DECENTRALIZED crypto currency (including Bitcoin) is a delusion (any solutions?)

[yassin54]

If Iota community doesn't mind we could delay the release for a week to add the inflation...

No problem for me CfB 

[1715064903]

1715064903

[1715064903]

1715064903

[TPTB_need_war]

I don't think so - as long as both parents are provably in the hierarchy at a lower 'height' than each new transaction which gets added, there shouldn't be a problem.

edit: so, new transactions depend on the entire tree below them being present, otherwise it's not possible to determine the ancestor relationship correctly. This is akin to blockchain syncing - you cannot add a block if the parent doesn't exist yet.

another edit: I cannot take credit for this design either, it is someone else's; I am just putting together a description of how it works, which turned into a white paper

Well, with subsidy it's more profitable to keep DAG very wide, wider DAG = less secure DAG. Without reading the whole paper I don't see why miners will behave as you expect them to behave. It's similar to Selfish Mining problem.

My 2 cents...

The simple answer is that without a longest chain rule there is no synchrony in distributed systems, thus there is no possibility that there won't be multiple branches (partitions) that can't converge (due to double-spends). This is also why monsterer's tree design can't function without blocks (and I had explained this to him in the Decentralization thread[1] but he is hard-headed).

Thus no one wants history in their parent chain that can be voided by a double-spend, so the incentive is to maximally broaden the DAG.

(Notwithstanding how could a subsidy even work in a DAG when there are no blocks to win?)

[1]	https://bitcointalk.org/index.php?topic=1319681.msg13530099#msg13530099 https://bitcointalk.org/index.php?topic=1319681.msg13530264#msg13530264 https://bitcointalk.org/index.php?topic=1319681.msg13632887#msg13632887

[brekyrself]

Thoughts on decentralized rate limiting of transactions?

http://bytemaster.github.io/article/2016/02/10/How-to-build-a-decentralized-application-without-fees/

[TPTB_need_war]

Thoughts on decentralized rate limiting of transactions?

http://bytemaster.github.io/article/2016/02/10/How-to-build-a-decentralized-application-without-fees/

It removes degrees-of-freedom for the users (and full nodes as well), whilst I don't think it is necessary to limit transaction volumes at all if one has the correct system design.

The reason Bytemaster (Dan Larimer) is having a problem is because he hasn't yet centralized verification cost.

[monsterer]

Is the ultimate answer to the title of this thread 'yes, its a delusion'?

In a trustless system, it seems that without some centralising force which ensures consensus will converge (either through an incentive based game theory, or through trusted checkpointing), there is no guarantee that it won't diverge.

My question: am I missing something? Is there a trustless way to ensure convergence without a mining incentive?

[David Rabahy]

Is the ultimate answer to the title of this thread 'yes, its a delusion'?

In a trustless system, it seems that without some centralising force which ensures consensus will converge (either through an incentive based game theory, or through trusted checkpointing), there is no guarantee that it won't diverge.

My question: am I missing something? Is there a trustless way to ensure convergence without a mining incentive?

I suppose if you are all by yourself then you should converge instantly all the time unless you are flawed, e.g. schizophrenic.  With two or more independent parties involved, the whole trick is keeping the rift-raft out of your way.  Unless you know/trust each and every other party via a secure/reliable channel convergence might always be questionable.  The real question is, "Can we do business for now with a system that might fail us someday?"  The apparent answer is yes.  On the other hand, this is no reason to stop trying to improve the system.

Weighting the risks of two systems against each other is well worth the effort.  Compare today's modern cash transaction verses a Bitcoin transaction.  Um, hmm, we agree to exchange cash for something.  The provider of the something and the payer agree to the details of transaction, e.g. the something and an amount of cash are exchanged in a public location (for safety).  During the exchange (or even shortly there after; before we part company), an announcement is made that the value of the cash has changed (rare but not unheard of and usually announced in advance but you get the idea); is it just too bad for the provider or payer (depending on the direction of the value change)?  The things that can go wrong vary.  The cash might be flawed.  Etc.  If we want to transact remotely then things get more complicated.  Convergence (or Durability, the "D" in the ACID https://en.wikipedia.org/wiki/ACID properties, is tricky to guarantee.  In Bitcoin, effectively today there are a few levels of durability recognized; when the transaction first is broadcast around the network (is this a little like pulling one's wallet and showing sufficient funds?  no, it's more than that but it's not quite like handing it over either ... weird).  A little later it might show up in a proposed block (which is a lot better but not quite 100% durable yet) -- (is this a little like handing over the cash but it being dropped on the floor or something while being examined for counterfeit?)  If the proposed block is orphaned by another longer chain then we got to see if our transaction is in the usurper and if not then wait -- (is this like someone watching the transaction saying it looks good to me but someone else bombing in and saying wait a minute there's more to the story?)  The provider and payer stand around looking at each other wondering, "Are we ok?  Is anyone else going to come along and wreck our deal with some other news?  When is it safe for them to walk away?  After awhile enough "news"/blocks pile on that it seems pretty unlikely anyone is going to undo the chain and we walk away.  If we're wrong and it is undone even years later then the provider of the something takes the loss.  The payer got the something and paid in good faith.  The onus is on the provider to further secure the value they received, e.g. deposit the cash into a bank for safe keeping (ha!) or exchange it into something else, e.g. other goods/services.  Go buy a piece of land or some precious metal but know that those things aren't necessarily durable forever either.

When aliens arrive with computing power beyond our imagining, they could calculate a replacement chain and wreck everything.  Even without that, someone could be calculating a shadow chain and pop it out to give Bitcoin a very bad day; I know, I know, they can't keep up with the rest of the miners unless they have more hashing power.  Restarting the calculation of a shadow chain each time the shadow gets too far behind and then waiting until you get "lucky" and then popping it out is a problem.  When a transaction leaves the mempool because it appeared in the chain is the moment it becomes vulnerable to durability failing.  The client has to watch forever and retransmit *any* time later if the shadow chain appears and takes over.

Despite all the noise about 6 blocks being somehow enough, there's nothing special in the code for it; https://blockchain.info/charts/n-orphaned-blocks shows a spike of 7 blocks being orphaned.  Even longer chains can be orphaned; what's to stop it?

If a shadow chain pops up that is really long, e.g. 20 blocks, then how will the community respond?  Better hurry, the code took it at face value and is plowing forward.  Change the code to set the maximum length of a orphaned chain at 6 blocks?  When the network is partitioned due to something bad; each side of the partition will be calculating chains and only when the links (hours, days, weeks later) are reestablished can the longest chain be detected.  E.g. China cracks down and physically partitions the network (perhaps due to rising military tensions); if/when they reconnect then one side or the other is going to have the longest chain.  It doesn't even take a big network partition; all it takes is a burst of bad luck; two miners just happen to find long chains independently at the same time.  It does *not* take 10 minutes to find a block.  It can happen in a split second.  Yes, the odds are long of finding six (or any arbitrary number) or more blocks in a chain in a very short amount time but if/when it happens then it will be ugly.

Please explain how Bitcoin avoids this nightmare (besides just hoping to avoid a run of bad luck).

None of this really addresses the possibility of someone exploiting the system maliciously per se.  Does an exploitable hole really exist right now or not?  If so then is anyone actively attempting to exploit it?

[monsterer]

Please explain how Bitcoin avoids this nightmare (besides just hoping to avoid a run of bad luck).

None of this really addresses the possibility of someone exploiting the system maliciously per se.  Does an exploitable hole really exist right now or not?  If so then is anyone actively attempting to exploit it?

Difficulty is the expectation of a random variable (expected number of hashes, in this case).

probability of finding a block = 1 / difficulty

probability of finding N blocks in a row = (1 / difficulty)^N



The above is the fall-off curve for probability given a difficulty of 100. Bitcoin currently enjoys a difficulty of 144,116,447,847 for finding a single block which is some billion times harder.

So the luck would have to be very, very, very bad in order to generate a run of 6 solved blocks in an attack!

[David Rabahy]

*If* it's so unlikely then why in the world do we often/regularly get orphaned chains of more than 1 or 2 blocks?  Orphaning an individual block isn't too hard to see; it doesn't take too much bad luck.  Orphaning 2 blocks; well, some portion of the network was working on each side and we just got unlucky again despite the difficulty being >144,000,000,000 at the moment.  The difficulty is set just right so that on average the blocks will pop out every 10 minutes or so; despite that we do see them found in way less time, e.g. <1 minute, occasionally.

If a burst of blocks are found on different chains then it is just tough for all of those orphaned blocks.

Still convergence (with some amount of pain) comes eventually *if* (and this is crucial) the network isn't partitioned for too long.  A prolonged partitioning will lead directly to multiple Bitcoin chains being formed.  Anyone able to transact on both chains can wreck havoc.  Anyone wanting to avoid being ripped off would have to check both sides (one wonders how they overcame the partition).  If/when the partition is removed then the weaker side will lose out everything they did during the break.

*If* we believe the partition is only going to last for a little while then it is best for the weak side to stop producing blocks until we're back together.  How does one know which side of the partition they are on?  Measure the production of blocks, i.e. hashrate, and compare that to the total amount measured before the partition.  So, don't stop producing blocks, just know that they are going to be thrown away.

*If* we believe the partition is going to last for a long enough time but not forever then pausing the weak side ain't great.  I suppose some sort of conversion to a new coin would have to happen.  Good luck convincing people on your side that you won't be transacting on the other side.  Yuk.

*If* we believe the partition is never going to be undone then the weak side can just keep going.  We would probably want to quickly implement some header version change or something just in case the partition were to be breached.

*If* you don't think a major partitioning event is possible or won't happen then please pass whatever you are altering your mind with over; it must be really good shit.

[monsterer]

*If* you don't think a major partitioning event is possible or won't happen then please pass whatever you are altering your mind with over; it must be really good shit.

They can and have happened in the past: https://bitcoinmagazine.com/articles/bitcoin-network-shaken-by-blockchain-fork-1363144448

That event was catastrophic for the currency. Bitcoin can tolerate small partitions, the larger you go, the more dire the consequences.

[David Rabahy]

The real lesson to learn is the Bitcoin support function is vital.  A healthy prompt response makes all the difference.

[TPTB_need_war]

My question: am I missing something? Is there a trustless way to ensure convergence without a mining incentive?

Yes, users want their transactions to appear in the longest chain. They don't need to trust each other. They trust that Nash equilibrium.

[David Rabahy]

I'm confused (a not uncommon state); *if* mining (as we know it today) gives way to a PoW "transaction fee" then who is putting blocks together?  Apparently *only* those who want transactions to go through into the longest chain.  If I have one lonely transaction then I personally (well, my computer) have to compute a winning block; geesh.  Can't I just broadcast my transaction and let someone else block it into the chain for me?  I'll pay them; why do I have to pay with PoW?  So, for folks with modest/low transaction rates, they team up with each and pay someone with enough iron to get their transactions into the longest chain.  The faster this someone is, the more fee they can command.

I like it; I can choose which service I want.  If a service fails to satisfy then I can move on to another.  Competition for my transactions!

Bitcoin as it stands today, does not facilitate competition for transactions; oh wait, it does.  Hmm.

[monsterer]

My question: am I missing something? Is there a trustless way to ensure convergence without a mining incentive?

Yes, users want their transactions to appear in the longest chain. They don't need to trust each other. They trust that Nash equilibrium.

This is my point. Without a mining incentive, there is no nash equilibrium that I can see; timely confirmation can be the only positive goal, but that is at odds with merging branches (or including partitions).

[CoinHoarder]

I just now read your ridiculous arguments. I guess you've been posting this all around to use against PoS.  

Too bad I gave up in debating you because I was wasting too much time, and now you act like you "won". That is your move though, so I'm not surprised.

Also PoS can't distribute new coins, thus eventually the coin supply shrinks asymptotically to 0.

You are wrong here. There are PoS variants that distribute new coins.

No variants can. And the last time you debated me, I defeated you on every single point. Are we going to have to do it again?

See Bitshares, genius.

Again the point is that with PoS, there is no FAIR or EQUITABLE way to distribute new coins that doesn't mimic the proportionality of the existing stakes, thus this is the same as the divisibility that is already built into the existing coins. No new distribution was achieved, just offsetting inflation.

If you have any other gimick in mind, please cite it specifically, so I can identify the flaw for you. You have been hoodwinked.

The amount of say you get in the company is compared to the amount of stake that you own. Corporations have been thriving on such practices for years now. Executives get nice stock options and benefits and the larger shareholders have more say, yet all stakeholders profit (if it is a well ran business of course.) If that is known before someone invests in a company/cryptocurrency that whoever has more stake will get more say in the company, then it is ridiculous to call it not fair.

You are also assuming that everyone votes in their best interest only and not the company's best interest, which is not always the case. If you go have a look at what each paid witness is doing for Bitshares then it becomes clear it is not the case.

• Larger stakeholders get more (either because they can outvote the smaller ones, or because the smaller ones are somehow convinced the coin will gain more value if they give away their coins).
• Corporations are created, new shares are created, production in this economy makes these shares more valuable, minority shareholders agree to give more shares to those who run or work for the company.

I assume you mean #2, since #1 is idiotic.

But by definition the shares have to be non-fungible with shares of other corporations. So unless you make Bitshares one corporation for every productive venture, then the new shares can't be Bitshares.

So there is the flaw. You can't have one corporation that produces everything for the world. It lacks degrees-of-freedom. It is same as tying yourself to your sister and trying to each go about your daily life tied together.

Dumb shit like this is why I do not respect the Larimer incest.

This argument doesn't even make any sense. Bitshares doesn't need to be fungible with anything but Bitshares, and it can do so without "producing everything for the world".

There is a fair and equitable way to distribute new stake.
Workers: http://cryptofresh.com/workers
Then follow the link for each delegate: http://cryptofresh.com/witnesses

Every dilution source is doing something positive for shareholders. It is fair because they are making Bitshares more valuable, more so than anyone else, and they therefore deserve to be rewarded. Those that shareholders feel provide more value get more BTS.

You are living in a theoretical world in this argument, when instead you should look at it as it exists in reality. The worker proposals and delegates are providing real value to Bitshares with development, marketing, documentation, GUI improvements, etc... it is fair they get the rewards of inflation because they are the ones putting in the work.

You should try analyzing it without your rose tinted glasses.  

I do not think the following is possible in dPoS (I'm not sure about other forms of PoS), because delegates cannot change or set transaction fees by themselves. Transaction fees can only be changed by committee members which are elected by stakeholder vote. Not including a transaction because it doesn't have a certain amount in transaction fees seems silly, because the next honest delegate will do so and the honest delegate will get whatever fees are associated with the transaction. They would basically be giving up free money, putting a big red flag on their witness campaign, and it would be very likely that would get them voted out. Part of the incentive for delegates to stay honest is the future income of blocks produced in the future, although as I stated earlier... even if they are dishonest there is not much they can do other than withhold transactions from blocks (and the transaction would be included in the next block produce by an honest delegate.) The way I understand it, DPoS' main weakness is that all consensus algorithms suffer from.. a 51% attack.

[1] Another scenario is DDoS attack other stake holders when their turn to mine a block, then jack up your transaction fees sky high when its your turn to mine a block.

You forgot my point that the attacker can short the coin. And that delaying transactions is an attack that could cause the share price to crater. Or DDoS attack all the others and then force all transactions on to your block. This is the problem with PoS and DPOS, because the ordering of who will mine is known before the transactions are sent. That is a major flaw compared to PoW.

You fail to admit that the bolded is not possible with DPoS. Also, your "DDOS all other delegates and force transactions into your block" would be hella dumb. Most blocks do not have much $$ worth of transaction fees. The shareholders would quickly figure out something is going on and vote your delegate out. Not to mention locating each delegate node, of which you would need to find and DDOS 100 of them. It would likely cost much more for the DDOS than you would make in transaction fees... you must not know DDOS are expensive attacks.

Further, I doubt a small attack like this can cause the price to crater, and a short/attack to be very profitable. Delegates would simply get up and running on different nodes if you were to somehow attack all of them.

Most of these types of attacks end up much less profitable than simply being an honest delegate. These attacks are also unlikely and easily mitigated and/or not possible (in the case of the bolded). It is funny you are linking to them to make your argument vs PoS. You should have learned by now that you need to analyze each PoS variant separately, genius.  

[monsterer]

Most of these types of attacks end up much less profitable than simply being an honest delegate. These attacks are also unlikely and easily mitigated and/or not possible (in the case of the bolded). It is funny you are linking to them to make your argument vs PoS. You should have learned by now that you need to analyze each PoS variant separately, genius.  

I like Bitshares; it's very innovative, the community is intelligent and friendly... but DPOS itself is a failure - majority control of the network lies under one or two accounts, which are exchange wallet accounts. If these accounts decided they wanted to, they could shut the entire network down. This is not decentralisation.

[TPTB_need_war]

I like Bitshares; it's very innovative, the community is intelligent and friendly... but DPOS itself is a failure - majority control of the network lies under one or two accounts, which are exchange wallet accounts. If these accounts decided they wanted to, they could shut the entire network down. This is not decentralisation.

Yet the Larimars always propose more of the same ill-conceived design philosophies. It appears to be an engrained ideological and philosophical quirk that will be present in any "innovation" they do.

Note CoinHoarder is on my Ignore so I am not wasting more of my time rebutting his nonsense. Past history of our interactions will serve as sufficient evidence of whom is correct.

[brekyrself]

Most of these types of attacks end up much less profitable than simply being an honest delegate. These attacks are also unlikely and easily mitigated and/or not possible (in the case of the bolded). It is funny you are linking to them to make your argument vs PoS. You should have learned by now that you need to analyze each PoS variant separately, genius.  

I like Bitshares; it's very innovative, the community is intelligent and friendly... but DPOS itself is a failure - majority control of the network lies under one or two accounts, which are exchange wallet accounts. If these accounts decided they wanted to, they could shut the entire network down. This is not decentralisation.

If this is true, I have not checked and it may not make sense for them to try and mess with the network.  They would need financial motivation to do so. 

Why would they:
-Create witnesses that will do what negative actions exactly?
-Vote these witnesses in
-Prosper how so?

There is also an interesting thread on their board about the possibilities of keeping BTS on the internal exchange acting as a true share and only having the derivatives such as BitGold on 3rd party exchanges.  This would solve the exchanges voting or not voting problem however other issues do arise.


TPTP_need_war: CoinHoarder does bring up some interesting points about BTS that separates it from the usual POS decentralized debate.  While nothing on this earth is "perfect" it might just be one of the better options currently available.  They also just rolled out the stealth transfer code that will satisfy a lot of users wanting to not broadcast their transaction details.

[TPTB_need_war]

From the very start when I used to debate bytemaster (Daniel Larimar) on BCT in 2013/14 before he left to his own forums, he was proposing for example every HODLer of the coin received an interest payment.

He has always been about financialization and collectivism with some top-down fox sugarcoated in a decentralized deception wrapper. He used to talk about reputation systems I explained they can be Sybil attacked and thus always end up centralized.

I am about user adoption, I mean people who use a currency never for investment.

It is a totally different approach in terms of market demographics and philosophy of focus (and thus design).

Let CoinHoarder dream about his DAOs.

[monsterer]

Why would they:
-Create witnesses that will do what negative actions exactly?
-Vote these witnesses in
-Prosper how so?

1. Short the coin
2. Vote in evil witnesses to halt the network, driving the price to 0
3. Profit.

Nominally, this would have to be a very evil exchange, but this kind of thing can happen for example, if the exchange gets hacked.

[brekyrself]

Why would they:
-Create witnesses that will do what negative actions exactly?
-Vote these witnesses in
-Prosper how so?

1. Short the coin
2. Vote in evil witnesses to halt the network, driving the price to 0
3. Profit.

Nominally, this would have to be a very evil exchange, but this kind of thing can happen for example, if the exchange gets hacked.

Why does temporarily halting the network = drive the price down to 0?  Once it is halted, people could simply take action and vote out the evil witnesses.  While similar to >51% control in PoW the outcome for halting a DPoS network appears much less appealing...