DECENTRALIZED crypto currency (including Bitcoin) is a delusion (any solutions?)

[monsterer]

You may be wrong, but I'm too lazy to look for those Bitcoin blocks mined several years ago, that contained thousands dust transactions. That miner got paid (50 BTC block subsidy) for spamming the network.

IMO transaction fees should probably be paid per output.

[1713488290]

1713488290

[1713488290]

1713488290

[1713488290]

1713488290

[1713488290]

1713488290

[Come-from-Beyond]

IMO transaction fees should probably be paid per output.

Probably. In Iota PoW is paid per input/output.

[enet]

How much is 40 bytes of Bitcoin blockchain space worth? That depends on supply and demand (and the value those bytes can carry). Satoshi never solved this problem and just used subsidies. There ought to be some proper process by which it is determined how much a certain transaction should cost. Bitcoin's design does not allow for this properly and all Altcoins have followed this path. It has to do with nodes being able to leaving the network at will. The nodes should be obligated to stay on the network for longer, so that the overall fault-tolerance can be measured accurately. Interestingly also to observe that one can maximize the total value, by allowing financial derivatives to be processed. Instead of sending and receiving coins, the far more profitable market is to allow arbitrary value to be transferred.

Transaction fees are likely too limited a concept, since they only reward short-term behaviour on a per-block basis. I suggest something like provider fees which can be made dependent on other factors also, in particular the number of other nodes, current demand and transaction type.

[TPTB_need_war]

Why should it not be allowed to talk about Iota anymore?

Please make sure you are adding new information that pertains to technological issues of permissionless, decentralization, and not rehashing what was already discussed upthread nor introducing offtopic discussion.

So we can keep the thread educational and research focused (and hopefully devoid of political turf battles).


I added another link to the OP:

Edit: for those who want to jump straight to understanding how Iota's DAG works, click here and also here.

[TPTB_need_war]

May I request that if you want to have a discussion about theory behind graph models for transaction state, that you create a new thread and we will discuss it there. Then after we reach mutual understanding, we will post the summary back in this thread. I don't want to make this thread unnecessarily noisy.

I don't think trees will work and that is why I think we will end up writing a long discussion. And this thread is already getting difficult to follow, being too long to digest holistically in a reader's mind.

This is not specifically about trees; it could be any single, completely linear sequence of chained transactions. In fact, I think the reader would be enlightened by the answer to this simple, direction question about trustless consensus:

Why is it not enough to find one global sequence for all transactions ever made?

As I see it, sequencing is all you need, even in the face of double spends because the first time an output is spent in this linear sequence, subsequent spends of the same output will simply be invalid.

There doesn't exist such a sequence. As I explained upthread when I first started discussing the Inconsistency problem of a DAG, such a linear sequence would require every transaction get into a global synchronous queue, which would mean every one a million global transactions per second would have to wait in line to processed.

Relativity of spacetime (link to my blog) tells us that the truth about the ordering of events happening simultaneously is relative to the perspective of the observer. Another way of looking this, is that the speed-of-light isn't infinite so we couldn't be informed as to the relative ordering of events that occurred within the propagation time of the speed-of-light. And if the speed-of-light was infinite, then the past and future would collapse into an infinitesimal point and we would not exist (i.e. friction is necessary for existence).

So instead of attempting the impossible goal of eliminating relativity from our universe, we instead want to arrive at an arbitrary consensus choice of ordering. That ordering choice will by definition be one of a plurality of possible perspectives, and we need some way to unambiguously choose a perspective such that no one can disagree.

Competing ambiguously ordered double-spends make it impossible to have agreement about which ordering is correct.

Satoshi's single longest chain PoW design insures there can only be one winning perspective on the ordering and thus there is no competing ordering with ambiguously ordered double-spends. Whereas, a DAG (or any tree with multiple branches) can't unambigously define an ordering in its data structure. I know you will think we can order these in time, but I already explained upthread that there is no global clock to timestamp these nodes of the tree with. Thus the only ordering is the structure of the graph.

So what Iota does is build a mathematical model that it expects all participants to adhere to which defines a probabilistic ordering, but I assert that participants are not bound to this mathematical model and can choose any game theory they want. Again I don't want to rehash these arguments about DAG/Iota, which I already explained upthread. If ever I produce a competing coin to Iota, then I will probably be forced to explain this more clearly in a whitepaper so that it can be known that a DAG simply won't work. But for now, I have no strong incentive to go trying to publicize that. So long as Iota doesn't start trying to promote their coin in this thread. I have been fair enough.

I believe its impossible to implement total order or anything like it, without a actually distributed timestamp mechanism.

Aye, the same is observed in general theory of relativity

Yup.

CAP does not apply to distributed systems. Sure, state can be inconsistent, but that's not necessarily a problem. Consistency is usually over-rated by academics, and that's how one often ends up with misleading theorems.

Sorry but you lack imagination and thus understanding. As Einstein said, be careful not to read too much, because one loses the ability to think for themself. CAP does indeed apply and I have explained in this thread how a DAG breaks Consistency because it allows Partition tolerance. The summary above for monsterer should be convincing enough.

The basis of blockchains is Lamport's work on how communication can happen in such a distributed system. In essence there needs to be consensus on a partial order of events. Total consensus on one variable is impossible, since information can't travel faster than light, but it is not required. If node A knows that X = 1, he sends a message to B "X = 1". But it might be that before that message reaches B, that X = 2. This in itself is not a problem. Bitcoin's PoW indeed solves the double-spending problem.

[...]

Blockchains doesn't mean that all nodes agree on a total order of events. It means consensus on partial order of events.

That agrees with what I wrote above.

Its possible even at a distance to know what happens first, as long as Peers are honest

But we are designing trustless, decentralized systems here, so that case does not apply. And that is the problem with a DAG.

This is why I have concluded that the only possible mass market for crypto currency are instant microtransactions.

This is what RaiBlocks does https://raiblocks.net/  No fees (micro) subsecond confirmation time (instant).

Sorry no such multiple chains (or branches of a tree) design can ever be Consistent:

https://bitcointalk.org/index.php?topic=1319681.msg13611845#msg13611845

[TPTB_need_war]

You are right. Even more, some percent of double-spendings can be tolerated if we save a lot of resources by allowing this. Every day new counterfeit dollars appear in the streets but Earth doesn't stop spinning. If we accept that it's fine for FED to print more money, why a skilled guy from Harlem can't do the same? Hell, I would prefer the latter, at least he can't print that many banknotes.

The problem is without Consistency I expect the DAG to diverge into a chaos of disagreement. You are relying on participants using clients that adhere to the mathematical model you want them to use when choosing which tree branch to append their transactions to (and which acceptance model to use for declaring a transaction is probabilistically confirmed), but given the inconsistency that will arise and the game theories thereof, I don't see a snowball's chance in hell of the thing not blowing up unless you are able to maintain control over what participants do, and then it is no longer decentralized.

My point is there is no equilibrium of just a low rate of double-spends, but rather divergence. I haven't shown this formally (as in a math proof with equations) but I can already see it conceptually.

[TPTB_need_war]

Blockchains doesn't mean that all nodes agree on a total order of events. It means consensus on partial order of events.

And if you allowed only one transaction per block?

edit: The partial ordering can only be within one single block, and the total ordering is of all blocks, so if you have only one transaction per block, doesn't it follow that you have a total ordering of transactions?

Again my prior response applies. The longest chain of PoW is an arbitrary perspective on the plurality of possible orderings. A consistent global ordering doesn't exist in our universe, but for as long as we can force agreement on an arbitrary ordering, then have a Consistent block chain.

Blockchains doesn't mean that all nodes agree on a total order of events. It means consensus on partial order of events.

And if you allowed only one transaction per block?

edit: The partial ordering can only be within one single block, and the total ordering is of all blocks, so if you have only one transaction per block, doesn't it follow that you have a total ordering of transactions?

Blockchains allow for partial order and eventual consistency. Not all nodes agree on everything. In particular in Bitcoin they don't agree whether transaction A happened before transaction B (total order of events). Double spend problem means one can order transaction in packages called blocks. Blockchains implement partial order of events. That's also why script is Turing non complete.

True, but you failed to address his point. Even if there was only 1 transaction per block (block size limit), the ordering of transactions is still an arbitrarily chosen perspective from amongst a plurality of perspectives of the ordering. This arbitrary choice is consistent with the meaning of a partial ordering (because globally consistent ordering is undefined in our universe), as well partial ordering can also apply to the notion of grouping transactions with a block and the transactions having no relative ordering within a block.

It is true that scripts can't be Turing complete because transaction ordering is arbitrary and thus various alternatives are not commutative. This is one of my criticisms of Ethereum upthread.

More formally, one can sort transactions (or events or messages) by time the way Lamport did. So its mathematically a partially ordered set, i.e. a relation of a set of events (transactions are events or messages). The relation can deliver an answer for 2 events A and B and determine whether event A happened strictly before, strictly after, or roughly at the same time (in one block).

What are you trying to say here?

We have no global timestamp in decentralized, trustless designs.

What makes it even more complicated is that Bitcoin has a statistical distribution. The longer in the past A and B the more sure one is, since more nodes have confirmed it.

An arbitrary perspective in a decentralized, trustless system must be probabilistic. More complicated because we don't want a centralized system or system that relies on trust.

But note this is not an endorsement of Iota's probabilistic modeling, because the distinction is that in Bitcoin every participant is forced to follow the mathematical model whereas in Iota there is no way to force it.

To have a total order of events, I think nobody has even an approximation. Two nodes will always disagree on total order, the same way two people in the same room will always see something different if they are in different locations. But they might agree enough.

And no one ever will have an approximation because total order can't exist in our Universe.

I don't think one transaction per block would solve that problem. I believe its impossible to implement total order or anything like it, without a actually distributed timestamp mechanism.

Incorrect. A distributed timestamp mechanism can't make the speed-of-light infinite, thus the timestamps will at best disagree by the propagation delay and thus it still won't provide a total ordering.

One can imagine a system where all computers connected to the Internet at the carrier level also have a timestamp protocol. If carriers are trustworthy (a very big ask), then everyone could look up the timestamp for a message. TCP/IP packets are not timestamped on top level and no entity on the Internet holds a history of events on the protocol level (everything refers to only the current state).

Not with a distributed timestamp protocol per what I wrote above. With a centralized, trusted timestamp server (thus all transactions standing in line in a queue), you could have a total ordering, But then nothing can happen simultaneously any more.

A good reference for these things is also the work of Carl Hewitt: https://en.wikipedia.org/wiki/Carl_Hewitt . He invented messaging with actors and wrote about eventual consistency.

Yeah but helps more to explain things in a way that people can grasp quickly without needing to dive into all that technobabble research. That being said, I appreciate your input but please try to cite the upthread discussion so we are respectful of what others have already explained.

[TPTB_need_war]

This is why I have concluded that the only possible mass market for crypto currency are instant microtransactions.

This is what RaiBlocks does https://raiblocks.net/  No fees (micro) subsecond confirmation time (instant).

Sorry no such multiple chains (or branches of a tree) design can ever be Consistent:

https://bitcointalk.org/index.php?topic=1319681.msg13611845#msg13611845

Can you fill in the gaps?  Global instant consistency isn't required for correct state coherence: for instance NUMA CPU configurations can perform correct global memory updates without requiring an exclusive memory bus lock.

Please I am not going to debate your coin's theoretical design in my coin's thread. You can try to join the Decentralization thread linked for you in my prior post and see if you can make coherent theoretical arguments there.

As far as I know, for instance in the very real discipline of databases, multiple transactions can operate simultaneously on the same database without requiring a global database lock.  How does this rectify with requiring a sequential ordering of state updates?

Because and that only works if the consistency of each record of the database independent from the other records. This was actually discussed upthread already in the discussion with Fuserleer. Please I asked readers to read the thread and only present new information. I will admonish you if you continue to be too lazy to read this thread and digest it.

[TPTB_need_war]

TPTB_need_war, why would anybody secure your currency if mining is unprofitable?

Because they want to send a transaction to the block chain.

If you making mining unprofitable, won't you lose the honest miner's incentive to win the block reward rather than to double spend?

Profitability of mining has nothing to do with the miner's economics of double-spending. All the miner can do is try to win the longest chain race to orphan a minority hashrate chain. The only way to double-spend with mining power is either a Finney attack (which requires payees to be stupid and accept insecure 0-confirmation transactions) or by spending to the minority hashrate chain and then building your own majority hashrate chain with the double-spend. Whether the mining is profitable or not, is irrelevant to having sufficient hashrate to accomplish the above double-spend attacks. One might try to argue that making the mining unprofitable will lower the network hashrate, but I already offered the solution to that upthread (every transaction MUST include PoW). One might argue this lowers the threshold of security as compared to Bitcoin, but this is only because Bitcoin pays more for security. We can make it unprofitable and still pay more up to the limit of the PoW being submitted with transactions. If you can't grasp this in your mind, wait for my white paper. I won't explain it further now.

Yes exactly, transaction verification has to be profitable, and the reward prevents double spends. Mining in Bitcoin is not profitable on average, but there is a competition. However the unsolved problem: how to create a system where supply (blocksize more or less) adapts to demand? It makes sense to have a fee market, but nobody really proposed something which explains how this might work, in my opinion. A system doesn't need 5000 nodes. 50-100 nodes have enough reliability. In Bitcoin what matters anyway is the hashpower, not number of nodes. Most of these things can be much better understood from the perspective of 2008, not 2010+. Satoshi wanted the system to be as open as possible to maximise chance of success. In 2016 it is much more clear where the problems are.

What do you mean by 'transaction verification'?

The word mining in Bitcoin mixes to issues: validation of transactions and creation of money. Also the word miners isn't compatible with a true Peer-to-Peer system. In any case, the important part is that doing the verification is profitable. Another word for the work these nodes do is auditing. It's the computer analog of a person checking the accounting statements in double entry book-keeping system. The blockchain is similar to the invention of double entry book-keeping by Luca Pacioli in 15th century Italy, and the use of clay tablets in Ancient Babylon to preserve contracts. Imagine a world without paper, how do you know that two people agreed on something ex-post? The invention of the blockchain allows for the first time in history to store completely immutable data. However when Bitcoin developers claim signatures can be stored independently of the blockchain, it might be that the Bitcoin blockchain is not that immutable after all. Overall the goal is to preserve some record which is completely indestructible, such that the record of ownership is completely secure. With fiat money not only are the ledgers in the hand of the nation state, but those ledgers are very hard to audit. Most people use fiat money every day, but the number of people who check the books of their central bank is small indeed. If one understands these things, it is clear that it is a certainty that in the future these public ledgers will be widely used.

You are incorrect on the point that mining has to be profitable. You lack imagination and subscribe too much to academic research and do not think out-of-the-box.

You also incorrect to assume that those doing the PoW have to be the ones doing the verification.  

The word mining in Bitcoin mixes to issues: validation of transactions and creation of money.

Transaction validation has a very low cost associated with it compared to finding a hash; regular nodes also do transaction and block validation, and this is designed to be trivial, so I'm still not sure what you mean by making transaction validation profitable?

The bolded phrase can be incorrect if there are unbounded number of verification nodes. Refer to my upthread post for the reasoning and I quoted only the conclusion as follows:

To solve this problem we need to make the cost of what is burned when submitting a transaction greater than the cost of cumulative network verification costs.

If you think anybody will be willing to secure the network without direct incentive especially after Bitcoin introduced mining incentive, you are in delusion.

I think you are very incorrect with this thinking - currently people spend "hours every day" creating content on Facebook or other such things for *zero profit*. Why on earth would they do that?

If you can simply get those people to run a (presumably low-power requirement) node then you will be able to secure a blockchain without needing block rewards at all (effectively it is your cost to be a part of a social network).

From what i can gather it's even simpler than that. They'll need to contribute to securing the network in order to send a transaction.

Correct. Thanks.

From what i can gather it's even simpler than that. They'll need to contribute to securing the network in order to send a transaction.

Provided that the "proof" is not going to be a big hassle then that makes sense, however, having a very "cheap proof" will make it much easier to mount a Sybil attack.

Sybil attack what? You send a transaction and you attach a minimum PoW share. PoW (longest chain rule) by definition can't be Sybil attacked, as it is just a means of unambiguously choosing an arbitrary ordering.

If your purpose is to shill for IOTA then I guess we have nothing more to discuss (it's unfortunate that it is simply impossible to create a topic on this forum about tech without shills for some alt coming along and trying to hijack it).

LOL, you made my day. patmast3r shilling for Iota is a very funny thing.

I don't know how my post could possibly be misinterpreted as shilling but let me just say that I chose IOTA because it is the only project I know of that uses a system that is at least remotely similar to the one that TBTB seems to be proposing (i.e. unprofitable mining and every user does the "mining").

But don't forget we discussed upthread that Iota (and any DAG) can't allow the payer to sign the PoW and thus it can't force a round-trip latency cost on outsourcing the PoW to ASIC farms. Thus in theory the mining hashrate in Iota will centralize over time the same as for Bitcoin.

Judging by how IOTA seems to be doing it it's not a big hassle, just a "small" PoW that a client has to attach to it's tx. Afaik the network will be depended on a constant stream of "honest" txs yes.

The problem with this is spam. IMO you cannot make the PoW easy enough for IoT devices while preventing desktop PCs from spamming the network; see this topic for more discussion on the subject:

https://bitcointalk.org/index.php?topic=1331522.0

There is no adverse cost in my system to more transactions. The more transactions, the more PoW, the better. Spam my design and you make the network more secure! Thus your definition of spam does not apply to my design. The key improvement I make is to remove the block size problem entirely.

It seems to me that transaction fees represent the only usable, endogenous spam prevention mechanism.

It seems to me you lack the imagination and creativity to paradigm shift the problem space, hehe.

How much is 40 bytes of Bitcoin blockchain space worth? That depends on supply and demand (and the value those bytes can carry). Satoshi never solved this problem and just used subsidies. There ought to be some proper process by which it is determined how much a certain transaction should cost. Bitcoin's design does not allow for this properly and all Altcoins have followed this path. It has to do with nodes being able to leaving the network at will. The nodes should be obligated to stay on the network for longer, so that the overall fault-tolerance can be measured accurately. Interestingly also to observe that one can maximize the total value, by allowing financial derivatives to be processed. Instead of sending and receiving coins, the far more profitable market is to allow arbitrary value to be transferred.

Transaction fees are likely too limited a concept, since they only reward short-term behaviour on a per-block basis. I suggest something like provider fees which can be made dependent on other factors also, in particular the number of other nodes, current demand and transaction type.

Correct the solution is provider oriented. I am impressed. You have a strong insight just from knowing the research whereas my insight comes from my own creativity and thinking (instead of reading the research of others). There is no other way. And this introduces centralization, but another of my key epiphanies was that I could control centralization with decentralized PoW. This the permissionless, decentralized attribute is retained.

IMO transaction fees should probably be paid per output.

Probably. In Iota PoW is paid per input/output.

Whereas in my design the PoW is orthogonal to the provider fee market.

[monsterer]

Why is it not enough to find one global sequence for all transactions ever made?

There doesn't exist such a sequence.

Nonetheless, the answer is 'yes' is it not?

Profitability of mining has nothing to do with the miner's economics of double-spending.

I'm afraid it has everything to do with it:

In bitcoin the recipient of a transaction knows that they can wait for 1 block to safely accept up to 25 BTC*, because the double spending miner might as well just take the block reward rather than bother with the double spend. If you remove the block reward, it becomes very difficult to judge when it is ok to accept a transaction because you have removed the honest miner's incentive and therefore part of the game theory.

It seems to me you lack the imagination and creativity to paradigm shift the problem space, hehe.

It seems to me that your design is likely to be broken because you have not elected to peer review your work before implementing it. Remember when you were talking about 99% attacks? If you had peer reviewed at that point, we could have explained why that wasn't going to work.

*) https://bitcoil.co.il/Doublespend.pdf

There is a technical problem associated here with blocks, as pointed out by smooth, in that a double spending miner can attack multiple victims at the same time in one block. But that's another conversation.

[monsterer]

Whereas, a DAG (or any tree with multiple branches) can't unambigously define an ordering in its data structure.

I've already shown you why this statement is incorrect. If you'd like me to go into more detail, I will.

[Come-from-Beyond]

Satoshi's single longest chain PoW design insures there can only be one winning perspective on the ordering and thus there is no competing ordering with ambiguously ordered double-spends. Whereas, a DAG (or any tree with multiple branches) can't unambigously define an ordering in its data structure. I know you will think we can order these in time, but I already explained upthread that there is no global clock to timestamp these nodes of the tree with. Thus the only ordering is the structure of the graph.

I'm lost in all these "orderings", looks like you call different things with the same word.

[enet]

Correct the solution is provider oriented.

I was not aware of anyone else using the term provider. Bitshares has delegates, NuBits has custodians, Lightning has hubs, etc. The problem is that as soon as one reaches any scale, one will come in contact with traditional law, the rest of the financial system, Internet services, etc. No ethical business can allow itself to operate outside the law. Its not quite clear what the goal of a global decentralised cryptocurrency would entail. Bitcoin works great in terms of preventing conflict upfront. It doesn't work great for integrating any traditional relationship. If a user wants to trust a counterparty for certain things he should be able to do so. Providers are based on such a relationship. The solution I've come up for this situation is smart collateral which I will detail in another thread. In brief, its a payment upfront to establish trust, which can be seized on misbehaviour by the counterparty (a bit like an insurance against theft).

Edit: the one tool that big companies and rich people have is that they choose the jurisdiction they want to operate in. If rich people can choose their laws and poor people can't then this is not a fair system. So the one perfectly viable strategy and legal strategy is to choose a friendly jurisdiction. It is kind of ironic that Bitcoin mining is most profitable in China.

You are incorrect on the point that mining has to be profitable.

The system serves it participants which want some kind of utility out of it, be it a profit or a service. Bitcoin works to the extent it does, because it carefully balances all elements. Game-theory is perhaps the most important tool for analysing these systems. Mining is a competitive race. But its unclear what the economics of Bitcoin should look like without the bootstrap subsidy.

[TPTB_need_war]

Why is it not enough to find one global sequence for all transactions ever made?

There doesn't exist such a sequence.

Nonetheless, the answer is 'yes' is it not?

Because 'find' is insufficient. As I have stated in my prior posts (which again you seem to ignore or lack reading comprehension), there must also be a way to enforce that all participants agree on that global ordering. Since I (and user 'enet') have explained that any global (i.e. total) ordering will be arbitrary, then the only way to force all participants to agree is the longest chain rule.

You can try to dream up other methods such as voting, but when you work through it you will realize there is no unambiguous enforcement mechanism (there is always some game theory around the assumptions made). And this lack of enforcement mechanism on the rule that participants must use, is the reason a DAG is inconsistent and I conjecture will diverge (unless there are centralized servers implementing consistent rules and thus it is no longer decentralized).

Please don't make me explain this again. Every since we started discussing Iota, you have continued to repeat this same myopia over and over and over and over and over and over again. It is very redundant and it is cluttering the thread with noise. Whoever can't understand this very simple concept by now, isn't likely to ever understand it.

Profitability of mining has nothing to do with the miner's economics of double-spending.

I'm afraid it has everything to do with it:

In bitcoin the recipient of a transaction knows that they can wait for 1 block to safely accept up to 25 BTC*, because the double spending miner might as well just take the block reward rather than bother with the double spend. If you remove the block reward, it becomes very difficult to judge when it is ok to accept a transaction because you have removed the honest miner's incentive and therefore part of the game theory.

Incorrect. You completely failed to comprehend the explanation I made in my prior post. Try reading it again and again and again until you can comprehend.

The payers must send a PoW with their transaction. They will selfishly choose to sign the block which will include their transactions. To double-spend (other than Finney attack which is an error of payees) requires more PoW hashrate than the hashrate of the selfishly-honest payers. And the attacker won't be able to sustain this mining equipment with any profit or even recover significant income, because mining is unprofitable.

It seems to me you lack the imagination and creativity to paradigm shift the problem space, hehe.

It seems to me that your design is likely to be broken because you have not elected to peer review your work before implementing it.

You have shown no such weakness in my current design. Yeah I found flaws in my prior designs. So what. I made it very clear in the past that those designs were still under study and that I was not announcing the details until I was satisfied with my internal review.

This thread is not for FUD based on uninformed guessing. If you have a concrete flaw, then discuss. Spilling FUD about my design before a white paper is even released will degrade this thread into a pissing match.

I know very well what the weaknesses are in my design and I will be explaining those shortly.

Whereas, a DAG (or any tree with multiple branches) can't unambigously define an ordering in its data structure.

I've already shown you why this statement is incorrect. If you'd like me to go into more detail, I will.

No you have not! Damn it, you make me repeat the same explanations over and over and over and over again. My time is very limited. Please be respectful of the fact that I have too much to do and not enough time. I am in a desperate financial condition, and we need to implement solutions for crypto asap because time is slipping away. Please try to upgrade the level of your comprehension. This post consumed 30 - 40 minutes of my time,

What you showed is that if you had some master in charge of the entire DAG then he could identify an ordering in the data structure, That master would benefit from a master clock and order the transactions chronologically. But I have already explained that the universe can't be synchronous (even if you built that centralized master funnel, it wouldn't interopt with the world and scale and be trustless). Thus you completely fail to consider that you also need an unambiguous rule which enforces your graphed ordering on all participants.

Since there is no (there can't be a) master clock in a DAG, then the only way to order the transactions is with a probabilistic assessment, but this assessment can't even be forced on all the participants. Thus the chaos and divergence will result. In other words, a DAG is Partition tolerant, therefore the Consistency is lost. The CAP theorem has so held.

[TPTB_need_war]

Satoshi's single longest chain PoW design insures there can only be one winning perspective on the ordering and thus there is no competing ordering with ambiguously ordered double-spends. Whereas, a DAG (or any tree with multiple branches) can't unambigously define an ordering in its data structure. I know you will think we can order these in time, but I already explained upthread that there is no global clock to timestamp these nodes of the tree with. Thus the only ordering is the structure of the graph.

I'm lost in all these "orderings", looks like you call different things with the same word.

A DAG has multiple chains (branches) of partial orders. This is not a global or total ordering such that we know which transactions occurred in which order relative to each other, when those transactions are on separate branches of the DAG (i.e. separate Partitions).

To simulate a total ordering, Iota uses a math model that it expects all participants to adhere to. Problem is afaics this model can't be enforced, the game theories are unbounded in terms of which model of the total ordering is dominant (in terms of defining double spends), this I conjecture (expect) chaos and divergence of Consistency (i.e. inconsistency a.k.a. lack of global agreement about double-spends and thus which downstream branches of transactions are valid).

A more formal mathematical elucidation would be more unassailable than my English language explanations. Yet I am confident (conjecture) that those who are expert enough can judge my statements to be correct or at least a strong concern.

The problem is without Consistency I expect the DAG to diverge into a chaos of disagreement. You are relying on participants using clients that adhere to the mathematical model you want them to use when choosing which tree branch to append their transactions to (and which acceptance model to use for declaring a transaction is probabilistically confirmed), but given the inconsistency that will arise and the game theories thereof, I don't see a snowball's chance in hell of the thing not blowing up unless you are able to maintain control over what participants do, and then it is no longer decentralized.

My point is there is no equilibrium of just a low rate of double-spends, but rather divergence. I haven't shown this formally (as in a math proof with equations) but I can already see it conceptually.

Considering that this point has been made clear several times in the thread, is this something we will just have to wait and see in real time or have I missed the rebuttal?  

Please point me/us to an existing rebuttal (not lazy; it will help other readers too), if any.  If there isn't one, I would like to request those with sufficient knowledge on the subject to rebut.  Trust me, it will be highly appreciated by many of us peasants!  

I think we may not see the true risks in the early stage of Iota's launch, because my understanding is they are using some centralized servers in the ramp up phase. So perhaps the payers delegate their math model to these servers. I haven't studied their code to know.

Wait I will try to locate CfB's first reply to my line of argument on this point and come back here and post a link. Hopefully also my posts today have added further weight and/or clarification of my conceptualization.

Here is a link to CfB's post to start reading from (not sure if it is the only or best one):

https://bitcointalk.org/index.php?topic=1319681.msg13536310#msg13536310

Try reading forward in chronological thread order from that post until at least the following:

https://bitcointalk.org/index.php?topic=1319681.msg13542612#msg13542612

[Come-from-Beyond]

To simulate a total ordering, Iota uses a math model...

Iota doesn't do total ordering. Even more, iotas can be spent before they were acquired. "Total number of iotas can't exceed some constant (1 billion without 10^-9)" - this is the rule Iota nodes stick to. There are some lesser rules used for transaction validation but they are not important in this context.

By using that simple rule Iota protocol gives a lot of freedom, the system can be in any state in points where total supply is not important. This gives a big boost to transaction processing speed.

I see parallels between Iota ledger and a quantum system. The quantum tunneling allows particles to pass through potential barriers => double-spendings can exist at some moment. Iota users "vote" on one particular state of the ledger at some moment making the ledger to "collapse" like a wave function.

PS: I think I'm starting to get your problem. You construct models in classical world, maybe it's a good moment to get your feet wet in the quantum world?

[TPTB_need_war]

CfB's post was nearly a total obfuscation of facts. The key correct phrase is that Iota doesn't do a total ordering. Focus on that and the implications thereof. I am not going to repeat my upthread explanation that the vote will diverge into chaos.

I think we have now shown that one can create a crypto design that is too complicated for n00bs to understand, and thus prevent anyone from explaining to the n00bs why the design is flawed.

Kudos!

The crypto world is starting to reach the stage of insanity.

[TPTB_need_war]

Correct the solution is provider oriented.

I was not aware of anyone else using the term provider. Bitshares has delegates, NuBits has custodians, Lightning has hubs, etc. The problem is that as soon as one reaches any scale, one will come in contact with traditional law, the rest of the financial system, Internet services, etc. No ethical business can allow itself to operate outside the law.

Agreed. I wasn't using that term, but equated what I am doing to be something akin to a provider, but maybe not in the way you defined it below.

In any case, the solution I have employed to deal with the dilemma you stated, is that the control of the PoW is in the hands of the users, not professional miners nor these "providers". So the users can shift their PoW at-will to those "providers" that are not abusing the protocol in any way.

If we assume the users will not do this, then of course why even bother creating anything at all for the users if they won't fight for their own rights. The problem with Satoshi's design is the users can't fight because they don't control the mining.

So at the minimum my design has the decentralized, permissionless attribute sustained for as long as 51% of the user's PoW is willing to move away from any "providers" who are doing malfeasance (assuming users can detect and agree on who is doing malfeasance which is another topic of discussion).

However, I do admit that the masses are apathetic and they can be convinced to use Coinbase and accept the default settings. So that is why it was important to me that my design achieved the ability of the minority to fork away from the majority (when the majority is abusive) and to not be vulnerable to a 51% attack by the majority in terms of censoring transactions.

As I explained to monsterer upthread, it is not possible to objectively prove (with cryptography and math) which chain is the honest one and which one is the dishonest one when there are censored transactions. But it is possible to determine which "providers" (in my design) are denying certain transactions and/or denying to interact properly with other "providers" which are not denying certain transactions. This is determined from the perspective of the user who is trying to send the transaction to the "provider".  Thus user can simply send his transaction (+ PoW share) to the "provider" which doesn't censor him. And so my design naturally anneals to fork away from malfeasance. I was quite pleased with that. It isn't perfect in every respect, but it sure gives us a fighting chance to resist deleterious centralization effects.

Thus even if the apathetic masses are induced to use their PoW shares to attack the minority chain, it won't work. Because there is objectivity that I described in the prior paragraph. That was one of my key epiphanies. They paradigm shift is the objectivity is individually based and thus doesn't require a global objectivity. That will of course create a new partition (a new fork), but each forkh as its own longest chain which users can identify by the providers that are not censored from it (users thus taking the unions of all chains). In other words, users will use the chain that doesn't censor their transactions. So the objectivity is that the attacker's fake transactions aren't used by any one, or that union with the apathetic majority's transactions is not exclusive to the minorities's transactions. For as long as the minority chain is building off the majority chain (i.e. always building off the end of the majority chain and including its transactions), then the attacker can't double-spend in both. The minority chain just adds transactions to the majority chain, thus it doesn't require Partition tolerance thus doesn't violate CAP.

Note however that this minority chain is unprovable to a full node that wasn't online as it was occurring (which was my point to monsterer), but I don't think the minority community will behave totally chaotically like that. Instead they will communicate in forums and agree on some checkpoints for the minority chain (which can be downloaded to user's clients), because socially if there is a sizeable minority that is being harmed they have every incentive to organize and protect their funds from censorship. And they will hold the PoW power to do so. One of the key differences from what I argued upthread to monsterer, is that "providers" aggregate transactions and thus users can reason about malfeasance on less granular basis than every transactions for itself. This enables users to organize around "providers" which are behaving correctly.

Notwithstanding that, there might a way to write checkpoints from the minority chain into the majority chain without the majority chain knowing it until after the fact, assuming the majority chain allows any encrypted data (or encryption can possibly be hidden with steganography). However, that is probably pointless because a 51% control can always rewrite the chain (but that becomes very obvious to the community and is not realistic).

In summary, 51% attacks can't be hidden. As long as the community holds the power in their individual user hands, it is very difficult to foist crap onto the users that they don't want. Humans can fight when they can organize and they hold the power.

Its not quite clear what the goal of a global decentralised cryptocurrency would entail.

I am quite clear on this by now. I have thus have a design for what I want to achieve; which is as stated above.

Bitcoin works great in terms of preventing conflict upfront.

But the centralization and failures come insidiously over time as we are observing (and which I publicly predicted years ago and was labeled as crazy).

It doesn't work great for integrating any traditional relationship. If a user wants to trust a counterparty for certain things he should be able to do so. Providers are based on such a relationship. The solution I've come up for this situation is smart collateral which I will detail in another thread. In brief, its a payment upfront to establish trust, which can be seized on misbehaviour by the counterparty (a bit like an insurance against theft).

If I am understanding correctly what you are alluding to, that won't work. I already analyzed that sort of design. It fails for similar reasons as I have explained that other designs fail, in that it can't arrive at one total ordering of the consensus. No one can trust money that has multifarious orderings, because there is no truth about the money's value. Money has to have global fungibility otherwise it isn't money.

Edit: the one tool that big companies and rich people have is that they choose the jurisdiction they want to operate in. If rich people can choose their laws and poor people can't then this is not a fair system. So the one perfectly viable strategy and legal strategy is to choose a friendly jurisdiction. It is kind of ironic that Bitcoin mining is most profitable in China.

I assert you are working against the direction of entropy as discussed by CoinCube and I upthread (and currently a debate that I need to finish with the professor Jorge when I have time to come back to it).

The world is moving to globalization of commerce and money, not the other direction.

You are incorrect on the point that mining has to be profitable.

The system serves it participants which want some kind of utility out of it, be it a profit or a service. Bitcoin works to the extent it does, because it carefully balances all elements. Game-theory is perhaps the most important tool for analysing these systems. Mining is a competitive race. But its unclear what the economics of Bitcoin should look like without the bootstrap subsidy.

PoS coins are launched without any profitable mining. And some such as Nxt gained significant investment.

But you are moving the goalposts. Now you are not talking about whether unprofitable mining can secure the coin but whether there will be enough adoption and interest to secure the coin. So now you've moved the goal posts to a marketing economics discussion.

If all crypto is going to be is a speculator fuck fest, then it will end up just like pink sheet (shit) stocks do.

We have to enable a widely needed use case for the launch of the coin, or we might as well just admit we are fucking with ourselves same as for Monero and all the shit coins. They are just zero sum game circle-jerk echo chambers. The greater fools will fund those who are extracting the value from the community and it will all die in a heap of broken delusions and bagholders.

[monsterer]

Please don't make me explain this again. Every since we started discussing Iota, you have continued to repeat this same myopia over and over and over and over and over and over again. It is very redundant and it is cluttering the thread with noise. Whoever can't understand this very simple concept by now, isn't likely to ever understand it.

Partial ordering is a weaker requirement than total ordering, making the statement true. It doesn't matter if it is impossible to achieve in practice; I was making a gross simplification to prove a point, but that appears lost on you.

Incorrect. You completely failed to comprehend the explanation I made in my prior post. Try reading it again and again and again until you can comprehend.

Nothing in that post addresses the problem. I'll say it again: If you remove the block reward, you remove the honest miners incentive, along with part of the game theory which makes bitcoin work. What incentive is there in your system to play by the rules for an attacker?

You have shown no such weakness in my current design. Yeah I found flaws in my prior designs. So what. I made it very clear in the past that those designs were still under study and that I was not announcing the details until I was satisfied with my internal review.

Tell me this: how can a recipient know when it is safe to accept a transaction in your design?

I've already shown you why this statement is incorrect. If you'd like me to go into more detail, I will.

No you have not! Damn it, you make me repeat the same explanations over and over and over and over again.

You continue to make the same mistake over and over: rushing to conclusions. There is no concept of time or clocks whatsoever involved in the tree of work idea, only longest chain of work.

[Come-from-Beyond]

CfB's post was nearly a total obfuscation of facts. The key correct phrase is that Iota doesn't do a total ordering. Focus on that and the implications thereof. I am not going to repeat my upthread explanation that the vote will diverge into chaos.

I think we have now shown that one can create a crypto design that is too complicated for n00bs to understand, and thus prevent anyone from explaining to the n00bs why the design is flawed.

Kudos!

The crypto world is starting to reach the stage of insanity.

I can play the same game:
The upthread explanation was a vague set of words that didn't contain other proof than that the author can't think outside the box. 

PS: Those who don't see why ordering is not required at all should read https://en.wikipedia.org/wiki/Superposition_principle.