Bitcoin Forum
February 16, 2019, 02:33:08 AM *
News: Latest Bitcoin Core release: 0.17.1 [Torrent]
 
   Home   Help Search Login Register More  
Pages: « 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 [42] 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 »
  Print  
Author Topic: MC2: A cryptocurrency based on a hybrid PoW/PoS system  (Read 194365 times)
digicoin
Legendary
*
Offline Offline

Activity: 1106
Merit: 1000



View Profile
July 19, 2013, 11:21:14 AM
 #821

so I just want to make sure everyone understands exactly what's going to go on so nobody (or close to) feels unhappy with the process!

Or others who want to be a contributor know exactly what they can contribute in the project.

Thanks for your update
1550284388
Hero Member
*
Offline Offline

Posts: 1550284388

View Profile Personal Message (Offline)

Ignore
1550284388
Reply with quote  #2

1550284388
Report to moderator
Your Bitcoin transactions
The Ultimate Bitcoin mixer
made truly anonymous.
with an advanced technology.
Mix coins
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1550284388
Hero Member
*
Offline Offline

Posts: 1550284388

View Profile Personal Message (Offline)

Ignore
1550284388
Reply with quote  #2

1550284388
Report to moderator
1550284388
Hero Member
*
Offline Offline

Posts: 1550284388

View Profile Personal Message (Offline)

Ignore
1550284388
Reply with quote  #2

1550284388
Report to moderator
1550284388
Hero Member
*
Offline Offline

Posts: 1550284388

View Profile Personal Message (Offline)

Ignore
1550284388
Reply with quote  #2

1550284388
Report to moderator
Luckybit
Hero Member
*****
Offline Offline

Activity: 714
Merit: 500



View Profile
July 20, 2013, 09:12:19 AM
 #822

Yup, if you have any ideas, please document it in the wiki.

Lucky, you had some great ideas, and I would love to see your thoughts shared there.

I'll write some of my proposals as well.

Where on the Wiki would I put my ideas and which ideas?

The PayPal-Like organization seems like it could be based on the idea I mentioned about a mining/investor syndicate but I would never call it PayPal like. I'll contribute but I would need more information on what they are going to adopt.

I suppose any idea I had I could put it under Hypothetical Features.
_ingsoc
Sr. Member
****
Offline Offline

Activity: 452
Merit: 250



View Profile WWW
July 20, 2013, 09:32:23 AM
 #823

Where on the Wiki would I put my ideas and which ideas?

The PayPal-Like organization seems like it could be based on the idea I mentioned about a mining/investor syndicate but I would never call it PayPal like. I'll contribute but I would need more information on what they are going to adopt.

I suppose any idea I had I could put it under Hypothetical Features.
As long as you put it in a page, we can always move it around as you refine your ideas. Adoption of ideas that change the details within tacotime's specifications at this point is problematic because we want to try and move development forward as soon as he finishes the paper. Anything is worth putting up, and of course, if it's something that can be done without changing the underlying features of the coin that can be organised independently of the coin itself. Throw it up on the wiki and we can have a look!

Luckybit
Hero Member
*****
Offline Offline

Activity: 714
Merit: 500



View Profile
July 20, 2013, 10:15:59 AM
 #824

Where on the Wiki would I put my ideas and which ideas?

The PayPal-Like organization seems like it could be based on the idea I mentioned about a mining/investor syndicate but I would never call it PayPal like. I'll contribute but I would need more information on what they are going to adopt.

I suppose any idea I had I could put it under Hypothetical Features.
As long as you put it in a page, we can always move it around as you refine your ideas. Adoption of ideas that change the details within tacotime's specifications at this point is problematic because we want to try and move development forward as soon as he finishes the paper. Anything is worth putting up, and of course, if it's something that can be done without changing the underlying features of the coin that can be organised independently of the coin itself. Throw it up on the wiki and we can have a look!

Okay I'll put my idea in the place of Paypal-like Profit-Oriented Decentralized Organization Supported by Blockchain

I cannot say for certain that title is based on my idea but I'm assuming it is because I'm the person who proposed something like it. If it is someone elses idea then I apologize in advance.
bybitcoin
Hero Member
*****
Offline Offline

Activity: 672
Merit: 500



View Profile
July 20, 2013, 06:54:08 PM
 #825

I am also in, please keep us informed  Smiley
Impaler
Sr. Member
****
Offline Offline

Activity: 588
Merit: 250

trade-mate.io


View Profile
July 22, 2013, 05:17:42 AM
 #826

Tacotime:  I think I may have thought of an exploit to the hash rotation system.  In your paper you describe the hash of the last 8 blocks being being modulus to derive the hash type of the next block.  The chance for each hash type to be selected will be quite equal if all block are submitted to the network, but if an attacker is willing to check the blocks they mine for what hash they will allow next and continues working on resolving the block until they get a solution that will allow repetition of the same algorithm.  It is thus a simple matter of performing on average X times more hashing (where X is the number of hash types selected amongst by modulus) to create a block-chain that is composed of only one hash algorithm.  As your planning to mix SHA and Scrypt it seems a fairly trivial process for the existing ASIC's to attempt to monopolize the chain in this way, and indeed they all have an economic incentive to due so and no direct collaboration is necessary as it would be the optimum strategy.

The number of prior blocks that are hashed together to create the hash that's modulus will be used is not material in preventing this kind of attack, as the changing of just 1 small part of a hash input will radically change the result and the modulus then gives a perfectly proportional distribution of all the hash options.  It is effectively no more secure then hashing each block to determine the next hash, the only defense is to increase the number of hash types used or to mandate a rotation of hashes by modulus of the block height.

⚫ ⚫ ⚫Make even more profit on crypto trading with secure automatic trading https://trade-mate.io⚫ ⚫ ⚫
tacotime
Legendary
*
Offline Offline

Activity: 1484
Merit: 1000



View Profile
July 22, 2013, 05:33:09 AM
 #827

Tacotime:  I think I may have thought of an exploit to the hash rotation system.  In your paper you describe the hash of the last 8 blocks being being modulus to derive the hash type of the next block.  The chance for each hash type to be selected will be quite equal if all block are submitted to the network, but if an attacker is willing to check the blocks they mine for what hash they will allow next and continues working on resolving the block until they get a solution that will allow repetition of the same algorithm.  It is thus a simple matter of performing on average X times more hashing (where X is the number of hash types selected amongst by modulus) to create a block-chain that is composed of only one hash algorithm.  As your planning to mix SHA and Scrypt it seems a fairly trivial process for the existing ASIC's to attempt to monopolize the chain in this way, and indeed they all have an economic incentive to due so and no direct collaboration is necessary as it would be the optimum strategy.

The number of prior blocks that are hashed together to create the hash that's modulus will be used is not material in preventing this kind of attack, as the changing of just 1 small part of a hash input will radically change the result and the modulus then gives a perfectly proportional distribution of all the hash options.  It is effectively no more secure then hashing each block to determine the next hash, the only defense is to increase the number of hash types used or to mandate a rotation of hashes by modulus of the block height.

I've been aware of such an attack, but keep in mind your following statement:
Quote
but if an attacker is willing to check the blocks they mine for what hash they will allow next and continues working on resolving the block until they get a solution that will allow repetition of the same algorithm.

The attacker must now lose block rewards in order to manipulate the blockchain, which seems very unlikely (but possible).  This is actually why the last 256 bits of the block header hash are chosen for use as an in chain entropy source, because manipulation would require a vast amount of resources and additionally the discarding of block rewards.

Additionally, all 8 hash types must be used at least once per cycle of 8 blocks -- the best you could hope to achieve would be to sort them in a way that appeals to you.  Alternatively, you could just arrange all 8 hashing algorithms in the same order and avoid randomization.  Correspondingly, all 8 difficulty ranges of N must also be in place; the best an attacker could achieve is the minimum N values for each range eg 512, 768, etc.

Quote
The number of prior blocks that are hashed together to create the hash that's modulus will be used is not material in preventing this kind of attack, as the changing of just 1 small part of a hash input will radically change the result and the modulus then gives a perfectly proportional distribution of all the hash options.  It is effectively no more secure then hashing each block to determine the next hash, the only defense is to increase the number of hash types used or to mandate a rotation of hashes by modulus of the block height.
This is why in the wiki there are bits taken from a very large number of block header hashes for ticket generation/lottery hash selection.  This will be addressed in the next edition of the paper.

Code:
XMR: 44GBHzv6ZyQdJkjqZje6KLZ3xSyN1hBSFAnLP6EAqJtCRVzMzZmeXTC2AHKDS9aEDTRKmo6a6o9r9j86pYfhCWDkKjbtcns
Impaler
Sr. Member
****
Offline Offline

Activity: 588
Merit: 250

trade-mate.io


View Profile
July 22, 2013, 07:37:53 AM
 #828

But the number of inputs for the 'hash lottery' is irrelevant if the most recent block is at all an input towards that hash as the attacker will have full control of the result by repeatedly trying different last block solutions until they get the desired result.  The entire block history back to the genesis block could be hashed and it wouldn't mean a thing.

I think it very likely that a specialized piece of hardware like an ASIC would adopt this strategy.  If they submit their first valid block found to the chain then they have a 1/8 chance of being able to mine the next block and a mean wait time of 7 blocks until the lottery once again allows them to mine.  During that time they will be cut out of all mining and their machine will be idle.  So it makes sense to employ that time and hashing power to attempt to take more then 1/8th of all blocks even if it is by continuing to work on creating an reorganization around your own submitted blocks.

Once ASICs can produce blocks 8 times faster then the remaining network average they will by simple Nash equilibrium start to take most blocks without collusion but rather a simple desire to utilize their otherwise unusable hardware and hash potential.  And this is to speak nothing of a malicious attack which are typically willing to lose some money in the process.

I do not understand your point about all 8 hashes needing to be used in each group of 8 blocks, I see nothing in your protocol that enforces this and if that's the case why use a complex lottery and not a simple fixed rotation based on the block height modulus, this has the virtue of both being simple, guaranteeing an equal proportion and allows for absolutely no attack on that part of the coin.

⚫ ⚫ ⚫Make even more profit on crypto trading with secure automatic trading https://trade-mate.io⚫ ⚫ ⚫
Impaler
Sr. Member
****
Offline Offline

Activity: 588
Merit: 250

trade-mate.io


View Profile
July 22, 2013, 07:44:22 AM
 #829

In a related note, how is longest chain resolved when different hashes are used?  Say I have two competing forks with the same number of blocks but different block algorithms, which one is longest?  My understanding in BTC is that difficulty and extra nonce can break all ties, a chain at low difficulty that contains more blocks can still be considered shorter if the cumulative hashing necessary to make it is less then another chain, thus the highest 'work' chain is always considered longest.  If different algorithms are being employed then the ability to cross compare difficulties and work become much harder.

⚫ ⚫ ⚫Make even more profit on crypto trading with secure automatic trading https://trade-mate.io⚫ ⚫ ⚫
tacotime
Legendary
*
Offline Offline

Activity: 1484
Merit: 1000



View Profile
July 22, 2013, 02:30:45 PM
Last edit: July 22, 2013, 02:44:47 PM by tacotime
 #830

But the number of inputs for the 'hash lottery' is irrelevant if the most recent block is at all an input towards that hash as the attacker will have full control of the result by repeatedly trying different last block solutions until they get the desired result.  The entire block history back to the genesis block could be hashed and it wouldn't mean a thing.
If you only use a single bit from each of these blocks, there are only two possible hashes arising from manipulating the current block.  Please see: http://www.netcoin.io/wiki/Netcoin_Proof-of-Stake_Voting_for_Proof-of-Work_Blocks

That means that the person attacking needs to manipulate all 1024 blocks before this to select their own lottery winner hash.  The end result is only a problem 2^16 possibilities, so there may be room for manipulation there if it can be reduced, however at minimum you would need to manipulate the last 16 blocks to perfectly achieve manipulation I would guess.

Perhaps the best case would be to just pull 16-bits from the block header of 16 of the last 65526 blocks and then generate the ticket numbers.

Quote
I think it very likely that a specialized piece of hardware like an ASIC would adopt this strategy.  If they submit their first valid block found to the chain then they have a 1/8 chance of being able to mine the next block and a mean wait time of 7 blocks until the lottery once again allows them to mine.  During that time they will be cut out of all mining and their machine will be idle.  So it makes sense to employ that time and hashing power to attempt to take more then 1/8th of all blocks even if it is by continuing to work on creating an reorganization around your own submitted blocks.

Once ASICs can produce blocks 8 times faster then the remaining network average they will by simple Nash equilibrium start to take most blocks without collusion but rather a simple desire to utilize their otherwise unusable hardware and hash potential.  And this is to speak nothing of a malicious attack which are typically willing to lose some money in the process.

I do not understand your point about all 8 hashes needing to be used in each group of 8 blocks, I see nothing in your protocol that enforces this and if that's the case why use a complex lottery and not a simple fixed rotation based on the block height modulus, this has the virtue of both being simple, guaranteeing an equal proportion and allows for absolutely no attack on that part of the coin.

As I said, that's another (easier) option, though we do need randomization for the stake system.  However, if we do not randomize the selection of block header hashes, an ASIC selecting for a certain type of hash may have an advantage in the ticket selection system resulting from the block header hash algorithm used to generate the tickets/lottery winner hashes always being the same.

Code:
XMR: 44GBHzv6ZyQdJkjqZje6KLZ3xSyN1hBSFAnLP6EAqJtCRVzMzZmeXTC2AHKDS9aEDTRKmo6a6o9r9j86pYfhCWDkKjbtcns
tacotime
Legendary
*
Offline Offline

Activity: 1484
Merit: 1000



View Profile
July 22, 2013, 02:39:17 PM
 #831

In a related note, how is longest chain resolved when different hashes are used?  Say I have two competing forks with the same number of blocks but different block algorithms, which one is longest?  My understanding in BTC is that difficulty and extra nonce can break all ties, a chain at low difficulty that contains more blocks can still be considered shorter if the cumulative hashing necessary to make it is less then another chain, thus the highest 'work' chain is always considered longest.  If different algorithms are being employed then the ability to cross compare difficulties and work become much harder.

There is difficulty scaling for each algorithm based upon N value to meet average block times.  Because ChaCha20 is only marginally faster than Salsa20 and the PBKDFs used in the beginning don't really affect total time required to perform the scrypt hashes, it's easy to generate a scaling function based simply on measuring execution time on CPU and GPU.  So long as this is fairly precise (the adjustment of difficulty for individual blocks based on the execution time of the algorithm for any given N), this isn't really an issue.  Also note that the PoS system makes it extremely difficult to fork the chain by any PoW method anyway, see:
http://www.netcoin.io/wiki/Netcoin_Proof-of-Work_and_Proof-of-Stake_Hybrid_Design

Code:
XMR: 44GBHzv6ZyQdJkjqZje6KLZ3xSyN1hBSFAnLP6EAqJtCRVzMzZmeXTC2AHKDS9aEDTRKmo6a6o9r9j86pYfhCWDkKjbtcns
Impaler
Sr. Member
****
Offline Offline

Activity: 588
Merit: 250

trade-mate.io


View Profile
July 23, 2013, 12:39:34 AM
 #832

Ah I see your plan is a bit different then what was presented in the first paper and which I was still operating under.  Your looking much much deeper into the block-chain and picking individual bits out to create a 1024 bit value that gets hashed before modulus.  While this dose pull in a lot of good entropy I'm still concerned that having Block #0 (the block immediately preceding the one being mined) is a concern.  If your willing to go thousands of blocks back for entropy why not just start at block #64 (that's 64 blocks prior, and go back all the way back to #65599) to completely block any possibility of manipulation by throwing away certain solutions.  An ASIC equipped attacker would need to mine astronomically large amounts of blocks (8^64) in order to have control of even 1 bit of the resulting lottery value.  It's overkill, but better to be safe then sorry.

Your concern for a set rotation of hashes causing the lottery ticket value to be drawn from blocks with similar hash type blocks can be solved quite simply by going back in a jump size that's not a multiple with your number of hash types, say ever 101 blocks which over the 1024 blocks your sampling should draw equally from all hash types.

⚫ ⚫ ⚫Make even more profit on crypto trading with secure automatic trading https://trade-mate.io⚫ ⚫ ⚫
Stark-Fujikawa
Full Member
***
Offline Offline

Activity: 150
Merit: 100



View Profile
July 23, 2013, 01:18:51 AM
 #833

Is there any demand for translations of the whitepaper and wiki. Would be happy to translate both into Dutch in the future. Did this for PPCoin and Bitcoin as well.

http://www.scribd.com/StarkFujikawa/documents

NL/EN Translator. Will work for crypto.
NXT:13307336450726014831
Luckybit
Hero Member
*****
Offline Offline

Activity: 714
Merit: 500



View Profile
July 23, 2013, 01:45:14 AM
 #834

Is there any demand for translations of the whitepaper and wiki. Would be happy to translate both into Dutch in the future. Did this for PPCoin and Bitcoin as well.

http://www.scribd.com/StarkFujikawa/documents

Absolutely. The sooner you can do this the better.
_ingsoc
Sr. Member
****
Offline Offline

Activity: 452
Merit: 250



View Profile WWW
July 23, 2013, 06:28:36 AM
 #835

Is there any demand for translations of the whitepaper and wiki. Would be happy to translate both into Dutch in the future. Did this for PPCoin and Bitcoin as well.

http://www.scribd.com/StarkFujikawa/documents
That's a great idea. Thank you. Smiley tacotime is reworking some entropy-related issues in the paper based on what Impaler identified. I can send you a PM when the new paper is out and get a raw version to you if that helps with translation. Getting the next iteration of the paper translated would be really good. It's changed quite a bit since the last version, so I would recommend waiting for it to save you some time!

JessicaMILFson
Full Member
***
Offline Offline

Activity: 182
Merit: 100


View Profile
July 23, 2013, 09:28:02 AM
 #836

If you guys have the time, this article about how the M-PESA penetrated the Kenyan market is worth reading.

http://papers.ssrn.com/sol3/papers.cfm?abstract_id=1593387

We can take many of their ideas and use it for the greater benefit of Netcoin

Also, we should make a list of the skills that our supporters that are willing to contribute to this clause, so that we can assign and divide up tasks in an organized concerted effort.
Stark-Fujikawa
Full Member
***
Offline Offline

Activity: 150
Merit: 100



View Profile
July 24, 2013, 02:13:57 AM
 #837

Is there any demand for translations of the whitepaper and wiki. Would be happy to translate both into Dutch in the future. Did this for PPCoin and Bitcoin as well.

http://www.scribd.com/StarkFujikawa/documents
That's a great idea. Thank you. Smiley tacotime is reworking some entropy-related issues in the paper based on what Impaler identified. I can send you a PM when the new paper is out and get a raw version to you if that helps with translation. Getting the next iteration of the paper translated would be really good. It's changed quite a bit since the last version, so I would recommend waiting for it to save you some time!

I'm a bit tied up until August 5th, but after that date I have a lot of time to devote to a quality translation of both the paper and the wiki. Hope that's not too late. If time is really an issue I will try to squeeze in some preliminary work before that date.

NL/EN Translator. Will work for crypto.
NXT:13307336450726014831
Online24o0n
Member
**
Offline Offline

Activity: 98
Merit: 10


"Ignorance never settles a question."


View Profile
July 24, 2013, 02:32:30 AM
 #838

Wow, this coin will either never be released, or by the time it is, there will be much better.    Taking way too much time.

"Never let the future disturb you. You will meet it, if you have to, with the same weapons of reason which today arm you against the present"
- Marcus Aurelius
JessicaMILFson
Full Member
***
Offline Offline

Activity: 182
Merit: 100


View Profile
July 24, 2013, 07:10:31 AM
Last edit: July 24, 2013, 08:38:23 PM by JessicaMILFson
 #839

Quote
"I think I'd want Bitcoin users to realize the fact that they are constituting not just a new currency, but a social infrastructure -- all their social relationships and connections -- and that the value of the currency will really depend on how they leverage that social infrastructure: to create more ways for the currency to be used, for example. The risk that I see is that Bitcoin gets used more as a speculative investment instead of a means of exchange or payment platform. And so I think I'd want them to shift the discussion from 'value' and toward 'use.'"

http://www.scribd.com/doc/130774747/When-Perhaps-the-Real-Problem-is-the-Money-Itself-The-Practical-Materiality-of-Bitcoin-by-Bill-Maurer-Taylor-Nelms-and-Lana-Swartz#download
Luckybit
Hero Member
*****
Offline Offline

Activity: 714
Merit: 500



View Profile
July 24, 2013, 11:02:31 PM
Last edit: July 25, 2013, 04:00:41 AM by Luckybit
 #840

Wow, this coin will either never be released, or by the time it is, there will be much better.    Taking way too much time.

A large portion of success is based on preparation. The design of a currency is more important than a quick release. You want a quick release so you can pump and dump it but the long term investors want a currency they can actually use and which will actually be more advanced than Bitcoin or Litecoin.

If it's just a clone that you want then you can go use one. If you're interested in being an innovator then you will have to work on building an innovative solution. It's not easy and innovation doesn't happen overnight, but if you look at the Whitepaper and the ideas on the Wiki and don't like what you see there are plenty of alt coins available.
Pages: « 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 [42] 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 »
  Print  
 
Jump to:  

Bitcointalk.org is not available or authorized for sale. Do not believe any fake listings.
Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!