Decrits: The 99%+ attack-proof coin

[AnonyMint]

The TBs are being propagated to all the mining peers, so the system is working. If it wasn't being propagated, the mining peers would leave the pool(s). The selfish economic incentive to cooperate (on propagation) has motivated them to aggregate for efficiency reasons, but hasn't eliminated their veto on non-propagation.

You still are not getting the point. Bitcoin, and anything that does not reasonably incentivize propagation, will result in a narrowing group of peers that maintain the full network state. This is a centralizing, attackable mechanic unless it is fixed.

You are still not getting the point. If such attacks come, the mining peers can leave the pools or consider decentralized pools.

Why do I have to say this 3 or 4 times over and over? It doesn't do any good to repeat your illogic if you have not shown why the mining peers have lost their freedom to leave centralized pools at-will.

Some programmers from Microsoft even wrote some complex scheme for incentivizing the propagation nodes in a whitepaper. There are many people who believe that this is a very real attack vector on the bitcoin network, and it has been reasonably addressed with decrits.

Irrelevant pontification because the peers are free to leave the pools any way.

I agree with your orthogonal complaint about there not being a good incentive to include transactions in Bitcoin, but that has nothing to do with the centralization of propagation.

That wasn't my complaint, though it is another. Centralization of the network is incentivized in bitcoin as a cost-saving measure and as a factor of the "luck" bitcoin requires for security. You were complaining you did not understand the purpose of CNPs, I have shown you why they are critical as a whole, but useless as an attack vector for a highly decentralized system, while also increasing anonymity. These are several significant and incentivized benefits to using the network.

Benefits are not additive in the design of complex systems. As the private msg poster explained (and I think other posters have mentioned too), complexity breeds fragility.

K.I.S.S.

Bitcoin is elegant on this issue. It needs to say nothing about propagation as the correct economic incentive is built in. We need to be as elegant, while achieving other significant improvements that really make huge difference and wildly embraced by the capitalistic free markets:

* 99+% vs. 51% attack vector
* no 10 min delays for transactions
* incentivize transactions to be included (and/or let anyone easily be their own transaction processing peer and get a turn often)
* any one can easily & realistically mint and earn currency (no ASICs or GPUs required) without passing through anti-money laundering laws id checks
* allow more inclusive minting so currency is more widely distributed (but not stealing+destroying capital as a mean of widely distributing)
* don't end the minting and debasement in 2034

The key about decentralized propagation is not whether peers get together for efficiency, but whether they've lost the veto power against attacks that disrupt propagation. Don't conflate decentralization with inefficiency. Decentralization can exist in a veto power, and thus not required to be an inefficient physical architecture.

Efficiency does matter if inefficiency (decentralization) is not rewarded as it must be for a very robust system.

You conflated again. Inefficiency is not always required for a robust system. See my retort above.

Indeed, but peers have a veto over the risk vs. reward. If DoS hurts their ROI relative to their other options (mine independently, other pool, or decentralized pool), they will leave the (centralized) pool(s).

But you are still presuming that some option other than a centralized pool will exist.

Mining peers can mine independently (outside a pool) at any time if they wish to.

Are you asserting that pools are refusing to propagate to independent mining peers who don't have enough processing power to generate a solution often?

Using any form of hardware to distribute power will result in efficiency gains via wasted resources directed at centralizing the network to where it can no longer be profitably decentralized.

Please justify this nearly unintelligible, all encompassing generalization; how does hardware proof-of-work always result in irreversible centralization of propagation?

I do agree that in Bitcoin that capital can be wasted to drive the difficulty to unprofitable levels to bankrupt the other peers. But this is an orthogonal issue to propagation.

But your argument against that is "hard drives are decentralized". Yet you have not shown any mechanic that actually keeps this decentralization viable, I have with regards to using currency instead.

W.r.t to propagation, what ever you have is what I could use with proof-of-hard drive. But I don't yet understand what you are proposing, as I have said, I don't know the details of how you achieve propagation and whether I agree it is as good as Bitcoin's economic incentive for propagation.

W.r.t. to driving peers bankrupt or 99+% attack (2 separate items), at a last resort (as I mentioned in a prior post so I am getting tired of repeating myself), both of our proposals give very transaction peer a turn in reasonable period of time. Thus as a last resort, a sender of a transaction can run his/her own transaction peer. So we have an advantage over Bitcoin.

Granted the inner-most onion does not know it is the inner-most, unless there is a distinction between bridge relays and clients. If we don't connect to dedicated bridge relays, but instead every peer in the Tor network agrees to be a relay, then inner-most hops can not be easily identified. This is the same idea we are both proposing (see below). So we are both on the right track for solving anonymity of injection.

We are both on the right track? I have been on the right track and you will adopt any idea that you begin to understand the reasoning behind. Unless it gets in your way, of course.

Your ego is amazingly inflated. I proposed that form of anonymity in my thread before coming to this thread.

This issue is making sure everyone can mine at the start.

I thought the issue was making sure everyone can *always* mine?

Logic 101 fail.

The above two sentences are not mutually exclusive.

The Bitcoin early adopters deserve what they got because they believed when no one else did. They invested their capital. This is capitalism.

Wow. Total, manipulative monetary control over the currency is what they deserve?

Yes because the market likes it. You may not like it, but unless you make something better that wins market share from Bitcoin and do it quickly, then you are a loser.

Now everyone will want to be an early adopter due to the proven success of Bitcoin, but the problem is that an ASICs proof-of-work requirement would make it less accessible. The hard disk proof would make it accessible to everyone, just download the client and run.

Except everyone can not be an early adopter. This is silliness. Sure early adopters should be well rewarded, but it cannot be some pyramidal distribution scheme that affords millions of percent ROIs.

An equal distribution is death and static. Nothing can change. If every color was the same, we would see no shapes.

You socialists are so detached from reality.

Not everyone can be first, but many many people can be in early if they choose to be.

A few earliest adopters won't be able to amass even 10% of the long-term money supply, probably not even 1%.

Why are you so jealous if someone gets a million pennies after investing a penny? That is nothing like having 20% of the world's money supply.

People will say fuck off and create a clone. Where is your disincentive for making a clone and rendering your currency obsolete?

No they won't because of installed mass and inertia and the fact that they can not do any better.

Your socialist system can not do any better, because it will flop in the market. Capital will run away from your socialist money system.

Allowing everyone to use their existing capital to mine maximizes capitalistic distribution.

Stealing capital as your propose, destroys capitalization and thus minimizing capitalistic distribution.

Oh, you haven't one. You presume the idea that taking value off the backs of others is the way forward.

Off the backs? Cripes you really suffer the socialist disease. Read my rebuttal of Ukigo in the prior post.

Never attempt to design something that will make the masses perfect, as this is inherently a failed design because the center and lower-half of the bell curve are failure.

Instead design something that appeases the masses, while giving the highly motivated capitalists and freedom-lovers the opportunity to escape from the socialism of the masses. It is these technologies that enable individual productivity that cause the major wins for mankind throughout history.

The masses' socialism will leave us 0.1% alone, so we can continue to innovate and improve the world, while they continue their lives as well-fed cows.

:rofl: Decrits is intended to create a dynamic between the rich and the middle/poor where the rich can not exert nearly as much control over the masses as is possible under the fiat system, the bitcoin system, and presumably your system as well. I apparently have a much higher opinion of what humanity can accomplish when it is not being oppressed. I am not trying to change human nature, I am trying to give it an opportunity.

Read my rebuttal of Ukigo in the prior post.

Study the linked blog posts.

Learn that the masses demand what they have, because of the power vacuum.

You can't eliminate the power vacuum at the level of money, because that is not where it derives. It derives in the ability of the government to project force over individual rights. Only technology which makes it impossible for the government to control individual rights is able to eliminate the power vacuum. Read my linked blog posts to come to speed on understanding.

This is another line of questioning you ignore. Cryptocurrency is in the wild. Consolidating power will incentivize clones that are easy to adapt to with existing infrastructure. You must encourage the widest array of people to use the currency, or they will end up using something else that does not ignore them. Unless you have come up with some incentive system better than the wheel-a-clones that bitcoin has come up with? Value has to enter the system some how. What is your proposition?

I am don't want to create "SocialistCoin". I don't care if most people never use my coin, as long as those of us who need freedom from the socialism can use it.

Well great then. You and your 0.1% buddies can pay to mow each others' lawns while the rest of us do something productive. I can't believe how you have totally spiraled outside of logic and reason in this corner of the debate.

To the ignorant, logic may appear to be illogical. The references have been provided for you if you want to learn.

As for the 2016 start of global collapse, and the 2033 bottom, it comes from:

http://armstrongeconomics.com/armstrong_economics_blog/

There is a 78 cycle which I explained in my thread on this forum:

https://bitcointalk.org/index.php?topic=160612.msg2133290#msg2133290

[AnonyMint]

Apologies I have an error in my recent posts, but it doesn't change my conclusions.

I asserted that in both of our proposals (as contrasted with Bitcoin) that we would at least always be insured that in a worst case our own transaction processing peer (SH) would get a turn in reasonable and specific maximum duration.

Now I remember that upthread we replaced that (due to potential network overload) with the ability to randomize the order of selection of SH (by modulating the SH chosen key by the leave/join entropy).

However, what makes our proposals 99+% resistant is that when ever an honest peer gets a turn (even if it is not ours), it will include all the transactions from the dishonest fork as well as the transactions that the dishonest fork was not processing. The fork with the most transactions is clearly the honest one.

Given the randomization, it is very unlikely that there won't be at least one honest peer in every reasonable period (say a CB). This applies to both proof-of-share and proof-of-hard disk.

Penalizing the dishonest fork by eliminating its proof-of-share capital is thus not necessary. And the penalization either could cause deflation or requires the socialistic model of destroying capital. Thus proof-of-hard disk is an acceptable replacement that has some orthogonal benefits.

Tangentially I don't think you can differentiate between a transaction that is a conversion from fiat and a purchase. Thus I am unclear how you would even achieve your proposal to dilute incoming fiat capital?

[AnonyMint]

To eliminate the deflation caused by penalizing rogue peers, their capital could be redistributed to honest peers.

This would make your point below valid, without incurring the socialist aspect of destroying capital to prevent concentration of capital.

So the proof-of-share has this advantage over proof-of-hard disk.

The disadvantage of proof-of-share is can't be used for minting. I think proof-of-hard disk is preferred for minting than ASICs proof-of-work.

Penalizing the dishonest fork by eliminating its proof-of-share capital is thus not necessary. And the penalization either could cause deflation or requires the socialistic model of destroying capital. Thus proof-of-hard disk is an acceptable replacement that has some orthogonal benefits.

Shares secure the network because people are putting currency of the network on the line to protect the network. This money can be destroyed if you do something malicious. GPUs, hard drives, and other resources that are derived from anything other than the network currency can not be controlled by the network; they cannot be destroyed, which means they can be repeatedly used to attack the network. Destroying currency is a *powerful* and painful and permanent disincentive for attacking the security of the network.

This is ALMOST a valid point.

It stands orthogonally to your (apparently socialist) ideas of currency redistribution, except that an attacker could in theory buy up Decrits and cause deflation by destroying the money, unless you have offsetting debasement. However, your proposed offsetting debasement can't be total, else there is no conversion from fiat to Decrits as I explained in my prior post. Thus the disadvantage of this penalty is that it can be deflationary.

And the other disadvantage is that if you do debase to minimize deflationary impact, then it means that obtaining share is not capitalism.

So the final conclusion is you really can't destroy what you think you can, unless you destroy capitalism and then of course the system won't function in the free market.

So sorry this point is invalid in the total analysis.

[AnonyMint]

I did not say I wanted to create a currency that only helps 0.1% of the people. My point is even if 99.9% of the people are hoodwinked by socialism and willing to support destroying productivity with anti-money laundering laws, confiscation of savings to bailout banks, and government takeover of our currency, etc.. then at least a currency that is resistant to 99+% attack allows some of the producers to escape unscathed, will thus benefit ALL OF MANKIND.

Let me expound a bit on socialism and the ilk.

Although it is true that some (perhaps even most) very wealthy people misallocate capital, so one might think it is better to redistribute to the masses, redistribution that is not able to distinguish productive from parasitical entities, thus destroys productivity with no clear gain in transfer between parasites.

The reason wealthy people misallocate capital is for the same reason that top-down centralized polices can't anneal (optimize) local opportunities. I wrote extensively about this math at the following linked blog comment:

http://www.mpettis.com/2013/05/21/excess-german-savings-not-thrift-caused-the-european-crisis/#comment-23309

Also see what I wrote today in another blog.

http://esr.ibiblio.org/?p=4946&cpage=1#comment-402781

@Monster:
Rather I think we elect leaders to make decisions, because we disagree and there exists a power vacuum that enables such leaders to have power to force us to agree (and this is why when the misallocation implodes economically, the pent up resentment can explode into violent civil war).

The key factor that enables this deferral of responsibility is the power vacuum due to the top-down capacity to control individual actions. Where technology is able to eliminate the ability to control individual actions (e.g. the 3D printer example upthread), the government has no malicious function (government could still try to compete with private industry to provide services more efficiently as Jessica Boxer astutely pointed out). I had expounded upthread as follows.

I add to Michael Hipp’s points (i.e. political action does not adequately empower individual choice and representation), that the power vacuum is only resolved in favor of (all) the individuals where technology exists to empower the individuals to route around top-down control. Political action can purport to empower certain groups, maybe even the majority, but this is obfuscated [in] mutual self-destruction, e.g. see my prior post. Is the current regulatory capture of the state by the banks not sufficient evidence that the individual is not protected from the power vacuum?

Winter pointed out upthread that government exists where it can enforce a (partial) monopoly on force, and I noted it can only do so where that force can generate funding to sustain the force against and "free" gifts (misallocative self-destruction) for its constituency.

The government hides its funding in our short-term myopia on the ramifications of debt, taxes, and social promises (unfunded liabilities). In short, the government can over promise an unrealistic nirvana (which the masses readily embrace) and then has the power to make us pay for the misallocation of resources.

I have been making the point to a group who desires to make an anarcho-currency (I named it "SocialistCoin") designed to redistributes capital to prevent it from concentrating, that the power vacuum does not derive from the fiat (fractional reserve) money system (and thus can't be eliminated by eliminating fiat or capital concentration in a currency); rather this is just one of the means of obscuring the theft that arises from the fundamental power vacuum. I also made the point that redistributing capital from producers to non-producers destroys the capital, analogous to that we can't redistribute an auto mechanic's tools to a nurse and expect them to be utilized.

Thus the conclusion is that the only changes that improve the condition of mankind are technologies that enable individuals to be free from top-down control.

These eliminate facets of the power vacuum (people have to tolerate or able to route around their disagreement), thus improving the annealing (optimization) of the economy to local opportunities and generating more prosperity for all. I posit that all sustained prosperity (gains in standard-of-living) has been due to such individual-freedom enabling technologies, e.g. the automobile, the telephone, the computer, the coming 3D printer, open source, etc..

Thus the main technological benefit of anarcho-currencies is the elimination of top-down control over the movement of capital so that producers are not harmed by coming implosion of global socialism, i.e. the anonymity and the lack of centralized control (e.g. over debasement, acquisition, and transfer). Thus the relationship between anti-money laundering laws and an anarcho-currency is important.

And this ties into the theoretical existance of a 78 year (3 x 26 maturity generations) technology disruption cycle I have mentioned numerous times, where the socialism incentivizes the masses to not adjust to technological shift, wherein the masses are being funded by government and debt to continue chasing opportunities in antiquated technological skills and jobs.

All those who want a gold standard or to pull a French Revolution on the heads of banksters, are not even close to recognizing what drives prosperity for the masses.

[AnonyMint]

In the proposed Decrits design there is no
 government of the few wealthy by robbery
 socialist "leaders".

Now you are a confirmed dolt.

Read the prior the post.

The problems of mankind don't derive from the leaders but from a power vacuum that (enables them and) can not be fixed with a currency. Thus Decrit's redistribution of capital to prevent capital concentration serves no useful purpose, other than to transfer from productivity to non-productivity (thus destroying capital). Socialism is defined as the collective ownership of production, i.e. redistributing money from producers to the all the (even non-productive) members of society. That there are no leaders in Decrit entirely misses the point. Try re-reading the prior sentences over and over until you get it.

Remember money is a claim on productive labor, thus it is a number that has no value if the productivity it claims has been destroyed.

If your brain can't be wrapped about this logic, then you will continue spouting useless noise.

If you think I am not addressing your statements, it is because your brain is incapable of recognizing the logic that has refuted what you have written.

Btw, I was ignoring this thread for some days (had even posted that I was too busy on life issues), then Etlase2 provoked me with a very rude and condescending private message that called my expertise into question.

I decided I had tolerated Etlase2's arrogant style of berating innuendo (and extreme sensitivity to any criticism of this 2 year baby) for too long and returned here to address his challenge in a more forceful tone. For how many weeks he has been berating me in this thread and I have been calming and patiently trying to do logical peer review (and express my opinion that for example design complexity and multi-year deadlines for implementation are non-starters in the real world).

Etlase2 does have some useful and innovative ideas. There is something good that could come from this. I have complimented him on both his solution for obtaining randomness from leave/join order and recently on the merits of a proof-of-share for the transaction processing portion (not for the minting). Thus his separation of transaction processing from minting.

Etlase2 would be wise to consider be cooperative and amicable, because if I implement say the 50% of his proposal that I like, he would be able to use my open source as a starting point for adding what ever he wants.

Team work. And stop the berating. We are adults.

[AnonyMint]

The hopelessly ignorant Ukigo has been placed on ignore.

The following is relevant about how the leaders are not in control:

http://armstrongeconomics.com/2013/06/02/new-world-order/
http://esr.ibiblio.org/?p=4946&cpage=1#comment-402737

[mobodick]

In the proposed Decrits design there is no
 government of the few wealthy by robbery
 socialist "leaders".

Now you are a confirmed dolt.

If your brain can't be wrapped about this logic, then you will continue spouting useless noise.

If you think I am not addressing your statements, it is because your brain is incapable of recognizing the logic that has refuted what you have written.

Btw, I was ignoring this thread for some days (had even posted that I was too busy on life issues), then Etlase2 provoked me with a very rude and condescending private message that called my expertise into question.

I decided I had tolerated Etlase2's arrogant style of berating innuendo (and extreme sensitivity to any criticism of this 2 year baby) for too long and returned here to address his challenge in a more forceful tone. For how many weeks he has been berating me in this thread and I have been calming and patiently trying to do logical peer review (and express my opinion that for example design complexity and multi-year deadlines for implementation are non-starters in the real world).

Etlase2 would be wise to consider be cooperative and amicable, because if I implement say the 50% of his proposal that I like, he would be able to use my open source as a starting point for adding what ever he wants.

Team work. And stop the berating. We are adults.

I think you need to see this from other peoples point of view.
To other people it looks much more like you came into this discussion, formed your own personal opinions, attacked the op as if your opinion was the bestest and only possible idea or path, in effect trying to dominate the topic, started to tie everything into your paranoias and then whine and abuse people for not liking you.
Your definition of cooperation seems to be of the category: "Do what i say because i'm smarter, shut up, i am".
Did you ever consider that it is your blind arrogance that leads people to react to you the way they do?
I'm pretty sure that despite what you have to say you are not taken seriously because of your dismissive and berating tone towards other people. In short, everyone thinks you're such an asshole that they don't want to exchange ideas with you. There are many people with many ideas here but you have effectively shut the door.

What else is obvious is that you have an inferiority complex. You apparently often feel the need to remind people of your supposedly superior intelligence when they don't agree with you outside parameters defined by you. If you care to look around on these fora you will notice that people in general don't hold paranoia exposés that they defend by claiming the audience is too dumb to follow. That is because such behaviour make you look dumb and paranoia.

Seriously, if you were even half as smart as you pretend to be you would not be here on these fora telling people how smart you are.
So let me give you a hint:
When you first show no less than five examples of beratement you cannot seriously follow that by calling for team work or a stop of berating. You can also not claim to be an adult anymore because you have clearly demonstrated your juvenile brain.
Well, of course you can, but, as is the case now, no one would tollerate you or your opinions.

[AnonyMint]

I must remember not to load this page signed out, as then I see the comments of those who are on ignore.

Note, moboDICK is on ignore (when Im logged in) for having spammed my thread incessantly with redundant non-productive posts, and I was asked to put him on ignore by other posters in my thread (who are not people I previously knew).

The astute readers realize that the facts have been presented.

[sor.rge]

It's sad how this topic is degrading.
I find the original Decrits ideas interesting, and actually presentation is not as bad as some people insist. It's split into four aspects which can be analysed and discussed separately and independently. I'd say they can even be implemented and tested independently.

Pillar one, the proof-of-consensus, is the most critical and controversial one. The numbers (10 seconds for TB, 10 days for CB etc.) are not justified, some reasoning behind them would be nice. The shares are an interesting idea, only I'm afraid that most of the money will be permanently locked in the shares. The commitment of SH to stay online is something definitely interesting, it could work quite well. I would maybe make it harder, for example require it to sign every hour and be late by at most 20 minutes, but lock the funds for a shorter period, to allow more liquidity.
The purpose of SH reputation is unclear to me. They have enough incentive to do their job without the reputation bonuses IMHO.
The biggest issue is that it's not proven that this system cannot be subverted. It has been discussed in the thread, but it drowned in the flame war and it was inconclusive. What the proof of work gives us is a guarantee that the DB that a node sees cannot be easily forged. We face the possibility of it being forged with a lot of resources, however (so called 51% attack). Without PoW, anyone can forge an arbitrary chain of TBs, CBs, where anything that's allowed by the rules can happen. The term "51% attack" is not even applicable here, because it's safe to assume that anyone possesses enough computational power to construct a new virtual blockchain. So the important question is how to decide which chain is the true one given several alternatives. You said something along the lines of "existence of a moment where most shareholders drop out indicates a fake chain", but like this it's not convincing. A clear decision algorithm must be given, and then analyzed for potential attacks. Otherwise the system as it is now is insecure.

IMHO we should concentrate on this issue first, and leave philosophical considerations for later. If you think that this has been resolved it's worth updating the OP with the proposed chain selection algorithm.

[AnonyMint]

Proof-of-Consensus

This applies to transaction processing functionality only. The minting of new currency units is an orthogonal issue.

In Proof-of-Work, consensus is obtained with a race. All competing peers continuously compute the next hash solution and only the first one has the right to sign the next transaction block (TB). All competing peers have the incentive to propagate the first solution as fast as possible, since it costs money to waste computation of a non-first solution that won't be the consensus. If there is a fork (two or more signed TBs claiming to have been first perhaps due to propagation latency), this is resolved by which fork grows faster a longer chain of subsequent TBs, since the hash solution is random and the difficulty only places the average solution at 10 mins and not exactly 10 mins for every hash solution occurrence. The probability of two branches growing longer at the same rate declines asymptotically to 0 as the forked chain length grows longer. The competing peers will choose the longer one since it costs money to waste computation on the other branches of the fork that won't be the consensus.

In Proof-of-Consensus, consensus is obtained with a specific ordering of TBs at set intervals and a deadline to sign the consensus block (CB) of TBs that occurred in the prior period. All peers who wish to be eligible to sign TBs in the next period must sign the CB before the deadline. The winning CB (chain of CBs) is the one with the most TBs and the most peers signatories. Only peers who provide some proof of an asset can sign (proposals include proof-of-share of the currency or proof-of-hard drive space). The ordering of who can sign the TBs in the next period is determined from the entropy of those who sign the CB which is sufficiently randomized. The deadline must have perhaps a few minutes of grace period, so that all those who wished to sign can be propagated.

How to penalize not signing the longest CB, so that peers have a similar economic incentive to propagate TB and CB signatures as in Bitcoin? This is why I was raising propagation as the remaining crucial issue to be resolved. Is it enough to offer money for signing or is necessary to also charge money for signing the shorter CB? I think we can consider this economic question orthogonally to any proposed non-adhoc architecture (i.e. CNPs, etc) for propagation. Some designs might prefer to leave the propagation adhoc as in Bitcon and simply provide the economic incentive.

How to enforce the intervals between TBs or do we even need to? Discard duplicate or conflicting transactions in the CB and keep the earliest one as denoted by the specific ordering?

P.S. Proof-of-hard drive space is subset case of Proof-of-Consensus, and it also supports minting which Proof-of-share does not.

[sor.rge]

The winning CB (chain of CBs) is the one with the most TBs and the most peers signatories. Only peers who provide some proof of an asset can sign (proposals include proof-of-share of the currency or proof-of-hard drive space).

Let's consider proof-of-share first.
In that way it's pretty clear that the majority of signers can dictate the course of things, including extremely malicious ways: reverting transactions, dropping out other peers etc. If someone controls 51% of total number of peers who can sign, at this moment he can disregard the others, because his CB, whatever he puts in it, will have more signatures.
It follows that if at any point there is a majority in hands of a malicious user, he can kill the system at any point in the future. He can rewrite the history after this point, using arbitrarily many imaginary peers for the times after that, so that his chain of CBs will always have most TBs and signatures, and it will always have to be accepted by other peers as more legitimate.
Considering that the 51% shares situation may be likely at some early point, when there are not so many SHs just because not so much money has been generated yet, this seems very insecure overall.

I didn't study your proof-of-harddisk proposal yet, I'll do it a bit later. The name suggests that it's similar in spirit to PoW, just instead of a lot of computations you need a lot of storage. If my understanding is correct, then this will work out in a similar way to bitcoin, and thus offer the same security features.
I'll try to reduce the system to the bare minimum: some PoW (e.g. a proof-of-harddisk) is presented and then the peer can sign blocks. The key differences from bitcoin are: a) the blocks are standardized (definite time period), b) several peers can sign the same block and claim the reward. Again, the heaviest chain (with the most signatures) wins. Now the chain cannot be easily regenerated from start. It's still vulnerable to a 51% attack, however, in a similar way to bitcoin. Essentially this is like a mining pool built in the system, but one which forces every peer to check the transactions and try its best to come up with exactly the same block as the others (unless it controls 51%, in which case he does what he wants, like in bitcoin). I like it.

Sure it sounds more boring than the mysteriously complicated things described earlier, but I think this is what is really at the foundations of this system, as far as security is concerned.

[AnonyMint]

The winning CB (chain of CBs) is the one with the most TBs and the most peers signatories. Only peers who provide some proof of an asset can sign (proposals include proof-of-share of the currency or proof-of-hard drive space).

Let's consider proof-of-share first.

[...snip...]

I didn't study your proof-of-harddisk proposal yet, I'll do it a bit later. The name suggests that it's similar in spirit to PoW, just instead of a lot of computations you need a lot of storage. If my understanding is correct, then this will work out in a similar way to bitcoin, and thus offer the same security features.

No as I wrote in my prior post, both proof-of-share and proof-of-harddisk are subsets of proof-of-consensus. They are both just the means of proving the ownership of an asset (currency share or disk space) so as to be allowed to sign in a proof-of-consensus algorithm.

I'll try to reduce the system to the bare minimum: some PoW (e.g. a proof-of-harddisk) is presented and then the peer can sign blocks. The key differences from bitcoin are: a) the blocks are standardized (definite time period), b) several peers can sign the same block and claim the reward. Again, the heaviest chain (with the most signatures) wins. Now the chain cannot be easily regenerated from start. It's still vulnerable to a 51% attack, however, in a similar way to bitcoin. Essentially this is like a mining pool built in the system, but one which forces every peer to check the transactions and try its best to come up with exactly the same block as the others (unless it controls 51%, in which case he does what he wants, like in bitcoin). I like it.

Sure it sounds more boring than the mysteriously complicated things described earlier, but I think this is what is really at the foundations of this system, as far as security is concerned.

I already described what I believe to be the algorithm for proof-of-consensus. Agreed best to reduce it to simplified algorithmic concepts.

The winning CB (chain of CBs) is the one with the most TBs and the most peers signatories. Only peers who provide some proof of an asset can sign (proposals include proof-of-share of the currency or proof-of-hard drive space).

In that way it's pretty clear that the majority of signers can dictate the course of things, including extremely malicious ways: reverting transactions, dropping out other peers etc. If someone controls 51% of total number of peers who can sign, at this moment he can disregard the others, because his CB, whatever he puts in it, will have more signatures.

I think I misspoke. It shouldn't be the most CB signatures, only the CB with most signed TBs.

In theory, if even just 1 peer could include all the TBs from all the peers in its signed CB, and everyone would know it is the consensus because it has the most TBs.

I suppose 51% cartel could I guess refuse to propagate their TBs and CBs to peers outside the cartel, but this non-response to third parties would cause their consensus to be isolated and basically useless correct?

It follows that if at any point there is a majority in hands of a malicious user, he can kill the system at any point in the future. He can rewrite the history after this point, using arbitrarily many imaginary peers for the times after that, so that his chain of CBs will always have most TBs and signatures, and it will always have to be accepted by other peers as more legitimate.

This can only be true if the history wasn't being propagated outside the known cartel peers. Thus it isn't that useful of an attack?

Seems to be part of the consensus you must propagate TBs and CBs else the consensus moves on without you.

But I am bit sleepy at the moment, so let me consider this again when I am rested.

[sor.rge]

No as I wrote in my prior post, both proof-of-share and proof-of-harddisk are subsets of proof-of-consensus. They are both just the means of proving the ownership of an asset (currency share or disk space) so as to be allowed to sign in a proof-of-consensus algorithm.

Ok, I'll have to study it really. I think, from the security standpoint, proof of ownership of a real-world thing is better than proof of something withing the system, as latter may be compromised.

I think I misspoke. It shouldn't be the most CB signatures, only the CB with most signed TBs.

In theory, if even just 1 peer could include all the TBs from all the peers in its signed CB, and everyone would know it is the consensus because it has the most TBs.

I suppose 51% cartel could I guess refuse to propagate their TBs and CBs to peers outside the cartel, but this non-response to third parties would cause their consensus to be isolated and basically useless correct?

Aha, I see. Now it makes sense. Indeed, if everyone propagates everything, then a honest node cannot be kicked out because its CB will always include all the TBs which have been broadcasted. So it's only possible to kick nodes out by hiding signed TBs. Interesting!

Ok. Now I propose the following 51% attack. Malicious peers, who are the majority, withhold their signed TBs just until next CB. At the time of CB, they will be considered late and their TBs will not be included in the honest nodes' CB, which will therefore have 49% consensus. Right after the time of this decision, the attacking cartel releases their CB, which records all the honest nodes as dropouts, and therefore has 51% consensus. The other nodes, faced with the choice of two competing CBs both following the rules, will have to accept the malicious one. From now on, the cartel will have 100% power and will do what it wants.

This can only be true if the history wasn't being propagated outside the known cartel peers. Thus it isn't that useful of an attack?

Seems to be part of the consensus you must propagate TBs and CBs else the consensus moves on without you.

But I am bit sleepy at the moment, so let me consider this again when I am rested.

Yes, I was considering the case when the cartel suddenly presents their version of history, which would then seem to be more legitimate than the accepted one, according to the rules. It may be possible to make a rule that a node would never revert its history too much to the past (kind of auto-checkpoint), but the new nodes, who don't have any history observed, could be easily fooled.

[AnonyMint]

We have an economic problem, but I think there is a solution.

The deadline must have perhaps a few minutes of grace period, so that all those who wished to sign can be propagated.

The winning CB (chain of CBs) is the one with the most TBs and the most peers signatories. Only peers who provide some proof of an asset can sign (proposals include proof-of-share of the currency or proof-of-hard drive space).

In that way it's pretty clear that the majority of signers can dictate the course of things, including extremely malicious ways: reverting transactions, dropping out other peers etc. If someone controls 51% of total number of peers who can sign, at this moment he can disregard the others, because his CB, whatever he puts in it, will have more signatures.

I think I misspoke. It shouldn't be the most CB signatures, only the CB with most signed TBs.

I was correct upthread (in the flame war) to intuitively sense that propagation is the potential weakness.

If we don't make having the most CB signatures determine the consensus CB, then there is no (Bitcoin-like) selfish incentive to propagate CB signatures. And sor.rge has pointed out that this would make CB signing eligible for 51% attack. Differentiate this from TB signatures. The algorithm (for random selection of the specific ordering) requires the peer to sign the CB in order to be eligible (via random selection of the specific ordering) to sign a TB in the next period.

The solution appears to be the consensus CB must be the one that has most TB signatures *AND* the most CB signatures of those that have the most TB signatures.

[AnonyMint]

No as I wrote in my prior post, both proof-of-share and proof-of-harddisk are subsets of proof-of-consensus. They are both just the means of proving the ownership of an asset (currency share or disk space) so as to be allowed to sign in a proof-of-consensus algorithm.

Ok, I'll have to study it really. I think, from the security standpoint, proof of ownership of a real-world thing is better than proof of something withing the system, as latter may be compromised.

If we don't adopt Etlase2's redistributions schemes for preventing concentration of capital within the system (and I agree to not argue that philosophical issue further for now nor commit the thread to a decision on that), then perhaps yours is a reasonable point?

Etlase2 presented the advantage that share can be destroyed, so we could penalize rogue activity. Our system can't destroy a physical asset with a penalty.

Also share is simpler to implement probably. Proof-of-hard disk has some corner issues with "he said, she said".

Share can not mint new coins for those who have none (thus a way to avoid anti money laundering id checks), only Bitcoin's proof-of-work or my proof-of-hard disk can do this. But this is orthogonal to transaction processing which we are discussing now.

Ok. Now I propose the following 51% attack. Malicious peers, who are the majority, withhold their signed TBs just until next CB. At the time of CB, they will be considered late and their TBs will not be included in the honest nodes' CB, which will therefore have 49% consensus. Right after the time of this decision, the attacking cartel releases their CB, which records all the honest nodes as dropouts, and therefore has 51% consensus. The other nodes, faced with the choice of two competing CBs both following the rules, will have to accept the malicious one. From now on, the cartel will have 100% power and will do what it wants.

Astute. Then the other peers can't sign the CB and thus can't be eligible for signing TBs in the next block.

The evil attack doesn't even need to withhold the propagation of its TBs, it can simply sign a CB that (is not propagated until after deadline so it) only has its peers (per my prior post which you hadn't seen when you wrote the above).

I was correct in the flame war to say that propagation is the weakness. Now I hope Etlase2 and the others here will stop questioning my motives and my IQ!

I was correct to criticize Etlase2 for burying his logic in two many undocumented details and wanting to waste more years not getting to the point. In design, we should always reduce first to simplest concepts to analyze clearly and early, so we don't waste time on a design that can't possibly work.

Note that Proof-of-Consensus is subject to 51% attack same as Bitcoin is. This does not eliminate it as an alternative design. At least we see that 51% attack is always possible in any decentralized currency. It is a fundamental.

This can only be true if the history wasn't being propagated outside the known cartel peers. Thus it isn't that useful of an attack?

Seems to be part of the consensus you must propagate TBs and CBs else the consensus moves on without you.

But I am bit sleepy at the moment, so let me consider this again when I am rested.

Yes, I was considering the case when the cartel suddenly presents their version of history, which would then seem to be more legitimate than the accepted one, according to the rules. It may be possible to make a rule that a node would never revert its history too much to the past (kind of auto-checkpoint), but the new nodes, who don't have any history observed, could be easily fooled.

Yeah as you implied, the economics for propagation has to work, because there is no centralized reference point in a decentralized system!

[AnonyMint]

51% Rule of Decentralized Agreement

Note that Proof-of-Consensus is subject to 51% attack same as Bitcoin is. This does not eliminate it as an alternative design. At least we see that 51% attack is always possible in any decentralized currency. It is a fundamental.

In any decentralized P2P system any consensus fork of agreement is controllable by controlling 51% of the peers.

It must be this way, else there is no way to eliminate minority opinions (minority forks of agreement).

So what is money? Money is what 51+% of the people agree that it is. Gold is an exception.

The challenge in designing a decentralized money is that the masses can be fooled by cartels into supporting detrimental activities (which may even be obscured from and/or only indirectly harm the 51%).

Physical gold (and silver) is a unique form of money because it can't be cartelized, and even if the masses agree to outlaw gold as anonymous money, some people will still accept anonymously. This is due to the unique properties of the precious metals:

* high value per mass & volume due to natural rarity
* fungible
* durable and divisible
* stable supply
* anonymous (can't be permanently marked)

Is there any other form of money that is similar to gold, yet can be transmitted digitally?

No. I have thought about modules of open source software in trade, yet these are not fungible, and at least probably not divisible. The knowledge is unique and in the main module coder's mind.

The only truly decentralized money is gold. There will never be an alternative. Every decentralized currency design will be controlled by the 51% eventually.

PERIOD. Don't waste my time with oxymoronic nonsense about redistributing money to avoid socializing money. Hahaha.

[AnonyMint]

Here is a link on the orthogonal point about where the power vacuum derives that gives rise to the power elite and socialism:

https://bitcointalk.org/index.php?topic=160612.msg2355498#msg2355498

Here is the extra link:

https://bitcointalk.org/index.php?topic=189239.msg2350083#msg2350083

The point is:

1. People disagree and want everything they want (including controlling others).

2. They elect leaders to give them everything they want.

3. Leaders can do this to the extent individual freedom is not able to route around top-down control via some technology.

4. Leaders can fund this by obfuscating mutual self-destruction in debt and misallocation of capital.

5. As this fails economically, the people demand the leaders to fulfill their promises, thus megadeath.

6. Thus the only sustained prosperity is due to technologies that enable individual freedom from top-down control. Gave an example upthread that when WAN wireless is something any individual can do, the telcoms will be disrupted.

[Etlase2]

I was correct in the flame war to say that propagation is the weakness. Now I hope Etlase2 and the others here will stop questioning my motives and my IQ!

Yet the solution is in the OP. I pointed out the propagation weakness in bitcoin and even gave you some specific details to search for on your own.

Yeah as you implied, the economics for propagation has to work, because there is no centralized reference point in a decentralized system!

So now you must consider, as I have, a way to incentivize propagation. I am sure you are rereading many posts that you did not originally understand, and are making further connections. You have again conceded many of my points. Each time I tried to make these points, you often stubbornly refused to acknowledge them. And then go off on small details as some critical vulnerability that needs to be flamed on about for several pages until you get it.

I think the same can even go for the monetary system. Your quip about destroying money to redistribute wealth is completely baseless. That mechanic is purely for network defense. What I believe you are doing is conflating the ability to start a new currency from within the protocol. It always comes back to being able to fork away from malicious people so that there is no such thing as a 51% attack. And there is not in my design. The money is not destroyed in this scenario unless people universally choose the new currency (and the currency is not actually destroyed; only its value if no one uses that fork). I explained this very early on to you.

I may not be the best at explaining these things to someone with a hostile attitude, but impatience is not a virtue. And it is very difficult to explain 20 concepts in one post.

There is no redistribution of wealth in decrits; please stop misrepresenting my ideas for your benefit. I have mentioned that it is economically unwise to buy too many decrits when the price is high, so any purchasing power lost is completely voluntary. Instead, businesses and people would be encouraged to build up the use of decrits over time. This will reduce volatility and actually allow most businesses to profit as the currency appreciates. But it does not particularly encourage buying and holding. Again, this is due to wanting to design something that is useful as a currency, not a speculative vehicle. This is key to getting and retaining adoption, and eventually ending ties with fiat.

You are free to use my concepts to create another roller coaster currency like bitcoin, but I do believe it will have the same long-term adoption problems as bitcoin. I think these problems will cause the currency to lose ground vs something that is more stable.

And I believe any cryptocurrency design that is willing to be adopted by everyone *will* be the key to allowing the true innovators of society to shine through. Our goals, while stated remarkably differently, are the same.

[AnonyMint]

Focus in on the key point. I will try to help you do so as follows.

So now you must consider, as I have, a way to incentivize propagation.

Tell us the algorithm that will prevent the aforementioned 51% attack. In as few words as possible please.

Your quip about destroying money to redistribute wealth is completely baseless. That mechanic is purely for network defense. What I believe you are doing is conflating the ability to start a new currency from within the protocol. It always comes back to being able to fork away from malicious people so that there is no such thing as a 51% attack. And there is not in my design. The money is not destroyed in this scenario unless people universally choose the new currency (and the currency is not actually destroyed; only its value if no one uses that fork). I explained this very early on to you.

Show the readers the algorithm that obtains these claims.

I may not be the best at explaining these things to someone with a hostile attitude, but impatience is not a virtue. And it is very difficult to explain 20 concepts in one post.

20 concepts is not an algorithm. I am a computer scientist. I don't like talk.

There is no redistribution of wealth in decrits; please stop misrepresenting my ideas for your benefit. I have mentioned that it is economically unwise to buy too many decrits when the price is high, so any purchasing power lost is completely voluntary. Instead, businesses and people would be encouraged to build up the use of decrits over time. This will reduce volatility and actually allow most businesses to profit as the currency appreciates. But it does not particularly encourage buying and holding. Again, this is due to wanting to design something that is useful as a currency, not a speculative vehicle. This is key to getting and retaining adoption, and eventually ending ties with fiat.

I am tired of reading your characterizations of what you think your 20 concepts will do. Show us the algorithm. So we can analyze for ourselves what we think it will do.

You are free to use my concepts to create another roller coaster currency like bitcoin, but I do believe it will have the same long-term adoption problems as bitcoin. I think these problems will cause the currency to lose ground vs something that is more stable.

And I believe any cryptocurrency design that is willing to be adopted by everyone *will* be the key to allowing the true innovators of society to shine through. Our goals, while stated remarkably differently, are the same.

If you were as good as writing down an algorithm, as your incessant "we will save the world" sales pitches, we would be done already here.

I am not being hostile. I tell you, "Talk is cheap, show the code"-- Linus Torvalds.

An algorithm suffices where code is not yet available.

[Etlase2]

What incentive do I have to further help someone who has made his intentions clear to take all of my ideas and use them for his own purposes as soon as he understands them? It may very well have been your intention from the start. It certainly did not take long for you to try to insert as much as possible of your idea to "simplify" things. It did take longer for you to realize the failure in this.

Sorry, you will have to work these things out on your own. You will not be getting help from me on how to design my protocol for your purposes.

I am not being hostile.

Because you want something from me. Again, I have nothing but disincentive to help you.