Free transactions, spam, block reward and confirmation times

[Fuserleer]

Maybe I'm missing something, but surely if the POW is too easy to do to account for mobile devices, then the amount of spam in the network will be incredible because its so cheap for some guy with a few PCs to create?

So then your reference to prevent DoS via spam is PCs, but your reference for usability is mobiles and the two don't play together well IMO.

If I wanted to severely disrupt the network, and the POW is low to cater for mobiles, say 250ms per POW on mid-range PCs I can do 4 per second per box.  I can purchase 2nd hand HP blade server boxes with 64CPUs for a couple of grand and be throwing 200-300 tx/s around in no time at $0.50 per hour electricity cost.

So what am I missing in this discussion?

[1715017262]

1715017262

[1715017262]

1715017262

[smooth]

Maybe I'm missing something, but surely if the POW is too easy to do to account for mobile devices, then the amount of spam in the network will be incredible because its so cheap for some guy with a few PCs to create?

So then your reference to prevent DoS via spam is PCs, but your reference for usability is mobiles and the two don't play together well IMO.

If I wanted to severely disrupt the network, and the POW is low to cater for mobiles, say 250ms per POW on mid-range PCs I can do 4 per second per box.  I can purchase 2nd hand HP blade server boxes with 64CPUs for a couple of grand and be throwing 200-300 tx/s around in no time at $0.50 per hour electricity cost.

So what am I missing in this discussion?

I think you're missing nothing and now we are getting to the heart of it.

The distinction between PC and mobile just doesn't matter that much here. You could plug in your mobile and use that to spam the network too, albeit somewhat slower than a PC.

1 second, or 10 seconds or 60 seconds of computing on any devices just doesn't cost that much in terms of electricity. The idea that it will prevent spam is very questionable.

Using your numbers above, why stop at 50c/hour. For $100/hour of electricity you could spam 40k tx/second. How does this stop a motivated attacker at all?

[Fuserleer]

1 second, or 10 seconds or 60 seconds of computing on any devices just doesn't cost that much in terms of electricity. That idea that it will prevent spam is very questionable.

Using your numbers above, why stop at 50c/hour. For $100/hour of electricity you could spam 40k tx/second. How does this stop a motivated attacker at all?

Ahh, I've obviously made the mistake of entering this discussion with the mindset of "how do/would we do it?" as opposed to "is it a good idea?", thus my argument of having to consider mobile device usability.

As a means of just securing against spam, I agree that it is a questionable approach at best!  That and the checkout problem were the reasons I abandoned research into this and similar methods, its too cheap for any attacker to cause disruption.  If you make it expensive for attackers then you affect the mobile users.

[monsterer]

Using your numbers above, why stop at 50c/hour. For $100/hour of electricity you could spam 40k tx/second. How does this stop a motivated attacker at all?

The point must be that PoW has a financial cost associated with it, which can be equivalent to a transaction fee. So, a motivated attacker needs to pay to spam the network; whether the PoW required to be equivalent to, say 0.00001 BTC is vastly outside of the capabilities of a mobile device, or even a PC is the pertinent question.

[smooth]

Using your numbers above, why stop at 50c/hour. For $100/hour of electricity you could spam 40k tx/second. How does this stop a motivated attacker at all?

The point must be that PoW has a financial cost associated with it, which can be equivalent to a transaction fee. So, a motivated attacker needs to pay to spam the network; whether the PoW required to be equivalent to, say 0.00001 BTC is vastly outside of the capabilities of a mobile device, or even a PC is the pertinent question.

0.00001 BTC is about 1/2 cent (which may still be too low to be a useful spam deterrent). An entire battery charge on an iPhone 6 costs about 10 cents 1/10 cent. So I'm pretty sure the answer is no, and given the relatively small performance gap between an iPhone 6 and a PC I pretty sure the answer is no on a PC as well.

EDIT: wrong cost to charge an iPhone 6

[Fuserleer]

Using your numbers above, why stop at 50c/hour. For $100/hour of electricity you could spam 40k tx/second. How does this stop a motivated attacker at all?

The point must be that PoW has a financial cost associated with it, which can be equivalent to a transaction fee. So, a motivated attacker needs to pay to spam the network; whether the PoW required to be equivalent to, say 0.00001 BTC is vastly outside of the capabilities of a mobile device, or even a PC is the pertinent question.

Well BTC is ~$390 right now, so 0.00001 BTC is 0.39 cents.   A modern mid-range CPU consumes what? 100w or so flat out.  Therefore if you are lucky that 1kw/h of electricity costs you $0.10, its 1 cent to run that CPU for an hour.  To have a POW that cost 0.00001 BTC would require that CPU to run flat out for 23.4 minutes.

The critical difference is though, is that fees in Bitcoin are not part of the security model, so you can't really compare the two models anyway.

Edit: as smooth says, very high end phones will be closer to a mid-range PC.  On mid -> low end phones, you'd have to run it for hours to create a POW that is equivalent to a PC in 23 minutes

[smooth]

The critical difference is though, that is that fees in Bitcoin are not part of the security model, so you can't really compare the two models anyway.

Fees are part of the security model against spamming. Well fees and the block size which forces fees up if blocks fill up.

[monsterer]

Well BTC is ~$390 right now, so 0.00001 BTC is 0.39 cents.   A modern mid-range CPU consumes what? 100w or so flat out.  Therefore if you are lucky that 1kw/h of electricity costs you $0.10, its 1 cent to run that CPU for an hour.  To have a POW that cost 0.00001 BTC would require that CPU to run flat out for 23.4 minutes.

The critical difference is though, that is that fees in Bitcoin are not part of the security model, so you can't really compare the two models anyway.

Edit: as smooth says, very high end phones will be closer to a mid-range PC.  On mid -> low end phones, you'd have to run it for hours to create a POW that is equivalent to a PC in 23 minutes

That's interesting. So, sending a PoW with a transaction is *not* an equivalent spam deterrent to bitcoin's transaction fee, in terms of cost at least.

Note, this is not directly related to the security model, though - if I am waiting for a transaction to confirm, I just wait for some amount of PoW to go  by; if that PoW is easy to generate, it gets generated more quickly than it would have otherwise, leading to a fairly consistent confirmation wait in real time whatever the difficulty.

[Fuserleer]

The critical difference is though, that is that fees in Bitcoin are not part of the security model, so you can't really compare the two models anyway.

Fees are part of the security model against spamming. Well fees and the block size which forces fees up if blocks fill up.

Projects like Iota though use POW as "fees" and as part of the overall security, which is where I'm guessing the question in this thread was spawned from...hence that statement.

Clarification though is probably a good thing here

[Fuserleer]

Well BTC is ~$390 right now, so 0.00001 BTC is 0.39 cents.   A modern mid-range CPU consumes what? 100w or so flat out.  Therefore if you are lucky that 1kw/h of electricity costs you $0.10, its 1 cent to run that CPU for an hour.  To have a POW that cost 0.00001 BTC would require that CPU to run flat out for 23.4 minutes.

The critical difference is though, that is that fees in Bitcoin are not part of the security model, so you can't really compare the two models anyway.

Edit: as smooth says, very high end phones will be closer to a mid-range PC.  On mid -> low end phones, you'd have to run it for hours to create a POW that is equivalent to a PC in 23 minutes

That's interesting. So, sending a PoW with a transaction is *not* an equivalent spam deterrent to bitcoin's transaction fee, in terms of cost at least.

Its nowhere near enough IMO, Iota will have a lot of spam!

IoT supporting cryptos will have some serious issues to solve, as the cost of a transaction needs to be cheap, but the cheaper it gets the more open you are to spam.  

Its almost paradoxical, supporting IoT devices requires minimal work and fees requirements, which enables spam that you'll certainly get, so these IoT devices have to do more work to keep up!

If you want to mitigate the work that they have to do due to spam, perhaps by offloading the work of staying in sync to a 3rd party, then you are starting to centralize.

[Come-from-Beyond]

Iota will be the first coin to have free transactions (that I know of). This discussion is not specifically about Iota, but relates to all coin's with 0 transaction fees and no block reward.

They prevent spam by requiring a Proof of Work (PoW) with each transaction. But, how will they set the difficulty of the PoW such that it actually prevents spam, but doesn't cause mobile devices to drain their battery?

If they set it to (for example) 1ms worth of generation, then a spammer can send 1000 spam transactions per second, which is clearly unacceptable. If they set it to 250ms, a spammer can only manage 4 spam transactions per second, but does this have a big negative impact on battery life for mobile devices?

In addition, a block reward provides a useful metric for when a transaction is safe to spend; in bitcoin, I need wait only 1 block to accept up to 25 BTC sent to me because any rational double spend attack is unprofitable up to that amount, since the attacking miner might as well take the block reward instead. However, in a PoW coin with no block reward and no fees what can we use as a similar metric for when to accept a transaction?

I see 5 solutions to your problem:

1. Send a transaction without PoW and let the beneficiary (e.g. a merchant) to do the work.
2. In a connected world you can use your desktop remotely to make it generate the PoW.
3. There are GPS modules, WiFi modules, why not have PoW modules which make PoW generation very efficient energy-wise?
4. Pay to a miner to do PoW for you (just like Bitcoin would do it without the 25 BTC subsidy).
5. Cooperate with other devices around for pooled "mining".

[monsterer]

I see 5 solutions to your problem:

1. Send a transaction without PoW and let the beneficiary (e.g. a merchant) to do the work.
2. In a connected world you can use your desktop remotely to make it generate the PoW.
3. There are GPS modules, WiFi modules, why not have PoW modules which make PoW generation very efficient energy-wise?
4. Pay to a miner to do PoW for you (just like Bitcoin would do it without the 25 BTC subsidy).
5. Cooperate with other devices around for pooled "mining".

Surely these can only be feasible solutions outside of the tangle itself? Otherwise a spammer has literally no obstacle at all to placing transactions in the tangle, if say (1) implied the transaction was sent via the tangle to the merchant.

edit: apart from (4), which suggests that a fee is necessary somehow - but how to IoT devices pay a fee?

[Come-from-Beyond]

Surely these can only be feasible solutions outside of the tangle itself? Otherwise a spammer has literally no obstacle at all to placing transactions in the tangle, if say (1) implied the transaction was sent via the tangle to the merchant.

edit: apart from (4), which suggests that a fee is necessary somehow - but how to IoT devices pay a fee?

In (4) a transaction can have 2 outputs - to a beneficiary and to a miner.
Jinn team works on (3).