markm
Legendary
Offline
Activity: 3024
Merit: 1121
|
|
April 30, 2013, 09:41:10 PM |
|
i still say: come up with a implementation, and i will hack it to dead.
Fine. An initial implementation of consensus based system has been deployed for your hacking pleasure. It is called Ripple. Kindly demonstrate its vulnerability. Upon your demonstration of the problems of consensu- an- ledger based systems, Decrits might possibly be able to learn from your demonstration and adapt Decrits in some way to avoid the weaknesses you demonstrate in Ripple. -MarkM-
|
|
|
|
kokjo
Legendary
Offline
Activity: 1050
Merit: 1000
You are WRONG!
|
|
May 01, 2013, 04:33:44 AM |
|
i still say: come up with a implementation, and i will hack it to dead.
Fine. An initial implementation of consensus based system has been deployed for your hacking pleasure. It is called Ripple. Kindly demonstrate its vulnerability. Upon your demonstration of the problems of consensu- an- ledger based systems, Decrits might possibly be able to learn from your demonstration and adapt Decrits in some way to avoid the weaknesses you demonstrate in Ripple. -MarkM- AFAIK, ripple is not consensus based, it is based on IOU's and trust and reputation.
|
"The whole problem with the world is that fools and fanatics are always so certain of themselves and wiser people so full of doubts." -Bertrand Russell
|
|
|
Etlase2 (OP)
|
|
May 02, 2013, 03:53:25 AM |
|
What if SH decides to lose 3,000 just to be able to compromise the system? Any defense against such a situation?
I rethought this question and I have come up with a solution, though it has two minor downsides. The answer is to force a short required time frame to redeem unblinded transactions. The maximum time to redeem had to exist anyway, it will just have to be short now such as 7-10 CDs. Downsides: 1) The txes will all be held up until the end of the time frame. 2) The SH can not cash out tx fees in the exact same amount as the blind transaction (blind txes have to all have the same amount, such as 5 or 50 DCR, or else the txes can be identified easily), or else it will get held up looking as if it is an unblinded tx. Really big downside Now, the CB will store the unblinded txes, wait until the period is up, and as long as there are not more txes than there should be, all will be released. If there are more than the SH can cover, he will lose the 3,000 DCR and the transactions will be reversed back to their owner's accounts. Now you don't even need to keep that 500 penalty behind and can stake the full 3k, because he won't be able to get away with anything, and no one can lose money except for the SH by being evil. Solutions, baby, they're everywhere. edit: It's even possible to have both options working simultaneously and letting the users choose which they want to use: fast withdrawal or secure withdrawal.
|
|
|
|
aaaxn
|
|
May 02, 2013, 07:33:13 AM |
|
A smart client would interpret the data this way: if there were originally 100 SHs in the genesis block, and 99 of them never signed out and are no longer present, the maximum consensus that this chain can have is 1%, even if there are now 500,000 SHs. So SHs are not equal? Those who are first are more important than those joining later? If that's the case network security is only as good as security of initial 100 SH. Government (or hacker) need only to target those 100 initial SH to bring network to 0% consensus and effectively destroy it.
|
|
|
|
kokjo
Legendary
Offline
Activity: 1050
Merit: 1000
You are WRONG!
|
|
May 02, 2013, 08:22:39 AM |
|
aaaxn have showed a single point of control, the 100 first SH. May i claim my reward now?
|
"The whole problem with the world is that fools and fanatics are always so certain of themselves and wiser people so full of doubts." -Bertrand Russell
|
|
|
markm
Legendary
Offline
Activity: 3024
Merit: 1121
|
|
May 02, 2013, 08:53:07 AM |
|
i still say: come up with a implementation, and i will hack it to dead.
Fine. An initial implementation of consensus based system has been deployed for your hacking pleasure. It is called Ripple. Kindly demonstrate its vulnerability. Upon your demonstration of the problems of consensu- an- ledger based systems, Decrits might possibly be able to learn from your demonstration and adapt Decrits in some way to avoid the weaknesses you demonstrate in Ripple. -MarkM- AFAIK, ripple is not consensus based, it is based on IOU's and trust and reputation. I guess you do not know much about Ripple then. It is in fact consensus based. Go read about it then demonstrate that consensus is in fact vaulnerable as you claim. -MarkM-
|
|
|
|
killerstorm
Legendary
Offline
Activity: 1022
Merit: 1033
|
|
May 02, 2013, 11:33:12 AM |
|
A CB point is locked in every 10 Consensus Days (CDs),
Each SH will be selected to provide a Transaction Block (TB) for a specific 10 second period during each CB. Each new TB will acknowledge the last seen TB, and the SH that created it will sign the CB along with a hash of the changes to the network state as of that moment.
Transactions will be typically confirmed in 5-15 seconds depending on network propagation lag, though if a TB is missed they may take an additional 10 seconds. As long as the TB chain is unbroken, these transactions are secure unless a massive network split occurs within the next 10-20 CDs before it has been accepted into the CB and signed by 100% of the consensus.
If I understand correctly, it takes about 10 days for a transaction to be secured by ~100% consensus. It is hard to say what guarantees exist before that happens. There is a trivial attack: a straightforward double-spend with shares you bought or hijacked. But, of course, nobody will wait only 10 seconds to confirm payment which has value above $3000. So it is not very practical. However, I don't see how this system can survive network splits. Don't forget that shareholders can pretend that there was a network splits when there was no... I believe Byzantine fault tolerant synchronization (it was mentioned by Ukigo) is a better approach... Basically you need to aim to get 50+% confirmation as soon as possible. If there is a network split it won't be possible to achieve consensus, thus users will have a clear indication of whether payment they are receiving is confirmed is not.
|
|
|
|
Etlase2 (OP)
|
|
May 02, 2013, 12:46:09 PM Last edit: May 02, 2013, 02:04:00 PM by Etlase2 |
|
So SHs are not equal? Those who are first are more important than those joining later? No. This is only in terms of a complete newbie node with only the genesis block (I was responding to the attack you proposed). Any time a newer SH is involved in creating 100% consensus, everyone who has witnessed it considers that SH an equal part of the consensus. If that's the case network security is only as good as security of initial 100 SH. Government (or hacker) need only to target those 100 initial SH to bring network to 0% consensus and effectively destroy it.
They can't because they don't control what network a node will use. If this were indeed the case, the block that comes with the software need only be updated to one after the "takeover" to avoid a confusing decision for a newbie.
|
|
|
|
Etlase2 (OP)
|
|
May 02, 2013, 01:18:27 PM Last edit: May 02, 2013, 04:29:14 PM by Etlase2 |
|
There is a trivial attack: a straightforward double-spend with shares you bought or hijacked. But, of course, nobody will wait only 10 seconds to confirm payment which has value above $3000. So it is not very practical. Not only is it not practical, you must also control the SH for the exact 10 second period you intend to fool someone, and you must also be fairly sure you control his view of the network because Decrits will not just drop a second TB for the same time frame. It will be used as proof to destroy the share. However, I don't see how this system can survive network splits. Don't forget that shareholders can pretend that there was a network splits when there was no... The notion of a network split is pretty silly. I know Satoshi thought this was a real problem, but you aren't going to fool the world. If a nation shuts down its internet, everyone knows. If half the SHs disappear without a word, everyone knows. Regardless, resolving this issue is still not a major problem, just a trickier one. I haven't decided on an exact scenario to resolve legitimate network splits, but only because it has never been a priority. I will get to it when I get to it. I believe Byzantine fault tolerant synchronization (it was mentioned by Ukigo) is a better approach... Basically you need to aim to get 50+% confirmation as soon as possible. It is not a better approach, that was an earlier design that I dropped. If the notion is that everyone has to wait for 50%, then everyone has to wait for at least half a day or however short you are forced to make consensus. It is not a bandwidth-friendly nor time-friendly approach. The TB chain system works better and is more tolerant of missing blocks or blocks slightly out of order. If there is a network split it won't be possible to achieve consensus, thus users will have a clear indication of whether payment they are receiving is confirmed is not. Users will have a clear indication of whether payment is confirmed or not by there being a missing TB. If the chain is relatively unbroken, you know there is no network split. If it has started breaking up recently, a network "split" or "takeover" might be happening. 50% confirmation is only useful if you expect devastating network splits to be a common occurrence. It's not the efficient way to do it.
|
|
|
|
townf
Newbie
Offline
Activity: 42
Merit: 0
|
|
May 03, 2013, 03:26:02 AM |
|
ok i haven't totally pored through every detail, but i have kind of a general question.
I noticed there are a lot of financial incentives and disincentives in the system. Have you bombproof-thought-experimented the system for security at every incentive/disincentive point against somebody who doesn't give a rat's ass about financial incentives/disencentives?
I'm thinking like somebody who is filthy stinking rich and will spend any amount of his/her own money just to wreck the system.
|
|
|
|
hdclover
|
|
May 03, 2013, 03:52:34 AM |
|
interesting
|
Blah blah
|
|
|
Etlase2 (OP)
|
|
May 03, 2013, 04:02:25 AM |
|
I noticed there are a lot of financial incentives and disincentives in the system. Have you bombproof-thought-experimented the system for security at every incentive/disincentive point against somebody who doesn't give a rat's ass about financial incentives/disencentives? I can't say for certain that I have thought of every potential attack, but I have been very, very thorough. I have made some concessions on how a few systems will perform less than absolutely stellar in a few instances because it is simply impossible to know how circumstances are going to change in the future. But I've also added in a backdoor to the system. I'm half-jokingly half-seriously referring to section 4 of the proposal. I have a lot more detail in my notes, but it's too early to go into detail on that stuff. As far as the guy who cares not for money, there is really only one point of attack, and that is raising the difficulty of creating money.* The difficulty is the deciding factor in how much it ultimately costs to create decrits. I have sprinkled bits here and there about several systems that are designed to give the people that use the currency an early warning system if this attack ever begins. They have some ability to defend. An algorithm cannot ultimately determine what is or isn't an attack here, or at least I have not figured out a way how. However, section 4 is an incredible threat to the viability of this attack. * - Proof-of-consensus is, in my mind, without a doubt, bullet proof.
|
|
|
|
brenzi
Member
Offline
Activity: 113
Merit: 10
|
|
May 04, 2013, 10:31:11 PM Last edit: May 04, 2013, 10:41:30 PM by brenzi |
|
Thank you for this very interesting proposal. Unstable value and excessive energy consumption to me are key disadvantages of bitcoin. A. Producing a Mint Block (MB) A Mint Block is a potential block of money that can be created by the network if several prerequisites have been met: 1) Sufficient transaction activity has occurred since the beginning of the last MB, 2) The current/prior MB has been completed, and 3) Between 5 and 10% of the MB's monetary award must be "burned" by potential minters in a limited time frame to join the Mint Block Queue (MBQ) to create new money. The MBQ is joined individually by those wishing to create currency and each queuer will be assigned to create 2-3 coins. A full MBQ proves to the network that sufficient demand for new currency exists and sufficient power is ready to create it. More details. These restrictions place a brake on unbound monetary creation. So you're using proof-of-burn to allow minters into the MBQ. But then the coins are minted by proof-of-work. Do I get that right? C. Achieving Stability and Reducing the Hardware Tax The intent of the complicated process of minting currency is to provide a stable cost to produce new currency. This in turn, I believe, will result in a reasonably stable value when compared to other commodities--perhaps even providing a stabler value compared to the whole basket than many or most other individual commodities. This requires a deeper explanation for the reasoning behind the design decisions which will be provided in the next post.
I think I see how you plan to achieve a stable value. Not exactly linked to fiat but linked to electricity cost (I'm not sure that this represents the whole basket better than national fiat currency). This way you adjust the speed of minting, but the block reward is always positive, so money supply is monotonically increasing. How do you ensure stable value when interest in Decrits decreases? I didn't find any means to reduce money supply in your proposal. I see three possibilites: - self-adjusting demurrage rate. Affects all accounts. Might lead to a stable exchange rate, but not to a stable value in the "whole basket" sense
- extra transaction fees sent to nirvana. Affects only money in circulation and punishes those who are still actively using (spending) the currency.
- fixed inflation. The currency would not be stable in the long run, but would at least degrade in a more predictable way. Only works until more "value" wants to leave the currency than is destroyed by inflation anyway
|
|
|
|
Etlase2 (OP)
|
|
May 04, 2013, 10:44:15 PM Last edit: May 04, 2013, 11:42:28 PM by Etlase2 |
|
A recap on some deeper reasoning behind the ideas of Decrits: 1) Decrits is intended to be a "trickle-in" type currency, where most new currency enters the economy in a random way. The randomness ensures that those with lots of decrits can't control new money, and they can't make credit/fractional reserve/debt money more appealing than "real" decrits. When demand for new currency arises, the people are intended to make it and distribute it, so there is little incentive whatsoever to accept a bank's credit. 2) An expanding economy is indicated by those willing to waste resources in creating new currency to facilitate trade. If decrits could be compared to a metal that does not have much utility other than in trade, then it would be a metal commonly distributed throughout the Earth that only requires you to invest tools and time. 3) Most of the time, enough of the currency will be in circulation so that it is not necessary to waste the effort and doing something actually productive will be much more lucrative--like a job. But if money for basic human needs is hard to come by, people will waste effort in making currency. This is the threat that all people should be able to have over the wealthy. 4) This further encourages increasing the velocity of money because money will then be given away freely. It discourages using money--a tool, no more--as a way to control or disrupt society. 5) If changing something as irrelevant as a hashing algorithm is what it takes to restore the balance, then the protocol must facilitate this in every way possible. Via section 4, a new currency can be created where the old currency can be accepted at a 1:1 value, while new currency can be created again by whatever means is easily available to the population. If EvilMegaCorp owns the hardware, a large chunk of the shares, and a large chunk of the peers, it must still sanction the new currency or everyone will know it is a fraud (and the new currency will continue to operate), so it is in EvilMegaCorp's best interest to never attempt this control in the first place because it will lose all shares in the new currency. In completely different scenarios, currencies with different ideals could simply compete, or if developing countries have different needs they could have regional currencies, or if the network becomes too large for individual nodes to handle it could split into shards. These are the types of things that are necessary to account for if a currency is intended to replace fiat. It must be easy enough to foster these types of things to truly separate the people from goverbankwealthy controlled money. If there is not consensus, the Decrits proof-of-consensus design allows both ideals to separate peacefully. Again, if peace is not desired, those who don't desire peace just look like bullies (or a huge takeover attempt) and accomplish little. A bar-napkin type goal would be to have around 0.25-0.5% of all decrits tied up in the network's security. EvilCorp who is strong in fiat but weak in decrits can't do much at all here. It must accept decrits and the properties of decrits. Create specialized hardware to make a lot of decrits? Heavily limited by the restrictions in place. Lots of money distributed randomly to everyone but you. This is protection in the early years. EvilCorp can waste fiat effort to upset the system, but all it really accomplishes is adding power and value to Decrits. Value away from the powerful and to the people. Worst case scenario near-unanimous vote to change the algorithm and change difficulty. Money supply won't get too upset if the difficulty is off because difficulty and coin award is adjusted after each mint block. There are massive consequences in value in trying to take control. And the people can wrest it back. It is an undefeatable system. I would imagine that those who become very wealthy under this system would be those that truly innovated and moved society forward. Putting the people of the world on level ground in regards to currency means that manipulating developing countries would be much more difficult--innovation by subjugation is much less profitable. Bank/government manipulations of credit and the money supply is an afterthought of a time past. Everything I think real libertarians hope a currency can be, rather than wallstreet 2.0. Imagine the scenario leading up to the housing crisis. Banks give away subprime mortgages but then start running out of money, so interest rates increase, encouraging the production of new money, giving money freely away and making it easier for those to afford housing payments, allowing housing market value to be transferred into Decrits in the form of the people owning more of their property so that new people may also afford property. The end results is banks are a mildly profitable business in the business of helping people store wealth in property, breaking the system of never-ending debt. Anyone interested in helping?
|
|
|
|
Etlase2 (OP)
|
|
May 04, 2013, 11:03:14 PM Last edit: May 05, 2013, 12:47:15 AM by Etlase2 |
|
So you're using proof-of-burn to allow minters into the MBQ. But then the coins are minted by proof-of-work. Do I get that right? Proof-of-burn is a newer term, but essentially yes. edit: It's not really proof-of-burn as described in that wiki page. You aren't giving up any currency, just a smaller proof of work. I think I see how you plan to achieve a stable value. Not exactly linked to fiat but linked to electricity cost (I'm not sure that this represents the whole basket better than national fiat currency). This way you adjust the speed of minting, but the block reward is always positive, so money supply is monotonically increasing. It is not directly linked to electricity cost. In the old thread I used the term "energy-related". If the price of electricity goes down or is lower in some places, those people can profitably burn more. Might have a bigger scale than 10% and 5%, it was just a starting point. There can be more subtleties here, it is a topic that I would hope to have thoroughly discussed before settling on something for the live network. How do you ensure stable value when interest in Decrits decreases? I didn't find any means to reduce money supply in your proposal. I don't. I gave up on this idea a long time ago. Either it will be so awesome that interest does not decrease, or it is on the path to failure. If interest wanes temporarily, others are encouraged to buy up (or accept as payment) currency that is below its cost to produce. Decrits are not intended to be a primarily speculative instrument like bitcoin. It will have some of that property in the first 5-10 years, but after that I think it will start achieving some level of price stickiness that will be possible because it isn't a speculative instrument. That is where stability comes into play. If this does end up being the case, decrits will actually be deflationary compared to fiat as fiat regularly inflates or simply starts to lose value because of the competition. - self-adjusting demurrage rate. Affects all accounts. Might lead to a stable exchange rate, but not to a stable value in the "whole basket" sense
Right, and the exchange rate is secondary, so why bother. - extra transaction fees sent to nirvana. Affects only money in circulation and punishes those who are still actively using (spending) the currency.
Right, why punish those who are continuing to use currency for precisely what it is good for. - fixed inflation. The currency would not be stable in the long run, but would at least degrade in a more predictable way. Only works until more "value" wants to leave the currency than is destroyed by inflation anyway
Not stable under a multitude of scenarios. Not predictable at all to know how the economy will expand. Allows for massive bouts of speculation that will ultimately hurt the people interested in using it as a currency.
|
|
|
|
brenzi
Member
Offline
Activity: 113
Merit: 10
|
|
May 04, 2013, 11:15:38 PM |
|
Either it will be so awesome that interest does not decrease, or it is on the path to failure.
What about the the limits of growth? If you think big you might come to the point where global economy is not growing anymore - or even decreasing at times. But you might be right to leave that point unsolved. However you'll do it, it will cost adopters.
|
|
|
|
Etlase2 (OP)
|
|
May 04, 2013, 11:24:51 PM Last edit: May 05, 2013, 04:34:54 AM by Etlase2 |
|
What about the the limits of growth? If you think big you might come to the point where global economy is not growing anymore - or even decreasing at times. But you might be right to leave that point unsolved. However you'll do it, it will cost adopters. It isn't unsolved. Money does not have to be created to protect the network. If there is no need for new money, it won't be produced. Say 1 DCR costs around $1.00 to create, for a profit margin Decrits must be worth around $1.10 or significantly more before minting will begin because of the burn and the need for a lot of people to see a profit margin. Otherwise you're just burning value and giving it to others in the form of free money. You could potentially cause inflation, but the new money is being distributed randomly across the globe, not under the control of governments/banks/wealthy. If decrits run up and down the system, you will quickly bankrupt yourself. If they don't, you are still adding more power to decrits by investing time and resources into otherwise useless ventures--you would have been all-around better off buying decrits instead. If you can't beat 'em...
|
|
|
|
kokjo
Legendary
Offline
Activity: 1050
Merit: 1000
You are WRONG!
|
|
May 05, 2013, 10:25:42 AM |
|
What about the the limits of growth? If you think big you might come to the point where global economy is not growing anymore - or even decreasing at times. But you might be right to leave that point unsolved. However you'll do it, it will cost adopters. It isn't unsolved. Money does not have to be created to protect the network. If there is no need for new money, it won't be produced. Say 1 DCR costs around $1.00 to create, for a profit margin Decrits must be worth around $1.10 or significantly more before minting will begin because of the burn and the need for a lot of people to see a profit margin. Otherwise you're just burning value and giving it to others in the form of free money. You could potentially cause inflation, but the new money is being distributed randomly across the globe, not under the control of governments/banks/wealthy. If decrits run up and down the system, you will quickly bankrupt yourself. If they don't, you are still adding more power to decrits by investing time and resources into otherwise useless ventures--you would have been all-around better off buying decrits instead. If you can't beat 'em... ...and where did that $1 go?
|
"The whole problem with the world is that fools and fanatics are always so certain of themselves and wiser people so full of doubts." -Bertrand Russell
|
|
|
Etlase2 (OP)
|
|
May 05, 2013, 03:05:43 PM |
|
...and where did that $1 go?
Electricity, hardware, and opportunity costs. It's the same as bitcoin, but because minting in decrits is a "burst" operation rather than a sustained one, finding ways to reduce the cost of electricity is going to cost you in hardware and opportunity--costs that are unlikely to ever be recovered because only a fraction of new money comes from minting, and even that fraction depends on a large initial wasted investment in the MBQ. Even if you can take electricity costs to essentially zero via ASICs or whatever, the development and production costs of those ASICs are distributed to people other than those who spent the time and money to develop them--both in the decrits distribution and the opportunity cost where you could have, say, bought a yacht instead of developing those ASICs. Minters put in all the effort for only the smallest of rewards, so therefore the reward must be fairly significant for anyone but an attacker to bother. And if an attacker does bother, the algorithm could be changed, rendering the entire operation a complete failure. Reducing the profit motive of the minting system to being one only of opportunity rather than necessity for the network's protection ensures that those with the hardware cost already sunk in, such as everyday GPUs used for gaming, have a huge advantage in amortized costs over those who invest specifically to create money. Reducing the hardware tax. Much more of that $1 goes into the decrits economy than to the electric companies or the ATIs compared to bitcoin. That is why it is important to protect the everyday GPU, because any other option is a complete waste of resources.
|
|
|
|
kokjo
Legendary
Offline
Activity: 1050
Merit: 1000
You are WRONG!
|
|
May 05, 2013, 03:19:34 PM |
|
...and where did that $1 go?
Electricity, hardware, and opportunity costs. It's the same as bitcoin, but because minting in decrits is a "burst" operation rather than a sustained one, finding ways to reduce the cost of electricity is going to cost you in hardware and opportunity--costs that are unlikely to ever be recovered because only a fraction of new money comes from minting, and even that fraction depends on a large initial wasted investment in the MBQ. Even if you can take electricity costs to essentially zero via ASICs or whatever, the development and production costs of those ASICs are distributed to people other than those who spent the time and money to develop them--both in the decrits distribution and the opportunity cost where you could have, say, bought a yacht instead of developing those ASICs.
Minters put in all the effort for only the smallest of rewards, so therefore the reward must be fairly significant for anyone but an attacker to bother. And if an attacker does bother, the algorithm could be changed, rendering the entire operation a complete failure. Reducing the profit motive of the minting system to being one only of opportunity rather than necessity for the network's protection ensures that those with the hardware cost already sunk in, such as everyday GPUs used for gaming, have a huge advantage in amortized costs over those who invest specifically to create money. Reducing the hardware tax. Much more of that $1 goes into the decrits economy than to the electric companies or the ATIs compared to bitcoin. That is why it is important to protect the everyday GPU, because any other option is a complete waste of resources.ah ha! so your coin is just proof of work, just as bitcoin.
|
"The whole problem with the world is that fools and fanatics are always so certain of themselves and wiser people so full of doubts." -Bertrand Russell
|
|
|
|