Decrits: The 99%+ attack-proof coin

[Etlase2]

and what happens when they are corrupted?

Your question proposes that the entire network is corrupt. If everyone is in on it, no one is in on anything. What happens if all the mining pools are corrupt? Which is more likely: corrupting a few dozen or hundred people that either control the power of the network (via pools) or control that power directly (in the event of "specialized" mining centers that eliminate any margin for regular people) without even being required to own bitcoins, or thousands to potentially hundreds of thousands of people that have received or purchased Decrits and have put that money, instead of hardware, on the line as collateral to protect the network in return for a portion of network transaction fees? Each having a real, individual ability to shape the course of the network?

you really don't understand the sybil attack do you?

Your continued unsubstantiated accusations are getting old. I have responded politely and in detail each time so far then you jump to another topic, wait for my explanation, then call into question my intellgence without conceding or continuing to argue the previous point. Twice now even responding with an attack vector to a post that already provides the answer to that vector, and using my "lack of knowledge" as proof.

"This is thwarted by the larger and more diverse CN, [...] The only way to get around this is to also control the vast majority of the CN, and really, a large portion of the CNCs/SPs as well. At this point you are just playing with yourself. Don't forget that this will also require a not insignificant percentage of all the coins in existence."

[1715204087]

1715204087

[1715204087]

1715204087

[kokjo]

Your continued unsubstantiated accusations are getting old. I have responded politely and in detail each time so far then you jump to another topic, wait for my explanation, then call into question my intellgence without conceding or continuing to argue the previous point. Twice now even responding with an attack vector to a post that already provides the answer to that vector, and using my "lack of knowledge" as proof.

"This is thwarted by the larger and more diverse CN, [...] The only way to get around this is to also control the vast majority of the CN, and really, a large portion of the CNCs/SPs as well. At this point you are just playing with yourself. Don't forget that this will also require a not insignificant percentage of all the coins in existence."

come up with a working implementation, give me the source and i will destroy it. the bet still stands.

[Etlase2]

come up with a working implementation, give me the source and i will destroy it. the bet still stands.

Exactly, the bet is still live. I am taking this post to mean that you are calling back your demand for immediate payment in this post:

your system is huge , complex and failish, there is alot of stuff that could and will go wrong. you are giving the power of the system to the devs(central control) from the start. and you cannot buy in with out all current SH agrees. and no one hold my money, and the network cannot do such a task without central control, or the possibility of fail.

bitcoin is different: anyone can buy hardware to mine, no one have(or can ever gain) absolute veto rights.

now give me my btc: 13MXCTA2CPYbREMqNaf5VK2ArSc3QYm8cc

Which means you concede that, on paper, you have not been able to defeat the system.

[kokjo]

your system is huge , complex and failish, there is alot of stuff that could and will go wrong. you are giving the power of the system to the devs(central control) from the start. and you cannot buy in with out all current SH agrees. and no one hold my money, and the network cannot do such a task without central control, or the possibility of fail.

bitcoin is different: anyone can buy hardware to mine, no one have(or can ever gain) absolute veto rights.

now give me my btc: 13MXCTA2CPYbREMqNaf5VK2ArSc3QYm8cc

Which means you concede that, on paper, you have not been able to defeat the system.

you could say that, but you have yet to fully specify the system and as a consequence i can only poke around and look for week points.

[Etlase2]

you could say that, but you have yet to fully specify the system and as a consequence i can only poke around and look for week points.

I agree. However, if the network can perform as I will describe, the best EvilCorp. can do is temporarily fork the network. This is the "end game" scenario if EvilCorp has sufficiently infiltrated the CN and the SHs. What they will accomplish is being able to confuse *some* people temporarily, at the cost of their shares being destroyed on the honest network. Unlike bitcoin, an attempted takeover will be quickly and ultimately obvious to everyone who has paid attention to the network for any length of time (SH activity is kept in separate ledger so that even light clients can verify the network has not had any problems very easily and for a small amount of bandwidth).

To convince the people that EvilCorp.'s network is the honest one, they would have to control every corner of communication within and outside the network. It simply is not feasible for anyone to accomplish this in a sufficiently large network (or even a pretty small one). Honest merchants are intended to be the primary SHs because they will be able to recoup their transaction fees for essentially no effort while securing transactions at the same time by only keeping track of network data they already needed to keep track of for timely confirmations (efficiency++, decentralization++). If you are one of the confused and Amazon, Walmart, and Best Buy all say "hey d00ds, this one's the honest network", do you believe them, or do you go with the side that isn't identifying itself?

And what can this attack accomplish? Potentially getting away with a few double/bad spends on an unsuspecting victim who manages to agree to part with product even though half the network is missing? They will destroy the shares of the honest side of the network and could then potentially change the code, but no one is going to buy it.

It is an idea I came up with very early on in the Encoin proposals: allowing EvilCorp. to make its own fork and let the users decide which fork loses every single decrit they invested in causing these shenanigans. It is a PERMANENT solution to eliminating a threat at the cost of temporary confusion that will be caused anyway. Honest bitcoin miners cannot destroy EvilCorp.'s mining hardware, so they are free to continue to mess with the network on a whim. Point: Massively in favor of Decrits.

[kokjo]

you could say that, but you have yet to fully specify the system and as a consequence i can only poke around and look for week points.

I agree. However, if the network can perform as I will describe, the best EvilCorp. can do is temporarily fork the network. This is the "end game" scenario if EvilCorp has sufficiently infiltrated the CN and the SHs. What they will accomplish is being able to confuse *some* people temporarily, at the cost of their shares being destroyed on the honest network. Unlike bitcoin, an attempted takeover will be quickly and ultimately obvious to everyone who has paid attention to the network for any length of time (SH activity is kept in separate ledger so that even light clients can verify the network has not had any problems very easily and for a small amount of bandwidth).

To convince the people that EvilCorp.'s network is the honest one, they would have to control every corner of communication within and outside the network. It simply is not feasible for anyone to accomplish this in a sufficiently large network (or even a pretty small one). Honest merchants are intended to be the primary SHs because they will be able to recoup their transaction fees for essentially no effort while securing transactions at the same time by only keeping track of network data they already needed to keep track of for timely confirmations (efficiency++, decentralization++). If you are one of the confused and Amazon, Walmart, and Best Buy all say "hey d00ds, this one's the honest network", do you believe them, or do you go with the side that isn't identifying itself?

And what can this attack accomplish? Potentially getting away with a few double/bad spends on an unsuspecting victim who manages to agree to part with product even though half the network is missing? They will destroy the shares of the honest side of the network and could then potentially change the code, but no one is going to buy it.

It is an idea I came up with very early on in the Encoin proposals: allowing EvilCorp. to make its own fork and let the users decide which fork loses every single decrit they invested in causing these shenanigans. It is a PERMANENT solution to eliminating a threat at the cost of temporary confusion that will be caused anyway. Honest bitcoin miners cannot destroy EvilCorp.'s mining hardware, so they are free to continue to mess with the network on a whim. Point: Massively in favor of Decrits.

the bitcoin network itself is not resistant against a 51% attack, true. but the people that monitors it are hard to confuse, and knows when its not working.

[Etlase2]

the bitcoin network itself is not resistant against a 51% attack, true. but the people that monitors it are hard to confuse, and knows when its not working.

Correct, but dishonest mining hardware can't be destroyed; Decrits shares can. The people that monitor Decrits are being paid to do so, whereas only miners in bitcoin get paid, decentralization++. They also have a say in which network is correct by dropping suspicious TB activity. Non-miners in bitcoin have no say. And all this is achieved without using proof-of-work.

If 99% of the SHs are completely corrupt and 100% of the CN is completely honest: Decrits user unaffected.* It's a slam dunk in BFT.

* - a slight overstatement as transactions will be delayed for awhile, but otherwise no biggie

[kokjo]

the bitcoin network itself is not resistant against a 51% attack, true. but the people that monitors it are hard to confuse, and knows when its not working.

Correct, but dishonest mining hardware can't be destroyed; Decrits shares can. The people that monitor Decrits are being paid to do so, whereas only miners in bitcoin get paid, decentralization++. They also have a say in which network is correct by dropping suspicious TB activity. Non-miners in bitcoin have no say. And all this is achieved without using proof-of-work.

If 99% of the SHs are completely corrupt and 100% of the CN is completely honest: Decrits user unaffected. It's a slam dunk in BFT.

and i still claim that your system can be exploited when you are a implementation.

[Etlase2]

and i still claim that your system can be exploited when you are a implementation.

And I accepted your wager.

[kokjo]

may i ask which part of CAP you intend to sacrifice?

[aaaxn]

I have two questions:

How does single transaction look?
who maintains list of shareholders and how new node know its connected to right network and not attacker one? In other words: if new node connects to network and one peer says that state of network looks like this and X are shareholders and other peer says it looks differently and Y are shareholders how do it tell which one is correct?

[Etlase2]

I forgot to mention a timestamp (or datestamp) would be included with transactions. To avoid needing all transactions ever there would be a maximum TTL after which txes would no longer have to be checked. This was my initial idea anyway to avoid the problem you mentioned in the other thread. I had a wiki for encoin that went into some more detail about this stuff, but it's lost now. I just wanted to have a basis to know that it could be done and then worry about the nitty gritty later because I had bigger things to focus on like a stable money supply.

Although now I've been trying to think of a way to consolidate the account ledger with the changes that need to be made to the ledger, while trying to keep in-memory requirements low and keeping db hits low. I think this may affect how everything ends up playing out.

The network maintains the list of shareholders, but the shareholders do update the list. A new node could conceivably be fooled by an attacking network, but this can be addressed in two ways: 1) something similar to the "lock block" in bitcoin built in to the client, or 2) knowing the "genesis block" and retrieving the all-time shareholder join/leave history which still requires knowing the genesis block (ergo having something built-in to the client). Bitcoin can't take option 2 because anyone could build a new chain from the genesis block.

Any node that has ever gotten the state of the shareholders of the network (via the shareholder section of the consensus block) will either know which network is correct or will know that the network has split. As long as a node can be sure it was on the right network once, it can't ever be fooled. The shareholder stuff probably won't be held forever, but 5 or 10 years isn't much data at all for this type of security. I'll explain in some more detail later.

[aaaxn]

What prevents attacker from creating entire false history of joins/leaves of shareholders from genesis block (or node last known state) to a point where he controls all shareholders? There is no proof-of-work so it would be fast.

[Etlase2]

Last paragraph of this post. There have to be SHs that exist at the beginning of the network or you'll have to resort to PoW to begin the network which will involve adding a whole slew of bootstrap code just to avoid giving money away to the "early adopters" when the late adopters also receive free money in Decrits. An attacker can't create a false history because he'd have to get the genesis block SHs to agree to it.

[kokjo]

Last paragraph of this post. There have to be SHs that exist at the beginning of the network or you'll have to resort to PoW to begin the network which will involve adding a whole slew of bootstrap code just to avoid giving money away to the "early adopters" when the late adopters also receive free money in Decrits. An attacker can't create a false history because he'd have to get the genesis block SHs to agree to it.

ok. i will ask you again:

may i ask which part of CAP you intend to sacrifice?

[Come-from-Beyond]

I see he sacrificed Consistency here. Which is not a problem. Bitcoin did it too.

[aaaxn]

An attacker can't create a false history because he'd have to get the genesis block SHs to agree to it.

Attacker can buy one SH seat and as there must be some kind of mechanism to kick out inactive SHs he just need to simulate network in which all genesis SHs fail to sign blocks and get kicked out and be replaced by his SHs.

[Etlase2]

Attacker can buy one SH seat

The seats won't be for sale, they will be given away. But yes your question already led me to thinking about this, so the proper way to do it would be to have just 1 original SH with an initial transaction to bring in the rest. This would mean only one person could do it. There might be a way to use it for just this transaction and then destroy it, or perhaps use a one time signature. Kudos to bringing this to my attention though, but the whole bootstrapping process has never been something I've worried that much about. Save it for when things are actually getting close.

In any case, relying on the genesis block would only be a last ditch resort, if it were ever even needed. If the network became ubiquitous, there would be many ways to find the honest network. There is not much an attacker can do to a new node. Anyone accepting payment would be really dumb to verify this acceptance through any means other than its accepted channels.

[aaaxn]

proper way to do it would be to have just 1 original SH with an initial transaction to bring in the rest.

I really doesn't change anything because attacker does not need to start at genesis block but can start at later date when he successfully acquire his first seat.

[Etlase2]

I really doesn't change anything because attacker does not need to start at genesis block but can start at later date when he successfully acquire his first seat.

You are correct. I am distracted atm. I never thought much on this because it is, for the most part, an edge case. In the case of seeing two networks (the node is not surrounded), the node that is being deceptive was either part of both (signing the CB) at the same time, still part of both (in which case the deception is obvious), or signed out of the honest network at the same time (still obvious), or had his stake destroyed by the honest network because he went "missing". If he's still in both, he's going to get his share destroyed for provably signing an incorrect block, assuming the one being deceived eventually realizes this and still has the info.

If the node is only getting one view of the internet, this is always going to be an easy to manipulate case, just like it is for bitcoin. The client could warn against "hey there's a time when there was only 1 SH -- this network is unlikely to be honest" type thing.

I can explain more if necessary a little later