of the users so their client software can (perhaps automatically?) redirect to delegate full nodes which are not censoring transactions or otherwise maliciously modifying the protocol (e.g. censoring transactions that don't sign a KYC/666 id number). As I stated in the previous post that if mining is unprofitable then requiring some PoW with each transaction solves the "unbounded transactions spam versus centralized oligarchy mining control tradeoff" pointed out by ArticMine— which in Satoshi's design requires contention over the block size choice which thus reduces Satoshi's design to a centralized politics because there is no block size which is ideal. There are at least three design challenges introduced: The PoW only has to be recomputed if the prior block on which the PoW share was computed is orphaned. The delegates could provide the PoW (compute it more efficiently employing an ASIC) in exchange for a fee. The difficulty has to be adjusted so that the block period remains constant. If the PoW share difficulty is constant and chosen such that it requires at most only a millisecond to compute on most client computers, then the 100s of milliseconds round trip latency cost of paying a delegate server to compute the PoW is more costly to the user than just computing the PoW share locally on his client. The user doesn't care about the increased electricity cost for computing the PoW on less efficient hardware because the cost is miniscule compared to the value of the transaction. The difficulty can be adjusted as it always is in Satoshi's design as this is orthogonal to the amount of difficulty required for each PoW share. Thus so far my idea has passed the initial process of searching for a flaw. This is promising.

[2]

I think you missed my point, which is that if the PoW can be outsourced, then it is always more economical to do it on an ASIC farm near to cheap hydropower. Thus the mining PoW in Iota will trend to professional miners same as for Satoshi's design! They haven't accomplished anything at all on economic centralization (but have accomplished scaling but with other critical flaw I asserted upthread) because the economics of mining remains centralizing! Note as we transition to mobile, battery life is important to users. Not needing to waste battery life on frequent microtransaction PoW computations would be desirable. Even IoT devices are often necessarily low powered. My design will face the same economic reality, but as I said if the latency cost is much higher than the cost to compute the PoW locally, then my design principle holds because in my decentralized, permissionless design the payer signs the PoW thus to outsource it would require a round-trip network communication (and wireless network communications consume battery life also). It will only centralise like that if it becomes profitable enough for any such ASIC farm to do that work, compared to the reward they might achieve mining a coin with a block reward with all that expensive hardware. That is an incorrect conceptualization of the economics. The relative profitability will drive the fees extracted from payers such there is no difference between the two scenarios you contemplated. Thus mining in Iota will centralize the same as for Bitcoin.

[TPTB_need_war]

Afaics, the technical design I have enumerated in the prior post enables society to fight malicious centralization for as long as payers (i.e. the users of the currency, as opposed to professional mining farms which are stuck in one location with a huge capital investment) will move away from servers which are doing the malfeasance. So this makes it much more difficult to regulate because the government hates to make laws that require them to enforce the laws against every decentralized individual because the government knows they can not enforce this. Instead the government always prefers to regulate the centralized nodes in any paradigm, e.g. upcoming regulation forcing all instant messaging and video providers to register global encryption keys with the government (amazing we are sliding into 1984 already!).

So the only way the government can centralize control over my design is to regulate all the protocols of the entire internet to detect and force traffic to not implement my protocol. This is nearly impossible for the government to accomplish, even the world government will have difficulty with this.

I think I have the design we need.

I hope I will receive the support of the community.

If you make the coin actually fungible then you've piqued my interest.

And of course actually fungible means opaque blockchain, and the only actual implementation of complete opacity is Monero.

If you make another traceable asset chain, whats the point?

And I don't got the money, but I'll mine it, which IMO is more important.

Then Monero isn't a solution to anything either because its anonymity is flawed:

Edit: it might be the case that some would argue we don't want to create a crypto design which is resistant to top-down government (society) interference with the protocol, because we want mainstream adoption. For example, the Monero folks might argue that anonymity for businesses hiding data from snooping by competitors. But this logic falls apart because the data obtained by for example the NSA can be leaked or sold because again there are human employees inside these institutions (e.g. Edward Snowden). When the balance between decentralized and centralized power is lost, then the world falls apart and enters a Dark Age. This is not a joke. This has happened before in human history and we are at another very dangerous juncture given the digital landscape has now become ubiquitous.

He is making 100% offtopic accusations that are based on exactly nothing to back them up, nothing even slightly relevant.

He is also one of the most qualified people on this forum to review anonymity solutions, having written his own white paper on the subject, so even a cursory glance is valuable.

evidence: https://bitcointalk.org/index.php?topic=1284083.msg13211623#msg13211623

Let's hear why this solution is different to Dash's and then we'll take it from there.

Clarification. I didn't release the white paper. But since it is no longer of proprietary value to hide it since I am no longer going to implement Zero Knowledge Transactions, then I will endeavor to clean up the white paper and release it sometime this year. Hopefully I can find time within the next couple of months.

ZKT combines Cryptonote with Mixles' Compact Confidential Transactions. Shen-noether accomplished a similar design but combining with Blockstream's Confidential Transactions.

So these are End-to-End Principled anonymity that hide both sender and value. No simultaneity crap like Dash and this new crap from the infamous plagiarist John Conner.

The reason I am not implementing it because it requires obscuring your IP address and all other metadata, which is impractical. Apparently Monero is implementing it (at least they are toying with implementing it) and so no need for me to duplicate their effort.

Only Zerocash can give us reliable anonymity that is immune to metadata. So for now I put anonymity on the back burner and we will come back to Zerocash if we first solve the SUSTAINABLE, DECENTRALIZED, PERMISSIONLESS block chain issue, since that is more important. No design yet can truly claim those properties.

As for resource issues, reliable anonymity will not be cheap. Thus it probably can't be for every transaction. It will probably need to be an optional set of coins. In Zerocash they name the anonymous set of coins 'zerocoins' (not to be confused with Zerocoin).

My main grip with John Conner is he doesn't put all the technical details in a white paper, because he is apparently wants to avoid peer review. Smooth doesn't have time to reverse engineer his half-assed white papers either. So we can't entirely explain the flaws without wasting a lot of our valuable time. But I can already tell you this chainblender is flawed at least in that it has a simultaneity requirement which thus violates the End-to-End Principle. Looks like there are other flaws similar to the masternode concept of mixing (which Evan of Dash has apparently finally admitted).

But actually permissionless, decentralized block chains insure fungibility to a large extent. It is wrong to equate fungibility with anonymity, although there is some overlap between the two:

2) In order to have a permission less system on needs an opaque blockchain where censorship is impossible or at least very expensive.

There are two vectors to accomplish this:

1. Mining is controlled by users, not centralized.

2. Transactions are entirely opaque, which is only accomplished in Zerocash. Cryptonote's anonymity breaks down in theory with chain and meta data analysis by a global snoop such as top-down society (NSA, etc).

Either one of those would probably suffice, but together that afaics would be fabulously permissionless.

And IMO/AFAICS Monero is too much of a baby step to be the one that kills Bitcoin. It doesn't really solve any problems truly.

[TPTB_need_war]

I could give a shit about a dev selling his bitcoin and getting out

The reasons Mike Hearn got out is that Bitcoin has just been 51% attacked. As I explained upthread. That is not a minor event. It is the first 51% attack on Bitcoin, and thus likely a death spiral for Bitcoin.

, but the Cryptsy thing pisses me off.  The high level of scuntitude they've displayed and complete disregard for their customers just makes me want to scream.  I did in my car on the way home, but it didn't help.

Why do you scream when you've been incessantly warned that storing your crypto currency with any third party is inherently unsafe and can never be safe.

That is why we need decentralized exchanges, but these have technical challenges that have yet to be overcome.

Spine TINGLING footage of Cryptsy's #Bigvern lying on camera 2 weeks after the 7-million-dollar hack!



https://www.youtube.com/watch?v=dJONR_UL1rw

Btw, his mannerism and face/facial expressions remind me so much of another alleged scammer Evan @ Dash in the recent Evolution videos.

[YarkoL]

The problem with Bitcoin is that nobody has found and it may well be impossible to find a way to develop a fee market, in the, absence of a block subsidy, that does not over time converge to one of two undesirable results: Fixed blocksize and infinite fees or infinite blocksize and zero fees. Mike Hearn has made a very persuasive argument as to why a fixed blocksize and infinite fees is such an undesirable outcome; however I am sure that Gregory Maxwell can make an equally persuasive argument as to why an infinite blocksize and zero fees is an equally undesirable outcome.

The way out of this dilemma is to allow users set
their own limits on the blocksizes they're willing to accept.

[monsterer]

Code:

A<-B<-A*<-C<-D

A* is the double spend. Why must C and D get orphaned?

If we can get over this point, I'll describe the entire idea.

@TPTB_need_war, you wrote this upthread :

monsterer continues making the nonsense the that following transactions are not invalidated by the double-spend (DSPEND -> GOODA -> GOODB), but that is not the point. They become orphaned. Is there something not clear about the different meaning of those two words, orphaned and invalidated.

Were you talking specifically about DAGs and Iota, or in general?

[TPTB_need_war]

Both are fundamentally broken.

https://bitcointalk.org/index.php?topic=1323408.msg13518156#msg13518156 (Ethereum)
https://bitcointalk.org/index.php?topic=1319681.msg13569087#msg13569087 (Block chain scaling Tragedy of the Commons applies to Monero also)
https://bitcointalk.org/index.php?topic=1319681.msg13569178#msg13569178 (Monero's anonymity is unreliable/unprovable and thus useless for fungibility or other important use cases)

"Broken" and "Success" are relative terms.  Both are broken less than bitcoin and bring attributes to the table that fiat does not.  

If you have any suggestions that are less broken ... I'm all ears.

An absolutist uses words like broken.  A realist uses terms like "best alternative".  Opening myself up to all available options those are the two answering the big questions.  Privacy, programmable blockchain and both more scalable than bitcoin.

What alternatives are less broken than these two I mentioned?

Don't you understand that "fundamentally broken" means they don't work for the features they claim that are an improvement over Bitcoin.

The link I provided to you for Ethereum explains that afaik they never solved the primary economic issue facing scaling programmable block chains, which is that every full node has to verify the block chain, thus every full node has to run the programmable script. But the problem is who to pay the gas (ether) to so that all full nodes are paid for verification? This has DDoS implications as well. In short, they never solved the core economic problem and thus Ethereum is just a fucking toy that can't actually work.

Ditto Monero as explained below (the arguments were in the links I provided to you before but again I am always forced to repeat myself because readers are so clueless about technology that they can't even understand what I write).

I think Monero is the best money to stay anonymous. It uses the ring signature. The mixing is built into the protocol.

You are a n00b and you don't do enough research to know what you are writing about. Why should anyone believe you?

Monero is not anonymous when your metadata can be correlated. One example of metadata which unmasks your anonymity is your IP address. And no, Tor and I2P mixnets do not hide your IP address from the government, in fact they are thought to be Sybil attacked honeypots that not only tell the government your IP address but also alert the NSA et al that you should come under extra scrutiny.

And IP address is not the only metadata that can destroy your anonymity in ring signatures. Other examples can include cookies in your browser and other activity you did on the web. Other examples also include telephone calls and other activity you did around that time, which have statistical significance.

I wrote about that in the link in the post I made upthread which is quoted below.

None of them will surely keep you anonymous.

Zerocash is the only design which might be very reliable, but it does not exist in any altcoin yet.

Period.

Some elaboration is at the following post (and also in the archives of my posts):

https://bitcointalk.org/index.php?topic=1319681.msg13569178#msg13569178

Ring signatures do not obscure everything. Only Zerocash can obscure everything so that then metadata is no longer a problem. I see Vitalik @ Ethereum has been reading my Bitcointalk posts, because now he has written a blog post to copy most of the points I have been making for the past months.

Additionally I have been making the point since the BCX incident that ring signatures can theoretically be unmasked by combinatorial analysis of the block chain. In the recent debate I had with Monero's cryptographer Shen-noether at Reddit about his white papers, I pointed out that his proposed solution to combinatorial unmasking was flawed. He and smooth did the usual ad hominem attack on my person, and then I rebutted them with logical facts and they were forced to finally put their tail between their legs.

Bullshit. So much bullshit in these discussions of cryptocurrency technology. Especially coming from all the Monero pumpers who haven't done their homework, because they are retarded, closed-minded, and boastfully so.

TPTB_need_war, what about ShadowCash?

Just a (arguably plagiarized) copy of Cryptonote technology, so same conclusions as for Monero.

https://z.cash/ is the only potential solution for making metadata correlation irrelevant, but all I know about it is here:

http://zerocash-project.org/

Seems the project died or stalled? Afaik they've been quiet past months or most of 2015?

Also scaling issues will probably still apply thus it is possible that Zerocash doesn't scale to world wide use, or other problems such as DDoS. I won't know until I dig deeper into it. Perhaps they discovered such issues and stopped working on it.

Anonymity is very difficult to achieve. I would guess maybe impossible once all the technical factors are considered. But I am still willing to try. I personally will come back to Zerocash's technology later, after I finish fixing block chain scaling and decentralization (which is more important priority and more realistic).

[TPTB_need_war]

Code:

A<-B<-A*<-C<-D

A* is the double spend. Why must C and D get orphaned?

If we can get over this point, I'll describe the entire idea.

@TPTB_need_war, you wrote this upthread :

monsterer continues making the nonsense the that following transactions are not invalidated by the double-spend (DSPEND -> GOODA -> GOODB), but that is not the point. They become orphaned. Is there something not clear about the different meaning of those two words, orphaned and invalidated.

Were you talking specifically about DAGs and Iota, or in general?

May I request that if you want to have a discussion about theory behind graph models for transaction state, that you create a new thread and we will discuss it there. Then after we reach mutual understanding, we will post the summary back in this thread. I don't want to make this thread unnecessarily noisy.

I don't think trees will work and that is why I think we will end up writing a long discussion. And this thread is already getting difficult to follow, being too long to digest holistically in a reader's mind.

[masterOfDisaster]

I beg your pardon for being off-topic.
But as you have an immense understanding of crypto currencies, I thought I might ask a question regarding a part of the recent conversation.
I'd have asked via PM, but I bet a lot of people are interested in your assessment.

, but the Cryptsy thing pisses me off.  The high level of scuntitude they've displayed and complete disregard for their customers just makes me want to scream.  I did in my car on the way home, but it didn't help.

Why do you scream when you've been incessantly warned that storing your crypto currency with any third party is inherently unsafe and can never be safe.

That is why we need decentralized exchanges, but these have technical challenges that have yet to be overcome.

Don't you think that decentralized exchanges like
MercuryEx or
Blocks & Chains Exchange
are on a good way, because in difference to other decentralized exchanges they use no proxy tokens, but do transactions on the native blockchains.

My understanding is, that MercuryEx has been stopped, because transaction malleability makes using it unsafe until OP_CHECKLOCKTIMEVERIFY is widely available.

And Blocks & Chains Exchange is not as decentralized as some might wish, but for a corporation that might still be ok and much better than the current centralized exchanges.

[TPTB_need_war]

The problem with Bitcoin is that nobody has found and it may well be impossible to find a way to develop a fee market, in the, absence of a block subsidy, that does not over time converge to one of two undesirable results: Fixed blocksize and infinite fees or infinite blocksize and zero fees. Mike Hearn has made a very persuasive argument as to why a fixed blocksize and infinite fees is such an undesirable outcome; however I am sure that Gregory Maxwell can make an equally persuasive argument as to why an infinite blocksize and zero fees is an equally undesirable outcome.

The way out of this dilemma is to allow users set
their own limits on the blocksizes they're willing to accept.

Users can't set the block size, because it is a global setting for all users in a single longest chain rule. You would need to attempt something like Raiblocks' design where every user has their own block chain, but in my analysis Raiblocks is fundamentally flawed (which can be discussed if monsterer creates a new thread to discuss various variants of models for a concensus model of transaction state).