monsterer (OP)
Legendary
Offline
Activity: 1008
Merit: 1007
|
|
March 09, 2016, 11:28:59 AM |
|
A consensus design which doesn't offer a mining reward is attractive in theory, because it prevents the system from centralising due to the compounding profits of the best miners. In a consensus design utilising PoW with no mining reward (neither block reward nor fees) - is the incentive for timely confirmation enough to guarantee convergence of the system as a whole? Is timely confirmation even well defined in a system with no competition to mine? The timely confirmation incentive is supposed to encourage the system to converge by having its participants build off the block/transaction with the best score - the idea being that if everybody does this, the chain selection rule will select in favour of them and their transactions will be confirmed more quickly than if they chose any other location to build their blocks. This is all well and good except for the adversary problem. With no competition to mine, the maximum network hashing rate will be impossible to measure, since although transactions may be incoming at a high rate in a mature currency (and assuming a PoW must be submitted with the transaction) , this rate could still be vastly below that of even just one ASIC* such that any adversary looking to double spend would find the task relatively easy. This also brings into question the entire way in which transaction acceptability can be bounded. In bitcoin the adversary's hashing power relative to the network as a whole is considered, yielding a probability of the best block being reversed, yet with no competition to mine, the maximum hashing rate of the network as a whole cannot be measured since adversaries have nothing to gain by participating in the network's nominal operations, instead they might chose to lie in wait. Thoughts? *) AntMiner S5+ rated at 7,722,000Mh/s, compared to Xeon Phi 5100 rated at 140Mh/s is 55,000 times faster https://en.bitcoin.it/wiki/Mining_hardware_comparisonhttps://en.bitcoin.it/wiki/Non-specialized_hardware_comparison
|
|
|
|
amaclin
Legendary
Offline
Activity: 1260
Merit: 1019
|
|
March 09, 2016, 11:55:54 AM |
|
In a consensus design utilising PoW with no mining reward (neither block reward nor fees) - is the incentive for timely confirmation enough to guarantee convergence of the system as a whole? If you pay nothing do not spend energy for security - you do not have the security. Point. If users is consensus have a choice - to mine or not to mine some of them will not spend their resources for community. https://en.wikipedia.org/wiki/Tragedy_of_the_commons
|
|
|
|
monsterer (OP)
Legendary
Offline
Activity: 1008
Merit: 1007
|
|
March 10, 2016, 08:20:44 AM |
|
If you pay nothing do not spend energy for security - you do not have the security. Point. If users is consensus have a choice - to mine or not to mine some of them will not spend their resources for community. https://en.wikipedia.org/wiki/Tragedy_of_the_commonsBut, if users have to mine in order to send transactions, energy will be getting spent. If you changed the PoW algorithm to some new variety you could mitigate the problem for a while at least.
|
|
|
|
amaclin
Legendary
Offline
Activity: 1260
Merit: 1019
|
|
March 10, 2016, 08:22:56 AM |
|
But, if users have to mine in order to send transactions, energy will be getting spent. The security of such network is too low. (Because of low cost of breaking it)
|
|
|
|
|
CIYAM
Legendary
Offline
Activity: 1890
Merit: 1086
Ian Knowles - CIYAM Lead Developer
|
|
March 11, 2016, 02:45:58 PM Last edit: March 11, 2016, 02:58:36 PM by CIYAM |
|
I'll chime in before @TBTB comes in and tells everyone that they are stupid and only he knows the answer to everything (at that point I'll quit watching this topic as I've done with every other topic he has ruined - and he ruins every topic he posts in basically).
The relationship between "reward" and "minting" could be made less "one-to-one" but more statistically probable if you mint more blocks (thus providing an incentive to mint but not even needing to be POW).
You need ways to discern "winners" if you aren't using POW as the only measurement (although I think some amount of POW is going to always be required to help prevent the NAS attack issue which I've discovered can even occur "by accident" when using different approaches).
This is a key part of the CIYAM blockchain design (which I am not going to discuss here, however, unlike some others it isn't some silly conjecture or "academic breast beating" but already published open source code which it seems @TBTB is actually unable to understand which rather pleases me).
As a simplistic idea imagine that a block reward only occurs every X blocks but is more likely to favour the minter that has produced as many of those X blocks as possible (and also imagine that rules prevent them from being able to produce all of the blocks).
|
|
|
|
watashi-kokoto
|
|
March 11, 2016, 05:29:40 PM |
|
I won't be wasting even a second of my time thinking about consensus systems without proof of work or without reward.
It's the job of various snake oil sellers, they can implement their paxos or raft and create tokens fiat-style from thin air.
We should discuss how to operate one strong proof of work bitcoin and another strong yet temporary to the moon shitcoin.
The shitcoin 's value after initial pump needs to decrease. This stimulates spending and economic activity.
But to solve the double spend problem, the shitcoin needs to be reorganization-resistant. This is difficult to archieve with tiny hashrate. People can hop around from shitcoin to shitcoin and damage the difficulty. This is a problem I really care about.
|
|
|
|
CIYAM
Legendary
Offline
Activity: 1890
Merit: 1086
Ian Knowles - CIYAM Lead Developer
|
|
March 11, 2016, 05:37:31 PM |
|
I won't be wasting even a second of my time thinking about consensus systems without proof of work or without reward.
It's very good to be skeptical - and as I stated I think at least "some POW" is essential to prevent the NAS attacks (and you need other ways to prevent large re-orgs as well obviously). Whether mining rewards are necessary I think is debatable (as I illustrated you could fairly simply reduce those by not having every block produce a reward although that doesn't necessarily mean that you could reduce said rewards to zero).
|
|
|
|
|
monsterer (OP)
Legendary
Offline
Activity: 1008
Merit: 1007
|
|
March 13, 2016, 07:02:38 PM |
|
As a simplistic idea imagine that a block reward only occurs every X blocks but is more likely to favour the minter that has produced as many of those X blocks as possible (and also imagine that rules prevent them from being able to produce all of the blocks).
Some observations and questions: 1. You need some way to enforce the rule which prevents minters from minting every block. In PoW/PoS this would be: probability of mint = hashing power(stake) / total hashing power(total stake) 2. What benefit is there to only rewarding every X blocks, instead of rewarding reward/X every block?
|
|
|
|
CIYAM
Legendary
Offline
Activity: 1890
Merit: 1086
Ian Knowles - CIYAM Lead Developer
|
|
March 14, 2016, 02:14:27 AM |
|
1. You need some way to enforce the rule which prevents minters from minting every block. In PoW/PoS this would be:
Indeed - the approach that CIYAM uses is known as a "hash chain" (which functions like a PRNG meaning that the next best choice of minter is random). 2. What benefit is there to only rewarding every X blocks, instead of rewarding reward/X every block?
The question is whether there needs to be any "reward" at all (assuming that you don't require increasing costs of hardware and electricity in order to run a full node).
|
|
|
|
monsterer (OP)
Legendary
Offline
Activity: 1008
Merit: 1007
|
|
March 14, 2016, 09:15:53 AM |
|
Indeed - the approach that CIYAM uses is known as a "hash chain" (which functions like a PRNG meaning that the next best choice of minter is random).
Without some external source of entropy, why can't participants just preimage the PRNG to know when to mint so they always win when they do? The question is whether there needs to be any "reward" at all (assuming that you don't require increasing costs of hardware and electricity in order to run a full node).
As I see it, unless there is a trust based model like PoS, rational participants do not act in the benefit of the chain as a whole because the timely confirmation incentive is ill defined in a system with no rewards.
|
|
|
|
TPTB_need_war
|
|
March 14, 2016, 09:23:12 AM |
|
The question is whether there needs to be any "reward" at all (assuming that you don't require increasing costs of hardware and electricity in order to run a full node).
As I see it, unless there is a trust based model like PoS, rational participants do not act in the benefit of the chain as a whole because the timely confirmation incentive is ill defined in a system with no rewards. What I believe monsterer is describing is that no miner has incentive to mine as quickly as possible onto the longest chain if they are not risking income by not doing so. I am of course aware of this. I will not comment about my design to which monsterer is referring to in the OP, until he properly credits me for being the one who proposed such a design. I will not reward plagiarists who don't cite the prior art. Theft is not a paradigm for success.
|
|
|
|
CIYAM
Legendary
Offline
Activity: 1890
Merit: 1086
Ian Knowles - CIYAM Lead Developer
|
|
March 14, 2016, 09:40:43 AM |
|
Without some external source of entropy, why can't participants just preimage the PRNG to know when to mint so they always win when they do?
They do of course know when they should mint and will always "win" assuming that they do (only one random minter can realistically be the "best one" for each new block although in my implementation there is a small chance of "collision"). The question of incentive becomes more of an issue should the best minter not mint and then no-one else wants to (although I think in reality this wouldn't occur unless the platform had been basically abandoned). Perhaps you are thinking this approach has a Sybil problem but as account creation is strictly controlled (by a much harder proof of work that has to repeatedly occur at a regular interval) then it becomes increasingly more difficult to create Sybils (so POW is being used to prevent Sybils but accounts are being used so that intensive POW is only needed infrequently).
|
|
|
|
monsterer (OP)
Legendary
Offline
Activity: 1008
Merit: 1007
|
|
March 14, 2016, 09:56:49 AM |
|
The question of incentive becomes more of an issue should the best minter not mint and then no-one else wants to (although I think in reality this wouldn't occur unless the platform had been basically abandoned).
Perhaps you are thinking this approach has a Sybil problem but as account creation is strictly controlled (by a much harder proof of work that has to repeatedly occur at a regular interval) then it becomes increasingly more difficult to create Sybils (so POW is being used to prevent Sybils but accounts are being used so that intensive POW is only needed infrequently).
I imagined something similar sounding recently: 1. 'Identities' were generated by miners in a similar way to how blocks are mined in bitcoin, with increasing difficulty etc 2. These identities can then be used to mint blocks 3. The influence of a particular identity would be proportional to the 'difficulty' when the identity was created originally https://bitcointalk.org/index.php?topic=1295981.msg13300342#msg13300342I concluded that this system has a similar security model to plain PoS, since identities never get 'consumed' like they would in a PoW chain. I'm not sure if this is similar to your design?
|
|
|
|
CIYAM
Legendary
Offline
Activity: 1890
Merit: 1086
Ian Knowles - CIYAM Lead Developer
|
|
March 14, 2016, 10:09:43 AM |
|
I concluded that this system has a similar security model to plain PoS, since identities never get 'consumed' like they would in a PoW chain. I'm not sure if this is similar to your design?
Although the design has not yet been completed (it's about half-way there) what I have envisioned doing with regards to accounts is to have a regular need to provide a difficult (and memory exhaustive) POW so that you can't create Sybils without incurring more and more POW. This also means that new accounts can only be created at this same time which you could think of as being like a regular "meeting" of all those wanting to continue to mint blocks (if you fail to provide POW at this time then you'd lose the right to mint until the next such meeting is held). Note that these meetings are not like a real meeting but perhaps are just txs that need to be included using information only revealed after block X that must be included with the POW in block X+n (where at a minimum n would be 1 but more like >10 as the POW would be difficult). Most likely the system will also support accounts that don't get to mint at all (so they don't have to provide the difficult POW although they might be required to provide at least some POW to minimise that as a potential attack vector).
|
|
|
|
spartacusrex
|
|
March 14, 2016, 10:13:52 AM |
|
The question is whether there needs to be any "reward" at all (assuming that you don't require increasing costs of hardware and electricity in order to run a full node).
As I see it, unless there is a trust based model like PoS, rational participants do not act in the benefit of the chain as a whole because the timely confirmation incentive is ill defined in a system with no rewards. What I believe monsterer is describing is that no miner has incentive to mine as quickly as possible onto the longest chain if they are not risking income by not doing so. I am of course aware of this. I will not comment about my design to which monsterer is referring to in the OP, until he properly credits me for being the one who proposed such a design. I will not reward plagiarists who don't cite the prior art. Theft is not a paradigm for success. Eh.. !? You're such a dickhead TPTB.. 'moments of clarity drowning in an ocean of arrogant shit..' - That's you that is. .. @monsterer - LOVING your in-depth attacks/analysis of POS frameworks, and your study of this new DAGcoin/IOTA direction for POW chains. Keep it up!
|
Life is Code.
|
|
|
monsterer (OP)
Legendary
Offline
Activity: 1008
Merit: 1007
|
|
March 14, 2016, 10:16:09 AM |
|
I concluded that this system has a similar security model to plain PoS, since identities never get 'consumed' like they would in a PoW chain. I'm not sure if this is similar to your design?
Although the design has not yet been completed (it's about half-way there) what I have envisioned doing with regards to accounts is to have a regular need to provide a difficult (and memory exhaustive) POW so that you can't create Sybils without incurring more and more POW. In my design, this was also true, but I realised it was exactly equivalent to buying stake in a PoS system; once you have your identity, you have a constant probability of producing a block, therefore a constant cost for attempting a double spend. I was looking to design a system with equivalent security to a PoW chain but with improved confirmation times, so I stopped exploring at that point.
|
|
|
|
CIYAM
Legendary
Offline
Activity: 1890
Merit: 1086
Ian Knowles - CIYAM Lead Developer
|
|
March 14, 2016, 10:21:47 AM |
|
In my design, this was also true, but I realised it was exactly equivalent to buying stake in a PoS system; once you have your identity, you have a constant probability of producing a block, therefore a constant cost for attempting a double spend.
I was looking to design a system with equivalent security to a PoW chain but with improved confirmation times, so I stopped exploring at that point.
Maybe I didn't explain myself well enough - to create a new account requires POW but to maintain an existing account also requires POW (and this has to be done at the same time). The big difference with the approach to the normal POW approach is that the difficult work is not needed at every block (and nor can new accounts be created at every block). This does provide an equivalent security in that the expense to mount a Sybil attack (in terms of POW) grows with every new account you add (so you'd need a lot of computing power to gain the majority of currently minting accounts). If you look at the ideas of "weak blocks" (which are very likely to be added to Bitcoin next year) then you'll see that the approach I am taking is a bit more like that. The confirmation times are sped up by the fact that most blocks only require low POW (and the minters can be preparing their difficult POW between the block where the information is sourced from and the block their POW tx needs to appear by).
|
|
|
|
monsterer (OP)
Legendary
Offline
Activity: 1008
Merit: 1007
|
|
March 14, 2016, 10:31:36 AM |
|
The confirmation times are sped up by the fact that most blocks only require low POW (and the minters can be preparing their difficult POW between the block where the information is sourced from and the block their POW tx needs to appear by).
Understood. Presumably you're compensating the miners for their difficulty PoW, though?
|
|
|
|
|