Now moving on to analyze Stellar as promised in my prior post (before the noise from CfB):
Stellar's SCP consensus algorithm is a complex propagation algorithm (i.e. not a LCR) design to achieve certain properties of Byzantine fault tolerance. This design clearly originates from David Mazières work on the decentralized Kademlia DHT[1].
Although it claims to guarantee "safety" (i.e. will not diverge and it is the first decentralized propagation design that I've seen which can make that guarantee), but it can't guarantee that convergence will ever be obtained and this is due to Sybil attacks on the honest nodes (again we expect this because it consumes no resource as PoW for LCR does). David explains this fact as follows:
SCP can suffer perpetual preemption as discussed in Section 6.3. An open question is
whether, without randomness, a different protocol could guarantee termination assum-
ing bounded communication latency but tolerating Byzantine nodes that continuously
to inject bad messages at exactly the point where timeouts fire. Such a protocol is not
ruled out by the FLP impossibility result [Fischer et al. 1985]. However, the two main
techniques to guarantee termination assuming synchrony do not directly apply in the
FBA model: PBFT [Castro and Liskov 1999] chooses a leader in round-robin fashion,
which is not directly applicable when nodes do not agree on membership. (Possibly
something along the lines of priority in Section 6.1 could be adapted.) The Byzan-
tine Generals protocol [Lamport et al. 1982] relays messages so as to compensate for
ill-behaved nodes saying different things to different honest nodes, an approach that
cannot help when nodes depend on distinct ill-behaved nodes in their slices
What David is saying below ("transient") is that preemption doesn't cause permanent failure and the Sybil attack must be maintained in order to maintain preemption (preventing consensus from forming), but this isn't divergence because no decisions are made at all until the preemption ceases. But again the salient point is that preemption can go on indefinitely, because Sybil attacks have nearly no cost. This is the problem that PoW and LCR solve.
Note David's comment about using latency to force convergence and override preemption is incorrect for the similar reasons that I explained to monsterer about ambiguity around any specific time window. Nodes can't reach consistency about latency because propagation isn't proof.
So David achieved nothing! It is a long white paper of (correct theorems that achieve a result which is) bullshit.
Perpetual preemption is inevitable
in a purely asynchronous, deterministic system that survives node failure [Fischer
et al. 1985]. Fortunately, preemption is transient. It does not indicate node failure, be-
cause the system can recover at any time. Protocols can mitigate the problem through
randomness (if nodes keep choosing random candidate values until enough happen to
pick the same one [Ben-Or 1983; Bracha and Toueg 1985]) or through realistic assump-
tions about message latency [Dwork et al. 1988]. The latter is more practical when one
would like to limit execution time. Of course, only termination and not safety should
depend on message timing.
David is obviously a very smart guy. I am not stating anything that he doesn't already admit above. His design is not entirely without merit as a research exploration, but in terms of a reliable design for consensus in a crypto currency, it seems to be selling junk to speculators. Note the conspicuous disclaimer to protect his reputation:
Disclaimer
Professor Mazières’s contribution to this publication was as a paid consultant, and was
not part of his Stanford University duties or responsibilities.
Interestingly Stellar diverged when it was formely using Ripple's consensus protocol, as
I stated upthread would be the case:
Stellar’s original system was modeled on one developed at the startup Ripple Labs, which is using it to help banks and other financial organizations move money faster (see “50 Smartest Companies 2014: Ripple Labs”).
Last year Stellar’s Ripple-consensus system unexpectedly “forked” into two networks that disagreed on which transactions were valid, and several hours’ worth of transactions got rolled back. Mazières says his new system avoids the part of the design that caused that problem.
And again the solution to Sybil attacks is to use trust. Thus Stellar new SCP consensus protocol is not a trustless design. And trust/reputation always devolves to centralization (do I need to explain why...think about what happens when trust fails, so trust migrates to those who are trusted by others longer/more ... remember we trust our government and we trust our central bank):
The new SCP system also relies on people running software that communicates over the Internet, but trust is not enforced through mining. Instead, each person running the software must identify a few other trusted participants to correctly apply the cryptographic rules used to validate transactions. Each instance of the software will recognize transactions only once a certain majority fraction of its trusted partners have also signed off. And the trust relationships are all public.
Mazières says the math shows that those rules will allow his system to reliably verify transactions much more quickly and with less energy.
Dan Boneh, a Stanford professor who did not work on Mazières’s system but has reviewed it, says that SCP avoids some security limitations of Bitcoin. “The security proposition of Bitcoin is that the people who invested in mining infrastructure can be trusted, but that may not be true,” he says. “Here I can choose for myself who to trust.”
[...]
Emin Gün Sirer, an associate professor at Cornell University, agrees that SCP seems to have advantages over Bitcoin. He says it also seems to resolve what he considers a gap in the Ripple protocol that led to Stellar’s “forking” problem last year. “The protocol looks sound,” says Sirer.
It is, however, theoretically possible for SCP to break down if participants choose trusted partners in such a way that there aren’t enough overlaps to tie the network into one whole—or if an attacker orchestrates that situation, says Sirer. Just how unlikely that is will depend on the actions of the people who adopt SCP. “This is a social thing, not a technical thing,” says Sirer.
Mazières acknowledges that possibility but says it’s unlikely. He imagines that certain large organizations, perhaps banks, will emerge to anchor the SCP network. Still, he acknowledges, “people are always a weak point.”
| [1] | P. Maymounkov and D. Mazieres. Kademlia: A
peer-to-peer information system based on the xor
metric. In Peer-to-Peer Systems, pages 53–65.
Springer, 2002. |
P.S. Come-from-Beyond has been put on Ignore for spamming the thread. Afair, he is only the second or third person I have ever put in my forum Ignore list in my 3 years at this forum. He continued even after he was asked "please" numerous times to stop. Since he can't respect the desire to keep the S/N of the thread high, he must be ignored. If I had moderated the thread, I would be deleting his noise. But since I didn't, then my only recourse is to put him on ignore for his obnoxious and illogical behavior recently.
