Decrits: The 99%+ attack-proof coin

[brenzi]

I don't think it is a good idea to bet on constant growth. Decreasing transaction volume does not necessarily mean that people loose interest in the currency. During a financial crisis transaction volume might explode just because of volatile prices. As soon as the volatility caused by the crisis calms down, so does transaction volume.
You have more than one of these "one-way" assumptions in your design. GDP(MAX_CONSENSUS_YEAR) is only one of them. Monotonically increasing money supply is another.

[1714031423]

1714031423

[1714031423]

1714031423

[1714031423]

1714031423

[1714031423]

1714031423

[1714031423]

1714031423

[1714031423]

1714031423

[AZIZ1977]

Any TL;DR version? Or something long but for humans with IQ<160?

lol

[Etlase2]

I guess by off-network txes you mean things like 'gox redeemable codes?

I was thinking more along the lines of a banking system layered on top of the currency. Or if people figure out how to make secure transactions with a physical medium.

What happens if there's an intermediate run on DCR? If your money supply algo is not 99% perfect, there might be deflationary times and a bubble might rise. Transaction volume goes up for a limited amount of time. Your all-time GDP goes up. The bubble bursts and transaction volume is back on a fraction. So in addition to the bursting bubble you're making it worse by inflating money supply.

By "an intermediate run" do you mean people start buying in heavily? Transaction volume can't rise too sharply with the same amount of coins. The very deflation caused will cause transactions to be for smaller amounts. Don't forget that people will be well aware of the properties of the system, and buying when coins are priced too high is not a good idea unless the alternatives are very poor, in which case those alternatives are unlikely to fix themselves any time soon, and the result will likely be a permanent increase in the decrits economy.

Any bubble that occurs knowing the properties of the system would be real demand, not speculative demand. There isn't much incentive to hoard to increase the price when minters can just start creating money. Although there is definitely some incentive to cause initial hoarding/speculation when the mint block awards 5-10x during the bootstrap, but I think this is a necessary part of the bootstrap process.

If real demand outpaces the ability of the decrits network to create it, then there will be periods of deflation. But at the same time, money is being given freely away. The key is to make sure that the process of absorbing the world's economy does not create monolithic empires or cause economic catastrophes. Even if coin production overshoots, the vast majority of that money was given away freely and at random. What does it matter if bread that cost 1.00 yesterday costs 1.02 today if you got a free decrit for buying it? Maybe a bread maker who didn't sell bread for decrits yesterday will start today because he knows that decrits will probably go slightly up in value soon because no more can be profitably created for some time.

It is impossible to create a totally stable system that can rapidly adapt to whatever the world economy wants to throw at it. There are billions of variables to account for. There are, however, two major goals we can try to achieve:

1) Make the process of switching the world over to a new currency as painless as possible. It will not be completely pain-free.
2) Make the system perform as stably as possible when whatever portion of the world that adopts it is going to adopt it (at least for now).

That is the viewpoint from which I see the design of the system.

alright, this might calm things. But it also slows adaption to changing circumstances.

Yes, this is a caveat of the system. Quick adaptation is much more likely to result in mistakes. Slow adaptation with the knowledge that it will adapt could create quite a lot of interest. Temporary deflation is just what the doctor ordered for this scenario, especially as all people using the system will be rewarded, not just those that "got in early" or are direct beneficiaries of corrupted governments. Free decrits are being given away and the guy down the street is taking decrits and getting free coins, and you're sitting there with a devaluing fiat currency? I think this could be a powerful motivator. There is never a bad time to start taking decrits.

Price high? Free coins are being given away. Price low? You're getting decrits for less than their (mostly) verifiable cost to produce.

I need some naming guidance. AcctFreeMoney?

What is GetConsecutiveMBlocks()?

I have mostly focused on the transaction side of the free money, but I have always proposed giving free money away to accounts too, 5x to transactions, 5x to accounts. This is sort of a crutch to prevent EvilCorp from inflating away savings by minting at big losses. I guess it's not really a crutch, it's just a massive disincentive to manipulating the supply. And unless the network has transacted many multiples of the total money supply in the last 30 CDs, the transaction money will still be much more significant in terms of % of volume, so hoarding will not be as relevant as participating in the economy.

GetConsecutiveMBlocks would be a function that determines how many mint blocks have been created "in a row" to determine the additional multipliers above 5x. "In a row" might mean that if MB 2 starts within 10 CDs of MB 1, it is considered a consecutive block. Maybe 30 CDs. It requires a lot of discussion. I do believe that the multiplier should be capped, but at what point is a big decision because it has big implications on how the currency can react to something like doubling within a year, or ultimately taking over as the world's currency. But if tx volume keeps increasing, the MB awards will get bigger without the multipliers having to be bigger because NGDP is increasing.

I don't think it is a good idea to bet on constant growth.

I have told you that the system does not rely on it. When minting is unprofitable, minting will stop. The currency does not lose value or utility because new value is not entering the system. It might lose some speculative fervor, but you must remember that it will be competing with currencies that have terrible foundations, and that includes bitcoin. Cycles will happen in those currencies, and value will be drawn to the decrits system. Whereas bitcoin kicks out a large portion of its adopters after they lose the house, decrits will make sure they never want to leave or feel as if they have been defrauded, even if the value does dip (they made coins along the way).

The principle of the system is a sound, fair way to both upset the current monetary infrastructure and empower the people. There is no need for a multitude of clones to draw back the power of the heavily manipulated bitcoin. Everyone who creates, sends, accepts, and stores decrits benefits from the system during expansion. There is no one group that benefits vastly more than the others. I think it is going to be hard to get people to run away from that system once they're in and they get it. And if the wealthy start manipulating the supply way down the road, the people are always free to create more to diminish that power that is being misused or abused, and no government will be able to intervene. In the case of bitcoin, people would create a clone. In the case of decrits, they will just make more money. You will not stop the people, you can only make it more difficult or more easy for them. Decrits chooses to make it more easy.

You have more than one of these "one-way" assumptions in your design. GDP(MAX_CONSENSUS_YEAR) is only one of them. Monotonically increasing money supply is another.

I'm not sure what assumption you're under of how the system works. What is it do you think would be a better way? Max_consensus_year does not have to keep increasing, it just won't go down. Why would it need to go down? That would imply that money needs to be created in a system with a declining transaction volume, on or off chain. Off chain transactions will still have an effect on the valuation of the currency, so if tx volume is declining due to that, new money will still be in sufficient demand to be created by the system.

I'm just not sure I see what problem you have with a monotonically increasing money supply. The price does not have to be rock hard ridiculously stable at one point. Destroying currency only reduces the impact of price stickiness. But remember, if the currency is undervalued, it is an opportunity for new people to accept it. And undervalued is not some vague notion as it is with bitcoin, it is something that people will have a lot of real information on.

As soon as the volatility caused by the crisis calms down, so does transaction volume.

I think you might be overly concerned with the very early stages of the network. The solution is to have an economic bootstrap design that makes sense to protect the network from ridiculous swings early on. One of the easiest ways to do that is to ramp up some variables (like max_gdp) ahead of their time. Paypal is a good starting point to think about how to design the economic bootstrap so that the currency can grow into itself a bit. I just haven't gone much into this side because I'm trying to make the bigger picture clearer first before delving into the minutiae.

[AnonyMint]

This is also very important to me. Unfortunately I've been simultaneously distracted by life issues.

I think the most important improvement we can make is that everyone can mine with existing PC without buying specialized hardware (so they can side-step AML laws and increase anonymity).

Increase anonymity in several ways.

Beyond that, we harden against cartelization.

Beyond that is low priority in the 80/20 (such further aspirations are technically and market-reality dubious).

[Etlase2]

Replying to a PM here...

If a malicious entity attacks an individual shareholder, it's far too easy for them to cost that sh a lot of money. This is going to happen, and that is too problematic for me to consider being an sh.

Unless the malicious entity has direct control over the computer in question, they can't cause a SH to lose their share. If they can manage to surround a SH, it is possible to prevent the SH from sending his TB and cause him to receive a soft strike. But with the network having an encrypted handshake process and "public access nodes" that require a deposit, finding a SH will be difficult, and surrounding him even more so. Paranoid SHs might just send their TBs to Shadow Peers only for the first few seconds, then send it to CNPs for wide distribution. This provides quite a bit of unlinkability if most SHs do this.

As far as compromised computers, there may be some software defenses, but I am not sure at this point. However, if people can manage not to freak out about having a significant bounty system, one of the bounties would surely be for developing a piece of USB hardware that could perform the SH duties and therefore be unhackable within reason. It would be fairly easy to adapt said hardware to also being the decrits "debit card". Since an account ledger is used in lieu of a transaction ledger, hardware devices can be much simpler than those required for bitcoin. Tx out information does not need to be kept, only private key information.

I also wondered about the 10s block time due to the nature of cloud distribution but I assume that out of order blocks are ok and some hard limit on how late it can be and how does that system work. Also the cb determines subsequent tb order, but how do we go from the last tb in a block to allowing time for late cb signings to creating the new cb to creating the new tb order. Block 2 tb order needs block 1 to be complete but they will overlap. So block 1 actually has to determine block 3's order, essentially using a double buffer mechanism. In which case, the shareholder system needs to allow for double buffering too because the sh may have dropped out in block 2, but block 3 is already being processed before we know that the sh has dropped out. I guess all it means is that sh's tbs get missed but as the sh has left then they don't lose their shareholding at the next cb

I addressed how this will work here (towards the end of the post), though the idea about using the signature aggregate of all the SHs to determine the next order is no longer the design case since most sig algorithms are not deterministic. But it explains how the "double buffering" will work on a network level. As far as individual TBs being out of order and whatnot, the design of this is sort of sprinkled throughout the thread and has changed some during that time too. It's something I don't think I'll have a concrete idea for until I run some unit tests with a simulated network, as well as some math done on what the probabilities are of evil SHs having enough control to cause damage to honest SHs. I'm thinking 10 TBs must pass before a missing TB can "replace" later txes, and maybe 100 or more must pass before a SH will receive a soft strike for missing his TB. This would make it very difficult for internet lag or evil SHs to cause problems for honest SHs.

I have a comment on system complexity too. People are saying it's complex because it is multi layered, and there is economic theory involved at various levels. That is tricky to take in and leads to more edge cases than in a simpler system. Having more edge cases is usually, but not always, a sign that a system is flawed. That's why some people have an intuitive problem with it.

So even if it is still a valid design, it's hard for you to convince anyone to make it (hopefully you have tho) and hard to convince people to partake in it. There is a very important human psychology side to these things that gets forgotten about when engineering systems.

I am hoping that the psychology of "free money for anyone who accepts it" will be a powerful motivator. Once many smart people have agreed that the security seems "secure enough", not everyone needs to understand it. Just like very few people really understand bitcoin's security, but they still use it. Same goes for the network dynamics in part 2. The monetary system, at its most basic level, is fairly easy to understand.

And while there may be edge-cases, none of them are critical failures such as the 51% attack. And the network has the ability to coordinate changes via section 4. I don't know how it will work out in reality, but I envision an adaptable system that can only get better over time. I don't want to give up just because it's hard, and there might be problems. I want to try something that has the chance of being fricken amazing, and if it has a few hiccups along the way, it will be fixed. It's not worth the time spent being afraid.

I have the same beef with bitcoin wallets btw and have designed a much better way to handle private keys , addresses and other aspects that account for how 'my dad' works. It should lead to higher adoption (at least for people confused by bitcoin itself), far less lost coins, and far less stolen coins, even on compromised machines. IMHO any lost coins are the fault of the system and not the user unless they have been spectacularly stupid. Bitcoiners are techies so blame the user. This is fundamentally wrong and a serious flaw. Bitcoin banks will solve some of it (and I love the pooling/voting suggestions by the OT guy to keep money safe) but wallets need to be safe too.

Feel free to share. I intend to have a design from the get-go for deterministic private keys so that money could never be lost due to a hard drive crash or an accidentally deleted file. This doesn't protect compromised computers, but that is a very difficult problem. (Although having a hardware dongle vastly reduces this attack vector, and can be simple to use.) I very much appreciate the fact that cryptocurrency needs to be easier for the end-user. And in some of the other pieces of software I've developed, I have created some insane pieces of code that existed purely to make the user interface just a little bit easier for a wider array of people. I love software that is simple and intuitive--and I have lots of ideas here. But the decrits engine is a much higher priority discussion. There is no point in making it easier to use if it doesn't exist.

Going back to decrits. I don't understand the account system properly but presumably the account ledger is a list of changes in account levels as opposed to transactions? A transaction is processed and the outputs are any changed accounts.

Yes, I should have re-touched on this in the OP, but the account system is one of the first couple of ideas I came up with 2 years ago on a blank sheet of paper. Even though it is a critical part of making this work, it's something I completely take for granted because I spent a lot of time thinking through it in the past. Basically, there is an accepted ledger that maintains a balance for each account, then current activity is stored on a second ledger that proposes changes to that each account's balance using references to transactions in the transaction block chain. I guess there is sort of a third ledger that are changes to be committed, because they won't all be committed at once but over time to spread the load on the databases. Anyways... this post goes over some of the data benefits of an account ledger.

There is no such thing as interest but there is a lottery with rewards. Would this not be better as interest distributed to every account, or every account used over past consensus block/year if you wanted to prioritise those using the money rather than hoarding it - other currencies will be more commodity based so a reward for use is better. I can see the issue being people creating circular transactions to indicate use, but I wanted to bring up the topic of interest in theory as you'll have had reasons for choosing a lottery approach. I just think interest works better economically and intuitively. If you used money to perform work, you should be rewarded for it. If you didn't use your money then you don't get rewarded. This is the opposite to what banks (supposedly) do, whereby the use your money to perform work and pay you for letting them do that with your money.

Though brenzi has been challenging the deeper aspects of the currency distribution scheme, you are the first to question the most basic, human part of it. There are two reasons why I kind of dropped the "interest" mechanism, because I did actually have this as the noted design for a long time.

1) A *lot* of accounts have to be updated at one time. This could be detrimental to the operation of the network if everyone has to stall for a long period figuring out where money needs to go and applying it to the balance. If you don't update them all at once based on the same set of data, then you are required to keep data longer to keep that state of the network available to continue to award the proper interest over time. It would also be more complex to determine that state as time goes on because you have to walk backwards through history to find it.
2) It won't be a very meaningful amount of money. Sure, interest is great, but if all you're getting is a couple of decents, how does that really incentivize using or accepting the currency?

However, the decision about point 1 was made with a less-developed system in mind--I think it could be accomplished with the current level of design. I never really came up with an "interest for money used" system in the way you describe. It has interesting implications. However, I think it has the problem of point 2. I like the lottery idea because it keeps the "small guy" on a more level playing field with the bigger guys. I think this will be important for the propensity to use decrits in less developed countries. It also means that just an every day person might have a greater propensity to use it. Or an every day business.

No huge investment in the currency is required to start seeing dividends. I think this will foster its adoption by a multitude of people and will help debase the current monetary infrastructure. Because let's face it, it needs to be debased. Replacing it with a whole new infrastructure of powerful people is not an acceptable alternative.

You really need to diagram this in both simple and complex form. You can't relay your message without doing visual representations of all levels, no exceptions.

After some delays, I think the wiki software being hosted by Ukigo is almost ready. But it is going to be quite awhile before it will have all of the information at all levels. Getting a lot of this discussion out of my notes and into something a little more formal has been very helpful though.

[Etlase2]

I think the most important improvement we can make is that everyone can mine with existing PC without buying specialized hardware (so they can side-step AML laws and increase anonymity).

Newly created funds cannot be used as a consistent source of anonymity. This is impractical. Many people *should* have the capability to mine because it is required for decentralized control of the monetary system.

I have described in this post in another thread how this post could be extended to allow for a complete coin-mixer as part of the protocol without much overhead. It is a dangerous proposition though.

[mcrimson]

Etlase,

What does Decrits mean? To me, I don't like the name, its not catchy, there's obviously an underlying meaning though so what is it?

Do you have any idea when you could implement all your ideas and launch this crypto?

[Etlase2]

Etlase,

What does Decrits mean? To me, I don't like the name, its not catchy, there's obviously an underlying meaning though so what is it?

The "hidden meaning" is nothing earth-shattering. It is a portmanteau of democratic credits. Socially equal futuristic money tokens. I had to come up with something other than *coin, because it is anything but *coin. I am not unwilling to change it, but someone would have to come up with something inventive.

Do you have any idea when you could implement all your ideas and launch this crypto?

*All* of them? Hell no. The ones that are absolutely necessary? (which is a lot of them) I don't know--this project is way above my pay-grade. A unit test that demonstrates the proof of concept as Ukigo mentions--the proof of consensus mechanism with an ideal, simulated network? Maybe 6 months is possible. It could be sooner depending on how many parts I skip. Every stage can move more quickly though with a few more people on board.

Earliest actual launch possibility would probably be at least 2 years out. It is possible it could be a lot less though. Satoshi even said somewhere that designing bitcoin took much longer than coding...

[AnonyMint]

Replying to a PM here...

If a malicious entity attacks an individual shareholder, it's far too easy for them to cost that sh a lot of money. This is going to happen, and that is too problematic for me to consider being an sh.

Unless the malicious entity has direct control over the computer in question, they can't cause a SH to lose their share. If they can manage to surround a SH, it is possible to prevent the SH from sending his TB and cause him to receive a soft strike. But with the network having an encrypted handshake process and "public access nodes" that require a deposit, finding a SH will be difficult, and surrounding him even more so.

This sounds similar to the idea I floated to employ the MUTE anonymity concept:

http://mute-net.sourceforge.net/howPrivacy.shtml

I was thinking all mining+transaction processing peers would pass through communications, so it isn't clear where the communications are originating from.

I am pondering I am more comfortable with harddisk-proof-of-share, so we simply allocate what we already own, no need to go invest in a share. However proof-of-share may be technically more simplified.

I also wondered about the 10s block time due to the nature of cloud distribution but I assume that out of order blocks are ok and some hard limit on how late it can be and how does that system work. Also the cb determines subsequent tb order, but how do we go from the last tb in a block to allowing time for late cb signings to creating the new cb to creating the new tb order. Block 2 tb order needs block 1 to be complete but they will overlap. So block 1 actually has to determine block 3's order, essentially using a double buffer mechanism. In which case, the shareholder system needs to allow for double buffering too because the sh may have dropped out in block 2, but block 3 is already being processed before we know that the sh has dropped out. I guess all it means is that sh's tbs get missed but as the sh has left then they don't lose their shareholding at the next cb

I addressed how this will work here (towards the end of the post), though the idea about using the signature aggregate of all the SHs to determine the next order is no longer the design case since most sig algorithms are not deterministic. But it explains how the "double buffering" will work on a network level. As far as individual TBs being out of order and whatnot, the design of this is sort of sprinkled throughout the thread and has changed some during that time too. It's something I don't think I'll have a concrete idea for until I run some unit tests with a simulated network, as well as some math done on what the probabilities are of evil SHs having enough control to cause damage to honest SHs. I'm thinking 10 TBs must pass before a missing TB can "replace" later txes, and maybe 100 or more must pass before a SH will receive a soft strike for missing his TB. This would make it very difficult for internet lag or evil SHs to cause problems for honest SHs.

With Bitcoin there is a penalty for not propagating the consensus, because otherwise you end up doing useless work yourself while you are trying to compute the next solution in a race against all others.

Our alternative designs must incentivize idle peers to propagate the consensus with the most transactions, and penalize those who did not. So far, I don't see how this can be done.

I have a comment on system complexity too. People are saying it's complex because it is multi layered, and there is economic theory involved at various levels. That is tricky to take in and leads to more edge cases than in a simpler system. Having more edge cases is usually, but not always, a sign that a system is flawed. That's why some people have an intuitive problem with it.

So even if it is still a valid design, it's hard for you to convince anyone to make it (hopefully you have tho) and hard to convince people to partake in it. There is a very important human psychology side to these things that gets forgotten about when engineering systems.

I am hoping that the psychology of "free money for anyone who accepts it" will be a powerful motivator. Once many smart people have agreed that the security seems "secure enough", not everyone needs to understand it.

I agree strongly with the PM's point.

I have the same beef with bitcoin wallets btw and have designed a much better way to handle private keys , addresses and other aspects that account for how 'my dad' works. It should lead to higher adoption (at least for people confused by bitcoin itself), far less lost coins, and far less stolen coins, even on compromised machines. IMHO any lost coins are the fault of the system and not the user unless they have been spectacularly stupid. Bitcoiners are techies so blame the user. This is fundamentally wrong and a serious flaw. Bitcoin banks will solve some of it (and I love the pooling/voting suggestions by the OT guy to keep money safe) but wallets need to be safe too.

Feel free to share. I intend to have a design from the get-go for deterministic private keys so that money could never be lost due to a hard drive crash or an accidentally deleted file. This doesn't protect compromised computers, but that is a very difficult problem. (Although having a hardware dongle vastly reduces this attack vector, and can be simple to use.) I very much appreciate the fact that cryptocurrency needs to be easier for the end-user. And in some of the other pieces of software I've developed, I have created some insane pieces of code that existed purely to make the user interface just a little bit easier for a wider array of people. I love software that is simple and intuitive--and I have lots of ideas here. But the decrits engine is a much higher priority discussion. There is no point in making it easier to use if it doesn't exist.

This is an external to the design of a decentralized digital currency.

There are many possible ways for external services to improve upon the storage and retrieval of private keys.

Going back to decrits. I don't understand the account system properly but presumably the account ledger is a list of changes in account levels as opposed to transactions? A transaction is processed and the outputs are any changed accounts.

Yes, I should have re-touched on this in the OP, but the account system is one of the first couple of ideas I came up with 2 years ago on a blank sheet of paper. Even though it is a critical part of making this work, it's something I completely take for granted because I spent a lot of time thinking through it in the past. Basically, there is an accepted ledger that maintains a balance for each account, then current activity is stored on a second ledger that proposes changes to that each account's balance using references to transactions in the transaction block chain. I guess there is sort of a third ledger that are changes to be committed, because they won't all be committed at once but over time to spread the load on the databases. Anyways... this post goes over some of the data benefits of an account ledger.

I did not understand the linked post.

I like the lottery idea because it keeps the "small guy" on a more level playing field with the bigger guys. I think this will be important for the propensity to use decrits in less developed countries. It also means that just an every day person might have a greater propensity to use it. Or an every day business.

No huge investment in the currency is required to start seeing dividends. I think this will foster its adoption by a multitude of people and will help debase the current monetary infrastructure. Because let's face it, it needs to be debased. Replacing it with a whole new infrastructure of powerful people is not an acceptable alternative.

Socialism is fail.

Gambling lotteries are an orthogonal service to a decentralized currency. Leave the kitchen sink out of my currency please.

[AnonyMint]

I think the most important improvement we can make is that everyone can mine with existing PC without buying specialized hardware (so they can side-step AML laws and increase anonymity).

Newly created funds cannot be used as a consistent source of anonymity. This is impractical.

It can't generate anti-money laundering anonymity for everyone simultaneously although it is available to everyone, and everyone doesn't need it nor willing to pay for it. Those who need it can pay for enough resources to get it and this option is open to everyone, at least in proof-of-work or proof-of-harddisk.

I have described in this post in another thread how this post could be extended to allow for a complete coin-mixer as part of the protocol without much overhead. It is a dangerous proposition though.

Giving every user perfect anonymity (if feasible) is dangerous because the entire currency can be targeted as a money laundering system.

Earliest actual launch possibility would probably be at least 2 years out. It is possible it could be a lot less though. Satoshi even said somewhere that designing bitcoin took much longer than coding...

Greater than 6 months is unacceptable to me. After Sept 2015, the world goes into confiscation mode. Europe and/or Japan may start collapsing in 2014.

[glowkeeper]

Greater than 6 months is unacceptable to me. After Sept 2015, the world goes into confiscation mode. Europe and/or Japan may start collapsing in 2014.

You probably don't, but care to elaborate?

[Etlase2]

This sounds similar to the idea I floated to employ the MUTE anonymity concept:

http://mute-net.sourceforge.net/howPrivacy.shtml

I was thinking all mining+transaction processing peers would pass through communications, so it isn't clear where the communications are originating from.

This is a big part of section 2. I have many subtle ideas that should make it difficult for anyone to peg where transactions or transaction blocks are coming from. I originally had designed it where shareholders were also the connection points, but this is a DoS vulnerability. That is why they are completely separate systems now.

I am pondering I am more comfortable with harddisk-proof-of-share, so we simply allocate what we already own, no need to go invest in a share. However proof-of-share may be technically more simplified.

Well you have not revealed many details of your hard disk proof, so I can't really say much. Except that:

1) Shares can only be purchased after money is created. This means it is impossible to attack a fledgling network without investing a lot of resources in it first. You mention yourself several times how easy and accessible hard drives are.
2) Shares do not require dedicated hardware, period.
3) From your proposal, it sounds like proof of hard disk has the same vulnerabilities and probably a lot of similar bad mechanics that come along with proof of work.

With Bitcoin there is a penalty for not propagating the consensus, because otherwise you end up doing useless work yourself while you are trying to compute the next solution in a race against all others.

And in bitcoin, there is no incentive whatsoever for regular nodes to propagate the consensus. They do not get paid and only do it out of the kindness of their hearts. In decrits, they get paid 50% of all transaction fees.

Our alternative designs must incentivize idle peers to propagate the consensus with the most transactions, and penalize those who did not. So far, I don't see how this can be done.

"The most transactions" is a meaningless metric that can be easily gamed. There are not competing consensuses in decrits. There are not several tragedy of the commons scenarios that arise in decrits like there are due to the odd properties of the bitcoin protocol. There *is* the possibility that the network propagators (CNPs) could delay TBs that they believe have intentionally not included valid transactions. It is a mechanic that could be developed if it worries you so greatly.

Socialism is fail.

How, pray tell, do you plan on distributing new currency? Would you prefer banks created it as credit? Would you prefer creating empires by enriching those who hold the currency above all else? What is your master plan? It is not socialism and it is not gambling. It is more akin to dropping money from a helicopter, but only when it has been determined to be necessary by the people to keep a reasonably stable value. Is a currency controlled by the people socialism? If so, and you believe this socialism is a failure, then again I ask, where will the value go? Banks? The wealthy? The pure destruction of resources to convert into currency?

It can't generate anti-money laundering anonymity for everyone simultaneously although it is available to everyone, and everyone doesn't need it nor willing to pay for it. Those who need it can pay for enough resources to get it and this option is open to everyone, at least in proof-of-work or proof-of-harddisk.

It is impractical in a currency that does not use a pyramidal distribution scheme. How long will it take to convert $60 of hard disk or electricity into drugs? A year? Two? A lot less if the people trying to do this are willing to spend hundreds or thousands on hardware, but now those drugs cost hundreds or thousands, not $60.

Giving every user perfect anonymity (if feasible) is dangerous because the entire currency can be targeted as a money laundering system.

That's probably why I said it's a dangerous proposition. But, with the idea already out there and tied to this thread, all it takes is someone to make a clone with it included. One way or another it will happen.

Greater than 6 months is unacceptable to me. After Sept 2015, the world goes into confiscation mode. Europe and/or Japan may start collapsing in 2014.

A currency in its diapers will not be able to address these problems, should they actually exist. But perhaps a more constructive way to achieve such a lofty goal is, as I have previously suggested you do, start asking questions instead of making blanket implications and barbed one-liners. Do you want to progress in your knowledge of decrits, or do you want to take your ball and go home?

[glowkeeper]

Greater than 6 months is unacceptable to me. After Sept 2015, the world goes into confiscation mode. Europe and/or Japan may start collapsing in 2014.

A currency in its diapers will not be able to address these problems, should they actually exist. But perhaps a more constructive way to achieve such a lofty goal is, as I have previously suggested you do, start asking questions instead of making blanket implications and barbed one-liners. Do you want to progress in your knowledge of decrits, or do you want to take your ball and go home?

As a casual observer, I don't believe he's been making barbed one-liners. Rather, he's making an intelligent effort to understand your proposal, because he'd like to develop it. You might do better by adopting rather than admonishing....

[Etlase2]

As a casual observer, I don't believe he's been making barbed one-liners. Rather, he's making an intelligent effort to understand your proposal, because he'd like to develop it. You might do better by adopting rather than admonishing....

How does one learn something by making a statement? There is not a single question asked in that post.

[timeofmind]

This is a well developed idea... has given me many ideas. Thanks.

[stellarman]

Very interesting. Need to study the entire thread. Posting this so that I get notification of new posts.

[stellarman]

Having now read a bit more about this, my primary question is this: Is anyone working on actually coding this?

I work in a software company, and I know from experience that it can be a long road from the drawing board to the product release.

I understand the importance of the drawing board. But, you know the old saying about "the proof of the pudding...".

[Anon136]

i dont much like the centralization associated with the share holders getting to make decisions about what transactions get included but it looks like you have proposed a crypto that is sufficiently different to bitcoin to be worth following. Any crypto that is sufficiently different from bitcoin and not totally broken will probably get a few of my dollars for the sake of being an early adopter.

keep us posted!

[Etlase2]

i dont much like the centralization associated with the share holders getting to make decisions about what transactions get included

Potentially thousands/millions of shareholders or a dozen mining pools, which is more centralized? Somebody has to pick an order or there will be chaos. Decrits incentivizes more SHs as transaction activity increases without requiring more fees or the silly tragedy of the commons scenario that arises with the wasted energy required to secure bitcoin transactions. Plus there is no mining center or pool op that can be shut down.

Having now read a bit more about this, my primary question is this: Is anyone working on actually coding this?

I work in a software company, and I know from experience that it can be a long road from the drawing board to the product release.

I understand the importance of the drawing board. But, you know the old saying about "the proof of the pudding...".

A detailed wiki is the next part of the process to try and get interest from others who want to help code. After that, I will begin coding a unit test. Hopefully some people will be interested in helping so that the final product can ship sooner.

[AnonyMint]

I have many subtle ideas that should make it difficult for anyone to peg where transactions or transaction blocks are coming from. I originally had designed it where shareholders were also the connection points, but this is a DoS vulnerability. That is why they are completely separate systems now.

Please describe the DoS vulnerability and your solution.

I am pondering I am more comfortable with harddisk-proof-of-share, so we simply allocate what we already own, no need to go invest in a share. However proof-of-share may be technically more simplified.

Well you have not revealed many details of your hard disk proof, so I can't really say much. Except that:

1) Shares can only be purchased after money is created. This means it is impossible to attack a fledgling network without investing a lot of resources in it first. You mention yourself several times how easy and accessible hard drives are.
2) Shares do not require dedicated hardware, period.
3) From your proposal, it sounds like proof of hard disk has the same vulnerabilities and probably a lot of similar bad mechanics that come along with proof of work.

Humanity owns more hard drive storage than the governments and power elite, and certainly any smaller shark.

Humanity already possesses this asset.

Humanity does not own more money then the power elite.

With Bitcoin there is a penalty for not propagating the consensus, because otherwise you end up doing useless work yourself while you are trying to compute the next solution in a race against all others.

And in bitcoin, there is no incentive whatsoever for regular nodes to propagate the consensus. They do not get paid and only do it out of the kindness of their hearts.

As far as I know, this is incorrect. If they don't propagate the consensus then they too are wasting their hardware resources searching for the next solution that might be for the non-consensus block. They have a very selfish reason to cooperate.

In decrits, they get paid 50% of all transaction fees.

I don't understand this. Every peer can't get 50%, because the total would be far in excess of 100%. Do you mean all peers get a share of the 50% and in that case is that a sufficient incentive and why (given a total analysis of the system, which I can't do because I don't know what the system design is)? I don't understand much of what you write about details of your proposal, because you have so many details that have never been succinctly explained in one coherent document.

I don't have time to wade through pages upon pages of discussion to build up your design in my head. It should be explained in one coherent document.

Our alternative designs must incentivize idle peers to propagate the consensus with the most transactions, and penalize those who did not. So far, I don't see how this can be done.

"The most transactions" is a meaningless metric that can be easily gamed.

Did you forget that we had a discussion upthread about the malicious fork (that excludes transactions) being clearly malicious because it will have less transactions.

But that is not the point any way. The point is I don't know what is the incentive to propagate "the" consensus. I don't even understand the design well enough to load it in my head.

It is not my job to throw questions into a haystack. It is your job to eliminate the haystack.

Socialism is fail.

How, pray tell, do you plan on distributing new currency?

To those who provide resources to keep the system running-- capitalism.

Free money steals from someone.

It can't generate anti-money laundering anonymity for everyone simultaneously although it is available to everyone, and everyone doesn't need it nor willing to pay for it. Those who need it can pay for enough resources to get it and this option is open to everyone, at least in proof-of-work or proof-of-harddisk.

It is impractical in a currency that does not use a pyramidal distribution scheme. How long will it take to convert $60 of hard disk or electricity into drugs? A year? Two? A lot less if the people trying to do this are willing to spend hundreds or thousands on hardware, but now those drugs cost hundreds or thousands, not $60.

Anonymous drugs are obviously more costly than drugs bought with an identification.

Anonymity isn't free.

Giving every user perfect anonymity (if feasible) is dangerous because the entire currency can be targeted as a money laundering system.

That's probably why I said it's a dangerous proposition. But, with the idea already out there and tied to this thread, all it takes is someone to make a clone with it included. One way or another it will happen.

And I suspect that will prove that anonymity isn't free, because such a system will be rabidly attacked by the governments. There won't be any plausible denial (or valid legal use case) defense.